E-mail logging when using Outlook 2007

When time passes by and people started to update their Office environments with the latest Office release, we immediately saw an increase of cases coming in that state that with Office 2007, E-mail logging refuse to log E-mails when using the Application Server while this worked in earlier releases of Office. This seems to relate to the way Office 2007, or better Outlook 2007, deals with security that is in the Trust Center. If there is no antivirus solution installed, then Office 2007 seems to act differently causing the whole confusion why E-mail logging does not work at once.

We at Microsoft do think that everyone now has an antivirus solution installed on their client PC's. Well I have news about that: not everyone does have a client with an antivirus solution installed. This is a misconception from our side. For example: in demo environments using virtualizations without Internet access, there is no absolute immediate need to install an antivirus solution. But we sometimes see PC's where this is indeed true: no antivirus solution installed or one that is installed but is actually expired.

In all those scenario's when using NAS, there are no error message and the QUEUE Public Folder is building up. As we all know already, when using NAS in combination with MAILLOG in NAV 4.0 or JOBQUEUE in NAV 5.0, we need to configure the Outlook Security Settings template in a Public Folder when using Exchange 2003. For later releases, GPO can do this for you, but that is out of scope of this blog.

Outlook 2007 can use either public folder security forms or Group Policy to manage security for attachments and for add-ins. The ability to use Group Policy object (GPO) settings to store security settings is a new feature in Outlook 2007. If your environment uses public folders, and if you use public folder security forms in earlier versions of Outlook, you can continue to use public folder security forms. You can do this after you make a minor change to the appropriate registry settings.

Outlook 2007 is designed to take advantage of the GPO settings to manage security for attachments and for add-ins. Unlike Microsoft Office Outlook 2003, Outlook 2007 does not use the CheckAdminSettings registry data to determine policy settings or to determine trust levels for add-ins. Instead, Outlook 2007 uses the new AdminSecurityMode registry entry to determine the security policy. The AdminSecurityMode registry entry uses the following configuration: Key: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\Security DWORD value: AdminSecurityMode Values:

0: Use the default Outlook security settings Note This is the default setting if the AdminSecurityMode registry entry is not present.
1: Use the security policy from the Outlook Security Settings public folder
2: Use the security policy from the Outlook 10 Security Settings public folder
3: Use the security policy from the GPO settings
 
Use the AdminSecurityMode registry entry to control the security settings that Outlook 2007 applies. You can configure Outlook 2007 to use the current security settings that are published through the existing Outlook public folder security forms. Alternatively, you can configure Outlook 2007 to use GPO-based security settings.
In Office 2007 there is a now a so called Trust Center which you can find in the Tools menu of your Outlook 2007 client. If you click on Tools menu / Trust Center and then select the tab Programmatic Access, then you will see the following options:
- Warn me about suspicious activity when my antivirus software is inactive or out-of-date (recommended)
- Always warn me about suspicious activity
- never warn me about suspicious activity

So, this means that if you do not have antivirus software on your Outlook 2007 machines, then you will get that security dialog box. It is recommended to make sure your antivirus solution is up to date. However, if that is not possible, then you can use a registry setting to override this setting: To deploy the configuration setting for programmatic access security, push out the following registry data Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Office\12.0\Outlook\Security DWORD: ObjectModelGuard Possible Values:
0 (or missing) = "Warn me about suspicious activity when my antivirus software is inactive or out-of-date (recommended)"
1 = "Always warn me about suspicious activity"
2 = "Never warn me about suspicious activity (not recommended)

Marco Mels
Microsoft Dynamics NL

Microsoft Customer Service and Support (CSS) EMEA
These postings are provided "AS IS" with no warranties and confer no rights. You assume all risk for your use.