Policy and user setting to force Outlook to use the default digital certificate

Article ID: 2734219 - View products that this article applies to.
Expand all | Collapse all

SUMMARY

Microsoft Office Outlook 2003 introduced the ForceDefaultProfile registry value. Outlook 2007 and Outlook 2010 also support this registry value. When you enable this setting, Outlook is forced to always use the default certificate for signing or encrypting. Additionally, you are prompted to select another digital certificate if there are any errors with the currently-selected certificate. For example, the certificate may be expired.
Back to the top | Give Feedback

MORE INFORMATION

Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756
(http://support.microsoft.com/kb/322756/ )
How to back up and restore the registry in Windows
When the ForceDefaultProfile registry value is set to 1, Outlook does not automatically select another available certificate. Instead, you are presented with the following prompt:

Microsoft Outlook cannot sign or encrypt this message because your certificate is not valid.

Change Security Settings | OK
If you click Change Security Settings, you can manually select a different certificate, if one is available in the Change Security Settings dialog. 

Note If you set ForceDefaultProfile to 1 and do not have any valid certificates, the above prompt is displayed.

This behavior helps alert you when there is a problem with your certificate. Consider the following scenario.
  • You have digital certificates for both business and personal use.
  • The digital certificate for business use is configured as the default.
  • Outlook detects an error with the certificate that you use for business.

By default, Outlook automatically switches to use the digital certificate that you created for personal use. Without a prompt, you may inadvertently use your personal certificate for signing and encrypting email messages.

To set the ForceDefaultProfile registry value, use the following steps:
  1. Exit Outlook.
  2. Start Registry Editor.

    In Windows Vista or in Windows 7: Click Start
    Collapse this imageExpand this image
    the Start button
    , type regedit in the Start Search box, and then press Enter.

    Collapse this imageExpand this image
    User Account Control permission
    If you are prompted for an administrator password or for confirmation, type the password, or provide confirmation.

    In Windows XP: Click Start, click Run, type regedit, and then click OK.
  3. Locate and then right-click the following registry subkey:
    HKEY_CURRENT_USER\Software\Microsoft\Office\x.0\Outlook\Security
    Note: x.0in the above registry key represents your Outlook version. Please use one of the following values.

    Outlook 2010: 14.0
    Outlook 2007: 12.0
    Outlook 2003: 11.0
  4. On the Edit menu, point to New, and then click DWORD Value.
  5. Type ForceDefaultProfile, and then press Enter.
  6. Right-click ForceDefaultProfile, and then click Modify.
  7. In the Value data box, type 1, and then click OK.
  8. Exit Registry Editor.
To deploy the setting via group policy, download the appropriate version of the Office Administrative Templates from appropriate Microsoft Download Center web site:
Office 2010 Administrative Template files (ADM, ADMX/ADML) and Office Customization Tool download
http://www.microsoft.com/download/details.aspx?id=18968
(http://www.microsoft.com/download/details.aspx?id=18968)

2007 Office system (SP2) Administrative Template files (ADM, ADMX, ADML) and Office Customization Tool
http://www.microsoft.com/download/details.aspx?id=3795
(http://www.microsoft.com/download/details.aspx?id=3795)

Office 2003 Service Pack 3 Administrative Template (ADM), OPAs, and Explain Text Update
http://www.microsoft.com/download/details.aspx?id=9035
(http://www.microsoft.com/download/details.aspx?id=9035)
Back to the top | Give Feedback
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use
(http://go.microsoft.com/fwlink/?LinkId=151500)
for other considerations.
Back to the top | Give Feedback

Properties

Article ID: 2734219 - Last Review: July 11, 2012 - Revision: 1.0
APPLIES TO
  • Microsoft Office Outlook 2003
  • Microsoft Office Outlook 2007
  • Microsoft Outlook 2010
Keywords: 
KB2734219
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top