Microsoft KB Archive/290663

= Office Outlook 2003 or Outlook 2002 does not run VBScript code when you open an item =

Article ID: 290663

Article Last Modified on 4/24/2006

-

APPLIES TO


 * Microsoft Office Outlook 2003
 * Microsoft Outlook 2002 Standard Edition

-



This article was previously published under Q290663



INTRODUCTION
This article describes why Microsoft Office Outlook 2003 or Outlook 2002 does not run Visual Basic Scripting Edition (VBScript) code in a custom form when you open an item.



MORE INFORMATION
By default, Outlook disables VBScript code in a custom form if the item is from an unknown source. This methodology makes sure that unsafe VBScript code cannot run on your computer without your explicit approval.

Earlier versions of Outlook may have displayed a warning message that asked you whether you wanted to enable or disable VBScript macros in a form when you opened an item. Outlook determined whether to display this warning message based on two factors: the form design for the item and where the script and the accompanying form definition were actually stored.

The current behavior uses the same factors to determine whether VBScript code in a custom form will run:
 * If the form has been published in one of the forms libraries, such as the Organizational Forms Library, the Personal Forms Library, or the Folder Forms Library, Outlook considers the form safe, and the code runs. The author of the form had the correct permissions to publish the form. Therefore, the form is considered trusted.
 * If the VBScript code and the form definition are carried in the item, Outlook considers the form unsafe, and the code does not run.

If you are using a custom mail-message form and you are also using Outlook in a Microsoft Exchange Server environment, you can publish the form in the Organizational Forms Library. You want to do this so that the custom mail-message form is available to all users in your organization. Another benefit to publishing the form in the Organizational Forms Library is that the form definition is not routed from user to user. This can save significant network resources and server resources if the form is relatively large and is frequently used.

If you are using a &quot;non-routed&quot; form, such as a contact form or a post form, you typically publish the form to the folder that stores the items that are based on the form. For example, if you create a custom contact form that you use to store shared contacts in an Exchange public folder, you publish that form in that Exchange public folder. One exception to this rule may occur if you use the same custom form in many folders. In this case, you may want to publish the form to the Organizational Forms Library. Then, you have only one copy of the form to maintain.

For additional information about deciding where to publish a form, click the following article number to view the article in the Microsoft Knowledge Base:

290802 How to determine where to publish a custom Outlook form

Even if a form has been published to a forms library and the forms designer did not enable the Send form definition with item property on the form, the form definition may have been unexpectedly stored in the item. For additional information about form definitions and how they can be stored in items, click the following article number to view the article in the Microsoft Knowledge Base:

290657 Description of form definitions and one-off forms in Outlook 2002

Note If you are in a Microsoft Exchange environment, custom security settings can be implemented so that Outlook prompts users whether to enable or to disable VBScript code in unpublished forms. This more lenient option changes Outlook back to the functionality that was established before the release of the Outlook e-mail security update for Outlook 2000 and Outlook 98. These custom settings have to be configured by an Exchange administrator. For additional information about how to configure these custom settings and security features for Outlook, click the following article numbers to view the articles in the Microsoft Knowledge Base:

290499 Administrator information about e-mail security features

290500 Description of the developer-related e-mail security features in Outlook 2002

