VBOffice

Security Model, Part 1

Avoid security alerts when accessing blocked properties or sending an email.

Last modified: 2007/12/18 | Accessed: 15.622  | #86
◀ Previous sample Next sample ▶

Content

ReplyAll ReplyAll
ReplyAll alerts you before unintentionally replying all, or if you are a confidential BCC recipient of the e-mail.

Problem: Security Alert

Since Outlook 2000 SP3 (optional) or Outlook XP respectively, some properties are blocked for security reasons, for instance the sender address of e-mails. Since Outlook 2003 even blocked properties can be read in VBA without raising the security prompt by using the instrinsic Application object. That means, in VBA there's already a variable called Application, which should be used. You don't need to create this variable. And there's the rub, even with the official VBA help file: Examples often use the functions GetObject or CreateObject to retrieve a variable for the Application object. The following examples demonstrate the difference. In order to test the examples, there must be at least one email stored in the inbox.

The first sample shows how it does not work. Instead of simply using the intrinsic Application object, the variable olApp is set to the Application object returned by the GetObject function. The effect is, the security prompt is raised as soon as you want to access the blocked SenderEmailAddress property.


tip  How to add macros to Outlook
Public Sub Warning()
  Dim olApp As Outlook.Application
  Dim Inbox As Outlook.MAPIFolder
  Dim Mail As Outlook.MailItem

  Set olApp = GetObject(, "Outlook.Application")

  Set Inbox = olApp.Session.GetDefaultFolder(olFolderInbox)
  Set Mail = Inbox.Items(1)
  MsgBox Mail.SenderEmailAddress
End Sub

Solution: No Alert

Easily avoid the security prompt: Directly set the olApp variable to the Application property, or don't use another variable for Application at all since you can work with Application itself. This makes also clear why you cannot avoid the security alert when accessing Outlook from a third party app like Word or Excel: You must use GetObject or CreateObject then. (Actually it is possible as is explained in Security Model, Part 2.)

Public Sub NoWarning()
  Dim olApp As Outlook.Application
  Dim Inbox As Outlook.MAPIFolder
  Dim Mail As Outlook.MailItem

  Set olApp = Application

  Set Inbox = olApp.Session.GetDefaultFolder(olFolderInbox)
  Set Mail = Inbox.Items(1)
  MsgBox Mail.SenderEmailAddress
End Sub
OLKeeper OLKeeper
OLKeeper reliably prevents users from closing their Outlook window and thus possibly missing reminders or e-mails.

Special Case Outlook 2003 and the Rule Assistent

In Outlook 2003 there's another issue you need to know: The Rule assistent passes the untrusted object reference to a script it is calling. (Since Outlook 2007 that's not the case anymore.) Thus the following sample raises an alert when called by a rule:

Public Sub Warning(NewMail As Outlook.MailItem)
  MsgBox NewMail.SenderEmailAddress
End Sub

Solution: Run-a-Script Rule without the Alert

This sample works around the issue by deriving another ref on the item from the intrinsic Application object. Now you can get the address from the email without raising a security prompt.

Public Sub NoWarning(NewMail As Outlook.MailItem)
  Dim Session As Outlook.NameSpace
  Dim EntryID$, StoreID$
  Dim Mail As Outlook.MailItem

  EntryID = NewMail.EntryID
  StoreID = NewMail.Parent.StoreID

  Set Session = Application.Session
  Set Mail = Session.GetItemFromID(EntryID, StoreID)

  MsgBox Mail.SenderEmailAddress
End Sub
ReplyAll ReplyAll
ReplyAll alerts you before unintentionally replying all, or if you are a confidential BCC recipient of the e-mail.
email  Send a message