Configuring policies through Windows Registry
Normally, Outlook Plugin and Windows Agent store settings in %AppData%\LiquidFiles\Liquid.xml
Some policy settings can be overridden and distributed to end users through Windows Registry.
You can set up connectivity and behavioral policies through registry. Outlook Plugin, Windows Agent and Command-Line Utility will comply with these settings as they share the same core functionality.
In all cases, a value would be checked under HKEY_CURRENT_USER
branch first. If a value
is missing or set as empty string, value will be checked under HKEY_LOCAL_MACHINE
branch.
Please note that under 64bit OS, 32bit applications (like 32-bit Office) will check values located
under HKEY_LOCAL_MACHINE\Software\Wow6432Node
branch, and therefore you will have to set
policies in both branches for 64bit and 32bit applications in this case.
Data types (REG_SZ) or (REG_DWORD) are given for your convenience. You can use REG_SZ datatype in most cases as Outlook Plugin will do conversion.
Please also see how to configure the same policies at LiqiudFiles server using LiquidFiles Groups.
Requirements
- Works with all versions of Outlook Plugin and client applications unless specified version when introduced.
- As a general rule, option works in the indicated version and all higher versions of the plugin, until deprecated
Configuration
Turn on verbose logging
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "TraceLevel"="Verbose" (REG_SZ)
In the verbose logging mode, the plugin and Agent will log more information under %localappdata%\liquidfiles\logs folder.
Also, all the web requests and responses will be logged under webResponses
subfolder.
The logs are cleared periodically when Agent or Plugin starts
Disabling HTTP/2 and switching between HTTP/1.1 and HTTP/1.0
Starting with 2.1, we use HTTP/2 by default whenever possible. The client libraries typically fall back to HTTP/1.* when HTTP/2 is not available, however in some situations requests fail instead, sometimes with obscure error wordings, like `WINHTTP_CALLBACK_STATUS_REQUEST_ERROR`.
We will introduce option to switch between HTTP versions based on domains, however for now, you can use the following registry options as an emergency fix. Please note that we would recommend to revert these registry options as soon as there's a better solution available.
Force HTTP/1.1 on all requests
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "UploadUseHttpVersion10"=0 (REG_DWORD)
Force HTTP/1.0 on all requests
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "UploadUseHttpVersion10"=1 (REG_DWORD)
SAML-related options
Only allow SAML logins Requires version 2.0.137
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "EnabledLoginSequence"=1 (REG_DWORD)
Disallow SAML logins. Requires version 2.0.137
This deprecates DisableSamlLogin
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "EnabledLoginSequence"=2 (REG_DWORD)
Starting with 2.0.132 SAML login is used by default when the plugin detects that the server is configured to support SAML. However, the plugin is unable to determine if the server is configured to support SAML correctly. The following options can be used to tweak SAML-related behavior of the plugin
To disable automatic SAML login (same behavior as in the older versions - show standard login first)
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "AutoSamlLogin"=0 (REG_DWORD)
To disable SAML login button. You should also disable `AutoSamlLogin` as mentioned above to disable automatic SAML flow
NOTE: Use EnabledLoginSequence
with 2.0.137 or higher. We do NOT recommend setting DisableSamlLogin and will deprecate its support in the future.
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "DisableSamlLogin"=1 (REG_DWORD)
To skip SAML logout flow when user clicks Logout in the plugin (SAML login will still be used)
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "NoSamlLogout"=1 (REG_DWORD)
To automatically close SAML logout dialog based on a regular expression match
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "SamlLogoutHtmlDetectPattern"="put_your_regex_here" (REG_SZ)
Switch between JSON and XML API of LiquidFiles serverRequires version 2.0.84
Plugins 2.0.105 and before use XML API by default. Starting with 2.0.106, JSON API is the default
To force the plugin to use XML API:
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "LiquidFiles.IContentEncodingService"="LiquidFiles.ContentEncodingServiceXml" (REG_SZ)
To force the plugin to use JSON API:
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "LiquidFiles.IContentEncodingService"="LiquidFiles.ContentEncodingServiceJson" (REG_SZ)
Important: values are case sensitive. Please copy as they are.
Change path to the log folderRequires version 2.0.101
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "WriteLogsFolder"="%LOCALAPPDATA%\LiquidFiles\Logs" (REG_SZ)
It is possible to use environmental variables in the path (requires version 2.0.101)
Predefine URL to the server Requires version 2.0.10
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "BaseUrl"="https://yourserver" (REG_SZ)
Remove restriction on maximum attachment size for Outlook Requires version 2.0.10
Important: this functionality does not seem to work well with Outlook 2013 and later. In online scenario, Outlook restores limit from the connector almost immediately.
The new strategy of LiquidFiles Outlook plugin is to substitute the default "Attach file" dialog with its own. This functionality is enabled by default and can be turned off by `OverrideAttachFileDialog` policy value as specified below.
Outlook Plugin has functionality to intercept "add attachment" event in Outlook and use SecureAttachment function instead, if size of attachment exceeds certain threshold. However, Outlook has its own policy on maximum attachment size, and if that policy exists, it will be executed before LiquidFiles has opportunity to intervene. Therefore, you may need to change that policy.
For Outlook'2010, use this regedit snippet to effectively set MaximumAttachmentSize to maximum value possible (for other Outlook versions, you need to change version component in registry key path)
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Preferences] "MaximumAttachmentSize"=dword:7fffffff
Replace or Place Back Microsoft Outlook's Attach File dialog (Outlook 2007+) Requires version 2.0.10
Starting with Outlook 2007, when using Ribbon command to attach files, Outlook will prevent attaching large files before we have chance to intervene. Therefore it is necessary to replace Outlook's Attach File(s) dialog to make that feature work. However, some functionality native to Outlook's Attach window will be lost when replacing the dialog (Tools menu, access to Outlook's Templates folder), so, if it is necessary to maintain that functionality, you may need to apply registry tweak.
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "OverrideAttachFileDialog"=2 (REG_DWORD)
Permitted Values:
- dword:00000000 - do not override
- dword:00000001 - use MS Word's dialog instead (a bit slower to show, same functionality as Outlook)
- dword:00000002 - use custom dialog instead (no tools menu, no shortcut to Templates folder)
Set limit to trigger automatic upload via FileTransfer rather than conventional Outlook attachment once limit has been exceeded Requires version 2.0.10
As of server 3.*, this limit is governed by the server. Please use the "API & Outlook" tab on the group settings to set "Size Override" parameter AND disable option "Users are permitted to override the size override". You can use the registry value to set the default value, e.g. the value before user logs in.
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "AutoUploadInKb"=1024 (REG_DWORD)
Please note that the value is in Kb, so 1024 = 1Mb
As of 2.0.10, values below 500Kb are ignored and default limit used instead.
Upload files in chunks Requires version 2.0.10
If chunked upload is used, file will be split into logical chunks, uploaded as series of files of the specified sized and merged at the server.
Example: set chunk to 100MB = 102400 KB
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "UploadChunksKB"=102400 (REG_DWORD)
Allow plugin more time to connect to Windows Agent or disable connecting to Windows Agent at all Requires version 2.0.54
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "ConnectWindowsAgentTimeout"=10 (REG_DWORD)
This is default setting, specifying that Outlook Plugin has 10 seconds to establish connection to Windows Agent. We use WCF communication over named pipes. If Windows Agent already runs in memory, connection will be established in less than a second (providing that WCF communication is not blocked). If it's not, Outlook Plugin will use ShellEx command to start Windows Agent and will try to connect.
Setting this parameter to zero will force Outlook Plugin not to connect to Windows Agent.
Inject files at start of message Requires version 2.0.54
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "InjectPosition"=1 (REG_DWORD)
As of 2.0.54, to allow user change position still, add:
"InjectPositionEnforced"=0 (REG_DWORD)
NOTE: any changes set by user will be reset after restart or re-authentication. To allow user select permanent setting, do NOT set "InjectPosition" value, set "InjectPositionDefault" value (see below).
As of 2.0.56, you can change default value to "Inject files at start of message", while still allowing user to change position. To do that, add:
"InjectPositionDefault"=1 (REG_DWORD)
NOTE: it will not have effect on workstations where the plugin is already installed. It will only take effect on new workstations. To test, remove file "liquid.xml" under %APPDATA%\LiquidFiles folder (that will reset all settings and authentication).
Upload any attachments automatically Requires version 2.0.44
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "AutoUploadAnySize"="1" (REG_DWORD)
Always use same folder when browsing for file or folder Requires version 2.0.44
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "DefaultBrowseFilesFolder"="path" (REG_SZ)
You can use %DESKTOP%, %MYDOCUMENTS% or environmental variables such as %APPDATA%,%HOMEDRIVE%, %HOMEPATH%, %LOCALAPPDATA%, %USERPROFILE%.,
Do not allow user to set download count Requires version 2.0.45
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "DisableSetDownloadCount"=1 (REG_DWORD)
Default download count Requires version 2.0.49
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "DefaultExpirationDownloadCount" = 1 (REG_DWORD)
Note: you can combine it with DisableSetDownloadCount, preventing user from changing default value.
