Choose security and protection settings for Outlook 2010
Applies to: Office 2010
Topic Last Modified: 2011-10-17
You can customize many of the security-related features in Microsoft Outlook 2010. This includes how the security settings are enforced, which kind of ActiveX controls can run, custom forms security, and programmatic security settings. You can also customize Outlook 2010 security settings for attachments, Information Rights Management, junk e-mail, and encryption, which are covered in additional articles listed in Additional settings later in this article.
.png "Not an IT Professional?")
This article is for IT Professionals. If you’re not an IT Professional, but you want to learn more about security features in Outlook 2010, see How Outlook helps protect you from viruses, spam, and phishing (https://go.microsoft.com/fwlink/p/?LinkId=202522).
In this article:
Overview
Specify how security settings are enforced in Outlook
How administrator and user settings interact in Outlook 2010
Working with Outlook COM add-ins
Customize ActiveX and custom forms security in Outlook 2010
Customize programmatic settings in Outlook 2010
Additional settings
Overview
By default, Outlook is configured to use high security-related settings. High security levels can result in limitations to Outlook functionality, such as restrictions on e-mail message attachment file types. You might have to lower default security settings for your organization. However, be aware that lowering any default security settings might increase the risk of virus execution or propagation.
Before you start to configure security settings for Outlook 2010 by using Group Policy or the Outlook Security template, you must configure the Outlook Security Mode in Group Policy. If you do not set the Outlook Security Mode, Outlook 2010 uses the default security settings and ignores any Outlook 2010 security settings that you have made.
For information about how to download the Outlook 2010 adminstrative template, and about other Office 2010 Administrative Templates, see Office 2010 Administrative Template files (ADM, ADMX, ADML) and Office Customization Tool. For more information about Group Policy, see Group Policy overview for Office 2010 and Use Group Policy to enforce Office 2010 settings.
Specify how security settings are enforced in Outlook
As with Microsoft Office Outlook 2007, you can configure security options for Outlook 2010 by using Group Policy (recommended) or change security settings by using the Outlook Security template and publish the settings to a form in a top-level folder in Exchange Server public folders. Unless you have Office Outlook 2003 or earlier versions in your environment, we recommend that you use Group Policy to configure security settings. To use either option, you must enable the Outlook Security Mode setting in Group Policy and set the Outlook Security Policy value. Default security settings in the product are enforced if you do not enable this setting. The Outlook Security Mode setting is in the Outlook 2010 Group Policy template (Outlk14.adm) under User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings. When you enable the Outlook Security Mode setting, you have the four Outlook Security Policy options, which are described in the following table.
| Outlook Security Mode option | Description |
|---|---|
Outlook Default Security |
Outlook ignores any security-related settings that are configured in either Group Policy or the Outlook Security template. This is the default setting. |
Use Outlook Security Group Policy |
Outlook uses the security settings from Group Policy (recommended). |
Use Security Form from ‘Outlook Security Settings’ Public Folder |
Outlook uses the settings from the security form published in the designated public folder. |
Use Security Form from ‘Outlook 10 Security Settings’ Public Folder |
Outlook uses the settings from the security form published in the designated public folder. |
Customize security settings by using Group Policy
When you use Group Policy to configure security settings for Outlook 2010, consider the following factors:
Settings in Outlook Security template must be manually migrated to Group Policy. If you previously used the Outlook Security template to manage security settings and now choose to use Group Policy to enforce settings in Outlook 2010, you must manually migrate the settings that you configured earlier to the corresponding Group Policy settings for Outlook 2010.
Customized settings configured by using Group Policy might not be active immediately. You can configure Group Policy to refresh automatically (in the background) on users' computers while users are logged on, at a frequency that you determine. To make sure that that new Group Policy settings are active immediately, users must log off and log back on to their computers.
Outlook checks security settings only at startup. If security settings are refreshed while Outlook is running, the new configuration is not used until the user closes and restarts Outlook.
No customized settings are applied in Personal Information Manager (PIM)-only mode. In PIM mode, Outlook uses the default security settings. No administrator settings are necessary or used in this mode.
