Outlook 2007 Programmatic Security

[bossa.smeg]

Hi,

I'm running outlook 2007 on a Windows 2003 R2 Server.

I have a third party program, which creates an excel report and them
attempts to programmaticaly email it using MAPI/Outlook (it possibly
uses excel to do this on it's behalf but I am not sure).

However, I am being presented with the outlook security message
regarding a program attempting to send an email i.e. an allow/deny
popup. As the application is part of an automated monitoring system,
having someone present to click "allow" is not an option.

I have tried the following:
-Setting the Outlook 2007 programmatic access security settings in the
trust centre to "never warn me about suspicious activity"
-Downloading the group policy template for office 2007 and setting the
programatic access secity setting to enable and "never warn", along
with Outlook Security Mode to enabled/"Use Outlook Security Group
Policy" along with the configure outlook object model prompt when
sending email to enabled/"Automatically approve".

The above has not cured the problem and I am still presented with the
warning prompt. I have logged off/on to ensure that the GPO is set
(the server is a member server and I am directly editing the local
computer policy).

I have read some information regarding the requirement that the system
have an up to date and installed antivirus package for the above to
(possibly?) work.

Of course, I have an updated and installed antivirus package.

However, outlook tells me that detection of an up to date and
installed antivirs package on this OS (2k3 server) is not supported.

Is there something I am missing, or am I stuck with no way out?

Any help and advice much appreciated.

Kind regards,

AJ

 

[Roady [MVP]]

Whether or not you get the prompt, roughly depends on two factors;
-what you are trying to access in Outlook
-the way that you try to access Outlook

If all you do is sending an email, then you can program it without getting
prompted. There are programming guidelines for that.

If you want to access certain properties within Outlook and/or read certain
item properties, then you can program with Redemption to suppress the
Outlook prompts.
See http://addins.howto-outlook.com/dimastr_redemption

 

[bossa.smeg]

Hi,

Thanks for the update. The application we are using is third party, so
I do not have the ability to access or modify the code. As far as I
can see it is simply using outlook to send an email with an
attachment.

Is there no clear/easy way to disable the warnings? The options
certainly seem to be there in the OS/Outlook, it's just that they
don;t appear to work.

Thanks again for your help.

AJ

Whether or not you get the prompt, roughly depends on two factors;
-what you are trying to access in Outlook
-the way that you try to access Outlook

If all you do is sending an email, then you can program it without getting
prompted. There are programming guidelines for that.

If you want to access certain properties within Outlook and/or read certain
item properties, then you can program with Redemption to suppress the
Outlook prompts.
Seehttp://addins.howto-outlook.com/dimastr_redemption

--
Robert Sparnaaij [MVP-Outlook]
Coauthor, Configuring Microsoft Outlook 2003http://www.howto-outlook.com/
Outlook FAQ, HowTo, Downloads, Add-Ins and more

http://www.msoutlook.info/
Real World Questions, Real World Answers

-----

Hi,

I'm running outlook 2007 on a Windows 2003 R2 Server.

I have a third party program, which creates an excel report and them
attempts to programmaticaly email it using MAPI/Outlook (it possibly
uses excel to do this on it's behalf but I am not sure).

However, I am being presented with the outlook security message
regarding a program attempting to send an email i.e. an allow/deny
popup. As the application is part of an automated monitoring system,
having someone present to click "allow" is not an option.

I have tried the following:
-Setting the Outlook 2007 programmatic access security settings in the
trust centre to "never warn me about suspicious activity"
-Downloading the group policy template for office 2007 and setting the
programatic access secity setting to enable and "never warn", along
with Outlook Security Mode to enabled/"Use Outlook Security Group
Policy" along with the configure outlook object model prompt when
sending email to enabled/"Automatically approve".

The above has not cured the problem and I am still presented with the
warning prompt. I have logged off/on to ensure that the GPO is set
(the server is a member server and I am directly editing the local
computer policy).

I have read some information regarding the requirement that the system
have an up to date and installed antivirus package for the above to
(possibly?) work.

Of course, I have an updated and installed antivirus package.

However, outlook tells me that detection of an up to date and
installed antivirs package on this OS (2k3 server) is not supported.

Is there something I am missing, or am I stuck with no way out?

Any help and advice much appreciated.

Kind regards,

AJ- Hide quoted text -

- Show quoted text -

 

[Roady [MVP]]

I would first start with checking the 3rd party for an update of their tool.
With this security mechanism in place for over 6 years (maybe even 7 by now)
there really isn't any excuse anymore not to comply with the security
guidelines.

