Outlook Object Model scripts must be disallowed to run for public folders.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-71147	DTOO233	SV-85771r1_rule		Medium

Description
This policy setting controls whether Outlook executes scripts that are associated with custom forms or folder home pages for public folders. If you enable this policy setting, Outlook cannot execute any scripts associated with public folders, overriding any configuration changes on users' computers. If you disable this policy setting, Outlook will automatically run any scripts associated with custom forms or folder home pages for public folders, overriding any configuration changes on users' computers. If you do not configure this policy setting, Outlook will not run any scripts associated with public folders by default. Users can configure the setting in the Trust Center by selecting the ôAllow script in public foldersö check box.

Description

This policy setting controls whether Outlook executes scripts that are associated with custom forms or folder home pages for public folders. If you enable this policy setting, Outlook cannot execute any scripts associated with public folders, overriding any configuration changes on users' computers. If you disable this policy setting, Outlook will automatically run any scripts associated with custom forms or folder home pages for public folders, overriding any configuration changes on users' computers. If you do not configure this policy setting, Outlook will not run any scripts associated with public folders by default. Users can configure the setting in the Trust Center by selecting the ôAllow script in public foldersö check box.

STIG	Date
Microsoft Outlook 2016 Security Technical Implementation Guide	2016-11-02

Details

Check Text ( C-71575r2_chk )
Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Outlook Options -> Other -> Advanced "Do not allow Outlook object model scripts to run for public folders" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\16.0\outlook\security Criteria: If the value PublicFolderScript is REG_DWORD = 0, this is not a finding.

Check Text ( C-71575r2_chk )

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Outlook Options -> Other -> Advanced "Do not allow Outlook object model scripts to run for public folders" is set to "Enabled".

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\16.0\outlook\security

Criteria: If the value PublicFolderScript is REG_DWORD = 0, this is not a finding.

Fix Text (F-77479r1_fix)
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Outlook Options -> Other -> Advanced "Do not allow Outlook object model scripts to run for public folders" to "Enabled".