Sending E-mails via Dynamics NAV and the Outlook Security dialog box requesting permissions to send on behalf

Sending E-mails via Dynamics NAV and the Outlook Security dialog box requesting permissions to send on behalf

Rate This
  • Comments 0

It has been a while ago since I last talked about the Outlook Security dialog box in combination with E-mail logging. Now it is time to summarize all what we have up to now since we are a couple of releases later and the classic application server is no longer needed within Dynamics NAV 2013 release.

When sending E-mails via customization in combination with an attachment or when sending E-mails via a segment, a Outlook Security message dialog box could pop up.

 

image

After pressing Log, the following appears to happen. A dialog box pops up.

image

 

After allowing access for a specific number of minutes, another dialog box pops up:

image

 

After pressing Allow button, the segment continues to be logged successfully.

image

 

The reason why this happens is because of the design of Outlook starting with Outlook 2000 in combination with a service release. All relevant information can be read below. If a program tries to access the Outlook Address Book automatically, this message box is presented to the user.

More information can be found here:
OL2000: Information About the Outlook E-mail Security Update

New Programmability Behavior
When you install the update, programmatic access to Outlook is restricted. If other applications try to use Outlook on your behalf, you receive a warning message and you are prompted to confirm what the other application is doing. You receive warning messages when another application tries to do anything in the following list:

·         Send mail on your behalf
·         Access your address book
·         Access E-mail names from your messages
·         Access E-mail information from your contacts or other types of items
·         Save your messages to the file system
·         Search your messages for content
·         Use Simple Messaging Application Programming Interface, Simple MAPI, to send messages without your consent

The update may affect how other applications interact with Outlook by changing the default security zone settings from "Internet" to "restricted," and by automatically disabling script in Hypertext Markup Language (HTML) E-mail messages and unpublished custom Outlook forms. For additional information about developer-related updates and how they may impact third-party products and custom Outlook solutions, click the article number below to view the article in the Microsoft Knowledge Base:
262701 OL2000: Developer Information About the E-mail Security Update

For Exchange Administrators, there is the following KB article:
263297 Administrator information about the Outlook E-mail Security update: June 7, 2000

When using Exchange 2003, you can use the 2003 Office Resource Kit that has the Outlook Security Settings template.

For Exchange 2007 and Exchange 2010 in combination with either Office 2007 or Office 2010, there are administrative templates that can be downloaded (see links at the end of this posting below).

For IT Admins:
http://technet.microsoft.com/en-us/library/ff657852.aspx

For non IT Admins:
http://office.microsoft.com/en-us/outlook-help/how-outlook-helps-protect-you-from-viruses-spam-and-phishing-HA010355583.aspx

So, that said, you need the Exchange Administrator or IT Admin to be involved helping you to configure all this.

That used to be enough when utilizing E-mail logging in Dynamics NAV 2009 R2. This however is not enough when utilizing sending of E-mails via either customization in combination with attachments or sending segment mailing where the checkbox “Send Word Docs. as Attmt.:” is selected within the new or follow up segment. There are a couple of things that are important. Starting with Outlook 2007, Outlook 2007 and later release will validates whether there is an up to date antivirus solution installed. If the signatures are outdates, the Outlook Security Settings dialog box will pop up again. You can find the validation information within the Trust Center Security settings:

 

image

If you are on a test system with no internet access, etc., you may want to bypass this security limitation via a registry key:

Outlook 2010
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\14.0\Outlook\Security
DWORD: ObjectModelGuard
Value: 2

You can also set the keys below. As always, if the keys don't exist in the registry, you'll need to create them.
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0\outlook\security

DWORD: PromptOOMSend
Value: 2
DWORD: AdminSecurityMode
Value: 3

Outlook 2007
If you are using Outlook 2007, the keys are as follows.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\Outlook\Security

DWORD: ObjectModelGuard
Value: 2

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\outlook\security

DWORD: PromptOOMSend
Value: 2
DWORD: AdminSecurityMode
Value: 3

NOTE: the above registry keys should only be set on test systems and not on production systems.

Now we have received a new support request where the message box was still popping up. After doing some analysis, it appeared that either the GPO or the Outlook Security Settings template was not complete since for sending E-mails directly out of Dynamics NAV, another set of registry key or GPO settings were required. You can find more about this below.

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0\Outlook\Security

DWORD: PromptSimpleMAPISend
Value: 2
DWORD: PromptSimpleMAPINameResolve
Value: 2
DWORD: PromptSimpleMAPIOpenMessage
VALUE: 2

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\Security

DWORD: PromptSimpleMAPISend
Value: 2
DWORD: PromptSimpleMAPINameResolve
Value: 2
DWORD: PromptSimpleMAPIOpenMessage
Value: 2

All the mentioned registry keys needs to be applied on a users workstation. The script with all required registry settings are listed below. Save the file as a REG file and add it to a logon script so that the workstations will get it automatically.

///

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0\Outlook]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0\Outlook\Security]

"PromptOOMSend"=dword:00000001

"PromptOOMAddressBookAccess"=dword:00000002

"PromptOOMAddressInformationAccess"=dword:00000002

"PromptOOMMeetingTaskRequestResponse"=dword:00000001

"PromptOOMSaveAs"=dword:00000001

"PromptOOMFormulaAccess"=dword:00000001

"PromptSimpleMAPISend"=dword:00000002

"PromptSimpleMAPINameResolve"=dword:00000002

"PromptSimpleMAPIOpenMessage"=dword:00000002

///

 

However, there is a better way to add the registry keys to every single workstation. This is where the GPO comes into action. Download links for the administrative templates can be found are here.

- Administrative Template for Office 2007
- Administrative Template for Office 2010
- Administrative Template for Office 2013

Updated administrative templates:

- Updated Administrative Template for Office 2007 
- Updated Administrative Template for Office 2010

NOTE: the main administrative templates for Office 2013 do already contain the additional required settings. How to configure the GPO can be found in the relevant KB’s below:

http://support.microsoft.com/kb/953806/en-us
http://support.microsoft.com/kb/2723336/en-us

To summarize of the required setting that needs to be configured for utilizing E-mail logging in releases prior to Dynamics NAV 2013 and the required settings that needs to be configured for utilizing segment mailing with attachment and / or sending E-mails with attachments via code, the following applies.

- Configure Simple MAPI sending prompt
- Configure Simple MAPI name resolution prompt
- Configure Simple MAPI message opening prompt
- Configure Outlook object model prompt when accessing an address book
- Configure Outlook object model prompt when reading address information

Hope this does help you further whenever you do come across the additional security features built in within Outlook.

Regards,

Marco Mels
CSS EMEA

This posting is provided "AS IS" with no warranties, and confers no rights

Leave a Comment
  • Please add 7 and 5 and type the answer here:
  • Post