These days everyone is well aware of the needs for security and the value of firewalls, anti-virus and anti-spam software and the many other protection measures in the enterprise.

But sometimes too much security can actually inhibit productivity. At the very least it might be considered an annoyance but some end users. And at its worst too much security can become redundant with many features and function overlapping one another.

Sometimes your users are attempting to open email attachments from the outside they will receive messages indicating that they are not allowed to access those attachments. In Outlook 2000 such messages look like the following:

“Outlook blocked access to the following potentially unsafe attachments.”

If Outlook blocks an attachment, then end users cannot save, delete, open, print, or otherwise work with the attachment in Outlook. However, there are several methods available which will allow end users the capability to safely access those attachments.

The reason why some users receive the attachment blocked message is that with Outlook 2000 SR-1 and SR-1a there was a new security feature included which prevented some attachments from being opened if they were categorized as containing potentially unsafe data. This feature was very useful since a lot of malicious attacks coming in from the outside could easily be disguised as or hidden in attachments.

But there are a couple workarounds that end users can follow to allow them to safely read their attachments without risking the corporate data in their work environment. Here are some of those workarounds:

1. The end user can request that the sender post or save the attachment to a file share and send a link to new location.
2. The end user can request that the sender use a file compression utility that changes the file name extension.
3. The end user can request that the sender rename the file name extension and then resend the attachment. Upon receipt of the new attachment the end user can simply rename it using the original extension and then open it.

If the workarounds above do not meet the security requirements or guidelines for your corporate environment then an administrator can make some temporary changes for the security settings of the end user’s mailbox which will allow them to download and open previously flagged attachments.
Using the methods listed above may still not meet the policies or guidelines in place for maintaining corporate security. After all, if an attachment really does have a virus then you will not want that attachment opened under any circumstances. So in that case there are some alternatives for sending and opening attachments in the corporate environment that will provide some measures of protection against viruses or malicious attacks.

The first thing to do is to obtain the latest fix packs for Outlook 2000. Once those fix packs have been downloaded and installed then an administrator can proceed to modify the registry.

The administrator should first ensure that Outlook is either running outside of an Exchange Server environment or that, if in an Exchange Server environment, the administrator has not configured the Outlook Security settings to disallow changes to the attachment security behavior. Once this is confirmed and the fix packs have been applied then an administrator can use the Level1Add registry keys to customize the attachment security behavior. The Level1Remove registry keys can be customized to allow Outlook 2000 to open file types that would otherwise be blocked.

When Outlook 2000 is started, the file types specified in the Windows Registry are accessible.

It is recommended that only the file types that the end users need to access be enabled. And if particular file types are only received a few times a year then it is recommended to allow temporary access to those file type in questions. Once those file types have been received, opened and saved then those temporary changes that were made to the Windows Registry should be unwound and the registry reconfigured to once again block questionable email attachments from being opened.

Outlook divides attachments into three groups and each group is handled in a specific manner:

1. Level 1 category includes “unsafe” attachments. These files, as indicated by their file name extensions, may have script or codes associated with them. These files cannot be opened.
2. Level 2 category includes files that are “not unsafe” but they do require more security than other attachments. Outlook will display a prompt dialog asking if the attachment should be saved to disk. Level 2 attachments are still prevented from being opened in email messages. By default, file name extensions are not associated with this group. But an Exchange server administrator can add file name extensions to the Level 2 list.

Attachment files which do not fall into either of the two categories listed above will have the option of either being opened or saved to disk. Prompts can be turned off for these files which fall outside of the two categories listed above by clearing the check box labeled, “Always ask before opening this type of file”.