Microsoft Office Online
Sign in to My Office Online (What's this?) | Sign in

Warning: You are viewing this page with an unsupported Web browser. This Web site works best with Microsoft Internet Explorer 6.0 or later, Firefox 1.5, or Netscape Navigator 8.0 or later. Learn more about supported browsers.
Printer-Friendly VersionPrinter-Friendly Version
Customizing the Outlook 98/2000 E-mail Security Update
 

If your organization is using Microsoft Outlook® 98/2000 with a server that has server-side security, such as Microsoft Exchange Server, you can customize the security update to meet your organization's needs. For example, you can help control the types of attached files blocked by Outlook, modify the Outlook Object Model warning notifications, and specify user or group security levels.

At this time, to enable custom security settings, your clients must be using Outlook with Microsoft Exchange Server and have either the Mailbox (MDB) or Offline folders (OST) as their default e-mail delivery location. You cannot modify the settings if a client is using a local .Pst file for a mailbox, or if you are using Outlook with a third-party e-mail service. Microsoft has been working with other third-party e-mail services to provide them with the appropriate documentation that would enable them to offer this level of customization. In particular, Lotus has agreed to enable this level of customization and Hewlett-Packard and Novell are currently evaluating. In cases where you cannot customize the settings, the default settings in the security update will be applied to your Outlook installation.

 Warning    Lowering any default security setting may increase your risk of virus execution or propagation. Use caution and read the documentation before you modify these settings.

Obtaining the Outlook E-mail Security Update and administrative tools

General information on the Outlook 98/2000 E-mail Security Update and links to the downloadable files are available on the Office Update Web site. This site includes a series of articles on virus protection settings, the types of files restricted in e-mail messages, and software from independent software vendors that may be affected by the update. For more information, see Outlook 2000 SR-1 E-mail Security Update International Releases on the Office Update Web site.

Administrative tools for the Outlook E-mail Security Update are available from the Office Resource Kit Web site. The administrative tools consist of three files, packaged into one self-extracting executable:

  • OutlookSecurity.oft is an Outlook template that enables you to customize the security settings on the Microsoft Exchange server.
  • Readme.txt is a document that provides information on the values and settings available in the template and describes how to deploy the new settings on Exchange Server.
  • Outlk9.adm is an updated system policy file that is required for client computers that have been set up with system policies.

Toolbox    To download the administrative tools for the Outlook E-mail Security Update, see Outlook 2000 SR-1a Security Update Administrative Tools in the Office Resource Kit Toolbox. You can find this downloadable file on the Office 2000 Resource Kit Downloads page.

 Note    When using the Outlook E-mail Security Update with Outlook 2000, you must first install Office 2000 Service Release 1a (SR-1a) before you can modify the default security settings.

The following sections describe how to customize the Outlook E-mail Security Update and how to deploy these customized settings to client computers.

Customizing the Outlook E-mail Security Update

You can modify the default values for the Outlook E-mail Security Update by using the Outlook Security template to configure specific settings on Exchange Server. The Outlook Security template is an Outlook Item Template that you run through Microsoft Outlook. The template contains two tabs, one for Outlook Security Settings and one for Programmatic Settings. When you first load the template, the settings show the default values for the Outlook E-mail Security Update.

Before you begin to modify the security settings, you must create a public folder named "Outlook Security Settings" on Exchange Server. The administrator must create this folder, using that exact name, in the root folder of the Public Folder tree. You must set the folder Access Control Lists (ACL) so all users can read all items in the folder. However, only those users who you want to be able to create or change security settings should have permission to create, edit, or delete items in the folder. After you create the folder, you can use the template to make the changes you need.

To use the Outlook Security template to modify settings on Exchange Server

  1. Download the Outlook 2000 SR-1a Security Update administrative tools and copy them to a working directory on your computer.
  2. On a computer running Outlook, open OutlookSecurity.oft from the file system.
  3. When asked to select a folder, select the Outlook Security Settings public folder you created on Exchange Server. The template will then open in Compose mode.
  4. On the Tools menu of the template, point to Forms, and then click Publish Form. (The folder selected should be your current folder, Outlook Security Settings.)
  5. In the Form Name box, type "Outlook Security Form".
  6. Click the Publish button. The security template is now published in the Security Settings folder.
  7. Close the form, and when prompted to save changes, click No.
  8. In the Folder List, right-click the Outlook Security Settings folder, and then click Properties on the shortcut menu.
  9. In the When posting to this folder, use list, click Outlook Security Form, and then click OK.
  10. Click the New button to open up a new security template.
  11. Create either a default security setting or custom settings for a specific set of users.

    Details on all fields and settings in the template can be found in the file Readme.txt, included with the administrative tools download.