Authenticate user on startup Requires version 2.0.52
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "AuthenticateOnStartup" = 1 (REG_DWORD)
Authenticates user when Windows Agent starts (this is not the default behavior since version 2.0.42). This action consumes client license automatically.
Allow HTTP redirects Requires version 2.0.53
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "HttpAllowAutoRedirect" = 1 (REG_DWORD)
By default, redirects are not allowed.
Force specific language Requires version 2.0.54
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "ForceLanguageId" = "fr" (REG_DWORD)
languageid is standard Windows two-letter abbreviation culture Id; as of version 2.0.54, the following languages are supported:
- en: English
- de: German
- fr: French
- is: Islandic
- it: Italian
- nl: Dutch
- ru: Russian
- sv: Swedish
- es: Spanish
By default, current user's UI culture is used (per Regional preferences).
Upload body as Text, HTML or not at all Requires version 2.0.55
To upload plain text only
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT]
"UploadMessageBodyMode" = "DisableHtml" (REG_SZ)
To upload HTML (default behavior):
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT]
"UploadMessageBodyMode" = "AttemptHtml" (REG_SZ)
To upload no text at all:
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT]
"UploadMessageBodyMode" = "NoText" (REG_SZ)
Format FileRequest link Requires version 2.0.55
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "InsertFileRequestTemplate"= REG_MULTI_SZ | REG_SZ
Only plain text templates are supported at this point. To specify template that spaces several lines, use REG_MULTI_SZ type (in that case, RegEditor will not accept empty lines, use SPACE instead of empty lines if you want to specify any extra lines).
Template must contain %LINK% placeholder, such as
Please use the link below to send the files:
%LINK%
Use only "Private Message" functionality in plugin, "FileLinks" functionality in Windows Agent Requires version 2.0.56
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "EnableOnlySecureSendWithPlugin"= 1 (REG_DWORD)
This setting will make invisible all control buttons in Outlook Plugin except "Private Message" (previously "Secure Email"). It will also make invisible all control buttons in Windows Agent except "File Link".
To hide panel for control buttons in Windows Agent completely, disable FileLinks functionality for group of that user.
Redirect folder where local data is stored Requires version 2.0.58
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "DataFolder"= "path_to_data" (REG_SZ)
You can use %AppData%, %LocalAppData%, %MyDocuments%,%Desktop% in path, such as:
"DataFolder"= "%AppData%\MyOtherFolder"
Force Ribbon elements into their own tab Requires version 2.0.58
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "OutlookRibbonTabCaption"= "Caption of the new tab" (REG_SZ)
If value is missing, ribbon elements will be merged into default tab. NOTE: The same effect can be achieved by overriding whole Ribbon elements, but this method requires much less effort to do so.
Disable automatic uploading of attachment based on recipients Requires version 2.0.59
You can set policies to disable automatic uploading of attachments based on list of recipients. Please note that this policy only acts as prerequisite to other policies (such as file size). If the result of evaluation of this policy is "disable", no further action is done. However if the result is "enable", other policies will be evaluated.
This behavior is based on three values: AutoUploadRuleMode, AutoUploadRuleExcludeDomains, AutoUploadRuleIncludeDomains.
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT]
"AutoUploadRuleMode" = "RequireAtLeastOneValidRecipient" (REG_SZ)
OR
"AutoUploadRuleMode" = "AutoUploadWhenNoRecipients" (REG_SZ)
To enable this option, set "AutoUploadRuleMode" to either "RequireAtLeastOneValidRecipient" or "AutoUploadWhenNoRecipients". "AutoUploadWhenNoRecipients" will enable auto-uploading when you attach an item to a message which does not have any recipients yet. "RequireAtLeastOneValidRecipient" will make plugin to never auto-upload an attachment when there's no recipients.
Set AutoUploadRuleExcludeDomains to comma-separated, or semicolon-separated list of SMTP domains, for which you want to exclude auto-uploading. Note that these are SMTP domains, like yourdomain.com. You can disable all Exchange addresses altogether by listing domain EX. In this case, plugin will treat any Exchange address as being listed.
For example, to exclude all internal recipients, including all recipients with Exchange addresses, you might want to specify
"AutoUploadRuleExcludeDomains " = "EX,yourdomain.com" (REG_SZ)
By default, if there's any recipient which is not on AutoUploadRuleExcludeDomains list, auto-upload action will be enabled. However you can specify an explicit list of domains, and only allow automatic upload when there's at least one recipient in those domains. You can do this by setting AutoUploadRuleIncludeDomains option (comma and semicolon-separated, and you can use EX for any exchange addresses).
