When you open file attachments that are considered safe, Outlook 2003 or Outlook 2007 puts these attachments in a subdirectory under the Temporary Internet Files directory as an additional precaution. When Outlook 2003 or Outlook 2007 first tries to use a temporary file, it examines the registry to determine whether the following value exists, depending on your version of Outlook.
Outlook 2003
HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security
Value Name: OutlookSecureTempFolder
Data Type: REG_SZ
Outlook 2007
HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Security
Value Name: OutlookSecureTempFolder
Data Type: REG_SZ
If the value exists, and if the value contains a valid path, Outlook 2003 or Outlook 2007 uses that location for its temporary files.
If the registry value does not exist, or if it points to an invalid location, Outlook 2003 or Outlook 2007 creates a new subdirectory under the Temporary Internet Files directory and puts the temporary file in the new subdirectory. The name of the new subdirectory is unknown, is randomly generated, and takes on the following form, depending on your version of Outlook.
Outlook 2003
C:\Documents and Settings\username\Local Settings\Temporary Internet Files\OLKxxx
In this example, username is the user name that is used by the person who is currently logged on to the computer, and xxx is a randomly generated sequence of letters and numbers.
If you open an attachment, change the file, and try to "Save As..." you will notice the default folder is this OLKxxx folder. The OLK folder is hidden and you cannot use Explorer to browse to it without typing the address in the Path bar.
There are several downsides to this approach.
I wrote a vbs script to fix these problems that should be deployable as a logoff or logon script. It does not require admin rights and should work with limited users in XP. It does the following:
Users will now get a "Read Only" error when trying to save changes to the OutlookTempFolder. The script leaves users with Read and Write privileges to allow Outlook to write the initial attachment to the directory. Clicking "Save" on a modified document generates a "Read-Only File" warning in Outlook 2003. If the user persists in trying to save to the directory, "Saving As..." results in a 0-byte file and error, since Outlook is creating the file, then Modifying it to add the data from the original file. Either way it is more difficult to do the wrong thing, rather than change directory to a valid save location.
Here is the script. May it save many gnashed teeth.
' Outlook 2003 Temp Folder Fix Script
' (c) Dave S. Nov 2008
' I assume no liability for use of this script.
' http://snippetsandsnails.blogspot.com/
' Please verify that it does what you want in a test environment first!
' Freely redistributable with this attribution notice
const HKEY_CURRENT_USER = &H80000001
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set StdOut = WScript.StdOut
myDomain = "WIDGETCO\"
'' Get OLK directory from registry as user
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "SOFTWARE\Microsoft\Office\11.0\Outlook\Security"
strValueName = "OutlookSecureTempFolder"
oReg.GetStringValue HKEY_CURRENT_USER,strKeyPath,strValueName,strValue
OLKdir = "nonexistentdirectory"
OLKdir = strValue
' Set up the new location for OLK to reside
Set WshShell = CreateObject("WScript.Shell")
newOLK = WshShell.ExpandEnvironmentStrings("%HOMEDRIVE%") & WshShell.ExpandEnvironmentStrings("%HOMEPATH%") & "\" & "OutlookTempFiles"
' Get current username
userName = myDomain & WshShell.ExpandEnvironmentStrings("%USERNAME%")
'' We have the OLK directory, now empty it
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFolder = objFSO.GetFolder(OLKdir)
' Set colSubfolders = objFolder.Subfolders
If objFSO.FolderExists(OLKdir) Then
' Wscript.Echo "OLK Folder " & OLKdir & " exists."
Set objShell = CreateObject("Wscript.Shell")
' Grant change rights to allow deletion of files
iRetVal = objShell.Run("%SystemRoot%\System32\Cacls.exe " & Chr(34) & newOLK & _
Chr(34) & " /E /T /G " & userName & ":C", 0, True)
Set objShell = Nothing
Set files = objFolder.Files
On Error Resume Next
For each file In files
OLKFile = OLKdir & "\" & file.Name
' Do not delete subdirs, only delete files that are not locked etc.
If objFSO.FileExists(OLKFile) Then
objFSO.DeleteFile OLKFile, True
End If
If Err.Number Then
' Wscript.Echo "Failed deletion:" & OLKFile
Err.Clear
End If
Next
Else
Wscript.Echo "OLK Folder " & OLKdir & " does not exist, registry is in error."
End If
' Set up new OLK location
If objFSO.FolderExists(newOLK) Then
' Reset permissions on already existing folder
Set objShell = CreateObject("Wscript.Shell")
' Note /P replaces the user perms, /G additively adds perms
iRetVal = objShell.Run("%SystemRoot%\System32\Cacls.exe " & Chr(34) & newOLK & _
Chr(34) & " /E /T /P " & userName & ":W", 0, True)
iRetVal = objShell.Run("%SystemRoot%\System32\Cacls.exe " & Chr(34) & newOLK & _
Chr(34) & " /E /T /G " & userName & ":R", 0, True)
Set objShell = Nothing
Else
' Create the folder and reset the registry
WScript.Echo "Creating new Outlook Temp Directory: " & newOLK
objFSO.CreateFolder(newOLK)
strValue = newOLK
' Directory is created. Now grant Read and Write but not Modify to prevent OLK saving
Set objShell = CreateObject("Wscript.Shell")
iRetVal = objShell.Run("%SystemRoot%\System32\Cacls.exe " & Chr(34) & newOLK & _
Chr(34) & " /E /T /P " & userName & ":W", 0, True)
iRetVal = objShell.Run("%SystemRoot%\System32\Cacls.exe " & Chr(34) & newOLK & _
Chr(34) & " /E /T /G " & userName & ":R", 0, True)
Set objShell = Nothing
oReg.SetStringValue HKEY_CURRENT_USER,strKeyPath,strValueName,newOLK
If Err = 0 Then
oReg.GetStringValue HKEY_CURRENT_USER,strKeyPath,strValueName,finalValue
' WScript.Echo _
' "Can't set new directory - outlook folder location value is: " & finalValue
Else
' WScript.Echo "Error in creating key" & _
' " and String value = " & Err.Number
End If
End If
3 comments:
On 2 computers here at work (XP SP2 and Outlook 2003) I found a short cut had been created to access the OLK folder. It was under C:\Documents and Settings\username\Application Data\Microsoft\Office\Recent Clicking on the shortcut opened the OLK folder and I could see, access and delete all the files inside the OLK folder. I was logged on with Admin rights so that may be necessary as well.
My friend said me about not bad application-recover damaged pst,also as far as I know it is free,program can preview analysis results and make a decision, which messages should be extracted,it has two ways to recover your data: you can convert corrupted mailbox to another mailbox in *.pst format, it can be opened by any email client, compatible with Microsoft Outlook,compatible with all supported versions of Windows operating system, starting from Windows 98,can extract all files separately: *.eml, *.txt and *.vcf documents will be placed to any folder upon your choice.
Would this logon script work to prevent users from saving attachments to the OLK folfer within a Win-2003 terminal Server?
Post a Comment