A few readers have noticed our articles about Outlook attachment blocks with mentions of ‘Level 1’ settings to both add and remove file extensions.
Outlook has a second level of attachment protection called, amazingly, Level 2. There are no file extensions setup by default so most people don’t notice Level 2.
Level 2 attachments (if configured) will let you save email attachments to your computer then open the attachment. It stops you previewing, opening or printing the attachment directly from Outlook.
Why? Saving the attachment to the hard drive first means any anti-virus software has a chance to check the file before it’s opened. You also have the choice of programs to open the attachment (from the Open with … menu) while Outlook only uses the default program.
Setting up Level 2 blocks are complicated. They are intended for network administrators not individual users.
Before any Level 2 blocks are setup, an administrator needs to change the Group Policy User Configuration\Administrative Templates\ Microsoft Outlook <version>\Security\Security Form Settings\Attachment Security
The core registry key is:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\<version>\Outlook\Security
String value: FileExtensionsAddLevel2
List of extensions separated with semi-colons.
Administrators also have the option to ‘demote’ certain attachments from Level 1 to Level 2 or let users demote file types via a registry entry.
If you’re interested in using Level 2 blocks in your organization keep in mind:
- Level 2 blocks only apply to Exchange Server linked accounts.
- It appears that Office documents types like .doc .docx .xlsx .pptx cannot be added to Level 2 blocks. If you add one of the Office extensions, Outlook will ignore it. That’s a concern since the older .doc .xls .ppt file types are used for virus infection and would benefit from Level 2 measures. This self-serving exception isn’t documented by Microsoft but has been confirmed by users and apparently confirmed by MS Support.
In our view, Microsoft should make the ‘Level 2’ options available to individual users via the Registry. It would give power users and small businesses some more options.
And Microsoft Office file types should be treated like any other files and allowed to be given ‘Level 2’ setting.
