Microsoft KB Archive/166780

= OL97: Why Outlook Displays a Security Warning Opening an Item =

Article ID: 166780

Article Last Modified on 1/19/2007

-

APPLIES TO


 * Microsoft Outlook 97 Standard Edition

-



This article was previously published under Q166780



SUMMARY
This article describes why Microsoft Outlook 97 provides the following security warning when you open an item.

The form for this item has not been registered in this folder...



MORE INFORMATION
Outlook always prompts you before opening an item that contains VBScript, if the item is from an unknown source. Outlook bases the decision to display or not display a warning on the item's form design.
 * If the form that the item is based on is registered in one of Exchange's forms registries (organizational forms, folder, or personal forms), Outlook considers the form safe, and no warning appears. The author of the form had the appropriate privileges to publish the form, so the form is considered trusted.

Note: If you use a custom Appointment form, it is impossible to suppress the warning. Recipients of a Meeting Request are prompted twice when they open a Meeting Request in their Inbox. In general, Appointment forms are relatively complex because Outlook "oversees" the entire meeting request process. An Appointment form spawns a Meeting Request form, sets the message class of the form to IPM.Schedule.Meeting.Request, and attaches the VBScript code to this "internal" form. Since this internal form is not really published, it is not considered secure and will generate the warning. Outlook's IPM.Schedule forms cannot be customized or published and therefore there is no way to avoid the warning from being displayed.
 * If the form definition is carried with the item (the author modified the form and sent it, without publishing it in one of the form registries), Outlook considers the form unsafe, and the user receives a warning when opening the item.

This methodology ensures that unsafe VBScript cannot run on a your computer, without your knowledge and explicit approval.
 * If a form is correctly published and some changes have been made before the form is sent. This usually happens when the form is called programmatically in another custom form. And some custom properties are added before the called form is sent.

