Select any two versions of this STIG to compare the individual requirements
Select any old version/release of this STIG to view the previous requirements
Set the policy value for Computer Configuration >> Administrative Templates >> Microsoft Office 2010 (Machine) >> Security Settings >> IE Security “Disable user name and password” must be “Enabled” and a check in the ”outlook.exe” check box must be present. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE Criteria: If the value outlook.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration >> Administrative Templates >> Microsoft Office 2010 (Machine) >> Security Settings >> IE Security “Disable user name and password” to “Enabled” and place a check in the ”outlook.exe” check box. Click "Apply".
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Bind to Object” must be “Enabled” and a check in the ‘outlook.exe’ check box must be present. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT Criteria: If the value outlook.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Bind to Object” to “Enabled” and place a check in the ‘outlook.exe’ check box.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Saved from URL” must be “Enabled” and a check in the ‘outlook.exe’ check box must be present. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK Criteria: If the value outlook.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Saved from URL” to “Enabled” and place a check in the ‘outlook.exe’ check box.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Navigate URL” must be “Enabled” and a check in the ‘outlook.exe’ check box must be present. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL Criteria: If the value outlook.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Navigate URL” to “Enabled” and place a check in the ‘outlook.exe’ check box.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Block popups” must be “Enabled” and ‘outlook.exe’ is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT Criteria: If the value outlook.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Block popups” to “Enabled” and select ‘outlook.exe’.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Automatic Picture Download Settings “Do not permit download of content from safe zones” must be set to “Disabled”. This will allow the download of content from safe zone. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\mail Criteria: If the value UnblockSafeZone is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Automatic Picture Download Settings “Do not permit download of content from safe zones” to “Disabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Preferences -> Calendar Options -> Office.com Sharing Service “Access to published calendars” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\pubcal Criteria: If the value RestrictedAccessOnly is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Preferences -> Calendar Options -> Office.com Sharing Service “Access to published calendars” to “Enabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Preferences -> Junk E-mail “Add e-mail recipients to users' Safe Senders Lists” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\mail Criteria: If the value JunkMailTrustOutgoingRecipients is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Preferences -> Junk E-mail “Add e-mail recipients to users' Safe Senders Lists” to “Disabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security “Allow Active X One Off Forms” must be set to “Enabled: Load only Outlook Controls”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value AllowActiveXOneOffForms is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security “Allow Active X One Off Forms” to “Enabled: Load only Outlook Controls”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Custom Form Security “Allow scripts in one-off Outlook forms” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value EnableOneOffFormScripts is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Custom Form Security “Allow scripts in one-off Outlook forms” to “Disabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Automatic Picture Download Settings “Block Trusted Zones” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\mail Criteria: If the value TrustedZone is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Automatic Picture Download Settings “Block Trusted Zones” to “Enabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security “Configure Add-In Trust Level” must be set to “Enabled (Trust all loaded and installed COM addins)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value AddinTrust is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security “Configure Add-In Trust Level” to “Enabled (Trust all loaded and installed COM addins)”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Programmatic Security “Configure Outlook object model prompt when accessing an address book” must be set to “Enabled (Automatically Deny)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value PromptOOMAddressBookAccess is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Programmatic Security “Configure Outlook object model prompt when accessing an address book” to “Enabled (Automatically Deny)”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Attachment Security “Allow users to demote attachments to Level 2” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value AllowUsersToLowerAttachments is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Attachment Security “Allow users to demote attachments to Level 2” to “Disabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Programmatic Security “Configure Outlook object model prompt When accessing the Formula property of a UserProperty object” must be set to “Enabled (Automatically Deny)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value PromptOOMFormulaAccess is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Programmatic Security “Configure Outlook object model prompt When accessing the Formula property of a UserProperty object” to “Enabled (Automatically Deny)”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Programmatic Security “Configure Outlook object model prompt when executing Save As” must be set to “Enabled (Automatically Deny)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value PromptOOMSaveAs is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Programmatic Security “Configure Outlook object model prompt when executing Save As” to “Enabled (Automatically Deny)”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Programmatic Security “Configure Outlook object model prompt when reading address information” must be set to “Enabled (Automatically Deny)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value PromptOOMAddressInformationAccess is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Programmatic Security “Configure Outlook object model prompt when reading address information” to “Enabled (Automatically Deny)”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Programmatic Security “Configure Outlook object model prompt when responding to meeting and task requests” must be set to “Enabled (Automatically Deny)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value PromptOOMMeetingTaskRequestResponse is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Programmatic Security “Configure Outlook object model prompt when responding to meeting and task requests" to “Enabled (Automatically Deny)”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Programmatic Security “Configure Outlook object model prompt when sending mail” must be set to “Enabled (Automatically Deny)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value PromptOOMSend is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Programmatic Security “Configure Outlook object model prompt when sending mail” to “Enabled (Automatically Deny)”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Programmatic Security -> Trusted Add-ins “Configure trusted add-ins” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\Outlook\security\trustedaddins Criteria: If the registry key exists, this is a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Programmatic Security -> Trusted Add-ins “Configure trusted add-ins” to “Disabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Mail Setup “Dial–up options” must be set to “Enabled” and Hang up when finished sending, receiving, or updating is selected. