"Microsoft Exchange Add-In" (UmOutlookAddin.dll) + Outlook Security Form ...

AlanBru

Member
Outlook version
Outlook 2010 32 bit
Email Account
Exchange Server
Hello,




For many years, we've been using the Outlook Security Form with Outlook 2003 clients without any problems.


However, in Outlook 2010, using the form causes the "Microsoft Exchange Add-In" (Mso.dll + UmOutlookAddin.dll) to be caught by the object model guard on start-up and composing messages ("a program is trying to access...").


If we disable that add-in in the Trust Center in Outlook 2010, no warnings appear.




Any idea how to avoid that please?


Also, does anyone know what exactly that add-in is needed for? It seems to be involved in calendar availability info as well as unified messaging so disabling it would be risky.




The Outlook Security form is still in an Exchange 2003 public folder.


I know we can migrate its individual settings to a GPO but that will take time.


We have installed Exchange 2010 servers and started to move mailboxes.


Win7 64-bit with Office 2010 32-bit SP1.




I noticed that when the security form is used, all the options in the programmatic access section are grayed out and no options are checked; editing the registry makes no difference.


If we don't use the form, the options are still all grayed out but the first option is checked ("warn me... when my antivirus is out of date"). The antivirus status is valid in both cases.




Thanks,




- Alan.
 

Diane Poremsky

Senior Member
Outlook version
Outlook 2016 32 bit
Email Account
Office 365 Exchange
Re: "Microsoft Exchange Add-In" (UmOutlookAddin.dll) + Outlook Security Form .

UM = unified messaging. AKA voice mail in Outlook. This allows you to read and reply to voice mail over the phone AFAIK.

The official description for that dll is "Exchange support for Unified Messaging, e-mail permission rules, and calendar availability. "

MSO is a general office dll and is needed for sure.

Do you get a dialog about trusting certificates? Look at File, Options, Trust Center - trusted publishers to see if any are trusted.

Are you applying macro security to addins? (Trust Center > Macro settings) That will kick up the trust certificate warning - if the form doesn't disable that setting, test it and see if trusting it helps.

Programmatic Access: this is always grayed out unless running Outlook as administrator. Default is Warn me... the form handles all these settings and overrides these settings.

These policy keys control the warning - the form probably overrides these policy settings too.

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0\outlook\security

DWORD: PromptOOMSend

Value: 2

DWORD: AdminSecurityMode

Value: 3
 

Diane Poremsky

Senior Member
Outlook version
Outlook 2016 32 bit
Email Account
Office 365 Exchange
Re: "Microsoft Exchange Add-In" (UmOutlookAddin.dll) + Outlook Security Form .

Dang, that was posted before I was finished. :(

Have you seen this -

From Choose security and protection settings for Outlook 2010

To trust a COM add-in, include the file name for the add-in in a Group Policy setting with a calculated hash value for the file. Before you can specify an add-in as trusted by Outlook, you must install a program to calculate the hash value. For information about how to do this, see Manage trusted add-ins for Outlook 2010.

If you enforce customized Outlook security settings with the Microsoft Exchange Server security form that is published in an Exchange Server public folder, you can learn how to trust COM add-ins. Scroll down to the Trusted Code tab section in the Microsoft Office 2003 Resource Kit article, Outlook Security Template Settings.

If the user continues to see security prompts after the add-in is included in the list of trusted add-ins, you must work with the COM add-in developer to resolve the problem. For more information about coding trusted add-ins, see Important Security Notes for Microsoft Outlook COM Add-in Developers.

Manage trusted add-ins for Outlook 2010

Important Security Notes for Microsoft Outlook COM Add-In Developers
 

AlanBru

Member
Outlook version
Outlook 2010 32 bit
Email Account
Exchange Server
Re: "Microsoft Exchange Add-In" (UmOutlookAddin.dll) + Outlook Security Form .

Thanks I've checked all those before posting.




No certificate warnings.


AdminSecurityMode controls whether the form is used or not. We wanted to use it, it's supposed to be perfectly possible (though not ideal).




What I can't understand is that this is Microsoft's own COM add-in that's causing the problem and it's installed as part of Office 2010.


Also, I have other 3rd party COM add-ins (including ones I've written myself) and they give no security warning.


No-where did I have to mention COM add-in names or hashes in the Outlook Security form.
 

larry

Senior Member
Outlook version
Outlook 2010 64 bit
Email Account
Exchange Server
Re: "Microsoft Exchange Add-In" (UmOutlookAddin.dll) + Outlook Security Form .

I believe the warning is due to the fact that the addin is hooking into the address book. Your other addins probably don't.

We use GPO to set security so I've never used the hash method, but it sounds like you install a program, run a file to create the hash then run a bat file to install the hash.

from Manage trusted add-ins for Outlook 2010

To get the hash value for a trusted add-in

1.From the Microsoft Download Center, download the Outlook 2007 Tool: Security Hash Generator (Download Outlook 2007 Tool: Security Hash Generator from Official Microsoft Download Center).

2.Extract the contents to a local folder (such as C:\Hashtool).

3.Run the command prompt for your computer: Click Start, All Programs, Accessories, Command Prompt.

Windows Vista requires an additional step: Right-click Command Prompt, and then select Run as administrator.

4.Change directories to the folder where you extracted the hash tool files.

5.Type the following command, and then press ENTER:

createhash.bat /register

(This step needs to be completed only once.)

6.Type the following command, and then press ENTER:

createhash.bat <filename
Where <filename> is the full path and file name of the add-in file that you are creating the hash number for. There should be no spaces in the file path or file name. If there is, make a copy of the add-in DLL and put it in a folder that has no spaces in the file path or use the short file name and path (8.3 path). The hash is based on the registered DLL and not the location of the DLL.
 
Top