Details
This policy setting controls whether scripts can run in Outlook forms in which the script
and layout are contained within the message. If you enable this policy setting, scripts can
run in one-off Outlook forms. If you disable or do not configure this policy setting, Outlook
does not run scripts in forms in which the script and the layout are contained within the
message. Important- This policy setting only applies if the ‘Outlook Security Mode’ policy
setting under ‘Microsoft Outlook 2010SecuritySecurity Form Settings’ is configured to
‘Use Outlook Security Group Policy.’ The recommended state for this setting is- Disabled.
*Rationale*
Malicious code can be included within Outlook forms, and such code could be executed
when users open the form. By default, Outlook 2010 does not run scripts in forms in which
the script and the layout are contained within the message.
Solution
To implement the recommended configuration state, set the following Group Policy setting
to Disabled.
User ConfigurationAdministrative TemplatesMicrosoft Outlook 2010SecuritySecurity
Form SettingsCustom Form SecurityAllow scripts in one-off Outlook forms
Impact-Disabling this setting enforces the default configuration in Outlook 2010, and is therefore
unlikely to cause significant usability issues for most users. Allowing scripts to run in one-
off Outlook forms can pose a significant risk. Unless your users have a legitimate business
need for such functionality, this setting should be disabled. If your organization uses forms
with scripts, consider redesigning these forms.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.