How administrator and user security settings interact in Outlook 2007

Updated: April 9, 2009

Applies To: Office Resource Kit

This Office product will reach end of support on October 10, 2017. To stay supported, you will need to upgrade. For more information, see , Resources to help you upgrade your Office 2007 servers and clients.


Topic Last Modified: 2016-11-14

Security settings defined by the user through the Microsoft Office Outlook 2007 user interface work as if they are included in the Group Policy settings you define as the administrator. When there is a conflict between the two, settings with a higher security level override settings with a lower security level.

The following list describes specific interactions between Group Policy security settings and security settings that a user defines in Outlook.

  • Display Level 1 attachments. When this Group Policy is set, all file types that were set to Level 1 security are set to Level 2 security. If a user wants to block a file type, the user can customize the list in Outlook to block access to specific types of attachments.

  • Add file extensions to block as Level 1. If you use this Group Policy setting to create a list of Level 1 file types, the list overrides the default list provided with Outlook and overrides user's settings for Level 1 file types. Even if you allow users to remove file types from the default Level 1 group of excluded file types, users cannot use Group Policy to remove file types that were added to the list.

    For example, if the user wants to remove the file types EXE, REG, and COM from the Level 1 group, but you use the Add Level 1 file extensions Group Policy setting to add EXE as a Level 1 file type, the user can only remove REG and COM files from the Level 1 group in Outlook.

  • Remove file extensions blocked as Level 1. The user's list is combined with the list you set in Group Policy to determine which Level 1 items are set to Level 2.

  • Add file extensions to block as Level 2. If a user changes Level 1 files to Level 2 files, and those file types are listed in Group Policy as Level 2 extensions, the files are treated as Level 2 attachments.

  • Remove file extensions blocked as Level 2. There is no interaction with this setting.

  • Allow users to demote attachments to Level 2. This setting allows a user to change a Level 1 attachment to Level 2. If you do not configure this Group Policy setting, the default behavior in Outlook is to ignore the user's list.

Download this book

This topic is included in the following downloadable books for easier reading and printing:

See the full list of available books at Office Resource Kit information.