Details
This policy setting controls whether Outlook automatically downloads content from safe
zones when displaying messages. If you enable this policy setting, Outlook will not
automatically download content from safe zones. Recipients can choose to download
external content from untrusted senders on a message-by-message basis. If you disable this
policy setting, content from safe zones will be downloaded automatically. If you do not
configure this policy setting, Outlook automatically downloads content from sites that are
considered ‘safe,’ as defined in the Security tab of the Internet Options dialog box in
Internet Explorer. Important – Note that this policy setting is ‘backward.’ Despite the name,
disabling the policy setting prevents the download of content from safe zones and enabling
the policy setting allows it. The recommended state for this setting is- Disabled.
*Rationale*
By default, Outlook 2010 automatically downloads content from sites that are considered
‘safe,’ as defined in the Security tab of the Internet Options dialog box in Internet Explorer.
This configuration could allow users to inadvertently download Web beacons that reveal
their identity to spammers and other malicious people.
Solution
To implement the recommended configuration state, set the following Group Policy setting
to Disabled.
User ConfigurationAdministrative TemplatesMicrosoft Outlook 2010SecurityAutomatic
Picture Download SettingsDo not permit download of content from safe zones
Impact-Disabling this setting can cause some disruptions for Outlook 2010 users who receive many
e-mail messages that include content from safe zones, because they will be required to
download content for each message individually.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.