The Outlook 2000 SR-1: Extended E-mail Security Update is a major security feature for Microsoft® Outlook® 98 and Outlook 2000. It helps protect against most viruses spread via attachments to e-mail messages, in addition to helping protect users from worm viruses that replicate through Outlook (such as the ILOVEYOU and Melissa viruses).

Once installed, this update limits certain functionality within Outlook to help provide security. Restrictions include limits to specific types of attachments, heightened default security settings, and controlled access to the Outlook automation code.

To help you deploy the Outlook E-mail Security Update within your organization, Microsoft has provided an update for Outlook 2000 administrative installation points. This update is contained in a self-extracting file available on the Microsoft Office Resource Kit Toolbox.

---

Toolbox    The Outlook 2000 SR-1a Security Update Administrative Tools is available in the Toolbox. You can find this downloadable file on the Office 2000 Resource Kit Downloads page.

---

---

 Note   This update is an extension of the original Outlook 2000 SR-1 Update: E-mail Security update. If you installed this update before August 16, 2001, you should do so again in order to get the most recent security capabilities available.

The original update blocked access to certain file types that could contain dangerous code. Additionally, the Outlook 2000 Extended Security Update now blocks any attachment that has a CLSID (unique identifier) in the file name extension. This helps prevent you from unintentionally launching a blocked application while using Outlook 2000.

---

Organizations that are still using Microsoft Outlook 98 can also upgrade their administrative installation points to take advantage of the new security features. Details on using the Outlook 98 Deployment Kit to update an administrative installation point are also covered in this article.

General information on the Outlook 98/2000 E-mail Security Update and links to downloadable files for the end-user version of the security update are available on the Office Update Web site. For more information, see Outlook 2000 SR-1 Update: E-mail Security - included in the Office 2000 Update: Service Pack 3 (SP3) on the Office Update Web site.

Updating an Outlook 2000 administrative installation point

The Outlook E-mail Security Update for administrative installation points is a Windows Installer patch package that uses full-file replacement to apply the new files and settings to your current installation. This package (an MSP file) contains all the information necessary to properly update the Windows Installer database for Outlook 2000. By updating the database, you are assured of continued support for Windows Installer features such as self-repair, installation on demand, and reinstallation.

Before you can apply this update, you must update your Outlook installations on both the administrative installation point and the client computers to Outlook 2000 version SR-1 or SR-1a.

To add the Outlook 2000 E-mail Security Update to an administrative installation point

1. Download O2ksec_a.exe and double-click the file name to extract the administrative update file (Oqfe7117_Admin.msp).
2. Connect to the server share for the administrative installation point.

   You must have write access to the administrative installation point on the server and the appropriate privileges to carry out the task.

3. On the Start menu, click Run and then type the command line for Windows Installer with the appropriate options for the Outlook E-mail Security Update. Use the following syntax:

   [start] msiexec /p [path\name of update MSP file] /a [path\name of MSI file] SHORTFILENAMES=TRUE /qb /L* [path\name of log file]

The following table describes the command-line options.

Updating client computers from an Outlook 2000 administrative installation point

After you update your administrative installation point, you must perform a recache and repair on existing client computers that use the administrative image. Any new client installations from the administrative installation point will automatically include the updated version of the Outlook security files.

To update an existing client installation of Outlook 2000 from an administrative installation point, run the following command line on the client computer:

start msiexec /i [path to updated .msi file on the administrative image] REINSTALL=[list of features] REINSTALLMODE=vomus /q

You can run this command line by creating a log-on script, distributing it as a batch file, deploying it via Systems Management Server, or using other means according to your practice. The options for this command line are as follows.

