Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


You Should Only Open Attachments From A Trusted Source Prompt

Posted on 2010-09-01
Medium Priority
Last Modified: 2012-05-10
I have a problem where when our Terminal Server users open an attachment from Outlook, specifically, .doc; .docx; .rtf documents, they are given a prompt which says:
"You Should Only Open Attachments From A Trusted Source"
"Would you like to open the file or save it to your computer?".
"Open | Save | Cancel" (Please see my attached screen grab)
Now, the box is grayed out because it's a locked down environment. The manual fix for this environment is to remove the group policies, login as the user, try open file types it's a problem for, UN-tick the box, click open, log off, and add the group policies back.
However, does anyone know of a way to change this through group policies, registry or some sort of script?
I've spent time searching the internet and can only find articles on how to apply the manual fix. I've looked at nearly ever entry in the registry and even tried process monitor to narrow it down.
Any help you can give is greatly appreciated~
Question by:Zelxos
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 17

Assisted Solution

Spike99 earned 1000 total points
ID: 33580829
I've seen this before.

That option is grayed out for users because only administrators can change the behavior on a terminal server.  Here's how we fixed this for our terminal server users on Windows 2003:
1.  Log on to the server as a user with Administratrive rights
2.  Open Folder Options from the Control Panel
3.  Click on the File Types tab
4.  Scroll down to the file type and click on it to highlight it
5. Click on the Advanced Button
6.  Un-check the option "Confirm open after download"

Do the same for all effected file types.

In our case, we had to do this for all the Office 2007 file types like XLSX, DOCX, etc.  The settings for Office 2003 & earlier file types were OK (xls, doc, ppt, etc.).

I attached a screenshot of the dialog.  In this shot the option is checked, I would just need to uncheck it to no longer be prompted about these files.

I hope this helps,

LVL 11

Assisted Solution

marek1712 earned 1000 total points
ID: 33582171
There are another methods:
- check trusted file types in the Outlook itself:
You can use startup script to apply this registry fix.
- or you can modify the Attachment Manager settings:
change the default zone to Low Risk and add required file types to the Low Risk extensions.

Author Comment

ID: 33585603
Thank you both for your replies. I'll try these out and let you know if they work. Thanks again!
LVL 17

Expert Comment

ID: 33587116
marek1712's links would help if your attachments were being blocked by Outlook, but it doesn't look like that's the problem.  Users are just getting prompted before they can open attachments.

I don't know if there's a script or other method to use other than the one I described.  Unfortunately the TS cluster we had to do this on had over 30 servers in it and we had to repeat these steps for multiple file types on all 30.  So, it was a bit tedious, but it worked fine for us.  The users haven't complained about it since then (and that was about 8 months ago).


Accepted Solution

Zelxos earned 0 total points
ID: 33590419
Hi Alicia & Marek,
Thanks to both of  you for your replies. I should of mentioned this is a 2008 TS cluster and in 2008 the File Types tab is not there. Although I wasn't able to carry out either of your solutions with success I have found a solution.
I used Process Monitor (http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx) on an Admin account and monitored from the time I opened an affected file type up to just after UN-ticking the box and clicking Open.
I filtered the 4000 results to only show operations that were "RegCreateKey" or "RegSetValue". Near the top of the list I had these results [see Process Monitor Results image].
As you can see, it first had the EditFlags value set to 00 00 00 00 and then changed it to 00 00 01 00. This is the value that gets changed so that Outlook doesn't prompt before opening the file attachment and after a bit more tinkering I figured out two ways to apply this information.

The Solution:
1. This changes it for the computer.
Create a REG_Binary registry entry under the following location for each file type/extension you want to change this for - this example is for ".docx" files:
ValueName: EditFlags
Type: REG_Binary
Value: 00 00 01 00
(changing the value to 00 00 00 00 will cause Outlook to prompt)
Word.Document.12 = .docx
Word.Document.8 = .doc
Word.RTF.8 = .rtf
Excel.Sheet.12 = .xlsx
Excel.Sheet.8 = .xls

So just replace Word.document.12 with whatever is your file type. It's not too hard to figure out which entry controls which file type/extension.

2. This changes it for the user.
Create a REG_Binary registry entry under the following location for each file extension - this example is for ".xlsx" files.
ValueName: EditFlags
Type: REG_Binary
Value: 00 00 01 00

Either of these can be applied manually, through a startup/login script, or through Group Policy preferences (which is how I've applied this).

I hope this helps someone who has this problem.

Thanks again to Alicia and Marek for your replies, I appreciate it!

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes how to import an Outlook PST file to Office 365 using a third party product to avoid Microsoft's Azure command line tool, saving you time.
This article describes how to import Lotus Notes Contacts into Outlook 2016, 2013, 2010 and 2007 etc. with a few manual steps. You can easily export and migrate Lotus Notes contacts into Microsoft Outlook without having to use any third party tools.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question