ToolBox -

September 3rd, 2012

Print this article

Add a comment!

This procedure can be used to remove the prompts that appear when trying to send an email from a program other than Outlook (through Outlook). The key scenario for this is when emailing invoices through MYOB. At this stage this procedure only applies to, and had been tested on, Office 2010 (Office 14).

NOTE: this explicitly disables a security feature designed to prevent the spread and effectiveness of certain types of malicious software and as such the application of this work-around should be limited to as few users as possible.

To disable Programmatic Access in Outlook follow these steps;

Preparation:

1. Download the appropriate Office 2010 Administrative Template Files for the version of Office you have installed (32 or 64 bit) from here; http://www.microsoft.com/en-us/download/details.aspx?id=18968

a. Install this on the server running Active Directory – Follow the onscreen prompts to complete this. Make sure you extract to a location you can remember.

2. Download the following ADM package; http://download.microsoft.com/download/6/D/1/6D113C3D-4651-4DE3-A501-7B602B0E0DEC/Outlk14-simplemapi.adm

a. Save this file in a memorable location on the Active Directory Server.

Setup:

1. Open Group Policy Management on the Active Directory Server.

2. Right Click Group Policy Objects and select New. Give the Policy a descriptive name and click OK.(leave Source Starter Policy set to (none))

image

3. Right Click your newly created GPO and click Edit. A new window will appear

4. Expand Policies and right click Adminstrative Templates and select Add/Remove Templates…

image

5. Click Add and browse to the location of the folder you extracted/downloaded the files to during the Preparation steps and add them. You will need the Outlk14.adm file from the location you downloaded the Office 2010 Administrative Template files to. You will then need the Outlk14-simplemapi.adm file you downloaded in Preparation step 2.

6. Once this has been done your Add/Remove Templates window should look like below;

clip_image003

7. Click Close and you should now have Classic Administrative Templates (ADM) under Adminstrative Templates. Expand this and go to Microsoft Outlook 2010\Security\Security Form Settings

clip_image004

8. Double click Outlook Security Mode to edit this policy. Set to Enabled and then set the Outlook Security Policy to Use Outlook Security Group Policy then click OK.

clip_image005

9. Go to Programmatic Security and you should see the following list settings;

clip_image006

10. Edit Configure Simple MAPI sending prompt and set it to Enabled and the Guard Behavior to Automatically Approve then click OK.

11. Repeat this for Configure Simple MAPI name resolution prompt, Configure Simple MAPI message opening prompt and Configure Outlook object model prompt when sending mail.

12. You should now have 4 policies enabled. Close the Group Policy Management Editor window.

13. Go back to the Group Policy Management window and select your new Policy.

14. Make sure the Scope tab is selected and then click Add… under Security Filtering.

image

15. Add the security group/users you which to apply this policy to. Remember to confine this policy only to the users that absolutely need it due the security issue this policy poses.

Once these steps have been done you can close all open Group Policy windows and log off the server. To test log in as a User with membership to the group you applied the GPO to and try to send an invoice as an email from MYOB. If all is done correctly the email will send immediately with no further prompting required from the user.

*UPDATE* Please be aware that if the test user was already logged in at the time the GPO was applied, you will need to log out and back in for the settings to take affect. Gpupdate /force can be run from the cmd prompt before logging out in order to speed up the process.