Outlook Enhancements
For a full description of Outlook enhancements, see Outlook Usability Enhancements.
ActivClient policies complement some Microsoft Outlook policies related to the Microsoft Outlook security profile. See Microsoft Outlook Policies for details.
The following tasks detail the ActivClient policy settings for the Microsoft Outlook enhancements.
For the Outlook Enhancements policy changes to be applied, you must restart Outlook.
Allow different email addresses in smart card certificate and Microsoft Exchange account
Description:
Defines if ActivClient checks that the smart card certificates used to configure the Microsoft Outlook profile (and also published to the GAL) are associated to the current Microsoft Outlook user. Specifically, it validates that the certificate email address corresponds to the email address configured for the Microsoft Exchange account.
If this setting is not configured or disabled, then the email address in certificate is checked against the address configured for the user in Microsoft Exchange account.
Check CRL for Microsoft Outlook security profile creation and Publish to GAL
Description:
Defines if a CRL check is required in order to automatically configure email certificates in Microsoft Outlook and to automatically publish certificates to the GAL. If 'enabled and enforced', the operation is not performed if the CRL is unavailable or if the certificate status is revoked or on hold. If 'enabled and not enforced', the operation is performed and a Microsoft Windows event warning is created if the CRL is unavailable or if the certificate status is revoked or on hold. If disabled, the operation is performed regardless of the CRL check status.
If the setting is not configured, it is set to 'Enabled and enforced'.
Possible Values:
-
0: Disabled
-
1: Enabled and enforced (default)
-
2: Enabled and not enforced
Check CRL timeout for Microsoft Outlook security profile creation and Publish to GAL
Description:
Defines the timeout in milliseconds (ms) for each certificate CRL check. Recommended values are between 0 and 50000.
0 is used to represent the system default of 20000 ms.
If this setting is not configured or disabled, the value is set to 0.
Possible Values:
-
Not Configured
-
Enabled – displays the default value, 20000, and can be updated
-
Disabled
Disable audit for Microsoft Outlook security profile creation and Publish to GAL
Description:
Disables the audit of Microsoft Outlook security profile creation and certificate publication to the Global Address List.
If this setting is not configured or disabled, then audit is performed.
Encryption algorithm configured in Security Profile on card insertion
Description:
Defines the encryption algorithm configured in the Microsoft Outlook security profile on smart card insertion.
If this setting is not configured or disabled, then AES (256-bit) is used.
Possible Values:
-
Not Configured
-
Enabled – select one of the following values from the drop-down list:
-
3DES
-
AES (128-bit)
-
AES (192-bit)
-
AES (256-bit) (default)
-
DES
-
RC2 (40-bit)
-
RC2 (64-bit)
-
RC2 (128-bit)
-
Disabled
Hash algorithm configured in Security Profile on card insertion
Description:
Defines the hashing algorithm configured in the Microsoft Outlook security profile on smart card insertion.
If this setting is not configured or disabled, then SHA-256 is used.
Possible Values:
-
Not Configured
-
Enabled – select one of the following values from the drop-down list:
-
SHA-1
-
SHA-256 (default)
-
SHA-384
-
SHA-512
-
MD5
Note: The MD5 algorithm is not supported in Microsoft Outlook 2010. -
Disabled
Microsoft Outlook Auto-Contact destination folder
Description:
Specifies the location where contacts are updated in Microsoft Outlook. This folder must already have been created.
If this setting is not configured or disabled, contacts are updated in the Microsoft Outlook Contacts folder.
Possible Values:
-
Not Configured
-
Enabled – displays the default value, Contacts, and can be updated
-
Disabled
Turn off automatic addition of sender's certificates to Microsoft Outlook contacts
Description:
Disables the automatic creation and update of contact information with the sender's certificate attached to the opened email.
If this setting is not configured or disabled, then the sender's certificates are automatically added to the Microsoft Outlook contacts.
Turn off setup email certificates in Microsoft Outlook on card insertion
Description:
Disables the automatic configuration of the Microsoft Outlook security profile on smart card insertion.
If this setting is not configured or disabled, the Microsoft Outlook security profile is updated with the certificate from the smart card on card insertion.
Turn on automatic decryption of encrypted emails
Description:
Enables the automatic decryption of opened emails. It also allows saving copies of emails locally in non-encrypted format.
Automatically decrypted emails remain decrypted. Consider the security implications before using this setting.
Turn on automatic publication of certificates to the Global Address List
Description:
Enables the automatic publication of the user encryption certificate to the Global Address List (GAL) on smart card insertion.
If this setting is not configured or disabled, then certificates are not published to the GAL on card insertion.