dale lane

I wrote a bunch of command-line apps a while ago that let me control my Outlook task list. As a big GTD devotee, everything that I do revolves around my task list. And as someone who spends a lot of time at the command prompt, these apps mean being able to add something to my task list when I think of it – without interrupting what I am doing. It means not needing to Alt-Tab to Microsoft Outlook, waiting for it to wake up, opening a new Form… all of which takes me away from what I was doing when I thought of whatever task needed capturing on my list.

But recently, Outlook started throwing up security warnings when I use them… which means I have to Alt-Tab to Outlook anyway to tick the box telling it it’s not under attack. 🙁

To give a little background, there are four main programs:

• addtask (“t”) – adds a new task to my Outlook todo list
  C:\>t "Work out why Outlook is a pain" @Computer
• listtasks (“l”) – shows a filtered, sorted list of my Outlook todo list
  C:\>l @Computer today
1 h   Do this
2 h o Do that
3     Do the other
4     Work out why Outlook is a pain
5 l   Do something unimportant

• opentask (“o”) – shows detailed information about a single task
  C:\>o 4
  ===================================
  Subject: Work out why Outlook is a pain
  ---------------------------------------------
  Category: @Computer
  ---------------------------------------------
  Start: none
  Due: none
  ---------------------------------------------
  Notes:

  ===================================

• completetask (“c”) – marks a task as complete
  C:\>c 4
Marked complete: Work out why Outlook is a pain
  This task was 0 days old


They all take a ton of different arguments – to play with start dates, due dates, categories and so on – but you get the basic idea.

It was surprising – I haven’t made any recent changes to the programs, they’d not caused this before, and regardless of what the error message was claiming, I wasn’t going anywhere near email addresses!

I found articles like this Microsoft KB which talked about the error dialog I was seeing, saying that:

You receive the confirmation dialog box when a… program tries to … access the following features of the Outlook object model:

• The following properties of a TaskItem object:
  • ContactNames
  • Contacts
  • Delegator
  • Owner
  • StatusUpdateRecipients
  • StatusOnCompletionRecipients

So, essentially anything that could have an email address (which makes sense, given the message in the dialog box). But I wasn’t going near any of those fields.

The answer showed up in an msdn developers article. In Outlook 2003, Microsoft updated the security model to “…add protection to the body properties of all items.”

My OpenTask program displays the notes for the task item that it opens – stored in the Outlook model as TaskItem.Body. As an impoverished geek, I’m still actually using Outlook 2002. But a few posts I found in newsgroups confirmed that this updated security model was included in Service Pack 3 (SP3) of Outlook 2002. That was the answer – Windows Update history shows that SP3 was installed a few days ago, which must’ve been when these dialogs started popping up.

So, what’s the answer? Well, first thing I did was to add a bit of error-handling to the programs to stop them dying if someone clicks the ‘No’ button to deny access to Outlook! That doesn’t solve the problem that the dialogs are popping up anyway. From what I’ve found so far, it looks like the best answer might be to rewrite the app using ‘Extended MAPI’

…external programs … can fully utilize Extended MAPI to avoid security warnings generated by the Outlook object model guard…

That’s something for another night, I think – should probably get on with some actual work now!

Damn security – might be easier to just remove SP3 😉

This entry was posted on Wednesday, October 4th, 2006 at 10:28 pm and is filed under code. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.