For the Outlook E-mail Security Update, the variable [list of features] should be replaced with the following value:

OutlookMAPILDAP,OutlookCDO,OutlookMAPICONTAB,OutlookMAPIEMS,
OUTLOOKNonBootFiles,OutlookMessaging,OutlookMAPIPST,OutlookMAPIPST95,
OutlookDVFiles,OutlookHelpFiles_SR1Patch,OutlookOMI,OUTLOOKFiles,
OutlookImportExportFiles

If you are uncertain about the feature list for your situation, you can substitute the option REINSTALL=ALL to reinstall all components on the client computer.

---

 Note    If you originally installed Outlook 2000 on a client computer from an administrative installation point, you must follow the recache and repair procedure described above to update that client. If you update the client directly by using the end-user patch from the Office Update Web site, the client and administrative images will become out-of-sync, which may cause future updates to fail.

---

Applying the Outlook 2000 E-mail Security Update under Windows 2000

If your administrative installation point and all of your client computers are running Windows 2000, you can use IntelliMirror to manage the installation of the security upgrade.

---

 Note    Be sure to test all software updates in a controlled setting before modifying your administrative installation point or deploying the new version throughout your organization.

---

To deploy a QFE fix or update under Windows 2000

1. Apply the update or patch (MSP file) to the original Office administrative installation point.
2. Open the Software Installation snap-in within the Group Policy Object (GPO) that you are using to manage the existing Office installation.
3. In the details pane, right-click the Office package, point to All Tasks, and click Redeploy application.

   The next time the Group Policy is applied to the designated users or computers, the updated files are copied to their computers.

---

 Note    You can redeploy a package only if it is being managed by Group Policy — that is, only if you originally installed it by using IntelliMirror software installation and maintenance or if you brought it into a managed state under Windows 2000.

---

Updating an Outlook 98 administrative installation point

You can use the Outlook 98 Deployment Kit to add the Outlook 98 E-mail Security Update to a new or existing administrative installation point. To carry out the update, you'll also need a copy of the Outlook 98 E-mail Security Update file, available from the Office Update Web site. For more information, see Outlook 98 Update: E-mail Security on Office Update.

To update an Outlook 98 administrative installation point

1. Start the Outlook 98 Deployment Wizard and advance to the Specify Custom Active Setup Components page.
2. In the Component field, add a name for the upgrade (i.e., Outlook Security Upgrade).
3. In the Location field, add a path to the Outlook 98 Security Update file (O98secu.exe) available from the Office Update Web site.
4. Click the Generate button to create a GUID for the component.
5. In the Parameter field, add any additional parameters you require. For example, the /q switch can be used to install the O98secu.exe update silently.

Once you have updated the administrative installation point, existing users will need to reinstall Outlook 98 from the updated administrative image. New installations will automatically receive Outlook 98 with the security update installed.

For information on the Outlook 98 Deployment Kit, see the MS Outlook 98 - Deployment Kit documentation on the Microsoft TechNet Web site.

Customizing the Outlook E-mail Security Update

When you apply the Outlook E-mail Security Update to a client computer, the software helps provide the full level of security designed into the Update. In certain cases, however, you may want to customize the default security settings for specific computers or workgroups in your organization. For information on changing the default security settings, see Customizing the Outlook 98/2000 E-mail Security Update in the Office Resource Kit.

Related links

For more information about the Outlook 98/2000 E-mail Security Update, Search the Knowledge Base for the following articles.

Article Q263275 — OL97: Outlook E-mail Security Update Not Available for Outlook 97.

Article Q262617 — OL98: Information About the Outlook E-mail Security Update.

Article Q262618 — OL98: Known Issues with the Outlook E-Mail Security Update

Article Q262700 — OL98: Developer Information About the Outlook E-mail Security Update.

Article Q263296 — OL98: Administrator Information About the Outlook E-mail Security Update.

Article Q262631 — OL2000: Information About the Outlook E-mail Security Update.

Article Q262634 — OL2000: Known Issues with the Outlook E-Mail Security Update.

Article Q262701 — OL2000: Developer Information About the Outlook E-mail Security Update.

Article Q263297 — OL2000: Administrator Information About the Outlook E-mail Security Update.