1.5 Set 'Allow scripts in one- off Outlook forms' to 'Disabled'

Information

This policy setting controls whether scripts can run in Outlook forms in which the script
and layout are contained within the message. If you enable this policy setting, scripts can
run in one-off Outlook forms. If you disable or do not configure this policy setting, Outlook
does not run scripts in forms in which the script and the layout are contained within the
message. Important- This policy setting only applies if the 'Outlook Security Mode' policy
setting under 'Microsoft Outlook 2010\Security\Security Form Settings' is configured to
'Use Outlook Security Group Policy.' The recommended state for this setting is- Disabled.

*Rationale*

Malicious code can be included within Outlook forms, and such code could be executed
when users open the form. By default, Outlook 2010 does not run scripts in forms in which
the script and the layout are contained within the message.

Solution

To implement the recommended configuration state, set the following Group Policy setting
to Disabled.

User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security
Form Settings\Custom Form Security\Allow scripts in one-off Outlook forms

Impact-Disabling this setting enforces the default configuration in Outlook 2010, and is therefore
unlikely to cause significant usability issues for most users. Allowing scripts to run in one-
off Outlook forms can pose a significant risk. Unless your users have a legitimate business
need for such functionality, this setting should be disabled. If your organization uses forms
with scripts, consider redesigning these forms.

See Also

https://workbench.cisecurity.org/files/530

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(4)

Plugin: Windows

Control ID: 1b87414d41b553b29b5e7fd5ef28a2c70ddf07510c46861f7af8e2f385aee62d