UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Outlook Object Model scripts must be disallowed to run for public folders.


Overview

Finding ID Version Rule ID IA Controls Severity
V-228434 DTOO233 SV-228434r508021_rule Medium
Description
This policy setting controls whether Outlook executes scripts that are associated with custom forms or folder home pages for public folders. If you enable this policy setting, Outlook cannot execute any scripts associated with public folders, overriding any configuration changes on users' computers. If you disable this policy setting, Outlook will automatically run any scripts associated with custom forms or folder home pages for public folders, overriding any configuration changes on users' computers. If you do not configure this policy setting, Outlook will not run any scripts associated with public folders by default. Users can configure the setting in the Trust Center by selecting the ôAllow script in public foldersö check box.
STIG Date
Microsoft Outlook 2016 Security Technical Implementation Guide 2020-09-25

Details

Check Text ( C-30667r497624_chk )
Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Outlook Options -> Other -> Advanced "Do not allow Outlook object model scripts to run for public folders" is set to "Enabled".

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\16.0\outlook\security

Criteria: If the value PublicFolderScript is REG_DWORD = 0, this is not a finding.
Fix Text (F-30652r497625_fix)
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Outlook Options -> Other -> Advanced "Do not allow Outlook object model scripts to run for public folders" to "Enabled".