WinDeveloper IMF Tune

WinDeveloper IMF Tune
WinDeveloper IMF Tune
  • Home
  • Security
  • Time to Trash the Outlook Security Administrative Package

Time to Trash the Outlook Security Administrative Package

Alexander Zammit

Alexander Zammit Photo

Alexander Zammit has been developing server applications for over 15 years. Most of his works involve Exchange integrated applications, including a FAX server, a mail security product and anti-spam products.

  • Published: Jun 27, 2006
  • Category: Security
  • Votes: 3.7 out of 5 - 3 Votes
Cast your Vote
Poor Excellent

Do you hate the Outlook Security Administrative Package (AdmPack)? Six years from the birth of the Outlook Security lockdown a new administrative interface is on the horizon.

The Outlook Security protection dates back to year 2000. The "I Love You" and "Melissa" viruses had just caused havoc all over the globe. Using the Outlook Object Model (OOM) the viruses spread by sending copies to all address book contacts.

Microsoft was under great pressure. The same Outlook extensibility used by various legitimate applications was also providing a window for virus distribution. Thus the Outlook Security update was born in May 2000 locking down these interfaces. This was made available as a patch for Outlook 98 and Outlook 2000. Thereafter it was included out-of-the-box with the Outlook releases that followed.

I am sure many of you have seen this dialog:

Outlook Object Model Warning

It alerts the user that an application is about to access the address book. The warning is part of the OOM lockdown protecting against automated address book access and email submission. The lockdown also blocked access to certain email attachment types such as executables and batch files. Finally it also raised the default internet security zone setting, restricting internet access through Outlook.

Whereas the update did a fine job in most cases, the lockdown did (and still does) interfere with the legitimate use of Outlook. Most commonly some users require access to blocked attachment types or need to use applications that collide with the OOM warnings. As an example, one such application is the MS Word Mail Merge functionality. On the other hand some want tighter security. Restricting access to more attachment types is often the most common requirement.

Configuring the Outlook Security functionality is what normally leaves administrators down. The solution provided to Exchange organizations is certainly not administrator friendly and is to say the least patchy. To begin with an administrator is required to manually perform these steps:

  1. Download and copy AdmPack patch files
  2. Register COM objects
  3. Create a public folder and configure access permissions
  4. Install a Custom Outlook Form
  5. Perform a registry tweak on each client machine requiring customized Outlook security

Once all of this is done, through the form, the Outlook Security functionality may be configured. This is certainly not what an Administrator expects from Exchange, the leading enterprise email server.

Administrative Package Outlook Form

Microsoft made available this administrative patch from the Office XP Resource Kit download page. From here you can download the 'Outlook Security Features Administrative Package' Admpack.exe. The package contains all necessary files including readme.doc which takes you through the steps required to install the patch and configure the customized security settings.

Once you go through this procedure you are likely to join the club of those wondering how come a decent administrative interface is not available. So here comes the good news! With the upcoming Outlook 2007 the security settings are configurable through Group Policy. Using Group Policy also means these settings won't be tied to Exchange any longer.

It took us a long time to get to here. Finally here is a solution that will ultimately enable us to forget of AdmPack.

References

Microsoft to Deliver Major Outlook Security Solution To Help Protect Customers Against Computer Viruses

Office XP Resource Kit

User Comments - Page 1 of 1

Add New Comment...

Scott M. Wright 3 Dec 2013 08:34
It would be nice if you make the exact same fix for Windows Live Mail (Account Edge for Windows)
Copyright © 2005 - 2016 All rights reserved. ExchangeInbox.com is not affiliated with Microsoft Corporation