Outlook Express 6

This section provides:

  • A description of Microsoft Outlook Express 6 in Windows XP Professional with Service Pack 1 (SP1). This section also provides a comparison of Outlook and Outlook Express.

  • Descriptions of new security-related features in Outlook Express 6 in Windows XP Professional with SP1 (as compared to Outlook Express 5), with information about how these new features are configured at the desktop.

  • Information about removing all visible entry points to Outlook Express in Windows XP with SP1, for situations where you want users to use another e-mail client exclusively. There are several ways to do this:

    • During unattended installation, with an answer file.

    • After installation, by using the Sysocmgr command with an answer file.

    • Through Add or Remove Programs in Control Panel.

    • With Set Program Access and Defaults, which is available from the Start menu. With this dialog box, the administrator of a computer running Windows XP Professional with SP1 can specify which e-mail program is shown on the Start menu, desktop, and other locations.

  • Information about controlling Outlook Express 6 through Group Policy to limit the risk associated with e-mail attachments. The Group Policy setting that you use for this is Block attachments that could contain a virus.

    Notes
    This section of the white paper describes Outlook Express 6 in Windows XP Professional with SP1, but does not describe related components such as Internet Explorer 6, the New Connection Wizard, or the tool that can report errors that occur in Outlook Express. For information about these components, see the respective sections of this white paper (the error reporting tool is described in "Windows Error Reporting").
    Also note that the New Connection Wizard replaces the Network Connection Wizard and the Internet Connection Wizard in Windows 2000.

It is beyond the scope of this white paper to describe all aspects of maintaining appropriate levels of security in an organization where users send and receive e-mail messages, open attachments in e-mail messages, and perform similar actions. This section, however, provides information about features and configuration methods in Outlook Express 6 that can reduce the inherent risks associated with sending and receiving e-mail messages.

For more information about Outlook Express, see the following resources:

  • Help for Outlook Express (which can be accessed in Outlook Express by clicking the Help menu and then selecting an appropriate option).

  • The section about Internet Explorer 6 in this white paper, which describes security zones in Internet Explorer 6. These security zones are also used in Outlook Express 6.

  • The Internet Explorer page on the Microsoft Web site at:

    https://www.microsoft.com/windows/ie/

  • The Resource Kit for Internet Explorer (specifically, the chapter describing what’s new in Internet Explorer 6). To learn about this and other Resource Kits, see the Microsoft TechNet Web site at:

    https://go.microsoft.com/fwlink/?linkid=29894

Bb490836.3squares(en-us,TechNet.10).gif

On This Page

Benefits and Purposes of Outlook Express 6
New Security-Related Features in Outlook Express 6
Overview: Using Outlook Express 6 in a Managed Environment
Removing Visible Entry Points to Outlook Express During or After Deployment
Procedures for Working with Outlook Express 6
Related Links

Benefits and Purposes of Outlook Express 6

Outlook Express 6 is designed to make it easy to send or receive e-mail messages and to browse or participate in newsgroups. It differs from many of the other components described in this white paper in that its main function is to communicate through the Internet or an intranet (in contrast to components that communicate with the Internet in the process of supporting some other activity).

Outlook Express is part of Windows XP, in contrast to Microsoft Outlook, which is an application included in Microsoft Office. Outlook provides comprehensive e-mail capabilities, including information management and collaboration capabilities, useful to a wide spectrum of users from home to small business to large enterprise. Outlook Express, part of Windows XP, offers standard Internet e-mail and news access, useful to many home and small-business users. Outlook Express supports Post Office Protocol 3 (POP3), Internet Message Access Protocol (IMAP), Simple Mail Transfer Protocol (SMTP), and Network News Transfer Protocol (NNTP).

Outlook Express 6 offers more security-related options and settings than were available in Outlook Express 5. The following subsections describe the new options and ways of configuring them, as well as outlining methods for removing all visible entry points to Outlook Express in Windows XP with SP1 (for situations where you want users to use another e-mail client exclusively).

The version of Outlook Express 6 in Windows XP Professional with SP1 includes additional security-related features as compared to earlier versions of Outlook Express including Outlook Express 5. The following list describes these features. The table that follows this list shows how each option is configured in Outlook Express.

  • Warning about harmful e-mail. To prevent e-mail messages from being sent without a user’s knowledge, Outlook Express warns the user when other programs, such as viruses or harmful attachments, attempt to send messages from the user’s computer. This warning appears only if Outlook Express is configured as the default simple MAPI client, and another program attempts to use simple MAPI to programmatically send e-mail messages without presenting a visible user interface on the computer.

