Updated: 2009-04-09

In Microsoft Office Outlook 2007, you can view Web pages without leaving Outlook. You do this by assigning a Web page as a home page for a folder. You can associate a Web page with any personal or public folder. When you click the folder, Outlook displays the folder home page assigned to it. Although this feature provides the opportunity to create powerful public folder applications, scripts can be included on the Web page that access the Outlook object model. This exposes users to security risks.

You can improve security by using Group Policy to disable folder home pages for all of your users.

You can lock down this setting (recommended) by using the Outlook Group Policy template (Outlk12.adm). Or you can configure a default setting by using the Office Customization Tool (OCT), in which case users can change the setting. The OCT settings are in corresponding locations on the Modify user settings page of the OCT.

The Outlook template and other ADM files can be downloaded from 2007 Office System Administrative Templates (ADM) on the Microsoft Download Center.

To disable folder home pages by using Group Policy

  1. In Group Policy, load the Microsoft Office Outlook 2007 template (Outlk12.adm).

  2. Under User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Folder Home Pages for Outlook Special Folders\Settings for Disable Folder Home Pages, double-click Do not allow Home Page URL to be set in folder Properties.

  3. Click Enabled.

  4. Click OK.

More information about Outlook folder home pages

These folder home pages do not follow the Outlook security model. They can run scripts, just as any other Web page can. Access to the Outlook object model allows scripts to manipulate all of the user's Outlook information on the computer.

From a security perspective, this means that anyone who can create a public folder and set that folder with a home page can include scripts that can manipulate data in users' mailboxes when the users go to that public folder. Because of this, be cautious about granting permissions for users to set public folders as home pages.

Download this book

This topic is included in the following downloadable books for easier reading and printing:

See the full list of available books at Office Resource Kit information.

500 Internal Server Error

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at webmaster@informationworker.forsenergy.ru to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.