Cannot open attachments in Microsoft Outlook - How to Customize Attachment Security Behavior?

Outlook includes a feature that blocks attachments that are considered unsafe. If you receive an e-mail message that contains an attachment that contains one of the file types that are considered unsafe, you may receive the following message:
Outlook blocked access to the following potentially unsafe attachments: [......]
Although Outlook blocks access to the attachment, the attachment still exists in the e-mail message.This security feature provides an additional level of protection against malicious e-mail messages.
Use one of the following methods to open an attachment that was blocked in Outlook:
• Request that the sender post or save the attachment to a file share and then send you the link to that file share.
• Request that the sender use a file compression utility that changes the file name extension. For a list of third party compression products.
• Request that the sender rename the file name extension and then resend the attachment to you. After you receive the renamed attachment, you can rename the file with the original file name extension.
If the previously recommended methods do not meet your requirements, use one of the following methods:
• If you are in a Microsoft Exchange environment and your administrator has configured the Outlook Security
settings, ask the administrator to modify the security settings for your mailbox.
• If you are not in an Exchange environment, modify the Windows Registry to customize the attachment.

Warning: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Use Registry Editor at your own risk.

You can modify the attachment security behavior in Outlook if you are using Outlook in one of the following scenarios:
• You are not using Outlook in an Exchange environment.
• In an Exchange environment, the administrator has not configured the Outlook Security settings to disallow changes to the attachment security behavior.
In these scenarios, follow these steps to modify the attachment security behavior in Outlook by making a modification to the registry.
How to Customize Attachment Security Behavior
Important Before you can customize the attachment security behavior in Outlook, you must first apply either Office Service Pack 2 or Service Pack 3.
1. Quit Outlook if it is running.
2. Click Start , and then click Run.
3. In the Open box, type regedit, and then click OK.
4. Verify that the following registry key for your version of Outlook exists. If it does, go to step5.
Outlook 2000
HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Outlook\Security
Outlook 2002
HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook\Security
Outlook 2003
HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security
If the registry key does not exist, create it. To create the registry key, locate and then click the following
registry key:
HKEY_CURRENT_USER\Software\Microsoft
a. Click the Edit menu, click New, and then click Key.
b. Type Office , and then press ENTER.
c. Click the Edit menu, click New, and then click Key.
d. Type 11.0, and then press ENTER.
Note: This is the correct name if you are using Outlook 2003. If you are using Outlook 2000 or Outlook 2002, you will need to type "9.0" or "10.0", respectively.
e. Click the Edit menu, click New, and then click Key.
f. Type Outlook, and then press ENTER.
g. Click the Edit menu, click New, and then click Key.
h. Type Security, and then press ENTER.
5. Click the Edit menu, click New, and then click String Value.
6. Type the following name for the new value:Level1Remove
7. Press ENTER.
8. Right-click the new string value name, and then click Modify.
9. Type the file name extension of the file type that you want to open in Outlook . For example:
.exe
To specify multiple file types, use the following format: .exe;.com
10. Click OK.
11. Quit Registry Editor.
12. Restart your computer.
When you start Outlook, you can open the file types that you specified in the registry.

"HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials" error message when you try to access a Web site that is part of an IIS

Cause: This behavior may occur if the following conditions are true:

• The IIS 6.0 Web site is part of an IIS application pool.
• The application pool is running under a local account or under a domain user account.
• The Web site is configured to use Integrated Windows authentication only.

In this scenario, when Integrated Windows authentication tries to use Kerberos, Kerberos authentication may not work. To use Kerberos authentication, a service must register its service principal name (SPN) under the account in the Active Directory directory service that the service is running under. By default, Active Directory registers the network basic input/output system (NetBIOS) computer name. Active Directory also permits the Network Service or the Local System account to use Kerberos.

Resolution: 1.To resolve this behavior when the application pool is running under a domain user account
set up an HTTP SPN with the NetBIOS name and the fully qualified domain name (FQDN) of the domain user account that the application pool is running under. To do this, follow these steps on a domain controller:

Important An SPN for a service can only be associated with one account. Therefore, if you use this suggested resolution, any other application pool that is running under a different domain user account cannot be used with Integrated Windows authentication only.

