Microsoft Outlook comes with built in security features to guard against viruses and malicious software. In some situations, using the Outlook Client Plug-in will cause a security warning about "unauthorized access". The following sections describe how to set the Outlook Client Plug-in application as a trusted add-in so that the security warning does not appear. The relevant section will depend on the customer's current network:
Outlook 2007 (default basic security)
Outlook 2007 with Group Policy
Outlook 2007/2003/2000 with Public Folder
With the introduction of Outlook 2007, add-in security features have been enhanced. If the entire network is using Outlook 2007 under the following conditions then there is no need to perform additional steps to trust the Multimedia Outlook Plug-in:
The client computer is running Microsoft Windows XP Service Pack 2 (SP2) or Microsoft Windows Vista, and the Windows Security Center (WSC) indicates that antivirus software on the computer is in a "Good" health status. If the computer is joined to a domain, the health-status indicator may not be visible, but it is still maintained.
The antivirus software installed on the client computer is designed for Windows XP SP2 or Windows Vista.
Outlook 2007 is configured on the client computer in one of the following ways:
Uses the default security settings
Uses security settings defined by Group Policy and set to warn when antivirus software is inactive or out of date
Uses security settings defined by Group Policy but does not have a programmatic access policy applied
See http://msdn.microsoft.com/en-us/library/bb226709.aspx for further details.
When using a Group Policy to manage the security settings of Outlook 2007 users, the default policy setting will disable the security warning pop-up and no further changes are needed, BUT if a custom policy has been created, the trust level setting must be set to either Trust all loaded or installed COM add-ins or Trust all, or use Exchange settings if present (with valid antivirus settings as above). The following steps describe how to ensure these settings are correct:
Note: The outlk12.adm administrative policy template must be installed to view the Outlook 2007 Group Policy security settings.
Open Active Directory Users and Computers.
Right-click the domain or organizational unit for which to set the Group Policy.
Click Properties, then click the Group Policy tab.
Click Edit to open the Group Policy object that contains the Outlook security settings.
Navigate to User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security.
Modify the Configure Add-in Trust Level item and set the trust level to Trust all loaded or installed COM add-ins.
If the local security policy requires that only the Outlook Client Plug-in is to be trusted, follow the steps in the Group Policy Overview for Office 2007 document to create a trusted add-in. This document can be found at: http://technet.microsoft.com/en-us/library/cc179194.aspx
If users in the network are using Public Folders for security policies, you must configure the custom security settings in Outlook for the plug-in from an administrator PC. If you do not configure the security settings, Outlook users will see security warnings.
What you need
The Exchange Server PC
A separate Administrator PC with Microsoft Windows 2000 or later and with Microsoft Outlook installed. You will use this PC to configure the Outlook security settings.
Note: Microsoft Outlook is not supported on the same PC where the Exchange Server components are installed.
To configure the security settings:
Create and configure a Public Folder on the Exchange Server.
Install the Outlook Security Administrator Package.
Install the Outlook Client Plug-in on the Administrator PC.
Set the Custom Security Settings.
Set the registry key on Outlook client PCs.
If you are experiencing problems with the configuration, see Multimedia Outlook Plug-in Troubleshooting.
Start the Exchange Management Console.
In the console tree, click Toolbox.
In the result pane, click Public Folder Management Console, and then in the action pane, click Open Tool. The Public Folder Management Console appears.
In the public folder tree, click or expand Default Public Folders, and then select the folder in which you want to create a public folder.
In the action pane, click New Public Folder. The New Public Folder wizard appears.
On the New Public Folder page, in the Name field, type the name of the new public folder, Outlook Security Settings.
In the Path field, verify the path to the public folder that you are creating.
Click New to create the public folder.
On the Completion page, the Summary states whether the public folder was successfully created. The summary also displays the Exchange Management Shell command that was used to create the public folder.
Click Finish.
On the Administrator PC, navigate to the Microsoft Office 2007 Resource Kit and execute the file admpack.exe to extract the files it contains (the default location of the package is \Program Files\ORKTools\ORK11\Tools\Outlook Administrator Pack\admpack.exe). Alternatively, you can download the package from the Microsoft Web site at http://office.microsoft.com/en-us/assistance/HA011362851033.aspx
When "Admpack.exe" is executed it will extract the files to a working directory (it doesn't matter where the working directory is). The four files are:
OutlookSecurity.oft
Hashctl.dll
Comdlg32.ocx
Readme.doc
Perform the following steps to register the DLL and OCX files on the PC:
Copy the hashctl.dll and comdlg32.ocx files to the C:\windows\system32 directory. If the operating system is installed in a directory other than C:\windows, substitute that directory.
In the Start menu, click Run, and then type the following command: Regsvr32 hashctl.dll
In the Start menu, click Run, then type the following command: Regsvr32 comdlg32.ocx
On the Administrator PC, install the Outlook Client Plug-in from the CD. (Refer to the NuPoint Unified Messaging User Guide for instructions.)
Note: When running Outlook for the purpose of setting or modifying the security settings, the Administrator must use a mail profile in online mode (not cached or offline mode). It may be useful to create a separate mail profile for the administrative user just for the purposes of administering the security settings. To ensure that you are working in online mode:
Click Start > Control Panel, and then open Mail.
Click E-mail Accounts> Next.
Highlight Microsoft Exchange Server and click Change.
Clear the Use Cached Exchange Mode check box, and click Next.
Click Finish.
On the Administrator PC, navigate to the working directory where the files in the Outlook Security Administrator Package were extracted, and open the file OutlookSecurity.oft.
When prompted to select a folder, select the Outlook Security Settings public folder that was created on the Exchange Server.
Click Tools> Forms > Publish Form. The folder selected should be the Outlook Security Settings folder.
In the Form Name field, type Outlook Security Form. If a security form already exists, type the same name as the existing form to overwrite it.
Click Publish.
Close the Outlook Security template, but DO NOT SAVE when prompted while closing the template.
In Outlook (online mode) click the drop-down arrow next to the New button, and select Choose Form.
Navigate to the template created in the previous steps, select the template, and click Open.
On the Trusted Code tab, click Add.
Navigate to the folder where the Outlook Client Plug-in is installed. The default location is C:\Program Files\Mitel Networks\Outlook Client Plug-in.
Select UMClientOutlookPlugIn.dll, and click Open. The Trusted box on the Trusted Code tab should now include the UMClientOutlookPlugIn.dll file.
On the Program Settings tab, click Close, and when prompted to save changes, click Yes.
All Outlook client PCs must have a certain registry key set for Outlook to get the custom security settings from the Exchange Server. Depending on how Microsoft Office was installed on the client PC, this key may, or may not, be set already.
The key is HKCU\SW\Policies\Microsoft\Security\CheckAdminSettings
The key must have a DWORD value of 1.
For full details on setting the registry key, refer to the Microsoft readme.doc file in the Outlook Administrator Pack. Also see "How to deploy customized Outlook 2003 security settings to client computers by using the 'Outlook virus security settings' Group Policy setting, at http://support.microsoft.com/?kbid=885682
It may be necessary for a user to restart Outlook twice before seeing the new security settings. The first time a user starts Outlook after the security settings have been applied, they will see the default administrative settings rather than the new settings. The user must close Outlook and restart it again.