Plan for configuring security settings in Outlook 2007

Updated: April 9, 2009

Applies To: Office Resource Kit

This Office product will reach end of support on October 10, 2017. To stay supported, you will need to upgrade. For more information, see , Resources to help you upgrade your Office 2007 servers and clients.

 

Topic Last Modified: 2016-11-14

You can customize many of the security-related features in Microsoft Office Outlook 2007, including limiting automated access to address books and managing users' access to attachments.

Warning

Outlook is configured with high security-related settings by default. High security levels can result in limitations to Outlook functionality, such as restrictions on e-mail message attachment file types. Be aware that lowering any default security settings might increase the risk of virus execution or propagation. Use caution and read the documentation before you modify these settings.

Specifying how security settings are enforced in Outlook

A new feature in Office Outlook 2007 allows you to configure security options by using new Group Policy settings, instead of modifying security settings by using the Outlook security template and publishing the settings to a form in a top-level folder in Exchange Server public folders. To use Group Policy to configure security options, you must configure the new Outlook Security Mode setting.

For more information about specifying the method used to customize security settings in Outlook, see Specify the method Outlook uses to manage virus prevention features.

To continue using the Exchange Server security form for Outlook security settings, you must also configure the new Group Policy setting.

Default security settings in the product are enforced if you do not enable the setting.

Choosing between the Exchange Server security form and Group Policy security settings

Office Outlook 2007 supports both the Exchange Server security form and Group Policy security settings. You can choose the option that is best for your environment. Following are sample environments in which you can use the security form, Group Policy, or either one.

Scenario for using the security form

• An Exchange Server environment with public folders. Client computers must use Outlook 2000 with the security update, Outlook 2002, Outlook 2003, or Office Outlook 2007.

Scenarios for using Group Policy security settings

• A Microsoft Exchange 2007 environment without public folders. All client computers use Outlook.

• An Exchange 2007 environment without public folders. Client computers with Office Outlook 2007 use Group Policy security settings, and client computers with other versions of Outlook depend on default security or the security form.

• An environment without Exchange Server. All client computers use Outlook.

Scenarios for using security form or Group Policy security settings

• An Exchange Server environment in which Exchange Server is being upgraded to Exchange 2007. Client computers use Office Outlook 2007.

• An Exchange Server environment in which client computers are being upgraded from Outlook 2002 or Outlook 2003 to Office Outlook 2007.

Caveats to consider when customizing security settings

There are three caveats to consider when you customize Group Policy security settings for Outlook:

• Customized settings configured using Group Policy might not be active immediately. You can configure Group Policy to refresh automatically (in the background) on users' computers while users are logged on, at a frequency that you determine. To ensure that new Group Policy settings are active immediately, users must log off and log back on to their computers.

• Outlook checks security settings only at start up. If security settings are refreshed while Outlook is running, the new configuration is not used until the user closes and restarts Outlook.

• No customized settings are applied in Personal Information Manager (PIM)-only mode. In PIM mode, Outlook uses the default security settings. No administrator settings are necessary or used in this mode.

Customizing options for junk e-mail and ActiveX controls

In addition to modifying how Outlook manages virus-prevention security options, you can also customize junk e-mail and ActiveX control features.

You can customize the following Junk E-mail options: read as plain text, automatic picture download, and HTML mail zones. For more information about modifying these settings, see Configure junk e-mail settings in Outlook 2007.

You can also customize how Outlook runs ActiveX controls in one-off forms. For more information about customizing how ActiveX controls behave in one-off forms, see Customize ActiveX and custom forms security settings in Outlook 2007.

Updated Object Model Guard

The Object Model (OM) Guard that helps prevent viruses from using the Outlook Address Book to propagate themselves is updated. Outlook checks for up-to-date antivirus software to help determine when to display address book access warnings and other Outlook security warnings.

Download this book

This topic is included in the following downloadable books for easier reading and printing:

• Messaging guide for the 2007 Office release

• Group Policy Overview for Office 2007

• Planning and architecture for the 2007 Office release

• Security for the 2007 Office release

See the full list of available books at Office Resource Kit information.