Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base: 322756 How to back up and restore the registry in Windows
When the
ForceDefaultProfile registry value is set to 1, Outlook does not automatically select another available certificate. Instead, you are presented with the following prompt:
Microsoft Outlook cannot sign or encrypt this message because your certificate is not valid.
Change Security Settings | OK
If you click
Change Security Settings, you can manually select a different certificate, if one is available in the
Change Security Settings dialog.
Note If you set
ForceDefaultProfile to 1 and do not have any valid certificates, the above prompt is displayed.
This behavior helps alert you when there is a problem with your certificate. Consider the following scenario.
- You have digital certificates for both business and personal use.
- The digital certificate for business use is configured as the default.
- Outlook detects an error with the certificate that you use for business.
By default, Outlook automatically switches to use the digital certificate that you created for personal use. Without a prompt, you may inadvertently use your personal certificate for signing and encrypting email messages.
To set the
ForceDefaultProfile registry value, use the following steps:
- Exit Outlook.
- Start Registry Editor.
In Windows Vista or in Windows 7: Click Start 
, type regedit in the Start Search box, and then press Enter.
If you are prompted for an administrator password or for confirmation, type the password, or provide confirmation.
In Windows XP: Click Start, click Run, type regedit, and then click
OK.
- Locate and then right-click the following registry subkey:
HKEY_CURRENT_USER\Software\Microsoft\Office\x.0\Outlook\Security
Note: x.0in the above registry key represents your Outlook version. Please use one of the following values.
Outlook 2010: 14.0
Outlook 2007: 12.0
Outlook 2003: 11.0
- On the Edit menu, point to New, and then click DWORD Value.
- Type ForceDefaultProfile, and then press Enter.
- Right-click ForceDefaultProfile, and then click Modify.
- In the Value data box, type 1, and then click OK.
- Exit Registry Editor.
To deploy the setting via group policy, download the appropriate version of the Office Administrative Templates from appropriate Microsoft Download Center web site:
Office 2010 Administrative Template files (ADM, ADMX/ADML) and Office Customization Tool download
2007 Office system (SP2) Administrative Template files (ADM, ADMX, ADML) and Office Customization Tool
Office 2003 Service Pack 3 Administrative Template (ADM), OPAs, and Explain Text Update