  • Blocking of potentially harmful attachments. If this option is enabled, Outlook Express 6 blocks the opening or saving of specific e-mail attachments that are considered "unsafe." To determine whether an attachment is unsafe, Outlook Express 6 uses the Internet Explorer 6 unsafe file list, plus some additional file types, plus file types you configure with the Confirm open after download setting in Folder Options (on the Files Types tab). Any e-mail attachment with a file type reported as "unsafe" is blocked. This option can be enabled or disabled through Group Policy as well as at the local computer. For more information about using this setting, see the table that follows and "To Locate the Group Policy Setting for Blocking E-mail Attachments in Outlook Express 6," later in this section.

    For information about the unsafe file list in Internet Explorer 6, you can search the Microsoft Knowledge Base. To do this, follow the instructions for searching on the Web site, and search for the phrase "unsafe file list":

    https://support.microsoft.com/

  • Software Restriction Policies technology. When running with Windows XP, Outlook Express 6 can take advantage of Software Restriction Policies technology. For more information, see “Related Links,” later in this section.

  • Plain text format option for reading of e-mail. Starting with Outlook Express 6.0 in Windows XP with Service Pack 1, Outlook Express can be configured to read all e-mail messages in plain text format. Some HTML e-mail messages may not appear correctly in plain text, but no active content in the e-mail message is run when this setting is enabled.

The following table shows how each option is configured in Outlook Express 6.

Options for Configuring Outlook Express 6

Option to Configure in Outlook Express 6

Menu to Click

Menu Item to Click

Tab to Click

Warning about harmful e-mail

Tools

Options

Security

Blocking of potentially harmful attachments (also configurable through Group Policy)

Tools

Options

Security

Software Restriction Policies technology

Tools

Options

Security (specifically, security zones, which can work with Software Restriction Policies)

Plain text format option for reading of all e-mail

Tools

Options

Read (in Outlook Express 6 in Windows XP with SP1 and later service packs only)

Overview: Using Outlook Express 6 in a Managed Environment

Although there are inherent risks associated with sending and receiving e-mail (and e-mail attachments), you can use a number of different features and configuration methods in Outlook Express 6 to reduce the risks:

  • You can use the graphical user interface to configure the security-related features in Outlook Express 6. For more information, see "New Security-Related Features in Outlook Express 6," earlier in this section and "To Start Outlook Express 6 and View or Configure Security Settings," later in this section.

  • You can ensure that all visible entry points to Outlook Express in Windows XP with SP1 are removed (for situations where you want users to use another e-mail client exclusively). For more information, see "Removing Visible Entry Points to Outlook Express During or After Deployment" and "Procedures for Working with Outlook Express 6," later in this section.

  • You can use a Group Policy setting, Block attachments that could contain a virus, to limit the risk associated with e-mail attachments in Outlook Express 6. For more information, see "To Locate the Group Policy Setting for Blocking E-mail Attachments in Outlook Express 6," later in this section.

  • You can use Group Policy to implement Software Restriction Policies. For more information, see “Related Links,” later in this section.

Removing Visible Entry Points to Outlook Express During or After Deployment

For situations where you want users to always use an e-mail client other than Outlook Express 6, you can remove all visible entry points to Outlook Express in Windows XP with SP1. One way to do this is during workstation deployment by using standard methods for unattended installations or remote installations. If you are using an answer file, the entry is as follows:

[Components]
OEAccess = Off

You can also use a command line to remove all visible entry points to Outlook Express from a workstation after deployment. To do this, use the Sysocmgr command with Sysoc.inf (included in the operating system), along with an answer file containing the preceding entries.  For more information about Sysocmgr, see the following pages on the Microsoft Web site:

https://go.microsoft.com/fwlink/?LinkId=31023

https://go.microsoft.com/fwlink/?LinkId=31120

For complete details about how the OEAccess entry works, see the resources listed in Appendix A, "Resources for Learning About Automated Installation and Deployment." Be sure to review the information in the Deploy.chm file (whose location is provided in that appendix).

For information about using Set Program Access and Defaults to specify which e-mail program is shown on the Start menu, desktop, and other locations, and about using Control Panel to remove all visible entry points to Outlook Express on an individual computer, see the next section, “Procedures for Working with Outlook Express 6.”

Procedures for Working with Outlook Express 6

This subsection provides procedures for the following:

  • Opening the dialog box from which you can configure security settings for Outlook Express 6.

  • Locating the Group Policy setting, Block attachments that could contain a virus.

    You can use this Group Policy setting in situations where you want Outlook Express 6 to be available for users but where you want to limit the risk associated with e-mail attachments. For more information about this policy setting, see "New Security-Related Features in Outlook Express 6," earlier in this section.

  • Specifying which e-mail program is shown on the Start menu, desktop, and other locations on a computer running Windows XP with SP1. You can do this through Set Program Access and Defaults on the Start menu.