Deploying customized Outlook e-mail security settings to client computers

After you configure the security update on Exchange Server, you must enable the customized settings for your users. To enable the changed settings, you deploy a new registry key to the client computers. How you deploy the registry key depends upon whether Microsoft Office was initially deployed with system policies.

  • If Office was deployed with system policies, you must change the policies on Exchange Server.

    This involves removing the current .Adm file and replacing it with the new one from the download. The new .Adm file will automatically pass your customized security settings to client computers each time users log on to the system.

  • If Office was deployed without system policies, you must modify a registry key directly on the client computers.

    Outlook will respect this new registry key, even if you are not using policies.

 Note    Different procedures are required to update policies under Windows® 2000 and the Windows® 95/98 or Windows NT® 4.x operating systems. Make sure to use the appropriate procedures for your system.

To update the Outlook policy template file under Windows 2000

  1. From the Start menu, choose Run, then type gpedit.msc to start the Group Policy editor.
  2. Expand the following series of folders:
    User Configuration\Administrative Templates
  3. Right-click Administrative Templates, then click Add/Remove Templates.
  4. In the Add/Remove Templates dialog box, select Outlk9, then click the Remove button to remove the old template.
  5. Click the Add button, then browse to the folder where you installed the updated Outlk9.adm template. Select the file name and click the Add button to add the new template to the folder.
  6. Click the Close button.
  7. Expand the following series of folders:
    User Configuration\Administrative Templates\Microsoft Outlook 2000\Tools|Options\Security
  8. Double-click the Outlook virus security settings policy name.
  9. In the Properties dialog box, select the Enabled option, then select the check box for Apply individual settings for Outlook virus security.
  10. Click the Apply button to apply the new policy, then click OK to close the Properties dialog box.

To update the Outlook policy template file under Windows 95/98 or Windows NT 4.x

  1. From the Start menu, choose Run, then type poledit.exe to start the System Policy editor.

    The System Policy Editor is included with the Office Resource Kit core tool set.

  2. From the Options menu, choose Policy Template.
  3. In the Policy Template Options list, select the entry for Outlk9.adm, then click the Remove button.
  4. In the same dialog box, click the Add button, then browse to the directory where you installed the updated Outlk9.adm template. Select the file name and click Open to add the new template to the folder.
  5. Click OK to close the dialog box.
  6. From the File menu, choose Open Registry, then double-click the Local User icon.
  7. In the Properties dialog box, expand the following series of folders:
    Microsoft Outlook 2000\Tools|Options\Security
  8. Select the check box for Outlook virus security settings, then select the box on the lower-half of the dialog box for Apply individual settings for Outlook virus security.
  9. Click OK to apply the new policy and close the dialog box.

If you are using Exchange Server but are not using system policies in your organization, you can distribute the new registry key directly to the client computer. Registry key files are a registered file type, which means that the key will be automatically installed on a client computer when a user double-clicks the file name.

To create a new registry key for distribution to client computers

  1. Start the registry editor and expand the following subkey:

    HKEY_CURRENT_USER\Software\Policies\Microsoft\Security.

  2. From the Edit menu, choose New, then click DWORD value to add a new registry key. The value name for the key must be CheckAdminSettings.
  3. Select the new key name, then from the Registry menu choose Export Registry File.
  4. In the Export Registry File dialog box, type a name for the registry file and select the option for Selected Branch under the Export Range group. Click Save to create the registry file. Registry files have a .Reg extension.

To distribute the new key to client computers, you can add it to a log-in script, copy it to a shared server for users to run, or attach it as a shortcut to an e-mail message. You cannot attach the file itself to a message, since .Reg files are restricted by the Outlook E-mail Security Update.

Related links

For more information about the Outlook 98/2000 E-mail Security Update, Search the Knowledge Base for the following articles.

Article Q263275 - OL97: Outlook E-mail Security Update Not Available for Outlook 97.

Article Q262617 - OL98: Information About the Outlook E-mail Security Update.

Article Q262618 - OL98: Known Issues with the Outlook E-Mail Security Update

Article Q262700 - OL98: Developer Information About the Outlook E-mail Security Update.

Article Q263296 - OL98: Administrator Information About the Outlook E-mail Security Update.

Article Q262631 - OL2000: Information About the Outlook E-mail Security Update.

Article Q262634 - OL2000: Known Issues with the Outlook E-Mail Security Update.

Article Q262701 - OL2000: Developer Information About the Outlook E-mail Security Update.

Article Q263297 - OL2000: Administrator Information About the Outlook E-mail Security Update.

Printer-Friendly VersionPrinter-Friendly Version
© 2009 Microsoft Corporation. All rights reserved.