Information
This policy setting allows you to specify a folder path for the Secure Temporary Files folder
rather than using the one that is randomly generated by Outlook. If you enable this policy
setting, you can specify a folder path for the Security Temporary Files folder rather than
using the one that is randomly generated by Outlook. If you disable or do not configure this
policy setting, Outlook will assign the Secure Temporary Files folder a different random
name for each user. Important - If you must use a specific folder for Outlook attachments, it
is recommended that you use a local directory (for best performance), that you place the
folder under the Temporary Internet Files folder (to benefit from the enhanced security on
that folder), and that the folder name is unique and difficult to guess. The recommended
state for this setting is- Disabled.
*Rationale*
The Secure Temporary Files folder is used to store attachments when they are opened in e-
mail. By default, Outlook 2010 generates a random name for the Secure Temporary Files
folder and saves it in the Temporary Internet Files folder. You can use this setting to
designate a specific path and folder to use as the Secure Temporary Files folder. This
configuration is not recommended, because it means that all users will have temporary
Outlook files in the same predictable location, which is not as secure. If the name of this
folder is well known, a malicious user or malicious code might target this location to try
and gain access to attachments.
Solution
To implement the recommended configuration state, set the following Group Policy setting
to Disabled.
User Configuration\Administrative Templates\Microsoft Outlook
2010\Security\Cryptography\Signature Status dialog box\Attachment Secure Temporary
Folder\- Enter the Secure Folder path
Impact-Disabling this setting enforces the default configuration of Outlook 2010, and therefore is
unlikely to cause usability issues for most users. Important If you must use a specific folder
for Outlook attachments, it is recommended that you use a local directory (for best
performance), that you place the folder under the Temporary Internet Files folder (to
benefit from the enhanced security on that folder), and that the folder name is unique and
difficult to guess.