Exchange & Outlook UPDATE, Outlook Edition, March 26, 2004


~~~~ This Issue Sponsored By ~~~~

Equisys, Inc.

NEW Web Seminar - Preemptive Email Security: How Enterprise Rent-A-Car Eliminates Spam


- Tighter Security in Outlook 2002 SP3

- Tip: Customizing Default Folder Views

New and Improved
- Recover Damaged Outlook Express Files


~~~~ Sponsor: Equisys, Inc. ~~~~
Now shipping, the new version of Zetafax integrates seamlessly with Microsoft Office 2003 and Microsoft Exchange 2003. It also includes a choice of fax, email, and Web clients that you can use in any combination. And, it's the first network fax solution to offer a choice of client installation from a centralized location or at individual desktops. Easy to install, easy to use, and many enhancements requested by users like you! Upgrade by May 31, 2004 to qualify for a rebate and other special offers! Contact us today for all the details.


==== Commentary: Tighter Security in Outlook 2002 SP3==== by Sue Mosher, News Editor, [email protected]

Microsoft caused a commotion when it released Service Pack 3 (SP3) for Office XP earlier this month. Along with fixing bugs in Outlook 2002 and other Office programs, this service pack tightens "object model guard" security for programs that access the contents of Outlook messages and other items. The tighter security had an immediate effect on certain antispam applications, PDA-synchronization tools, and other programs that work with Outlook--in some cases triggering a security prompt every few minutes as Outlook downloaded new messages. Vendors have now released updates for the most affected antispam and PDA tools. Initially, though, because the service pack can't be uninstalled, users who didn't want to deal with the prompts were left in the ironic position of having to choose between disabling their antispam programs (at least temporarily) or removing both SP3 and Office, then reinstalling Office XP and doing without the new security features.

As the Microsoft article "Custom solutions and add-ins that integrate with Outlook 2002 are affected after you apply Office XP Service Pack 3 (SP3)" ( ) explains, the properties that trigger an address book security warning in SP3 are Body, HTMLBody, WordEditor, and HTMLEditor. These are precisely the properties that custom Outlook forms, COM add-ins, and other applications use to work with the body of a message or other Outlook item. That's why the range of applications affected includes antispam tools, utilities that enhance Outlook message content, and PDA synchronization tools. All these tools work directly with the body of mail messages or other items.

That Microsoft would want to restrict access to these properties isn't surprising, given how many people include email addresses and other contact information in their messages. Message bodies present a ripe source for viruses and other malicious programs that try to harvest addresses. Office Outlook 2003 automatically blocks these properties but uses a slightly different security model that doesn't trigger security prompts from most Outlook add-ins. (See "Outlook 2003 Minimizes Intrusion of Security Prompts" at for more information about Outlook 2003's behavior.)

What is surprising is that Microsoft didn't anticipate how many applications and users might be affected by SP3 and didn't detail the security changes in the Knowledge Base articles that it published at the same time as the SP3 release. The Microsoft article about the SP3 security changes took several days to become available. In the meantime, users posted frantically to Outlook discussion forums and called Microsoft's support lines trying to get a solution.

Timely notice to known antispam and PDA-sync vendors might also have kept the commotion down to a manageable roar. In the future, Microsoft might know exactly which vendors to notify in such situations. Microsoft's new Customer Experience Improvement Program gathers data about Office-program usage from volunteer participants. This data could include information about which Outlook COM add-ins users are installing; Microsoft would then know which add-ins are in widespread use and could work with those vendors to make sure they're ready for any future tightening of security. (I'll discuss the Customer Experience Improvement Program in more detail in an upcoming column.)

In the meantime, if you're preparing to roll out SP3, you might want to check to see whether updates are available for the add-ins that you use in your organization and analyze the code used in any of your custom Outlook forms to determine whether those forms will be affected. To reduce Outlook 2002's vulnerability to known security exploits, install the Outlook 2002 Security Patch: March 9, 2004 ( ), which Microsoft released just before SP3 and which doesn't include the "object model guard" changes.

Administrators and Help desks should also be aware of several other security-related symptoms that SP3 might demonstrate to Outlook users. The service pack blocks more files--specifically, .asp, .tmp, .vsmacros, .vss, .vst, .vsw, and .ws files. The custom forms cache is folder-specific, as it is in Outlook 2003. If an item's custom form isn't published in the item's parent folder or in the Personal Forms or Organizational Forms library, Outlook will display the default form for the item's type, rather than the custom form.

In addition, code won't run for items in other users' mailboxes when those items use custom Outlook forms. Code also won't run on folder home pages for those mailbox folders. A new registry entry is available to allow such form or folder home page code to run. Another new registry entry can disable form and folder home page code in public folders, but that entry is enabled by default, so users shouldn't notice any change in public folder behavior. "Custom solutions and add-ins that integrate with Outlook 2002 are affected after you apply Office XP Service Pack 3 (SP3)" also describes these registry settings and other changes that might affect custom Outlook solutions.

