Details
This policy setting allows you to specify whether replies will be automatically signed. If you
enable this policy setting, the option to respond automatically to a signed message with a
signed response will be overridden, and an unsigned response will be the default reply to a
signed message. If you disable or do not configure this policy setting, a signed response will
be the default reply to a signed message. The recommended state for this setting is-
Enabled.
*Rationale*
If digital signatures are automatically applied to all outbound messages its likely that some
recipients will be unable to verify the signatures. This is due to the fact that most
organizations will deploy digital certificates to users from their own internal Certification
Authority (CA), which external users cannot access. Recipients of signed messages who are
unable to confirm the validity of those signatures may feel unsafe viewing legitimate
messages.
Solution
To implement the recommended configuration state, set the following Group Policy setting
to Enabled.
User ConfigurationAdministrative TemplatesMicrosoft Outlook 2010SecurityDo not
automatically sign replies
Impact-This setting enforces the default configuration, and therefore is unlikely to cause significant
usability issues for most users.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.