Disabling Outlook Opening Mail Attachment Prompt

Going from Outlook 2010 to 2016, I’m finding a lot of new features and changes that need to be fine tuned for my environment. One of these is the ‘Opening Mail Attachment’ prompt that says ‘You should only open attachments from a trustworthy source.’. The tickbox to ‘Always ask before opening this type of file’ is greyed out, which would help a single user avoid the prompt, but also doesn’t help in an enterprise setting.

There are some guides online already that advise to open Outlook as an administrator, tick the box, and you’re set. However, I couldn’t find anything on how to automate this or roll out the setting.

After using Procmon, it appears that each file type is checked against the registry hive of HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ – The file will be recognised as a certain class. Sometimes this is obvious where the class is named the same as the file extension, but usually it’s something more descriptive.

For example, a .bat file is under batfile, and known as a Windows Batch File. It also makes sense that the tickbox is greyed out, as a user will normally not be able to change HKEY_LOCAL_MACHINE settings without administrator privilidges.

Once you know what Class you’re looking at, there should be an ‘EditFlags’ registry key. From what I’ve seen, this can be either REG_BINARY, REG_DWORD. It appears that the default REG_BINARY value is 00 00 00 00, and the DWORD is 0x00000000. Changing the third set of 00’s to 01, or the third 0 in the set of 8 digits is what changes for that Class when the tick is removed from ‘Always ask before opening this type of file’.

For me, pushing out these settings below for .NRL files avoided the prompt for all users:

Key path SOFTWARE\Classes\Nrl
Value name EditFlags
Value type REG_BINARY
Value data 00000100

For whatever app you’re trying to do this for, I’d recommend using Procmon to check what changes when removing the tickbox, but at least with this information you should be able to narrow down what you’re searching for.

Update 12th February 2019:

Brian points out below that this registry value appears to have changed in the latest version of Office 365 CTR:

HKLM\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\NRl

I haven’t verified this personally but Brian seems like a trustworthy person :)

Jon in the comments below also says to create an OFT filetype here:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Outlook.File.oft.15

11 thoughts on “Disabling Outlook Opening Mail Attachment Prompt

  1. Interesting… I’ve always enabled this stuff for Outlook – as far back as Outlook 2003.

    It forces the user to slow down and think about what they’re doing. Well, it usually does :)

  2. Awesome post! Thanks! as of O365 CTR v1808 the Registry location you mention has changed to:

    HKLM\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\NRl

    (that is a lower-case “L” after the “NR” and not an upper-case “I”) The rest is the same.

    Thanks again!

  3. Following up on Brian’s Feb 9 post, are we to create that registry key ourselves? Because there is no NRl entry at that location in my Registry now.

    1. You’re not going to do any harm by adding a registry setting that doesn’t work – easy to create and try. I’m not on CTR so can’t verify this at the moment sorry.

      1. It did not initially but I can’t recall my steps – it was getting late last night – and so it may have been syntax error on my part. But I did end up getting it to work for a .oft filetype by doing it here: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Outlook.File.oft.15

  4. txt:

    $registryPath = “HKLM:\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\txtfilelegacy”

    if (-not (Test-Path $registryPath)) {
    New-Item -Path $registryPath -Force
    }
    Set-ItemProperty -Path $registryPath -Name EditFlags -Value $([byte[]](0x00, 0x00, 0x01, 0x00))

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.