Special environments
When you use Group Policy to configure security settings for Outlook 2010, consider whether your environment includes one or more of the scenarios shown in the following table.
| Scenario | Issue |
|---|---|
Users who access their mailboxes by using a hosted Exchange Server |
If users access mailboxes by using a hosted Exchange Server, you might use the Outlook Security template to configure security settings or use the default Outlook security settings. In hosted environments, users access their mailboxes remotely. For example, they can use a virtual private network (VPN) connection or use Outlook Anywhere (RPC over HTTP). Because Group Policy is deployed by using Active Directory and in this scenario, the user's local computer is not a member of the domain, Group Policy security settings cannot be applied. Also, by using the Outlook Security template to configure security settings, users automatically receive updates to security settings. Users cannot receive updates to Group Policy security settings unless their computer is in the Active Directory domain. |
Users with administrative rights on their computers |
Restrictions to Group Policy settings are not enforced when users log on with administrative rights. Users with administrative rights can also change the Outlook security settings on their computer and can remove or alter the restrictions that you have configured. This is true not only for Outlook security settings, but for all Group Policy settings. Although this can be problematic when an organization intends to have standardized settings for all users, there are mitigating factors:
|
Users who access Exchange mailboxes by using Outlook Web App |
Outlook and Outlook Web App do not use the same security model. OWA has separate security settings stored on the Exchange Server computer. |
How administrator settings and user settings interact in Outlook 2010
Security settings that are defined by the user in Outlook 2010 work as if they are included in the Group Policy settings that you define as the administrator. When there is a conflict between the two, settings with a higher security level override settings with a lower security level.
For example, if you use the Group Policy Attachment Security setting Add file extensions to block as Level 1 to create a list of Level 1 file name extensions to be blocked, your list overrides the default list provided with Outlook 2010 and overrides the user's settings for Level 1 file name extensions to block. Even if you allow users to remove file name extensions from the default Level 1 group of excluded file types, users cannot remove file types that were added to the list.
For example, if the user wants to remove the file name extensions .exe, .reg, and .com from the Level 1 group, but you use the Add Level 1 file extensions Group Policy setting to add .exe as a Level 1 file type, the user can only remove .reg and .com files from the Level 1 group in Outlook.
Working with Outlook COM add-ins
A Component Object Model (COM) add-in should be coded so that it takes advantage of the Outlook trust model to run without warning messages in Outlook 2010. Users might continue to see warnings when they access Outlook features that use the add-in, such as when they synchronize a hand-held device with Outlook 2010 on their desktop computer.
However, users are less likely to see warnings in Outlook 2010 than in Office Outlook 2003 or earlier versions. The Object Model (OM) Guard that helps prevent viruses from using the Outlook Address Book to propagate themselves is updated in Office Outlook 2007 and Outlook 2010. Outlook 2010 checks for up-to-date antivirus software to help determine when to display address book access warnings and other Outlook security warnings.
The OM Guard cannot be modified by using the Outlook security form or Group Policy. However, if you use default Outlook 2010 security settings, all COM add-ins that are installed in Outlook 2010 are trusted by default. If you customize security settings by using Group Policy, you can specify COM add-ins that are trusted and that can run without encountering the Outlook object model blocks.
To trust a COM add-in, you include the file name for the add-in, in a Group Policy setting with a calculated hash value for the file. Before you can specify an add-in as trusted by Outlook, you must install a program to calculate the hash value. For information about how to do this, see Manage trusted add-ins for Outlook 2010.
If you enforce customized Outlook security settings with the Microsoft Exchange Server security form published in an Exchange Server public folder, you can learn how to trust COM add-ins. Scroll down to the Trusted Code tab section in the Microsoft Office 2003 Resource Kit article, Outlook Security Template Settings (https://go.microsoft.com/fwlink/p/?LinkId=75744).
If the user continues to see security prompts after the add-in is included in the list of trusted add-ins, you must work with the COM add-in developer to resolve the problem. For more information about coding trusted add-ins, see Important Security Notes for Microsoft Outlook COM Add-in Developers (https://go.microsoft.com/fwlink/p/?LinkId=74697).
Customize ActiveX and custom forms security in Outlook 2010
You can specify ActiveX and custom forms security settings for Outlook 2010 users. Custom forms security settings include options for changing how Outlook 2010 restricts scripts, custom controls, and custom actions.
Customize how ActiveX controls behave in one-off forms
When Outlook receives a message that contains a form definition, the item is a one-off form. To help prevent unwanted script and controls from running in one-off forms, Outlook does not load ActiveX controls in one-off forms by default.