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\mail Criteria: If the value Hangup after Spool is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Mail Setup “Dial–up options” to “Enabled” and Hang up when finished sending, receiving, or updating is selected.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Mail Setup “Dial–up options” must be set to “Enabled” and Warn before switching dial-up connection is selected. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\mail Criteria: If the value Warn on Dialup is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Mail Setup “Dial–up options” to “Enabled” and Warn before switching dial-up connection is selected.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security “Disable ‘Remember password’ for Internet e-mail accounts” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value EnableRememberPwd is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security “Disable ‘Remember password’ for Internet e-mail accounts” to “Enabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Attachment Security “Do not prompt about Level 1 attachments when closing an item” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value DontPromptLevel1AttachClose is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Attachment Security “Do not prompt about Level 1 attachments when closing an item” to “Disabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Attachment Security “Do not prompt about Level 1 attachments when sending an item” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value DontPromptLevel1AttachSend is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Attachment Security “Do not prompt about Level 1 attachments when sending an item” to “Disabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> RSS Feeds “Download full text of articles as HTML attachments” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\rss Criteria: If the value EnableFullTextHTML is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> RSS Feeds “Download full text of articles as HTML attachments” to “Disabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Trust Center “Allow hyperlinks in suspected phishing e-mail messages” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\mail Criteria: If the value JunkMailEnableLinks is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Trust Center “Allow hyperlinks in suspected phishing e-mail messages” to “Disabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> Exchange “Enable RPC encryption” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\rpc Criteria: If the value EnableRPCEncryption is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> Exchange “Enable RPC encryption” to “Enabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Preferences -> Junk E-mail “Hide Junk Mail UI” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook Criteria: If the value DisableAntiSpam is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Preferences -> Junk E-mail “Hide Junk Mail UI” to “Disabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Automatic Picture Download Settings “Include Internet in Safe Zones for Automatic Picture Download” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\mail Criteria: If the value Internet is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Automatic Picture Download Settings “Include Internet in Safe Zones for Automatic Picture Download” to “Disabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Automatic Picture Download Settings “Include Intranet in Safe Zones for Automatic Picture Download” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\mail Criteria: If the value Intranet is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Automatic Picture Download Settings “Include Intranet in Safe Zones for Automatic Picture Download” to “Disabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Attachment Security “Display Level 1 attachments” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value ShowLevel1Attach is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Attachment Security “Display Level 1 attachments” to “Disabled”.
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office Outlook 2010 >> Security >> Automatic Picture Download Settings “Display pictures and external content in HTML e-mail” is set to “Enable”. NOTE: When this setting is Enabled, Outlook 2010 blocks automatic download of content from external servers unless the sender is included in the Safe Senders list. Recipients can choose to download external content from untrusted senders on a message-by-message basis. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\Outlook\Options\Mail Criteria: If the value BlockExtContent is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration >> Administrative Templates >> Microsoft Outlook 2010 >> Security >> Automatic Picture Download Settings “Display pictures and external content in HTML e-mail” to “Enabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010-> Outlook Options -> Mail format “Do not allow signatures for e-mail messages” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\common\mailsettings Criteria: If the value DisableSignatures is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010-> Outlook Options -> Mail format “Do not allow signatures for e-mail messages” to “Disabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Other -> Advanced “Do not allow folders in non-default stores to be set as folder home pages” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value NonDefaultStoreScript is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Other -> Advanced “Do not allow folders in non-default stores to be set as folder home pages” to “Enabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Other -> Advanced “Do not allow Outlook object model scripts to run for public folders” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value PublicFolderScript is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Other -> Advanced “Do not allow Outlook object model scripts to run for public folders” to “Enabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Other -> Advanced “Do not allow Outlook object model scripts to run for shared folders” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value SharedFolderScript is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Other -> Advanced “Do not allow Outlook object model scripts to run for shared folders” to “Enabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> Internet Calendars “Do not include Internet Calendar integration in Outlook” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\webcal Criteria: If the value Disable is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> Internet Calendars “Do not include Internet Calendar integration in Outlook” to “Enabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cryptography -> Signature Status dialog box “Attachment Secure Temporary Folder” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security\OutlookSecureTempFolder Criteria: If the registry key exists, this is a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cryptography -> Signature Status dialog box “Attachment Secure Temporary Folder” to “Disabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> Exchange “Authentication with Exchange Server” must be set to “Enabled (Kerberos/NTLM Password Authentication)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value AuthenticationService is REG_DWORD = 9, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> Exchange “Authentication with Exchange Server” to “Enabled (Kerberos/NTLM Password Authentication)”.
