Microsoft Office 2003 Editions Resource Kit [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Microsoft Office 2003 Editions Resource Kit [Electronic resources] - نسخه متنی

Microsoft Corporation

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
توضیحات
افزودن یادداشت جدید






Setting Consistent Outlook Cryptography Options for an Organization

You can control many aspects of Microsoft Office Outlook 2003 cryptography features to help configure more secure messaging and message encryption for your organization’s needs. To help control these features, you specify settings in the Windows registry or through policies. For example, you can set a policy to require a security label on all outgoing mail or a policy to disable publishing to the Global Address List.





Note

A number of Outlook cryptography registry settings have an equivalent setting on the Security tab in the Options dialog box (Tools menu) or other user setting. However, setting the value in the user interface does not create or set the equivalent setting in the Windows registry. You can use the Windows registry to change these settings.


The settings described in this chapter are not related to virus prevention. Virus prevention settings include options for trusted code or changes to the default list of e-mail attachment types that cannot be received or opened by your users. To find out more about configuring virus prevention features, see Chapter 12, “Customizing Outlook 2003 to Help Prevent Viruses.”





Tip

You can use group policies to set security levels in Outlook. In Group Policy, set the Required Certificate Authority, Minimum encryption settings, S/MIME interoperability with external clients, and Outlook Rich Text in S/MIME messages policies under Microsoft Office Outlook 2003\Tools | Options\Security\Cryptography. For more information about using Group Policy to lock down Microsoft Office 2003 settings, see “Managing Users’ Configurations by Policy” in Chapter 18, “Updating Users’ Office 2003 Configurations.”



Corresponding user interface options for Outlook security policies


Some of the security policies listed in this chapter correspond to user interface buttons or settings on user interface dialogs. This section lists the policies that correspond to these buttons or to options on one or more of these dialogs, grouped by the user interface button or dialog. Some policies affect settings in more than one area and appear on multiple lists.

For information about setting the policies, see the sections that follow this one. The specific setting that is affected by a policy is included for many policies in the “Corresponding UI option” column of the tables of policy settings.

Policies that affect settings on the Tools | Options | Security dialog:



AlwaysEncrypt



AlwaysSign



ClearSign



RequestSecurityEnhancedReceipt



PublishtoGalDisabled



EnrollPageURL

Policies that affect settings on the Tools | Options | Security | Settings dialog:



FIPSMode



MinEncKey (restricts encryption algorithms available to users)

Policies that affect settings on the Tools | Options | Security | Settings | Security labels dialog:



ForceSecurityLabel



ForceSecurityLabelX

Policies that affect settings on the Options | Security | Settings dialog in a new e-mail message:



AlwaysEncrypt



AlwaysSign



ClearSign



RequestSecureReceipt



ForceSecurityLabel



ForceSecurityLabelX

Policies that affect the toolbar buttons for encrypting and signing e-mail messages:



AlwaysEncrypt



AlwaysSign




Outlook security policies


The following table lists the Windows registry settings in the Policies tree that you can configure for your custom installation. You add these value entries in the following subkey:

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Outlook \Security





































































































































Value name


Value data (Data type)


Description


Corresponding UI option


AlwaysEncrypt


0, 1 (DWORD)


When you set the value to 1, all outgoing messages are encrypted. Default is 0.


Encrypt contents check box


AlwaysSign


0, 1 (DWORD)


When you set the value to 1, all outgoing messages are signed. Default is 0.


Add digital signature check box


ClearSign


0, 1 (DWORD)


When you set the value to 1, Clear Signed is used for all outgoing messages. Default is 0.


Send clear text signed message check box


Request SecureReceipt


0, 1 (DWORD)


When you set the value to 1, security-enhanced receipts are requested for all outgoing messages. Default is 0.


Request S/MIME receipt check box


Force SecurityLabel


0, 1 (DWORD)


When you set this value to 1, a label is required on all outgoing messages. (Note that the registry setting does not specify which label.) Default is 0.


None

Force Security LabelX


ASN encoded BLOB (Binary)


This value entry specifies whether a user-defined security label must be present on all outgoing signed messages. String can optionally include label, classification, and category. Default is no security label required.


None


SigStatus NoCRL


0, 1 (DWORD)


Set to 0 means a missing CRL during signature validation is a warning.


None


Set to 1 means a missing CRL is an error.


Default is 0.


SigStatus NoTrust Decision


0, 1, 2 (DWORD)


Set to 0 means that a No Trust decision is allowed.


None


Set to 1 means that a No Trust decision is a warning.


Set to 2 means that a No Trust decision is an error.


Default is 0.


PromoteErrors AsWarnings


0, 1 (DWORD)


Set to 0 to promote Error Level 2 errors as errors.


None


Set to 1 to promote Error Level 2 errors as warnings.