1. Install the Setspn.exe tool. To obtain the Microsoft Windows 2000 version of the tool, visit the following Microsoft Web site:
   http://www.microsoft.com/downloads/details.aspx?FamilyID=5fd831fd-ab77-46a3-9cfe-ff01d29e5c46&displaylang=en The Microsoft Windows Server 2003 version of the Setspn.exe command-line tool is available in the Windows Server 2003 Support Tools that are included on your Windows Server 2003 CD. To install the tools, double-click the Suptools.msi file in the Support/Tools folder.
2. Start a command prompt, and then change to the directory where you installed Setspn.exe.
3. At the command prompt, type the following commands. Press ENTER after each command:
   setspn.exe -a http/IIS_computer's_NetBIOS_name DomainName\UserName
   
   setspn.exe -a http/IIS_computer's_FQDN DomainName\UserName
   Note: UserName is the user account that the application pool is running under.

After you set the SPN for the HTTP service to the domain user account that the application pool is running under, you can successfully connect to the Web site without being prompted for your user credentials.
Resolution: 2. If this behavior occurs when the application pool is running under a local account
To work around this behavior if you have multiple application pools that run under different domain user accounts, you must force IIS to use NTLM as your authentication mechanism if you want to use Integrated Windows authentication only. To do this, follow these steps on the server that is running IIS:

1. Start a command prompt.
2. Locate and then change to the directory that contains the Adsutil.vbs file. By default, this directory is C:\Inetpub\Adminscripts.
3. Type the following command, and then press ENTER:
   cscript adsutil.vbs set w3svc/NTAuthenticationProviders "NTLM"
4. To verify that the NtAuthenticationProviders metabase property is set to NTLM, type the following command, and then press ENTER:
   cscript adsutil.vbs get w3svc/NTAuthenticationProviders

The following text should be returned:

• NTAuthenticationProviders       : (STRING) "NTLM"

"HTTP 500.100 - Internal Server Error" When You Try to Access a Provider

When you attempt to access a provider from within an Active Server Pages (ASP) page, you may receive the following error in the browser:

• HTTP 500.100 - Internal Server Error - ASP error Internet Information Services

If friendly HTTP error messages are disabled, you may receive the following error message when you attempt to run the ASP page:

• ADODB.Connection (0x800A0E7A) Provider cannot be found. It may not be properly installed.
• /Nwind.asp, line 10

Cause: This error occurs because a dynamic-link library (DLL) that is required by the Microsoft Data Access Components is not registered.

Resolution: This resolution uses a SQL Server OLE Provider DLL (Sqloledb.dll) as an example. Because the unregistered DLL may vary based on the OLE DB Provider that you are using, modify step 2 accordingly.

To resolve this problem, reregister the faulty DLL as follows:

1. At a command prompt, change to the C:\Program Files\Common Files\System\Ole DB folder.
2. At a command prompt, type the following command:
   regsvr32 sqloledb.dll
3. You should receive confirmation that the DLL is registered successfully.

"HTTP 500.100 - Internal Server Error - ASP Error" Error Message When Opening Default Web Site on Local Computer

When you attempt to browse the Default Web Site on the local computer (using either http://localhost or the computer's host name), the following error messages appear in the browser:

The page cannot be displayed

• There is a problem with the page you are trying to reach and it cannot be displayed.
• HTTP 500.100 - Internal Server Error - ASP error
• Internet Information Services

In addition, the following information is displayed in the Technical Information (for support personnel) section:
Error Type:

• Microsoft VBScript runtime (0x800A0046) Permission denied: 'GetObject' /localstart.asp, line 19

Cause: The error messages occur when one of the default documents (Iisstart.asp) for the Web site attempts to load the Localstart.asp file, and the user attempting to access the page does not have sufficient permissions to run the script that is contained in the Localstart.asp file. The Localstart.asp file contains ADSI and VBScript code that accesses the metabase by using the IIS Admin Objects. For security reasons, access to the metabase is restricted to members of the local Administrators group. This behavior is by design.

The error messages occur under both of the following conditions:

• Anonymous authentication is enabled on the Directory Security tab for the Default Web Site properties, which causes the user to run the Localstart.asp file in the security context of the Anonymous User (IUSR_ServerName, by default), who should never be made a member of the local Administrators group.The user is logged on locally and is not a member of the local Administrators group.

Resolution:To resolve this problem, disable Anonymous authentication for the Localstart.asp file (the Localstart.asp file usually uses Integrated Windows authentication), and then verify that the user who is logged on is a member of the local Administrators group.