How to deploy customized Outlook 2003 security settings to client computers by using the "Outlook virus security settings" Group Policy setting

The Deploying the customized Outlook security settings to client computers section of the Readme.doc file from the Outlook Administrator Pack (Admpack.exe) outlines two methods to enable the customized Microsoft Outlook security settings for users.

Note The Outlook Administrator Pack is included in the Microsoft Office 2003 Resource Kit.

The first method is to roll out the changes with the installation of Office 2003 by using Group Policy. The second method discusses how to enable the customized settings if you did not deploy Office 2003 using Group Policy.

In the second method, you must add the configured CheckAdminSettings registry entry to the HKEY_CURRENT_USER\Software\Policies\Microsoft\Security registry subkey on each client computer. You can configure the CheckAdminSettings registry entry to force Microsoft Office Outlook 2003 to look to the Outlook Security Settings public folder on your Microsoft Exchange server for security settings. To add the CheckAdminSettings registry entry to client computers, you can either add a registry file that contains the configured subkey to a logon script, copy the file to a shared server for users to run, or attach a shortcut to the file in an e-mail message.

For more information about the virus security functionality of Outlook and the purpose and usage of the settings that are discussed, see the “Customizing Outlook 2003 to help prevent viruses” topic at the Microsoft Office 2003 Resource Kit Web site:

This article discusses how to use a third option that is not discussed in the Readme.doc file from the Outlook Administrator Pack component (Admpack.exe) of the Office 2003 Resource Kit. In this third option, you can use a Group Policy object (GPO) to deploy the CheckAdminSettings registry entry to clients by using the Outlook virus security settings policy setting. This Group Policy setting is part of the Outlk11.adm template. If you use Group Policy in your environment, we recommend that you use this third method instead of using the second method to add the CheckAdminSettings registry entry to the client computers.

To configure a Group Policy object (GPO) to deploy the Outlook virus security settings Group Policy setting so that Outlook 2003 will look to your Exchange server for security settings, follow these steps:

1. If you do not already have the Outlk11.adm template file installed, download and install the Office 2003 policy templates.
   
   For more information about how to obtain and install the Office 2003 templates, click the following article number to view the article in the Microsoft Knowledge Base:
   826170  (http://support.microsoft.com/kb/826170/ ) Administrators can use Office policy templates with the Group Policy settings of Windows
2. Copy the Outlk11.adm template file to the %windir%\Inf folder on your domain controller.
3. On your domain controller, click Start, point to Programs or to All Programs depending on your operating system, point to Administrative Tools, and then click Active Directory Users and Computers.
4. Right-click your domain name or the organizational unit (OU) that you want to assign the GPO to, and then click Properties.
5. Click the Group Policy tab.
6. To edit an existing GPO, click the GPO that you want to edit, and then click Edit.
7. To add a new GPO, click New, type a name for the GPO, and then click Edit.
8. Under User Configuration, right-click Administrative Templates, and then click Add/Remove Templates.
9. In the Add/Remove Templates dialog box, click Add, click OUTLK11.ADM, click Open, and then click Close.
10. Expand Administrative Templates, expand Microsoft Office Outlook 2003, expand Tools | Options, and then click Security.
11. In the right pane, double-click Outlook virus security settings.
12. To enable the policy setting, click Enabled.
13. In the Apply individual settings for Outlook virus security list, click the item that corresponds to the public folder that you created on your Exchange server. For example, click Look in the Outlook Security Settings folder.
14. Click Apply, and then click OK.
15. Close the Group Policy window.
    
    Note To enable client computers to receive the Group Policy settings, they must have the "Read and Apply Group Policy" permissions assigned. To verify the permissions, click Properties, and then click the Security tab. By default, the Authenticated Users group has the "Read and Apply Group Policy" permissions on GPOs. After you have confirmed the security settings, click OK.
16. Click OK to close the Domain_name Properties or the OU_name Properties dialog box.
17. Quit the Active Directory Users and Computers tool.
18. To update Group Policy settings without waiting for the default update interval, follow these steps:
    1. Click Start, click Run, type cmd, and then click OK.
    2. On a Microsoft Windows 2000 Server-based domain controller, type secedit /refreshpolicy user_policy /enforce, and then press ENTER.
       
       On a Microsoft Windows Server 2003-based domain controller, type gpupdate /target:user /force, and then press ENTER.

When a user who is assigned the Group Policy setting logs off and then logs back on, or restarts their computer, the following registry subkey is created.

Note The subkey is updated if it already exists.The value of the CheckAdminSettings registry entry corresponds to the option that you selected in the Apply individual settings for Outlook virus security list. The following list describes the values that you can use for the CheckAdminSettings registry entry, depending on the option that you selected in the Apply individual settings for Outlook virus security list:

• The Use default administrative settings option — This option corresponds to a value of 0.
• The Look in the Outlook Security Settings folder option — The option corresponds to a value of 1.
• The Look in the Outlook 10 Security Settings folder option — This option corresponds to a value of 2.

For more information about how to manage Office 2003 configurations by using Group Policy, visit the following Microsoft Web site:For more information about the Outlook Administrator Pack, visit the following Microsoft Web site: For more information about how to update Group Policy settings without waiting for the default update interval, click the following article numbers to view the articles in the Microsoft Knowledge Base: For more information about how to give users permission to access a GPO, click the following article number to view the article in the Microsoft Knowledge Base: