Re: disable double clicking attachments

From: Vanguard (see_signature)
Date: 01/10/05 

Date: Sun, 9 Jan 2005 19:02:46 -0600

"jd142" <jd142@hotmail.com> wrote in message
news:1105314735.841569.200690@c13g2000cwb.googlegroups.com...
> Hi,
>
> We're moving users to Outlook 2003 from Eudora. Eudora would
> automatically remove attachments from emails and store them in an
> attachment folder, with just a link to them in the message.
> Personally, I prefer it to the way O2k3 does it. This change is
> causing some confusion for our users. They double click an
> attachment,
> edit and save it and it ends up buried in local settings and they have
> to change the name.

So they cannot remember in the 5 seconds between when they specified
WHERE to save the attachment in the Save dialog that pops up to when
they then want to use the saved file? They double-click an attachment.
A dialog pops up asking what action the user wants to commit. They
select to Save the file. Then get a browser dialog to let them select
where to save it. They click OK and it gets saved. They now cannot
remember where they just specified to save the file? With such advanced
alzhiemer's, e-mail is the least of their problems.

When the attachment is a hazardouse filetype, they do not have the
option to open it. They only have the option to Save to Disk. That was
the first prompt. Them navigating to and opening the file themself
separate of the e-mail is the second prompt. There will be users that
open files even if there were a hundred prompts.

> What I'd like to do is completely disable the ability to double click
> and launch and attachment. I want to force them to save it to a
> default folder that I set. Then they can use the appropriate program
> to open and edit it. I know that's more steps, but it's infinitely
> more secure and better file management practice.

So everyone gets to see everyone else's attachments? Guess your company
isn't interested in security between its employees. Your CEO that
discusses bonuses and stock options which are in a .doc attachment
really wants his employees seeing this?

You can't do what you want in Outlook. You are asking to change
behavior of its code to emulate the behavior of some completely
unrelated e-mail product. Different e-mail clients have different
behaviors. That's why there is choice. It sounds like you need to
employ a proxy that is upstream of your users that will strip out the
attachments and save them into paths that are permissioned according to
the account through which the message was received so users can only see
their attachments and no one else's.

> Is there a way to only let people save attachments in Outlook, not
> launch them?

And how are you going to stop them from opening them when they got
stripped an put into some holding store where they then access and open
them? Your solution doesn't stop them from running attachments, either.

The executable filetypes are prevented from executing from within
Outlook. The user already gets double prompted, once to save, and again
for them to choose to run the file - so how many prompts is enough?
They could edit the registry to add filetypes to the Level1Remove
registry key to bypass security but then that was their choice to do so
(and, if it violates company policies, it subjects them to getting
fired). Using Exchange would have its policies override what the user
could edit in their local registry. I don't know if using a domain
allows you to set policies that affect control over a particular
registry key, but you could define domain policies that would disable
them from using registry tools, like regedit, so the user can't go
hacking the registry to circumvent domain policies.

Relevant Pages

  • Re: Outlook 2000 To Prompt For Default Control
    ... This will get you your prompt. ... If you are familiar with the registry: ... text file and rename to default.reg, (exit Outlook), then right click the ...
    (microsoft.public.outlook)
  • Re: Moving Reader Pane/Turning off View Groups with ORK
    ... >Those settings are not exposed in the CIW, policies or ... the registry. ... >settings are stored in the mailbox/.pst file itself, ... >would be a script or, probably better, an Outlook COM ...
    (microsoft.public.office.setup)
  • Re: Outlook, no permission to logon
    ... Please check the RPC_Binding_Order registry value on the machine. ... The RPC_Binding_Order entry is created when you install the Outlook client ... Microsoft CSS Online Newsgroup Support ... Please create a new profile on the workstation to test the issue, ...
    (microsoft.public.windows.server.sbs)
  • email attachments
    ... Outlook 2002 includes a new security feature that blocks ... attachments considered unsafe. ... Request that the sender rename the file extension and send ... the registry to customize the attachment security ...
    (microsoft.public.outlook)
  • Re: Local policy, IE and SP2...
    ... I must mention here that I rarely use GPEdit and almost always I change the Explorer or System policies through registry. ... The same I did for those tests I mentioned for SP2. ... this is true - those policies will not allow you to lock user accounts from launching applications from hidden drives. ...
    (microsoft.public.windowsxp.embedded)