Title

Outlook Object Model scripts must be disallowed to run for public folders. (Cat II impact)

Discussion

This policy setting controls whether Outlook executes scripts that are associated with custom forms or folder home pages for public folders. If you enable this policy setting, Outlook cannot execute any scripts associated with public folders, overriding any configuration changes on users' computers. If you disable this policy setting, Outlook will automatically run any scripts associated with custom forms or folder home pages for public folders, overriding any configuration changes on users' computers. If you do not configure this policy setting, Outlook will not run any scripts associated with public folders by default. Users can configure the setting in the Trust Center by selecting the ôAllow script in public foldersö check box.

Check Content

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Outlook Options -> Other -> Advanced "Do not allow Outlook object model scripts to run for public folders" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\16.0\outlook\security Criteria: If the value PublicFolderScript is REG_DWORD = 0, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Outlook Options -> Other -> Advanced "Do not allow Outlook object model scripts to run for public folders" to "Enabled".

Additional Identifiers

Rule ID: SV-228434r508021_rule

Vulnerability ID: V-228434

Group Title: SRG-APP-000210

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.