a program is trying to access your email address

[ray]

Dear all


it seems that there is a new-good security feature in
outllok 2000 sp3 or 2003 that prevents anothorised
programs (e.g. a virus) to access your email addresses.

you get a message saying that a program is trying to
access your eamil addresse stored in outlook. do you want
to allow this ? blablabla

thats fine when it come to a virus.
In my case however, i have utility that runs automatically
and sends an email. i dont wantusers to answer yes each
time this thing runs because its in background and they
will cant tell if its the program or a virus.

so...do you think there is somewhere where i can say to
outlook to allow that application to freely access the
email addresses ?

i have found some articles in microsoft but they are VERY
confusing.

 

[Sue Mosher [MVP]]

Short answer: No.

Long answer: The security dialogs that pop up when an application tries to
access certain Outlook properties and methods are designed to inhibit the
spread of viruses via Outlook; see
http://www.slipstick.com/outlook/esecup.htm#autosec. They cannot be simply
turned on or off with a user option or registry setting.

However, Outlook 2003 does not show security prompts on three specific types
of applications:

-- VBScript code in published, non-oneoff Outlook forms

-- Outlook VBA code that uses the intrinsic Application object

-- Outlook COM add-ins properly constructed to derive all objects from
the Application object passed by the OnConnection event

In earlier versions of Outlook, standalone users can use a free tool called
Express ClickYes (http://www.express-soft.com/mailmate/clickyes.html) to
click the security dialog buttons automatically. Beware that this means if a
virus tries to send mail using Outlook or gain access to your address book,
it will succeed.

If you're the administrator in an Exchange Server environment, you can
reduce the impact of the security prompts with administrative tools. See
http://www.slipstick.com/outlook/esecup/admin.htm

If it's an application you wrote yourself and either your application needs
to support versions besides Outlook 2003 or your application runs extenal to
Outlook, you have these options for modifying your program to avoid the
security prompts (roughly in order of preference):

-- Use Extended MAPI (see http://www.slipstick.com/dev/mapi.htm) and C++
or Delphi; this is the most secure method and the only one that Microsoft
recommends. However, it applies only to COM add-ins and external programs;
you cannot use Extended MAPI in Outlook forms or VBA.

-- Use Redemption (http://www.dimastr.com/redemption/), a third-party
COM library that wraps around Extended MAPI but parallels the Outlook Object
Model, providing many methods that the Outlook model does not support

-- Use SendKeys to "click" the buttons on the security dialogs that your
application may trigger. See
http://www.slipstick.com/outlook/esecup.htm#autosec for a link to sample
code.

-- Program the free Express ClickYes
(http://www.express-soft.com/mailmate/clickyes.html) tool to start suspended
and turn it on only when your program needs to have the buttons clicked
automatically.

--
Sue Mosher, Outlook MVP
Author of
Microsoft Outlook Programming - Jumpstart for
Administrators, Power Users, and Developers

 

[Jim]

Sue,

Great info below. My question is related, but different.

One of my users started getting the "A program is trying
to access your email addresses" message right after I
upgraded her from Outlook 2k2 to Outlook 2k3. Nothing else
on her computer changed. Specifically, it happens when she
creates a new email message. The moment the new email
window opens, there is the alert message.

Her upgrade is part of a test rollout I'm doing for my
users. She's the 6th user to move from O2k2 to O2k3, and
is the only one getting this alert message. This tells me
is something specific to her computer.

I know what the alert message is for, and I'm not
interested in stopping it. I am, however, interested in
determining exactly which program/application is making an
API call to Outlook, which causes it to throw up the alert.

So, how do I determine what program is trying to access
the Outlook object model? I'm hoping that somewhere, there
is some hidden switch or command line function that can
tell me this.

Thanks in advance for your help,
-Jim in Rhode Island

-----Original Message-----
Short answer: No.

Long answer: The security dialogs that pop up when an application tries to
access certain Outlook properties and methods are designed to inhibit the
spread of viruses via Outlook; see
http://www.slipstick.com/outlook/esecup.htm#autosec. They cannot be simply
turned on or off with a user option or registry setting.

However, Outlook 2003 does not show security prompts on three specific types
of applications:

-- VBScript code in published, non-oneoff Outlook forms

-- Outlook VBA code that uses the intrinsic Application object

-- Outlook COM add-ins properly constructed to derive all objects from
the Application object passed by the OnConnection event

In earlier versions of Outlook, standalone users can use a free tool called
Express ClickYes (http://www.express-

soft.com/mailmate/clickyes.html) to

click the security dialog buttons automatically. Beware that this means if a
virus tries to send mail using Outlook or gain access to your address book,
it will succeed.

If you're the administrator in an Exchange Server environment, you can
reduce the impact of the security prompts with administrative tools. See
http://www.slipstick.com/outlook/esecup/admin.htm

If it's an application you wrote yourself and either your application needs
to support versions besides Outlook 2003 or your application runs extenal to
Outlook, you have these options for modifying your program to avoid the
security prompts (roughly in order of preference):

-- Use Extended MAPI (see

http://www.slipstick.com/dev/mapi.htm) and C++

or Delphi; this is the most secure method and the only one that Microsoft
recommends. However, it applies only to COM add-ins and external programs;
you cannot use Extended MAPI in Outlook forms or VBA.

-- Use Redemption

(http://www.dimastr.com/redemption/), a third-party

 

[Sue Mosher [MVP]]

It is not possible to determine which application is making the call to
Outlook, at least not through any means built into Outlook. Outlook itself
doesn't know.