microsoft.com Home | |||
http://www.microsoft.com/office/ork |
You can set several security options for Microsoft Outlook 2000 in the Windows registry. The following Outlook registry entries help you control security for your users.
By default, each time a user attempts to read a signed message that has an invalid signature, a dialog box appears warning the user about the signature and listing the cause of the failure. If you don’t want users to see this message, you can hide this dialog box by setting the following registry entry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\9.0\Outlook\Security\Options
To skip the warning dialog box, set the value of the last bit of the DWORD value to 1 (0x00000001). This entry is set to 0 by default. Do not alter the other bits in this value; they control other security options.
You can set a minimum key length for encrypted e-mail messages based on the desired security level. Outlook displays a warning message if an e-mail message does not meet this minimum key length. Standard key sizes are 40, 64, 128, and 168. To specify a minimum key length, enter a DWORD value in the following registry entry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\9.0\Outlook\Security\MinEncKey
Note International users cannot read e-mail messages encrypted using a key length greater than 40.
You can limit users to certificates from a specific certificate authority only. For example, you can limit users to certificates from only the Microsoft Exchange Key Management Server. To limit users to a particular certificate authority, enter the certificate authority name as a String value in the following registry entry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\9.0\Outlook\Security\RequiredCA
Tip If you don’t want your users to use S/MIME security, you can disable it. To disable S/MIME, set this registry entry to the name of the Microsoft Exchange Key Management Server In Key Management Server, set the Issue V1 certificates only option to disable users’ ability to issue S/MIME (V3) certificates.
You can specify the maximum amount of time that a password for a key set can be stored. Setting this value to 0 effectively removes the user’s ability to save a password and requires that the password be entered each time a key set is requested. To set the maximum password time, set a DWORD value in the following registry entry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults
\Provider\MaxPWDTime
You can also set the default value for the amount of time a password is saved. To set the default value for saving a password, specify a DWORD value in the following registry entry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults
\Provider\DefPWDTime
When users sign up for a new Digital ID by clicking the Get Digital ID button on the Security tab in the Options dialog box (Tools menu), they are directed to a default external certificate authority enrollment page on the Microsoft Web site. If you prefer, you can set a registry entry to point to an internal certificate authority Web page instead.
Use one of the following registry entries to set a URL for the enrollment page:
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\9.0\Outlook\Security\EnrollPageURL
HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Outlook\Security\EnrollPageURL
Note The EnrollPageURL entry in the HKEY_LOCAL_MACHINE subkey overrides the EnrollPageURL entry in the HKEY_CURRENT_USER subkey.
The EnrollPageURL registry entries use the following parameters to send information about the user to the enrollment Web page.
Parameter | Placeholder in URL string |
---|---|
User display name | %1 |
SMTP e-mail name | %2 |
User interface language ID | %3 |
For example, to send user information to the Microsoft enrollment Web page, set the EnrollPageURL entry to the following value, including the parameters:
www.microsoft.com/ie/certpage.htm?name=%1&email=%2&helplcid=%3
If the user’s name is Jeff Smith, his e-mail address is someone@microsoft.com, and his user interface language ID is 1033, then the placeholders are resolved as follows:
www.microsoft.com/ie/certpage.htm?name=Jeff%20Smith&email=someone@microsoft.com&helplcid=1033
System Policy Tip You can use system policies to set security levels in Outlook. In the System Policy Editor, set the Required Certificate Authority, Minimum encryption settings, S/MIME interoperability with external clients, and Outlook Rich Text in S/MIME messages policies under User\Microsoft Outlook 2000\Tools | Options\Security. For more information about the System Policy Editor, see Using the System Policy Editor.
Topic Contents | Previous | Next | Top Friday, March 5, 1999 © 1999 Microsoft Corporation. All rights reserved. Terms of use. | ||
License
|