"A program is trying to access e-mail addresses you have stored in Outlook" warning message

[Stroller]

Hi there,

At a site I manage the customer uses a CRM / asset-management package sold by
a (smallish) UK vendor. When this was originally supplied a requirement was
Outlook as email client.

Recently at least one machine has started displaying the "A program is trying
to access e-mail addresses you have stored in Outlook" warning message, which
is annoying and confusing to users.

This message is documented in KB263073
http://support.microsoft.com/kb/263073

is there any way to disable this message, please?
It occurred to me there might be a AnnoyUsers=0 or similar registry setting?
Alternatively, can I just uninstall this particular Outlook update? Does it
provide any other protections or benefits?

The supplier of the CRM suggests installing a 3rd-party shareware which
"clicks" the yes button for you, however I feel this is a bit of a hack and
it bothers me.
<http://pubs.logicalexpressions.com/pub0009/LPMArticle.asp?ID=573>
Does anyone have any other solutions, please?

TIA,

Stroller.

 

[Sue Mosher [MVP-Outlook]]

The warning message has been a fact of life for developers working with Outlook for more than 7 years. It's shocking that a CRM vendor would suggest using a hack to work around it. They should instead be writing code that avoids it. Your options, as a client, however, are limited to suppressing the security prompts and using an Exchange folder to relax Outlook security. See http://www.outlookcode.com/article.aspx?ID=52.

 

[TechieBird]

I agree with you about ClickYes - it always makes me uneasy too.

Unfortunately, 'switching off' the popup would potentially leave Outlook
open to a virus potentially mining address information from the user's data.
(This is why we don't see so many of that type of virus these days.)

The best answer is for the vendor to supply a COM add-in version of their
product able to be managed through the Outlook Security Settings template -
see the following links for more info:

You receive warning messages when you use a third-party add-in or custom
solution in Outlook 2002
http://support.microsoft.com/kb/290498

Administrator information about e-mail security features
http://support.microsoft.com/kb/290499

 

[Diane Poremsky]

without knowing your version of outlook, those are the best options. Does
the vendor have a version that bypasses the security guard? (They've had 7
yrs to work on it.)

 

[Roady [MVP]]

I agree with everyone else that this is something the CRM vendor should
solve.

However, if they don't co-operate don't use the Click-Yes tool but use this
free utility instead;
http://www.howto-outlook.com/redirect.asp?id=mapilab_security

It gives you much more control on what is being allowed and what is not
instead of blindingly clicking yes.

 

[Stroller]

The warning message has been a fact of life for developers working with
Outlook for more than 7 years.

This is strange. Although I don't work on site myself - and as much as
possible avoid dealing with unusual proprietary applications like this one
-I believe this message to have only started appearing on this one machine
since some recent updates. The site is probably somewhat behind on its
updates, so if I'm right one might guess this to be related to an update
released by MS within the last year.

It's shocking that a CRM vendor would suggest
using a hack to work around it.

I agree!!

They should instead be writing code that
avoids it. Your options, as a client, however, are limited to suppressing the

security prompts and using an Exchange folder to relax Outlook security. See
http://www.outlookcode.com/article.aspx?ID=52.

Thanks. This article looks very comprehensive, and I will refer to it when I
follow-up with my reply to the vendor.

Could someone possibly clarify:

Strategies appropriate for ISVs include, in order of descending
security and complexity:
Use Extended MAPI instead of Outlook objects, Simple MAPI, or CDO
1.21 for all code that potentially triggers security prompts. This
is the most secure strategy and is what Microsoft recommends for
external applications; it used by tools such as PDA synchronization
applications.

Will this ensure that the prompt is not triggered?

Stroller.

 

[Sue Mosher [MVP-Outlook]]

Yes. Extended MAPI is the API that Microsoft provides for access to Outlook data without triggering security prompts.

 

[Stroller]

without knowing your version of outlook, those are the best options. Does
the vendor have a version that bypasses the security guard? (They've had 7
yrs to work on it.)

Sorry... I meant to say in my original post that we're exclusively using
Outlook 2003 in this office.

I believe that this message has only started appearing on one machine
recently, and that it has more up-to-date patches than other PCs on the
network. I'll email the client today to check the status with the other PCs.

I note the "7 years" comment that you & another poster made. The senior
support guy for the CRM vendor asserts:

This message is an annoying and new security feature of Outlook
2002 and 2003.

Is this incorrect?

Stroller.

 

[Diane Poremsky]

Very incorrect. It was added to a post-SP1 update of Outlook 2000, built
into Outlook 2002 and 2003. SP's for each build made changes to the
security, so it's possible a later update changed so that a property that
was previously ok now triggers it. But again... a good dev updates their
apps to avoid the alert.