Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Policy and user setting to force Outlook to use the default digital certificate


View products that this article applies to.

Summary

Microsoft Office Outlook 2003 introduced the ForceDefaultProfile registry value. Outlook 2007 and Outlook 2010 also support this registry value. When you enable this setting, Outlook is forced to always use the default certificate for signing or encrypting. Additionally, you are prompted to select another digital certificate if there are any errors with the currently-selected certificate. For example, the certificate may be expired.

↑ Back to the top


More Information

Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
When the ForceDefaultProfile registry value is set to 1, Outlook does not automatically select another available certificate. Instead, you are presented with the following prompt:

Microsoft Outlook cannot sign or encrypt this message because your certificate is not valid.

Change Security Settings | OK
If you click Change Security Settings, you can manually select a different certificate, if one is available in the Change Security Settings dialog. 

Note
If you set ForceDefaultProfile to 1 and do not have any valid certificates, the above prompt is displayed.

This behavior helps alert you when there is a problem with your certificate. Consider the following scenario.
  • You have digital certificates for both business and personal use.
  • The digital certificate for business use is configured as the default.
  • Outlook detects an error with the certificate that you use for business.

By default, Outlook automatically switches to use the digital certificate that you created for personal use. Without a prompt, you may inadvertently use your personal certificate for signing and encrypting email messages.

To set the ForceDefaultProfile registry value, use the following steps:
  1. Exit Outlook.
  2. Start Registry Editor.

    In Windows Vista or in Windows 7: Click Start  the Start button , type regedit in the Start Search box, and then press Enter.

    User Account Control permission If you are prompted for an administrator password or for confirmation, type the password, or provide confirmation.

    In Windows XP: Click Start, click Run, type regedit, and then click
    OK.
  3. Locate and then right-click the following registry subkey:
    HKEY_CURRENT_USER\Software\Microsoft\Office\x.0\Outlook\Security
    Note: x.0in the above registry key represents your Outlook version. Please use one of the following values.

    Outlook 2010: 14.0
    Outlook 2007: 12.0
    Outlook 2003: 11.0
  4. On the Edit menu, point to New, and then click DWORD Value.
  5. Type ForceDefaultProfile, and then press Enter.
  6. Right-click ForceDefaultProfile, and then click Modify.
  7. In the Value data box, type 1, and then click OK.
  8. Exit Registry Editor.
To deploy the setting via group policy, download the appropriate version of the Office Administrative Templates from appropriate Microsoft Download Center web site:
Office 2010 Administrative Template files (ADM, ADMX/ADML) and Office Customization Tool download

2007 Office system (SP2) Administrative Template files (ADM, ADMX, ADML) and Office Customization Tool

Office 2003 Service Pack 3 Administrative Template (ADM), OPAs, and Explain Text Update

↑ Back to the top


Keywords: kb

↑ Back to the top

Article Info
Article ID : 2734219
Revision : 2
Created on : 5/20/2019
Published on : 5/20/2019
Exists online : False
Views : 422