  • Removing visible entry points to Outlook Express on an individual computer running Windows XP with SP1 by using Control Panel.

  • Removing visible entry points to Outlook Express during or after deployment of Windows XP with SP1 by using an answer file.

To Start Outlook Express 6 and View or Configure Security Settings

  1. Click Start, point to All Programs or Programs, and then click Outlook Express.

  2. On the Tools menu, click Options.

  3. Click the Security tab and view or configure the settings, including the check boxes for the following options:

    • Warn me when other applications try to send mail as me.

    • Do not allow attachments to be saved or opened that could potentially be a virus.

    You can also view or configure the security zones setting. Outlook Express 6 uses two of the same security zones that you configure in Internet Explorer 6. For more information about security zones, see the section about Internet Explorer 6 in this white paper.

  4. Click the Read tab, and view or configure the settings, including the check box for Read all messages in plain text.

To Locate the Group Policy Setting for Blocking E-mail Attachments in Outlook Express 6

  1. See Appendix B, "Learning About Group Policy and Updating Administrative Templates,” for information about using Group Policy. Ensure that your Administrative templates have been updated, and then edit an appropriate GPO.

  2. Click User Configuration, click Administrative Templates, click Windows Components, and then click Internet Explorer.

  3. In the details pane, double-click Configure Outlook Express.

  4. If you enable this policy, you can select or clear the check box for Block attachments that could contain a virus.

To Specify Which E-mail Program is Shown on the Start Menu, Desktop, and Other Locations on a Computer Running Windows XP with SP1

To perform the following procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure.

  1. Click Start and then click Set Program Access and Defaults.

  2. Click the Custom button.

    Note Alternatively, you can click the Non-Microsoft button, which will not only remove visible entry points to Outlook Express, but also to Internet Explorer, Windows Media Player, and Windows Messenger. If you do this, skip the remaining steps of this procedure.

  3. To disable access to Outlook Express on this computer, to the right of Outlook Express, clear the check box for Enable access to this program.

  4. If you want a different default e-mail program to be available to users of this computer, select the e-mail program from the options available.

    Note For the last step, if your program does not appear by name, contact the vendor of that program for information about how to configure it as the default. Also, for related information about registry entries that are used to designate that a program is a browser, e-mail, media playback, or instant messaging program, see Registering Programs with Client Types on the MSDN Web site at:

    https://go.microsoft.com/fwlink/?LinkId=29306

For more information about Set Program Access and Defaults, see article 328326, “How to Use the Set Program Access and Defaults Feature in Windows XP Service Pack 1,” in the Microsoft Knowledge Base at:

https://go.microsoft.com/fwlink/?LinkId=29309

To Remove Visible Entry Points to Outlook Express on an Individual Computer by Using Control Panel

  1. Click Start, and then either click Control Panel, or point to Settings and then click Control Panel.

  2. Double-click Add or Remove Programs.

  3. Click Add/Remove Windows Components (on the left).

  4. Scroll down the list of components to Outlook Express, and make sure the check box for that component is cleared.

  5. Follow the instructions to complete the Windows Components Wizard.

To Remove Visible Entry Points to Outlook Express During or After Deployment by Using an Answer File

  1. Using the methods you prefer for unattended installation, remote installation, or the Sysocmgr command, create an answer file.

    For more information about unattended and remote installation, see Appendix A, "Resources for Learning about Automated Installation and Deployment."

    For more information about Sysocmgr, see the following pages on the Microsoft Web site:

    https://go.microsoft.com/fwlink/?LinkId=31023

    https://go.microsoft.com/fwlink/?LinkId=31120

  2. In the [Components] section of the answer file, include the following entry:

    OEAccess = Off

For complete details about how the OEAccess entry works, see the resources listed in Appendix A, "Resources for Learning About Automated Installation and Deployment." Be sure to review the information in the Deploy.chm file (whose location is provided in that appendix).

  • For more information about security zones in Internet Explorer 6 (zones also used in Outlook Express 6), see the section about Internet Explorer 6 in this white paper.

  • For more information about Software Restriction Policies, see the Microsoft TechNet Web site at:

    https://go.microsoft.com/fwlink/?LinkId=33884

  • For information about registry entries that are used to designate that a program is a browser, e-mail, media playback, or instant messaging program, see Registering Programs with Client Types on the MSDN Web site at:

    https://go.microsoft.com/fwlink/?LinkId=29306

  • For more information about Set Program Access and Defaults, see article 328326 “How To Use the Set Program Access and Defaults Feature in Windows XP Service Pack 1,” in the Microsoft Knowledge Base at:

    https://go.microsoft.com/fwlink/?LinkId=29309