Security Admin confusion

[Albacrest]

I'm trying without much success, to set up Security Admininstration on my
own Windows 2000 Server/XP workstation environment. I'm trying to check it
out before deploying at my customer's site.



The client application involved uses MAPI to resolve adddresses and the
Outlook object model to send email. As I read it, I can create customised
settings for the users that deploy this application.



I've gone over every step of the installation several times, checked the
folder permissions, the registry setting on the client workstation. I'm
still getting the "Attempting to access" prompt.



I'm wondering what else I can do. The mail client is OL2002 and I've tried
"Outlook Security Settings" with registry key 1 and "Outlook 10 Security
Settings" with registry key 2.



Both the above folders are visible on the client at the top level of "All
Public Folders"



I've tried using default settings only, exception group only and both
together to leave no stone unturned.



So I'm wondering, am I mistaken about Security Administration? Perhaps it's
only applicable to code within Outlook forms and not programs that attempt a
direct call to MAPI or the OOM?



Jeff Mowatt

 

[Sue Mosher [MVP-Outlook]]

The security settings are applicable to all kinds of programs that access
Outlook objects and methods (which is why they're not a really good
solution -- they leave the client vulnerable). What options did you choose
on the security settings item your stored in the public folder?

 

[Albacrest]

Sue,

For the time being I've set all the options on the second page to allow any
CDO, MAPI or Outlook call. I know exactly what code is being used in this
instance, a simple MAPI call to resolvename() and a send() using an Outlook
message object.

Jeff Mowatt

 

[Sue Mosher [MVP-Outlook]]

I've encountered another couple of cases where the security settings folder
just didn't work in OL2002, but no cause that we can put our finger on. I'd
try a new Outlook profile and make sure I start Outlook twice before
testing.

FWIW, if I were the client, I wouldn't be real happy with easing the
security settings like that. If your program can work with addresses and
send mail, so can a virus.
--
Sue Mosher, Outlook MVP
Author of
Microsoft Outlook Programming - Jumpstart for
Administrators, Power Users, and Developers

 

[Albacrest]

Sue,

Well we haven't got much other choice other than duplicating the address
book and doing everything via SMTP. Microsoft gave us the means to add email
to our product and now it's obstructed with no facility to define a trusted
exe.

Funnily enough, I discovered today that my customer (mentioning no names but
well known as a multinational leasing company) have already spent 2 weeks
effort trying to get this working for another project.They haven't been
sucessful yet, but if they were ready to take the risk anyway, it's not
going to increase much with another small app.

I wish there was another way of approaching it but there doesn't seem to be,
unless I can wrap the email code up in a dll and have that trusted by
Security Administration. It's going to be a lot of effort to discover that
this won't work either.

Jeff Mowatt

 

[Sue Mosher [MVP-Outlook]]

C++ and Delphi programmers can use Extended MAPI directly. The approach that
many of us VB programmers use is to employ Redemption, which is a COM
wrapper around Extended MAPI (with lots of other cool features). Other
people go the SMTP route.

I'm still checking to see if anyone else has ideas on why the form isn't
doing its job.

Dumb question, but what's the exact registry key you used?
--
Sue Mosher, Outlook MVP
Author of
Microsoft Outlook Programming - Jumpstart for
Administrators, Power Users, and Developers

 

[Albacrest]

Sue,

Not such a dumb question, I keep staring at it to make sure I got it right!

HKCU/Software/Policies/Microsoft/Security

Therein I have a name "CheckAdminSettings" with a value of 1 (dword)

Regards,

Jeff

 

[Sue Mosher [MVP-Outlook]]

Can a user browse to the Outlook Security Settings folder and see the items
OK?
--
Sue Mosher, Outlook MVP
Author of
Microsoft Outlook Programming - Jumpstart for
Administrators, Power Users, and Developers

 

[Albacrest]

Yes Sue,

They can be seen and opened.

Can a user browse to the Outlook Security Settings folder and see the items
OK?
--
Sue Mosher, Outlook MVP
Author of
Microsoft Outlook Programming - Jumpstart for
Administrators, Power Users, and Developers



seem used

 

[Albacrest]

Sue,

After some further investigation I can confirm that this works exactly as
described with an OL2000 client. That might help my customer in the short
term but we can be almost certain that the next step they make will be to
move to OL2002.

Regards,

Jeff

 

[Guest]

In your view How do you Define a Good Server Admin?In terms of duties and responsibility?state and name them