NOTE: If Outlook 2010 is configured to access DoD Enterprise Email, this check is not applicable. The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> Exchange “Automatically configure profile based on Active Directory Primary SMTP address” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\autodiscover Criteria: If the value ZeroConfigExchange is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> Exchange “Automatically configure profile based on Active Directory Primary SMTP address” to “Enabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> Internet Calendars “Automatically download attachments” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\webcal Criteria: If the value EnableAttachments is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> Internet Calendars “Automatically download attachments” to “Disabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Automatic Picture Download Settings “Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\mail Criteria: If the value UnblockSpecificSenders is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Automatic Picture Download Settings “Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists” to “Disabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Other “Make Outlook the default program for E-mail, Contacts, and Calendar” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\general Criteria: If the value Check Default Client is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Other “Make Outlook the default program for E-mail, Contacts, and Calendar” to “Enabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cryptography “Message Formats” must be set to “Enabled (S\MIME)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value MsgFormats is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cryptography “Message Formats” to “Enabled (S\MIME)”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cryptography -> Signature Status dialog box “Missing root certificates” must be set to “Enabled (Error)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value SigStatusNoTrustDecision is REG_DWORD = 2, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cryptography -> Signature Status dialog box “Missing root certificates” to “Enabled (Error)”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings “Outlook Security Mode” must be “Enabled (Use Outlook Security Group Policy)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value AdminSecurityMode is REG_DWORD = 3, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings “Outlook Security Mode” to “Enabled (Use Outlook Security Group Policy)”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Mail format -> Internet Formatting "Plain text options" must be set to "Enabled" where line length is "132" and that NO Check is visible in the "Encode all attachments in UUENCODE format when sending a plain text message" checkbox option. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\common\mailsettings Criteria: If the value PlainWrapLen is REG_DWORD = 132 (decimal), this is not a finding. AND HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\mail Criteria: If the value Message Plain Format Mime is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Mail format -> Internet Formatting "Plain text -> options" to "Enabled" where line length is "132" and that NO Check is visible in the "Encode all attachments in UUENCODE format when sending a plain text message" checkbox option.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Preferences -> Calendar Options -> Office.com Sharing Service “Prevent publishing to a DAV server” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\pubcal Criteria: If the value DisableDav is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Preferences -> Calendar Options -> Office.com Sharing Service “Prevent publishing to a DAV server” to “Enabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Preferences -> Calendar Options -> Office.com Sharing Service “Prevent publishing to Office.com” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\pubcal Criteria: If the value DisableOfficeOnline is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Preferences -> Calendar Options -> Office.com Sharing Service “Prevent publishing to Office.com” to “Enabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security “Prevent users from customizing attachment security settings” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook Criteria: If the value DisallowAttachmentCustomization is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security “Prevent users from customizing attachment security settings” to “Enabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Preferences -> E-mail Options “Read e-mail as plain text” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\mail Criteria: If the value ReadAsPlain is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Preferences -> E-mail Options “Read e-mail as plain text” to “Enabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Preferences -> E-mail Options “Read signed e-mail as plain text” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\mail Criteria: If the value ReadSignedAsPlain is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Preferences -> E-mail Options “Read signed e-mail as plain text” to “Enabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Attachment Security “Remove file extensions blocked as Level 1” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security\FileExtensionsRemoveLevel1 Criteria: If registry key exist, this is a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Attachment Security “Remove file extensions blocked as Level 1” to “Disabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Attachment Security “Remove file extensions blocked as Level 2” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security\FileExtensionsRemoveLevel2 Criteria: If registry key exist, this is a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Attachment Security “Remove file extensions blocked as Level 2” to “Disabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Preferences -> Calendar Options -> Office.com Sharing Service “Restrict level of calendar details users can publish” must be “Enabled (Disables ‘Full details’ and ‘Limited details’)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\pubcal Criteria: If the value PublishCalendarDetailsPolicy is REG_DWORD = 4000 (hex) or 16384 (Decimal), this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Preferences -> Calendar Options -> Office.com Sharing Service “Restrict level of calendar details users can publish” to “Enabled (Disables ‘Full details’ and ‘Limited details’)”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Preferences -> Calendar Options -> Office.com Sharing Service “Restrict upload method” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\pubcal Criteria: If the value SingleUploadOnly is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Preferences -> Calendar Options -> Office.com Sharing Service “Restrict upload method” to “Enabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cryptography -> Signature Status dialog box “Retrieving CRLs (Certificate Revocation Lists)” must be “Enabled (When online always retrieve the CRL)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value UseCRLChasing is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cryptography -> Signature Status dialog box “Retrieving CRLs (Certificate Revocation Lists)” to “Enabled (When online always retrieve the CRL)”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cryptography “Run in FIPS compliant mode” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value FIPSMode is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cryptography “Run in FIPS compliant mode” to “Enabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cryptography “S/MIME interoperability with external clients” must be set to “Enabled (Handle internally)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value ExternalSMime is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cryptography “S/MIME interoperability with external clients” to “Enabled (Handle internally)”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cryptography “S/MIME receipt requests behavior” must be “Enabled (Never send S\MIME receipts)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value RespondToReceiptRequests is REG_DWORD = 2, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cryptography “S/MIME receipt requests behavior” to “Enabled (Never send S\MIME receipts)”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Trust Center “Security setting for macros” must be “Enabled (Always warn)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value Level is REG_DWORD = 2, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Trust Center “Security setting for macros” to “Enabled (Always warn)”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cryptography “Send all signed messages as clear signed messages” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value ClearSign is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cryptography “Send all signed messages as clear signed messages” to “Enabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Custom Form Security “Set Outlook object model Custom Actions execution prompt” must be “Enabled (Automatically Deny)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value PromptOOMCustomAction is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Custom Form Security “Set Outlook object model Custom Actions execution prompt” to “Enabled (Automatically Deny)”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cryptography “Signature Warning” must be “Enabled (Always warn about invalid signatures)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value WarnAboutInvalid is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cryptography “Signature Warning” to “Enabled (Always warn about invalid signatures)”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> RSS Feeds “Synchronize Outlook RSS Feeds with Common Feed List” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\rss Criteria: If the value SyncToSysCFL is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> RSS Feeds “Synchronize Outlook RSS Feeds with Common Feed List” to “Disabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Preferences -> Junk E-mail “Trust E-mail from Contacts” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\mail Criteria: If the value JunkMailTrustContacts is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Preferences -> Junk E-mail “Trust E-mail from Contacts” to “Enabled”.
================================== NOTE: Some operational environments may elect to allow use of RSS feeds integrated into Outlook, provided there is a mission need and the network environment meets the following criteria: - both the web site issuing the RSS feeds and the Outlook e-mail client both have an available network path to each other - neither the web site issuing the RSS feeds nor the Outlook e-mail client have a network path to the public Internet. An example of such an environment would be a closed lab or other deployed network where the requisite signoffs, artifacts, and network documentation demonstrate that the Public Internet is not available to the Outlook client, preventing unauthorized RSS subscriptions being accessed by users of the Outlook client. The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> RSS Feeds “Turn off RSS feature” must be set to “Disabled”. Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\rss Criteria: If the environment meets the above stated criteria, and value "Disable" is REG_DWORD = 0, this is not a finding. For all environments where the Outlook e-mail client has access to public Internet web sites, RSS integration into Outlook is not permitted, and should be validated as follows. ================================= The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> RSS Feeds “Turn off RSS feature” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\rss Criteria: If the value Disable is REG_DWORD = 1, this is not a finding.
