While I don't agree with the administrators who want to disable the reading pane for their users, it is possible to disable it using group policy in Outlook 2007 and up. Users of older versions of Outlook will need custom views to remove it and disable CommandBar IDs so it can't be turned back on.
Why it should be up to the user: Many people find they can work faster and more efficiently with the reading pane rather than opening messages, and the decision to use it or not should be left to each user. For the past, oh, 14 years, the reading pane is as safe as an opened message (if not slightly safer) because active content can't run in the reading pane. (See How Safe is the Reading Pane? )
I'm looking for a way to completely kill the reading pane and the user's ability to change the setting. The user cannot be able to change the view, etc. I have located most of the UI control numbers for the Office products but I haven't been able to locate the UI control number for outlook layout menu and the reading pane.
You don't need to disable each control; as I mentioned earlier, you can use group policy to disable the reading pane in Outlook 2007 and above. With the policy set, the reading pane is turned off and all reading pane options, buttons and commands are disabled.
When using the group policy templates for Outlook 2010 or Outlook 2013, look in Outlook > Outlook Options > Other for the Do not display reading pane policy object. In Outlook 2007's group policy template, it's under Tools | Options > Other.
If you prefer to set a registry key directly, create the keys and add the disablereadingpane value under the Policies key, set to 1.
Outlook 2013
HKEY_CURRENT_USER\Software\Policies\Microsoft\office\15.0\Outlook\options
DWORD: disablereadingpane
Value: 1
Outlook 2010
HKEY_CURRENT_USER\Software\Policies\Microsoft\office\14.0\Outlook\options
DWORD: disablereadingpane
Value: 1
Outlook 2007
HKEY_CURRENT_USER\Software\Policies\Microsoft\office\12.0\Outlook\options
DWORD: disablereadingpane
Value: 1
Home and small office users can use the registry key too. As always, if the keys don't exist, you need to create them.
Do it for me
If you don't want to edit the registry yourself, you can use a ready-made reg file to set the key. Choose the correct file for your version of Outlook, download it and double click to run. (If your browser changes the file extension to .txt, you'll need to change it to .reg)
Diane, I know this is an old thread, but the issues (and problems) are still with us. The statement, “…the reading pane is as safe as an opened message…” is absolutely NOT true. I just proved that with my Outlook 2013 client a few days ago. My MS Office installation has all security updates up-to-date as of last month. But I recently added another Office 365 email account to this client, and something that Microsoft did with O365 reset all of the Outlook 2013 view settings in all of my folders for all email accounts (including many not on Exchange). While checking all of my folders, a spam folder had restored the reading pane that I had turned off, and immediately executed an embedded script within an email. Twice, actually. Eset grabbed the first email and quarantined the script. Then when the second email in that folder became the current (with Outlook highlighting it), the Outlook reading pane executed the script in the second email. Eset grabbed that one, too. This is exactly why I turn off the reading pane in every Outlook client I’ve used. Since Microsoft never fixed this exploit, the only way around this is to use… Read more »
What exploit was it?
I'm afraid your information is outdated. I have tried to get people to stop using the reading pane for years, figuring that eventually someone would again begin putting out malware that could run in the reading pane. And sure enough, it has happened. Examples:
https://www.v3.co.uk/v3-uk/news/2336140/hackers-targeting-microsoft-word-and-outlook-zero-day-vulnerability
https://technet.microsoft.com/en-us/library/security/ms13-068.aspx
Your point about people being able to be more productive if they can preview an email instead of opening it seems rather naïve given the amount of malware that comes into people's inboxes every day. One piece of malware can immediately wipe out years of "productivity gains" a person may have experienced by using the preview pane.
People should not be previewing or opening any email they are not SURE is safe without checking the headers of the email, and using external methods (i.e., looking up email/website references, phoning the person who supposedly sent the email, etc.) to verify it's authenticity and safety. Yes, this feels like a tremendous burden, but this is the reality in the world in which we live.