You might need to make one additional registry change if users have installed Adobe Acrobat and use its PDFMaker component to create .pdf files from Word documents. The PDFMaker program includes an Outlook COM add-in that triggers a security prompt each time the user starts a message using WordMail as the email editor. If you don't want to disable WordMail, you can disable the add-in with a registry change. Go to the HKEY_LOCAL_MACHINE\Software\Microsoft\Office\Outlook\Addins\PDFMOutlook.PDFMOutlook registry subkey and change the LoadBehavior entry's value from 3 to 2. Restart Outlook, and the PDFMaker COM add-in won't load in Outlook. The PDF functions will still be available in Word and the other Office programs, though.


~~~~ Sponsor: NEW Web Seminar - Preemptive Email Security: How Enterprise Rent-A-Car Eliminates Spam ~~~~
Get the inside scoop on how Enterprise Rent-A-Car eliminated spam and viruses, improved their email security, and increased productivity. Don't miss this opportunity to educate yourself and become a smarter customer when it comes to choosing an anti-spam solution that best fits your organization's needs. Sign up for this FREE web seminar today!


==== Announcements ==== (from Windows & .NET Magazine and its partners)

Free eBook--"The Expert's Guide for Exchange 2003: Preparing for, Moving to, and Supporting Exchange Server 2003"
This eBook will educate Exchange administrators and systems managers about how to best approach the migration and overall management of an Exchange 2003 environment. The book will concentrate on core issues such as configuration management, accounting, and monitoring performance with an eye toward migration, consolidation, security, and management.

Events Central--a Comprehensive Resource for the Latest Events in Your Field
Looking for one place to find the latest Web seminars, roadshows, and conferences? Events Central has every topic you're looking for. Stay current on the latest developments in your field. Visit Events Central and find answers now!


~~~~ Hot Release: Marathon Technologies ~~~~
Free white paper describes simple, affordable technology that delivers freedom from failover and complete data protection. Keep Windows servers running continuously through faults, failures and disasters without losing application state, degrading performance, or interrupting service.


==== Resources ====

Tip: Customizing Default Folder Views
by Sue Mosher, [email protected]

Q: I prefer to display To and From fields in all my Outlook mail folders. Can I make these fields appear by default in all folders?

A: When you create a new mail folder, Outlook automatically applies the Messages view. Therefore, to modify the default view, you must change the built-in Messages view. Switch to any mail folder, then choose View, Current View, Define Views. Select the Messages view, then click Modify. Click Fields, then drag the To field from the left side of the Show Fields dialog box to the right side, placing it where you want it to appear. Click OK, click OK again, then click Apply View to make the modified Messages view active on the current folder. Now, any new mail folders that you create will have this enhanced Messages view.
The second part of the solution is to clone the updated Messages view and apply it to existing folders. Open the folder you used to update the Messages view, then choose View, Current View, Define Views. Select the Messages view, then choose Copy. Give the new view a name (e.g., Messages To-From) and make it active on all mail and post folders. When the View Summary dialog box appears, click Fields to confirm that the To field is there, then click OK. Click Close to exit the Define Views dialog box. You now have a Messages To-From view that you can apply to any mail folder, new or old.
See the Exchange & Outlook Web page for more great tips from Sue Mosher.

==== Events Central ==== (A complete Web and live events directory brought to you by Windows & .NET Magazine: )

New--Microsoft Security Strategies Roadshow!
We've teamed with Microsoft, Avanade, and Network Associates to help you better protect your infrastructure and applications against security threats. Learn how to implement a patch-management strategy; lock down servers, workstations, and network infrastructure; and implement security policy management. Register now for this free event.

==== New and Improved ==== by Carolyn Mader, [email protected]

Recover Damaged Outlook Express Files
OERepair released Advanced Outlook Express Repair (AOER) 1.2, a utility that lets you recover corrupt or damaged Outlook Express files. The application saves each recovered message as an .eml file, which you can easily import back into Outlook Express. AOER's batch option lets you specify any number of corrupt Outlook Express mail folders, and recovers all your email messages in one background operation so that you can use your computer for other work. A single-user license costs $49.95. Contact OERepair at [email protected]

Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]


~~~~ Sponsored Link ~~~~

Enter the Microsoft Windows Server 2003 Challenge. Win BIG prizes.;7509848;8214395;y?


==== Contact Us ====

About the newsletter -- [email protected]
About technical questions --
About product news -- [email protected]
About sponsoring Exchange & Outlook UPDATE -- [email protected]


==== Contact Our Sponsors ====

Primary Sponsor:
Equisys, Inc. -- -- 1-770-772-7201

Hot Release:
Marathon Technologies -- -- 1-978-489-1178


This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.

View the Windows & .NET Magazine Privacy policy at: Windows & .NET Magazine a division of Penton Media Inc.
221 East 29th Street, Loveland, CO 80538,
Attention: Customer Service Department Copyright 2004, Penton Media, Inc. All Rights Reserved.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.