J
Javier J
Hi all!!
Am trying to do (what seems) impossible:
I'm trying to "lock down" the action that users are enabled to do in
Outlook 2000, using Group Policy or any other available means...
Any help with this scenario would be more than appreciated.
* The issue:
We have a group of users that deal with specially sensitive information.
We have managed to (reasonably) lock down the Windows Desktop, so that
the users are restricted as to where they put information and suchlike.
The only can run a few apps from the Explorer interface (using Group
Policy), and we don't want them to run any others except those whose
links they have handy.
*BUT* this users use Outlook (the share a .pst where they store mails to
be approved and sent by the groups' security supervisor).
We don't want them launching any program from within Outlook. Using the
"disable interface" functionality in the Office Resource Kit, we've
disabled "Options" and "Accounts" (we don't want them to configure any
other email account), "Insert -> Object", "Forms" (apparently, it was
possible to create a form and embed an object/file that could be run).
Also, any "Macros", or "Visual Basic" is gone, too.
Now it seems that it's possible to attach an .exe file to the email,
save the email, and run the file after opening the email. I am looking
into attachment blocking to prevent that....
BUT there seems to be a way to use the "favorites places" bar (on the
left by default) to create a link to programs on the PC, and then run
them... How can I avoid that??!!
Frankly, I'm beginning to despair that securing Outlook in this way can
be done at all. Any and all help will be more than welcome.
Thanks a lot
Javier J.
Am trying to do (what seems) impossible:
I'm trying to "lock down" the action that users are enabled to do in
Outlook 2000, using Group Policy or any other available means...
Any help with this scenario would be more than appreciated.
* The issue:
We have a group of users that deal with specially sensitive information.
We have managed to (reasonably) lock down the Windows Desktop, so that
the users are restricted as to where they put information and suchlike.
The only can run a few apps from the Explorer interface (using Group
Policy), and we don't want them to run any others except those whose
links they have handy.
*BUT* this users use Outlook (the share a .pst where they store mails to
be approved and sent by the groups' security supervisor).
We don't want them launching any program from within Outlook. Using the
"disable interface" functionality in the Office Resource Kit, we've
disabled "Options" and "Accounts" (we don't want them to configure any
other email account), "Insert -> Object", "Forms" (apparently, it was
possible to create a form and embed an object/file that could be run).
Also, any "Macros", or "Visual Basic" is gone, too.
Now it seems that it's possible to attach an .exe file to the email,
save the email, and run the file after opening the email. I am looking
into attachment blocking to prevent that....
BUT there seems to be a way to use the "favorites places" bar (on the
left by default) to create a link to programs on the PC, and then run
them... How can I avoid that??!!
Frankly, I'm beginning to despair that securing Outlook in this way can
be done at all. Any and all help will be more than welcome.
Thanks a lot
Javier J.