Default is 0.


Publishto GalDisabled


0, 1 (DWORD)


Set to 1 to disable the Publish to GAL button.


Publish to GAL button


Default is 0.


FIPSMode


0, 1 (DWORD)


Set to 1 to put Outlook into FIPS 140-1 mode.


None


Default is 0.


Warn AboutInvalid


0, 1, 2 (DWORD)


Set to 0 to display the Show and Ask check box (Secure E-mail Problem pont dialog box).


Secure E-mail Problem pont dialog box


Set to 1 to always show the dialog box.


Set to 2 to never show the dialog box.


Default is 2.

Disable Continue Encryption


0, 1 (DWORD)


Set to 0 to show the Continue Encrypting button on the final Encryption Errors dialog box.

Set to 1 to hide the button.

Default is 0.


Continue Encrypting button on final Encryption Errors dialog box. This dialog box appears when a user tries to send a message to someone who cannot receive encrypted messages. This policy disables the button that allows users to send the message regardless. (The recipient cannot open encrypted mail messages sent by overriding the error.)


Respondto ReceiptRequest


0, 1, 2, 3 (DWORD)


Set to 0 to always send a receipt response and prompt for a password, if needed.


None


Set to 1 to prompt for a password when sending a receipt response.


Set to 2 to never send a receipt response.


Set to 3 to enforce sending a receipt response.


Default is 0.


Need Encryption String


String


Displays the specified string when the user tries unsuccessfully to open an encrypted message. Can provide information about where to enroll in security.


Default string


Default string is used unless the value is set to another string.

Options


0, 1 (DWORD)


Set to 0 to show a warning dialog box when a user attempts to read a signed message with an invalid signature.


None


Set to 1 to never show the warning.


Default is 0.


MinEncKey


40, 64, 128, 168 (DWORD)


Set to the minimum key length for an encrypted e-mail message.


None


RequiredCA


String


Set to the name of the required certificate authority. When a value is set, Outlook disallows users from signing mail using a certificate from a different CA.


None


EnrollPageURL


String


URL for the default certificate authority (internal or external) from which you wish your users to obtain new digital IDs.


Get Digital ID button


Note: Set in HKEY_CURRENT_USER\ Software\Microsoft\Office\9.0\ Outlook\Security subkey if you do not have administrator privileges on the user’s computer.


When you specify a value for PromoteErrorsAsWarnings, note that potential Error Level 2 conditions include the following:



Unknown Signature Algorithm



No Signing Certification Found



Bad Attribute Sets



No Issuer Certificate Found



No CRL Found



Out of Date CRL



Root Trust Problem



Out of Date CTL



When you specify a value for EnrollPageURL, use the following parameters to send information about the user to the enrollment Web page.



















Parameter


Placeholder in URL string


User display name


%1


SMTP e-mail name


%2


User interface language ID


%3


For example, to send user information to the Microsoft enrollment Web page, set the EnrollPageURL entry to the following value, including the parameters:

www.microsoft.com/ie/certpage?name=%1&email=%2&helplcid=%3

If the user’s name is Jeff Smith, his e-mail address is someone@example.com, and his user interface language ID is 1033, then the placeholders are resolved as follows:

www.microsoft.com/ie/certpage?name=Jeff%20Smith&email=someone@example.com&helplcid=1033


Security policies for general cryptography


The following table lists additional Windows registry settings that you can use for your custom configuration. These settings are contained in the following subkey:

HKEY_CURRENT_USER\Software\Microsoft\Cryptography\SMIME\SecurityPolicies\Default































Value name


Value data (Data type)


Description


Correspond-ing UI option


ShowWithMulti

Labels


0, 1, (DWORD)


Set to 0 to attempt to display a message when the signature layer has different labels set in different signatures.


None


Set to 1 to prevent display of message.


Default is 0.


CertErrorWith

Label


0, 1, 2 (DWORD)


Set to 0 to process a message with a certificate error when the message has a label.


None


Set to 1 to deny access to a message with a certificate error.


Set to 2 to ignore the message label and grant access to the message. (The user still sees a certificate error.)


Default is 0.



Security policies for KMS-issued certificates


The values below only apply to KMS-issued certificates. The following table lists additional Windows registry settings that you can use for your custom configuration. These settings are contained in the following subkey:

HKEY_CURRENT_USER\Software\Microsoft\Cryptography\Defaults\Provider






















Value name


Value data

(Data type)


Description


Corresponding UI option


MaxPWDTime


0, number (DWORD)


Set to 0 to remove user’s ability to save a password (user is required to enter a password each time a key set is required).


None


Set to a positive number to specify a maximum password time in minutes.


Default is 999.


DefPWDTime


Number (DWORD)


Set to the default value for the amount of time a password is saved.


None


/ 196