================================== NOTE: If the use of RSS feeds integrated into Outlook is a mission need, and the network environment is configured with the following criteria: 1. Both the web site issuing the RSS feeds and the Outlook e-mail client must both have an available network path to each other. 2. Neither the web site issuing the RSS feeds nor the Outlook e-mail client have a network path to the public Internet. Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> RSS Feeds “Turn off RSS feature” to “Disabled”. For all environments where the Outlook e-mail clients have access to public Internet web sites, RSS integration into Outlook is not permitted, and should be configured as follows. ================================= Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> RSS Feeds “Turn off RSS feature” to “Enabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Other -> Advanced “Use Unicode format when dragging e-mail message to file system” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\general Criteria: If the value MSGFormat is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Other -> Advanced “Use Unicode format when dragging e-mail message to file system” to “Disabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Meeting Workspace “Disable user entries to server list” must be set to “Enabled (Publish default, disallow others)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\meetings\profile Criteria: If the value ServerUI is REG_DWORD = 2, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Meeting Workspace “Disable user entries to server list” to “Enabled (Publish default, disallow others)”.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Add-on Management” must be set to “Enabled” and ‘outlook.exe’ is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT Criteria: If the value outlook.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Add-on Management ” to “Enabled” and ‘outlook.exe’ is checked.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Protection From Zone Elevation” must be set to “Enabled” and 'outlook.exe' is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION Criteria: If the value outlook.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Protection From Zone Elevation” to “Enabled” and 'outlook.exe' is checked.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Restrict ActiveX Install” must be set to “Enabled” and 'outlook.exe' is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL Criteria: If the value outlook.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Restrict ActiveX Install” to “Enabled” and 'outlook.exe' is checked.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Restrict File Download” must be set to “Enabled” and 'outlook.exe' is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD Criteria: If the value outlook.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Restrict File Download” to “Enabled” and select 'outlook.exe'.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Scripted Window Security Restrictions” must be set to “Enabled” and 'outlook.exe' is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS Criteria: If the value outlook.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Scripted Window Security Restrictions” to “Enabled” and 'outlook.exe' is checked.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Trust Center “Turn off Data Execution Prevention” must be set to “Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value EnableDEP is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Trust Center “Turn off Data Execution Prevention” to “Disabled".
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> RSS Feeds “Automatically download enclosures” must be set to “Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\rss Criteria: If the value EnableAttachments is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> RSS Feeds “Automatically download enclosures” to “Disabled".
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Mail Format -> Internet Formatting “Outlook Rich Text options” must be “Enabled: Convert to Plain Text format". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\mail Criteria: If the value Message RTF Format is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Mail Format -> Internet Formatting “Outlook Rich Text options” to “Enabled: Convert to Plain Text format".
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Mail Format -> Internet Formatting -> Message Format “Set message format” must be “Enabled: Plain Text". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\mail Criteria: If the value EditorPreference is REG_DWORD = 65536 (dec), this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Mail Format -> Internet Formatting -> Message Format “Set message format” to “Enabled: Plain Text".
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security “Prompt user to choose security settings if default settings fail” must be set to “Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value ForceDefaultProfile is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security “Prompt user to choose security settings if default settings fail” to “Disabled".
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cyrptography “Minimum encryption settings” must be set to “Enabled: 168 bits". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value MinEncKey is REG_DWORD = 168, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cyrptography “Minimum encryption settings” to “Enabled: 168 bits".
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cyrptography “Replies or forwards to signed/encrypted messages are signed/encrypted” must be set to “Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value NoCheckOnSessionSecurity is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cyrptography “Replies or forwards to signed/encrypted messages are signed/encrypted” to “Enabled".
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cryptography “Do not check e-mail address against address of certificates being used” must be set to “Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value SupressNameChecks is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cryptography “Do not check e-mail address against address of certificates being used” to “Enabled".
The intent of this check is to block the display of Internet and network paths as hyperlinks in email messages. This requirement cannot be configured in the Office 2010 Administrative Templates. It can either be configured individually, within each Outlook client, or by registry key. To verify within the Outlook client that "Internet and network path into hyperlinks" is not enabled: From the main Outlook window, go to Tools>>Options. Select the "Mail Format" tab. Select the "Editor Options" button. In the left pane, select the "Proofing" button. Select the "AutoCorrect" button. Select the "AutoFormat As You Type" tab. Criteria: If the "Internet and network path into hyperlinks" checkbox is selected, this is a finding. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\software\policies\Microsoft\office\14.0\outlook\options\autoformat Criteria: If the value pgrfafo_25_1 is REG_DWORD = 1, this is a finding.
Use the Windows Registry Editor to navigate to the following key: HKCU\software\policies\Microsoft\office\14.0\outlook\options\autoformat If the REG_DWORD value for pgrfafo_25_1 does not exist, create it with a value of "0". If the REG_DWORD value for pgrfafo_25_1 does exist, change the value to "0".