Configure security for Outlook 2007 folder home pages

This Office product will reach end of support on October 10, 2017. To stay supported, you will need to upgrade. For more information, see , Resources to help you upgrade your Office 2007 servers and clients.

Topic Last Modified: 2016-11-14

In Microsoft Office Outlook 2007, you can view Web pages without leaving Outlook. You do this by assigning a Web page as a home page for a folder. You can associate a Web page with any personal or public folder. When you click the folder, Outlook displays the folder home page assigned to it. Although this feature provides the opportunity to create powerful public folder applications, scripts can be included on the Web page that access the Outlook object model. This exposes users to security risks.

You can improve security by using Group Policy to disable folder home pages for all of your users.

You can lock down this setting (recommended) by using the Outlook Group Policy template (Outlk12.adm). Or you can configure a default setting by using the Office Customization Tool (OCT), in which case users can change the setting. The OCT settings are in corresponding locations on the Modify user settings page of the OCT.

The Outlook template and other ADM files can be downloaded from 2007 Office System Administrative Templates (ADM) on the Microsoft Download Center.

To disable folder home pages by using Group Policy

1. In Group Policy, load the Microsoft Office Outlook 2007 template (Outlk12.adm).

2. Under User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Folder Home Pages for Outlook Special Folders\Settings for Disable Folder Home Pages, double-click Do not allow Home Page URL to be set in folder Properties.

3. Click Enabled.

4. Click OK.