Hmm..
oddly enough, I removed the “Disable Registry Editing Tools” restrictions from
the users’ profiles, and it still says there was a permissions error on the
registry when trying to import outlook.reg. The user in question has Power User
rights on his W2k machine.
Thanks,
Evan
-----Original
Message-----
From: Evan Brastow
Sent: Monday, February 11, 2002
12:36 PM
To: MS-Exchange Admin Issues
Subject: RE: Deploying the Outlook
Security Form
Well, no,
because <sheepish grin here> “Registry Editing Tools Have Been Disabled”,
which I always thought was a good policy to have in place so that users
couldn’t go installing their own apps as they please (something which we have a
policy (paper, one, I mean) in place here to prevent, but that doesn’t always
stop people). I guess I have to disable that for everyone for now, have them
log off and on, make those changes, and then re-enable it, and have them log
off and on again..
Thanks,
Evan
-----Original
Message-----
From: MHR(Michael Ross)
[mailto:[EMAIL PROTECTED]]
Sent: Monday, February 11, 2002
12:28 PM
To: MS-Exchange Admin Issues
Subject: RE: Deploying the Outlook
Security Form
can you
open regedit and go to that key?
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Monday, February 11, 2002
11:20 AM
To: MS-Exchange Admin Issues
Subject: RE: Deploying the Outlook
Security Form
Thanks for
the reply. I didn't think this would work, because if I go to a user's computer
while they are logged in, and try to manually run the .reg file, it gives a
permissions error. I'm not sure why a logon script would have better luck?
Thanks,
Evan
-----Original
Message-----
From: MHR(Michael Ross) [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 11, 2002
12:09 PM
To: MS-Exchange Admin Issues
Subject: RE: Deploying the Outlook
Security Form
if you use
.pol files for your logon policies you can use that to put that setting in
effect.
If you use logon scripts, you can set that reg key in your logon
script
hkey current user is editable by the user logging into the box so
a logon script would work.
-----Original
Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 11, 2002 10:53 AM
To: MS-Exchange Admin Issues
Subject: Deploying the Outlook Security Form
I am trying
to finally get the "Outlook Security Form" to work for our
Outlook 2000 users (on W2K Pro, logging into an NT4 domain). We
are not
using Group Policies at this time. I have never found a way to
modify the
HKEY_CURRENT_USER\Software\Policies\Microsoft\Security key, since
my users
can't modify the registry like this, and I can't access the
HKEY_CURRENT_USER key remotely using regedt32.
I did some
more digging at this as time has allowed and I've come across
this section of the readme.txt file that comes with admpack.exe.
In it, it
says that in order to change the registry key on a user's machine,
you do
the following:
2.4.1
Update the Outlook policy template file for Windows 2000
1 On the Start menu, click Run, and then type
"gpedit.msc" to
start the Group Policy Editor.
2 Import the Outlk9.adm template.
3 Expand the following series of folders:
User Configuration\Administrative Templates.
4 Right-click Administrative Templates, and then click
Add/Remove
Templates on the shortcut menu.
In you see "Outlk9" in the Current Policy
Templates list,
select it, and then click the Remove button to
remove the old template.
5 Click the Add button.
6 Use the Look in box to locate where you saved the updated
Outlk9.adm template. Select the file name, and then
click the
Add button to add the new template to the folder.
7 Click Close to return to the Group Policy Editor.
8 Expand the following series of folders:
User Configuration\Administrative Templates\Microsoft
Outlook
2000\Tools|Options\Security.
9 Double-click the Outlook virus security settings policy
name.
10 Click Enabled, and then select the Apply individual settings
for Outlook virus security check box.
11 Click the Apply button to apply the new policy, and then click
OK.
I've moved
the Outlk9.adm file to a location on a server that all users can
get to.
My questions
then, are: 1) Is there anyway I can do this remotely without
having to go to each user's computer? 2) If I do have to go to
each user's
computer, do I need to log in as the admin? If I do, will the
registry
change filter to all users of that computer? We have some
computers that are
used by 3-4 different people on different days. I would hate to
have to
login as each one and make this change.
Obviously,
I'd rather just be able to remotely make the
HKEY_CURRENT_USER\Software\Policies\Microsoft\Security change to
all
computers with just a .reg file, but it all comes down to the fact
that most
users that try to run them will be given a permissions error.
Thoughts?
Thanks,
Evan
List Charter
and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm
List Charter
and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm
List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm
List Charter
and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm
List Charter
and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm
List Charter and FAQ at: