Configure Outlook Security Settings (Exchange 2003)

Install Outlook Administrator Security Package and Configure Security Settings for Outlook

Before users can install the Outlook Client Plug-in on their Outlook client PCs, you must configure the custom security settings in Outlook for the plug-in from an administrator PC. If you do not configure the security settings, Outlook users will see security warnings.

What you need:

Note: Microsoft Outlook is not supported on the same PC where the Exchange Server components are installed.

To configure the security settings:

  1. Create and configure a Public Folder on the Exchange Server.

  2. Install the Outlook Security Administrator Package.

  3. Install the Outlook Client Plug-in on the Administrator PC.

  4. Set the Custom Security Settings.

  5. Set the registry key on Outlook client PCs.

  6. Restart Outlook.

If you are experiencing problems with the configuration, see Outlook Client Plug-in Troubleshooting.

Create and configure a Public Folder on the Exchange Server:

  1. Using the Exchange System Manager tool on the Exchange Server, navigate to Folders> Public Folders.

  2. Click New, and then create a new folder named exactly Outlook Security Settings.

  3. Right-click the new Outlook Security Settings folder, and click Properties.

  4. On the Permissions tab, click Client Permissions.... Ensure that the "Default "and "Anonymous" Names have the Role of Reviewer enabled, which gives read permissions only. This setting is important because all Outlook users must be able to see this folder and read a form it contains.

  5. Ensure that the "Administrator" Name has the Role of Owner, so that the Administrator can change the contents of this folder.

  6. Add any other users or groups who need to modify the security settings for Outlook, with the Role of Owner.

Install the Outlook Security Administrator Package:

  1. On the Administrator PC, navigate to the Microsoft Office 2007 Resource Kit and execute the file admpack.exe to extract the files it contains (the default location of the package is \Program Files\ORKTools\ORK11\Tools\Outlook Administrator Pack\admpack.exe). Alternatively, you can download the package from the Microsoft Web site at http://office.microsoft.com/en-us/assistance/HA011362851033.aspx.

 When "Admpack.exe" is executed it will extract the files to a working directory (it doesn't matter where the working directory is). The four files are:

  1. Perform the following steps to register the DLL and OCX files on the PC:

Install the Outlook Client Plug-in on the Administrator PC

Set the Custom Security Settings

Note: When running Outlook for the purpose of setting or modifying the security settings, the Administrator must use a mail profile in online mode (not cached or offline mode). It may be useful to create a separate mail profile for the administrative user just for the purposes of administering the security settings. To ensure that you are working in online mode:

  1. On the Administrator PC, navigate to the working directory where the files in the Outlook Security Administrator Package were extracted, and open the file OutlookSecurity.oft.

  2. When prompted to select a folder, select the Outlook Security Settings public folder that was created on the Exchange Server.

  3. Click Tools> Forms > Publish Form. The folder selected should be the Outlook Security Settings folder.

  4. In the Form Name field, type Outlook Security Form. If a security form already exists, type the same name as the existing form to overwrite it.

  5. Click Publish.

  6. Close the Outlook Security template, but DO NOT SAVE when prompted while closing the template.

  7. In Outlook (online mode) click the drop-down arrow next to the New button, and select Choose Form.

  8. Navigate to the template created in the previous steps, select the template, and click Open.

  9. On the Trusted Code tab, click Add.

  10. Navigate to the folder where the Outlook Client Plug-in is installed. The default location is C:\Program Files\Mitel Networks\Outlook Client Plug-in.

  11. Select UMClientOutlookPlugIn.dll, and click Open. The Trusted box on the Trusted Code tab should now include the UMClientOutlookPlugIn.dll file.

  12. On the Program Settings tab, click Close, and when prompted to save changes, click Yes.

Set the Registry Key on Outlook Client PCs

All Outlook client PCs must have a certain registry key set for Outlook to get the custom security settings from the Exchange Server. Depending on how Microsoft Office was installed on the client PC, this key may or may not be set already.

The key is  HKCU\SW\Policies\Microsoft\Security\CheckAdminSettings

The key must have a DWORD value of 1.

For full details on setting the registry key, refer to the Microsoft readme.doc file in the Outlook Administrator Pack. Also see "How to deploy customized Outlook 2003 security settings to client computers by using the 'Outlook virus security settings' Group Policy setting, at http://support.microsoft.com/?kbid=885682

Restart Outlook

It may be necessary for a user to restart Outlook twice before seeing the new security settings. The first time a user starts Outlook after the security settings have been applied, they will see the default administrative settings rather than the new settings. The user must close Outlook and restart it again.