You can lock down the settings to customize ActiveX controls by using the Group Policy Outlook 2010 template (Outlk14.adm). Or you can configure default settings by using the Office Customization Tool (OCT), in which case users can change the settings. In Group Policy, use the Allow ActiveX One Off Forms setting under User Configuration\Administrative Templates\Microsoft Outlook 2010\Security. In the OCT, the Allow ActiveX One Off Forms setting is in corresponding location on the Modify user settings page of the OCT. For more information about the OCT, see Office Customization Tool in Office 2010.
When you enable Allow ActiveX One Off Forms setting, you have three options, which are described in the following table.
| Option | Description |
|---|---|
Allows all ActiveX Controls |
Allows all ActiveX controls to run without restrictions. |
Allows only Safe Controls |
Allows only safe ActiveX controls to run. An ActiveX control is safe if it is signed with Authenticode and the signer is listed in the Trusted Publishers List. |
Load only Outlook Controls |
Outlook loads only the following controls. These are the only controls that can be used in one-off forms.
|
If you do not configure any of these options, the default is to load only Outlook controls.
Customize custom forms security settings
You can lock down the settings to configure security for custom forms by using the Group Policy Outlook 2010 template (Outlk14.adm). Or you can configure default settings by using the OCT, in which case users can change the settings. In Group Policy, the settings are under User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Custom Form Security. The OCT settings are in corresponding locations on the Modify user settings page of the OCT.
The settings that you can configure for scripts, custom controls, and custom actions are shown in the following table:
| Option | Description |
|---|---|
Allow scripts in one-off Outlook forms |
Run scripts in forms where the script and the layout are contained in the message. If users receive a one-off form that contains script, users are prompted to ask whether they want to run the script. |
Set Outlook object model Custom Actions execution prompt |
Specifies what occurs when a program attempts to run a custom action by using the Outlook object model. A custom action can be created to reply to a message and circumvent the programmatic send protections previously described. Select one of the following:
|
Customize programmatic settings in Outlook 2010
As an administrator of Outlook 2010, you can configure programmatic security settings to manage restrictions for the Outlook object model. The Outlook object model lets you programmatically manipulate data that is stored in Outlook folders.
Note
The Exchange Server Security template includes settings for Collaboration Data Objects (CDO). However, using CDO with Outlook 2010 is not supported.
You can use Group Policy to configure programmatic security settings for the Outlook object model. In Group Policy, load the Outlook 2010 template (Outlk14.adm). The Group Policy settings are located under User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Programmatic Security. These settings cannot be configured by using the Office Customization Tool.
The following are descriptions of the Group Policy options for programmatic settings. You can choose one of the following settings for each item:
Prompt user Users receive a message allowing them to choose whether to allow or deny the operation. For some prompts, users can choose to allow or deny the operation without prompts for up to 10 minutes.
Automatically approve Outlook automatically grants programmatic access requests from any program. This option can create a significant vulnerability, and we do not recommend it.
Automatically deny Outlook automatically denies programmatic access requests from any program and the user does not receive a prompt.
Prompt user based on computer security Outlook relies on the setting in the "Programmatic Access" section of the Trust Center. This is the default behavior.
The settings that you can configure for programmatic security settings for the Outlook object model are shown in the following table.
| Option | Description |
|---|---|
Configure Outlook object model prompt when accessing an address book |
Specifies what happens when a program attempts to gain access to an address book by using the Outlook object model. |
Configure Outlook object model prompt when accessing the Formula property of a UserProperty object |
Specifies what happens when a user adds a Combination or Formula custom field to a custom form and binds it to an Address Information field. By doing this, code can be used to indirectly retrieve the value of the Address Information field by getting the Value property of the field. |
Configure Outlook object model prompt when executing Save As |
Specifies what happens when a program attempts to programmatically use the Save As command to save an item. When an item has been saved, a malicious program could search the file for e-mail addresses. |
Configure Outlook object model prompt when reading address information |
Specifies what happens when a program attempts to gain access to a recipient field, such as To, by using the Outlook object model. |
Configure Outlook object model prompt when responding to meeting and task requests |
Specifies what happens when a program attempts to send mail programmatically by using the Respond method on task requests and meeting requests. This method is similar to the Send method on mail messages. |
Configure Outlook object model prompt when sending mail |
Specifies what happens when a program attempts to send mail programmatically by using the Outlook object model. |
Additional settings
The following table lists the articles that cover additional security settings not included in this article.
| Feature | Related resources |
|---|---|
ActiveX controls |
|
Attachments |
|
Cryptography |
|
Digital signatures |
|
Junk e-mail |
|
Information Rights Management |
|
Protected view |