You Should Only Open Attachments From A Trusted Source Prompt

I have a problem where when our Terminal Server users open an attachment from Outlook, specifically, .doc; .docx; .rtf documents, they are given a prompt which says:
"You Should Only Open Attachments From A Trusted Source"
"Would you like to open the file or save it to your computer?".
"Open | Save | Cancel" (Please see my attached screen grab)
Now, the box is grayed out because it's a locked down environment. The manual fix for this environment is to remove the group policies, login as the user, try open file types it's a problem for, UN-tick the box, click open, log off, and add the group policies back.
However, does anyone know of a way to change this through group policies, registry or some sort of script?
I've spent time searching the internet and can only find articles on how to apply the manual fix. I've looked at nearly ever entry in the registry and even tried process monitor to narrow it down.
Any help you can give is greatly appreciated~
Who is Participating?
ZelxosConnect With a Mentor Author Commented:
Hi Alicia & Marek,
Thanks to both of  you for your replies. I should of mentioned this is a 2008 TS cluster and in 2008 the File Types tab is not there. Although I wasn't able to carry out either of your solutions with success I have found a solution.
I used Process Monitor ( on an Admin account and monitored from the time I opened an affected file type up to just after UN-ticking the box and clicking Open.
I filtered the 4000 results to only show operations that were "RegCreateKey" or "RegSetValue". Near the top of the list I had these results [see Process Monitor Results image].
As you can see, it first had the EditFlags value set to 00 00 00 00 and then changed it to 00 00 01 00. This is the value that gets changed so that Outlook doesn't prompt before opening the file attachment and after a bit more tinkering I figured out two ways to apply this information.

The Solution:
1. This changes it for the computer.
Create a REG_Binary registry entry under the following location for each file type/extension you want to change this for - this example is for ".docx" files:
ValueName: EditFlags
Type: REG_Binary
Value: 00 00 01 00
(changing the value to 00 00 00 00 will cause Outlook to prompt)
Word.Document.12 = .docx
Word.Document.8 = .doc
Word.RTF.8 = .rtf
Excel.Sheet.12 = .xlsx
Excel.Sheet.8 = .xls

So just replace Word.document.12 with whatever is your file type. It's not too hard to figure out which entry controls which file type/extension.

2. This changes it for the user.
Create a REG_Binary registry entry under the following location for each file extension - this example is for ".xlsx" files.
ValueName: EditFlags
Type: REG_Binary
Value: 00 00 01 00

Either of these can be applied manually, through a startup/login script, or through Group Policy preferences (which is how I've applied this).

I hope this helps someone who has this problem.

Thanks again to Alicia and Marek for your replies, I appreciate it!
Spike99Connect With a Mentor On-Site IT TechnicianCommented:
I've seen this before.

That option is grayed out for users because only administrators can change the behavior on a terminal server.  Here's how we fixed this for our terminal server users on Windows 2003:
1.  Log on to the server as a user with Administratrive rights
2.  Open Folder Options from the Control Panel
3.  Click on the File Types tab
4.  Scroll down to the file type and click on it to highlight it
5. Click on the Advanced Button
6.  Un-check the option "Confirm open after download"

Do the same for all effected file types.

In our case, we had to do this for all the Office 2007 file types like XLSX, DOCX, etc.  The settings for Office 2003 & earlier file types were OK (xls, doc, ppt, etc.).

I attached a screenshot of the dialog.  In this shot the option is checked, I would just need to uncheck it to no longer be prompted about these files.

I hope this helps,

marek1712Connect With a Mentor Commented:
There are another methods:
- check trusted file types in the Outlook itself:
You can use startup script to apply this registry fix.
- or you can modify the Attachment Manager settings:
change the default zone to Low Risk and add required file types to the Low Risk extensions.
ZelxosAuthor Commented:
Thank you both for your replies. I'll try these out and let you know if they work. Thanks again!
Spike99On-Site IT TechnicianCommented:
marek1712's links would help if your attachments were being blocked by Outlook, but it doesn't look like that's the problem.  Users are just getting prompted before they can open attachments.

I don't know if there's a script or other method to use other than the one I described.  Unfortunately the TS cluster we had to do this on had over 30 servers in it and we had to repeat these steps for multiple file types on all 30.  So, it was a bit tedious, but it worked fine for us.  The users haven't complained about it since then (and that was about 8 months ago).

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.