locked
Is is possible to configure Office Outlook to block encryption function? RRS feed

  • Question

  • Hi.

    Corporation's Need: My issue is that once the certificate has "Secure Email", the user is able not only to digitally sign the email but, also, to encrypt the email messages (by retrieving certificates with secure email policy from LDAP) , functionality that is not desired in the corporation policy.

    In the Policy Validation process, Office Outlook searches for "Secure Email" Application Policy in the certificate when executing cryptographic processes. If this Application Policy is not specified in the certificate, the Outlook fails to display the certificate that can be used for e-mail protection.

    Is it possible to configure Microsoft Office Outlook to search for "Document Signing" usage in order only to sign e-mails? If all the certificates stored in the LDAP will have this Application Policy, and "users" will have no ability to retrieve recipients certificates with "secure email" flag, i think i might reach the corporation's needs.

     

    This is the approach i was thinking of... If you have other methods to prevent encryption of the e-mail any modality is more than perfect.

    Thank you.

     

    Thursday, December 23, 2010 9:04 AM

Answers

  • This is more of an Outlook question, than an AD question. However, my only thought and suggestion is have you taken a look at the Outlook GPO templates? This way it can be rolled out based on AD Site, domain, or OU.

    Setting Outlook Group Policies | HowTo-Outlook - May 26, 2010
    http://www.howto-outlook.com/howto/policies.htm

    Ace


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    • Proposed as answer by Meinolf Weber Friday, December 24, 2010 9:47 PM
    • Marked as answer by Bruce-Liu Monday, December 27, 2010 1:47 PM
    Thursday, December 23, 2010 1:16 PM

All replies

  • I must specify that the solution provided must have the ability to be deployed AD domain/group wide.

     

    Thursday, December 23, 2010 9:10 AM
  • This is more of an Outlook question, than an AD question. However, my only thought and suggestion is have you taken a look at the Outlook GPO templates? This way it can be rolled out based on AD Site, domain, or OU.

    Setting Outlook Group Policies | HowTo-Outlook - May 26, 2010
    http://www.howto-outlook.com/howto/policies.htm

    Ace


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    • Proposed as answer by Meinolf Weber Friday, December 24, 2010 9:47 PM
    • Marked as answer by Bruce-Liu Monday, December 27, 2010 1:47 PM
    Thursday, December 23, 2010 1:16 PM