Your virus scanner appears not to report its status to the OS. This is why
the options to disable the prompt in Outlook won't work. Check for an update
on your virus scanner as well.

From an admin point of view, I would migrate away from that application as
soon as possible. Can't this application run as a service? You really
shouldn't want to run an application which requires an interactive logon
session on the server in order to run. Especially a monitoring application.
It's also weird that it requires you to install Outlook on the system. A
server side application should be able to directly talk to your mail server
and shouldn't rely on a client side configuration. I don't know which tool
you are using but it has got "amateur" written all over it.

If you still want to go the client route, you might have success with this
addin;
http://addins.howto-outlook.com/mapilab_security

Hi,

Thanks for the update. The application we are using is third party, so
I do not have the ability to access or modify the code. As far as I
can see it is simply using outlook to send an email with an
attachment.

Is there no clear/easy way to disable the warnings? The options
certainly seem to be there in the OS/Outlook, it's just that they
don;t appear to work.

Thanks again for your help.

AJ

Whether or not you get the prompt, roughly depends on two factors;
-what you are trying to access in Outlook
-the way that you try to access Outlook

If all you do is sending an email, then you can program it without
getting
prompted. There are programming guidelines for that.

If you want to access certain properties within Outlook and/or read
certain
item properties, then you can program with Redemption to suppress the
Outlook prompts.
Seehttp://addins.howto-outlook.com/dimastr_redemption

--
Robert Sparnaaij [MVP-Outlook]
Coauthor, Configuring Microsoft Outlook 2003http://www.howto-outlook.com/
Outlook FAQ, HowTo, Downloads, Add-Ins and more

http://www.msoutlook.info/
Real World Questions, Real World Answers

-----

Hi,

I'm running outlook 2007 on a Windows 2003 R2 Server.

I have a third party program, which creates an excel report and them
attempts to programmaticaly email it using MAPI/Outlook (it possibly
uses excel to do this on it's behalf but I am not sure).

However, I am being presented with the outlook security message
regarding a program attempting to send an email i.e. an allow/deny
popup. As the application is part of an automated monitoring system,
having someone present to click "allow" is not an option.

I have tried the following:
-Setting the Outlook 2007 programmatic access security settings in the
trust centre to "never warn me about suspicious activity"
-Downloading the group policy template for office 2007 and setting the
programatic access secity setting to enable and "never warn", along
with Outlook Security Mode to enabled/"Use Outlook Security Group
Policy" along with the configure outlook object model prompt when
sending email to enabled/"Automatically approve".

The above has not cured the problem and I am still presented with the
warning prompt. I have logged off/on to ensure that the GPO is set
(the server is a member server and I am directly editing the local
computer policy).

I have read some information regarding the requirement that the system
have an up to date and installed antivirus package for the above to
(possibly?) work.

Of course, I have an updated and installed antivirus package.

However, outlook tells me that detection of an up to date and
installed antivirs package on this OS (2k3 server) is not supported.

Is there something I am missing, or am I stuck with no way out?

Any help and advice much appreciated.

Kind regards,

AJ- Hide quoted text -

- Show quoted text -

 

[Michael Bauer [MVP - Outlook]]

... but it has got "amateur" written all over it.

The security issue is not only in place since many years, it's probably also
the most asked one in every Outlook related newsgroups.

--
Best regards
Michael Bauer - MVP Outlook

: VBOffice Reporter for Data Analysis & Reporting
: Outlook Categories? Category Manager Is Your Tool
: <http://www.vboffice.net/product.html?pub=6&lang=en>



Am Fri, 1 Aug 2008 10:43:02 +0200 schrieb Roady [MVP]:

 

[Roady [MVP]]

You try to stress my point that a proper software developer should know how
to get it right? ;-)

 

[Michael Bauer [MVP - Outlook]]

Yep

--
Best regards
Michael Bauer - MVP Outlook

: VBOffice Reporter for Data Analysis & Reporting
: Outlook Categories? Category Manager Is Your Tool
: <http://www.vboffice.net/product.html?pub=6&lang=en>


Am Fri, 1 Aug 2008 15:27:38 +0200 schrieb Roady [MVP]:

 

[Roady [MVP]]

Gotcha! :-D
I know your addins don't. Gotta love Dmitry's Redemption