2.6 Set 'Do not display 'Publish to GAL' button' to 'Enabled'

Information

This policy setting controls whether Outlook users can publish e-mail certificates to the
Global Address List (GAL). If you enable this policy setting, the 'Publish to GAL' button
does not display in the 'E-mail Security' section of the Trust Center. If you disable or do not
configure this policy setting, Outlook users can publish their e-mail certificates to the GAL
through the 'E-mail Security' section of the Trust Center. The recommended state for this
setting is- Enabled.

*Rationale*

By default, Outlook 2010 users can publish their e-mail certificates to the GAL through the
E-mail Security section of the Trust Center. If your organization has policies that govern the
use of digital certificates for signing and encrypting e-mail messages, allowing users to
publish certificates might violate those policies.

Solution

To implement the recommended configuration state, set the following Group Policy setting
to Enabled.

User Configuration\Administrative Templates\Microsoft Outlook
2010\Security\Cryptography\Do not display 'Publish to GAL' button


Impact-Enabling this setting prevents Outlook 2010 users from publishing their e-mail certificates
to the GAL. Users who need to publish a new or updated certificate will have to contact an
administrator.

See Also

https://workbench.cisecurity.org/files/530

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b.

Plugin: Windows

Control ID: 33d5515e55b1462bd14a78eec465cb2d10b63e6e39a241c309020de528f1163f