Actually, it's those articles that are outdated (because the issues were fixed years ago). The most recent exploits were also patched. Also, you have to consider your chances of being hit with the exploit. Most of the exploits are not running wild at the time they are patched and/or require additional action by the end user (the badmail exploit pops up a dialog with the file name that needs clicked to run). Disabling the reading pane only makes a difference if the user did not open the specially-crafted email message - this works on the assumption the user goes through the mailbox deleting messages whose subject and sender sound fishy before reading email. If they open a message to decide, or use the up and down arrows to move through the messages, the risk is the same. Forcing all mail to plain text would do more to prevent exploits from running. While better server side filtering can help, using the default protected file settings (and other default settings) will go a long way in protecting users in both the preview pane and opened messages without affecting their ability to work efficiently. It's really about trade offs. Is the threat likely… Read more »
Whether or not the latest exploit has been patched yet or not is quite beside the point. The fact is that this kind of malware keeps evolving to get past any patches aimed at preventing it. Furthermore, many people do not keep their machines patched frequently enough to avoid even risks that have already been patched, let alone zero-day exploits. Of course disabling the reading pane only makes a difference if the user did not open the email!! That is the point! We train our users not to OPEN suspicious looking emails without doing further research. Having the reading pane on makes this training irrelevant. The email is opened whether they intended to open it or not. Our users, for the most part, heed our training to not open suspicious emails. But Microsoft, in its infinite wisdom, makes having the reading pane on the default view, EVEN IN THE Deleted-Items folder, which is where most of our users send their suspicious emails. So when those users who still can't remember that a shift-Del will permanently delete an email go into their Deleted-Items folder to empty it, they are at risk for having the last piece of malware-infested spam they deleted… Read more »
Most, if not all, Outlook email malware comes in as regular attachments - zips, word docs, or pdf files. Some of which are very realistic. I don't believe the last two exploits were "in the wild" before they were patched and to the best of my knowledge, no infections have been attributed to email exploits that run just by viewing a message (since outlook 2000 sp1's lock down). I'm not aware of any ransomware that runs automatically from the preview pane (post Outlook 2000 SP1) - it's installed either by opening an attachment or visiting a webpage. Some viruses are pushed out in word docs and users are convinced they need to disable protected mode and enable macros. A good server side scanner can make a world of difference.
It's all about how much risk it really is (opening infected attachments are a bigger risk - and some look convincingly real). Compare it to driving across country because you are afraid of plane crashes, even though you are more likely to be in a car accident. Yeah, some times bad stuff will happen, but it's not often and usually involves some stupid human action that could have been avoided.
You are absolutely right that MOST malware comes in as regular attachments. In the current environment, however, we are all feeling under siege from the floods of malware and hack attacks. So turning off something that could potentially bring in malware and is at most a MINOR convenience, seems prudent to me, given the potential damage that could be caused by someone finding a way past all the newer security features. That is the point of view of someone working on the front lines in a corporate environment with inadequate resources to do the great job she would like to do. Clearly you do not see things that way, for whatever reason, and I am not going to convince you otherwise. I do appreciate the opportunity to share another point of view in this forum, and I do appreciate that you shared the information about how to achieve the goal of locking down the reading pane, even though you do not consider it necessary.
hello...thanks for this. I'm fishing for a different angle on this though...if you have a thought about this, I'd welcome it. A SBS03 swing migrated to SBS2011. All works great on the server and client side, but an unusual (possibly coincidental) Outlook behavior is affecting every user. Microsoft Outlook 2010 for each user is not letting the readingpane persist between instance of outlook. That is, user can set the reading pane to be visible, close outlook and when it reopens, the reading pane is closed again. This is for every user. We do not have any ADM/ADMX for Office loaded in the GPMC for any GPO on the server.
Sorry for missing this earlier. Assuming you haven't fixed it yet...
Is Outlook running in Safe mode? That will cause this behavior. See https://www.slipstick.com/problems/outlook-starts-safe-mode/ for one cause.
Did you check the shortcuts used to open outlook? There is a switch that can start Outlook with it off.
That is hilarious, given the exchange you and I have just had: Outlook in SAFE mode turns off the reading pane. What a surprise!
Safe mode refers to disabling all addins and extras and using all default settings for troubleshooting.
I'm quite aware of what safe mode is. And since the default setting for the newer versions of Outlook is to have the reading pane enabled, turning off the reading pane in Safe Mode is going beyond "using defaults" and disabling "addins."
Safe mode has always disabled the reading pane, it was originally an add-in and they later built in - it might be enabled by default, but its not core, so safe mode turns it off.
That is one of the lamest arguments I have heard in a while. OK, enough, whatever gets you through the night. I don't have time for this.
Fantastic. It works for Office 2016, as well (the version is 16.0). My installation didn't even contain the registry keys shown above: I had to make them (from "Office" down) but it still worked. Very impressive.
Diane,
is there a different approach or area of the registry then for O16? As Dan mentions, there is no Office branch for O16.0.6769.2015 at least ...
if a key doesn't exist you need to add it - the key for 2016 would be
HKEY_CURRENT_USER\Software\Policies\Microsoft\office\16.0\Outlook\options
How about the color of the preview? Is there a key for that?
It changed to blue for one of my users. In the view settings, you can change it back to black, but it will not stay.
I'm not sure where this is coming from. She has a CRM plug-in, but no one else is seeing this..... at this point.
You're talking about the color of the office suite theme or the text? If the text color won't stick in the current view, make a copy of the view with the color changes. It should 'stick' in the new view.
To improve the chances that changes to a default view will stick, you need to restart outlook using the cleanviews switch then make the change. See https://www.outlook-tips.net/how-to/disable-group-views/ for details.