OL97: Why Outlook Displays a Security Warning Opening an Item

ID: Q166780

The information in this article applies to:
  • Microsoft Outlook 97

SUMMARY

This article describes why Microsoft Outlook 97 provides the following security warning when you open an item.

The form for this item has not been registered in this folder...


MORE INFORMATION

Outlook always prompts you before opening an item that contains VBScript, if the item is from an unknown source. Outlook bases the decision to display or not display a warning on the item's form design.

  • If the form that the item is based on is registered in one of Exchange's forms registries (organizational forms, folder, or personal forms), Outlook considers the form safe, and no warning appears. The author of the form had the appropriate privileges to publish the form, so the form is considered trusted.

    Note: If you use a custom Appointment form, it is impossible to suppress the warning. Recipients of a Meeting Request are prompted twice when they open a Meeting Request in their Inbox. In general, Appointment forms are relatively complex because Outlook "oversees" the entire meeting request process. An Appointment form spawns a Meeting Request form, sets the message class of the form to IPM.Schedule.Meeting.Request, and attaches the VBScript code to this "internal" form. Since this internal form is not really published, it is not considered secure and will generate the warning. Outlook's IPM.Schedule forms cannot be customized or published and therefore there is no way to avoid the warning from being displayed.


  • If the form definition is carried with the item (the author modified the form and sent it, without publishing it in one of the form registries), Outlook considers the form unsafe, and the user receives a warning when opening the item.


This methodology ensures that unsafe VBScript cannot run on a your computer, without your knowledge and explicit approval.
  • If a form is correctly published and some changes have been made before the form is sent. This usually happens when the form is called programmatically in another custom form. And some custom properties are added before the called form is sent.



REFERENCES

For more information on Outlook and VBScript security, please see the following article in the Microsoft Knowledge Base:

Q165116 OL97: Mail Attachment Security Add-in Available on Web
For more information about creating solutions with Microsoft Outlook 97, please see the following articles in the Microsoft Knowledge Base:
Q166368 OL97: How to Get Help Programming with Outlook
Q170783 OL97: Q&A: Questions about Customizing or Programming Outlook

Additional query words: OutSol OutSol97 enable disable macros macro

Keywords : kbdta Gnlsec
Version : WINDOWS:97
Platform : WINDOWS
Issue type :


Last Reviewed: October 8, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.