For example, to only allow auto-uploading when recipient is in domains domain1.com, domain2.com, you might specify:
"AutoUploadRuleExcludeDomains " = "domain1.com, domain2.com" (REG_SZ)
If you specified both AutoUploadRuleExcludeDomains and AutoUploadRuleIncludeDomains rules, auto-upload action will be enabled when there's at least one match in AutoUploadRuleIncludeDomains and no match in AutoUploadRuleExcludeDomains.
By default, third-level domains are considered separate domains. Use wildcard "*" to enable third-level domain matching: domain name *.domain.com will match domain.com and mail.domain.com.
Inject files before signature Requires version 2.0.67
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "InjectPosition"=3 (REG_DWORD)Inject files after signature OR Use regular expression to inject list of attachments into any place of email Requires version 2.0.67
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "InjectPosition"=2 (REG_DWORD)
Optionally, you can specify your own regular expression to inject files into any place in the email message
"CaptureSignaturePlaceholderRegexes"= "(regular expression goes here)" (REG_SZ or REG_MULTI_SZ)
In case of REG_MULTI_SZ, each line will correspond to a regular expression, and they will be evaluated top to bottom. The first match will be used.
Case will be ignored. You can add (?#rtl) comment to force right-to-left matching, and (?#delete) comment to delete the match. Use standard (?<=...)XXX(?=...) notation to specify suffix and prefix which will be excluded from the match. If you do not specify (?#delete) comment, signature will be injected at the start of regular expression match. In case of multiple matches, only the first will be processed. To process the last match instead of first, use (?#rtl) comment (right-to-left matching).
KNOWN ISSUE: In 2.0.67, you also need to set "Inject position" to "After signature", e.g.
"InjectPosition"=2
Otherwise, the policy will not be effective. This will be amended with the next versions.
- In registry, under HKEYCURRENTUSER\Software\LiquidFiles\SFT, create REG_DWORD value
TraceChangingBody=1
and also turn on verbose loggingTraceLevel=Verbose
- Restart Outlook.
- Create a new email with the signature, attach some files, send it.
%localappdata%\liquidfiles\logs\webResponses
? folder should contain files having "ChangingBody" and "ChangedBody" in their names; you can use those files to examine where the files are injected, or send them to us for analysis.
Setting default values for settings available in UI
- `MaxDateExpiration`: max expiration in days (REG_DWORD)
- `MaxExpirationDownloadCount`: max expiration download count (REG_DWORD)
- `DefaultExpirationDownloadCount`: default expiration download count (REG_DWORD)
- `DisableSetDownloadCount`: REG_DWORD, 0 to enable changing download count by the user (default), 1 to disable.
- `AutoUploadInKb`: default auto upload attachment size, in kb. (REG_DWORD)
Note that both default expiration in days and permission to change expiration days can only be set through the server.
Permission to override size of auto upload attachment is set at the server.
Hide individual buttons from dropdown in Ribbon Requires version 2.0.109
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "HideButtonAttachFile"=1 (DWORD) "HideButtonAttachFolder"=1 (DWORD) "HideButtonAttachAll"=1 (DWORD) "HideButtonResend"=1 (DWORD) "HideButtonSecureSend"=1 (DWORD) "HideButtonFileRequest"=1 (DWORD) "HideButtonOptions"=1 (DWORD)
Do not emulate keyboard strokes to put links into email as fallback mechanism Requires version 2.0.109
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "DoNotUseSendKeysToPasteLink"=1 (DWORD)
Use server-side secure mail Requires version 2.0.93
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "PrivateMessageMode"=1 (DWORD)
Use PDF when sending secure mail Requires version 2.0.93
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "PrivateMessageMode"=2 (DWORD)
Please keep it in mind that the server-side mechanism of Secure Mail does not currently support embedded attachments (e.g. pictures), and not all embedded attachments can be saved as PDFs (e.g. sounds). If that's not a concern, feel free to switch to the mode which works best for your organization through the registry policies described above.
Replace Insert group on the Compose Mail Item ribbon Requires 2.1.11
With recent versions of Outlook, the new Attach File dropdown menu cannot be overriden. While you can customize Ribbon manually to get the old button back, we also added support for a registry policy to hide the new group and display the custom group instead. The custom group has Attach button which always displays our custom dialog to select files.
In addition, you can define registry policies ReplaceIncludeFileGroupCaption etc., to set custom captions on the new Ribbon elements. These policies are completely optional and are intended to help with localization.
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "ReplaceIncludeFile"=1 (DWORD) "ReplaceIncludeFileGroupCaption"="Custom Include" (REG_SZ) "ReplaceIncludeFileButtonCaption"="Custom Attach File!" (REG_SZ) "ReplaceIncludeFileButtonSuperTip"="Custom Attach File!" (REG_SZ) "ReplaceIncludeFileButtonScreenTip"="Custom Attach File!" (REG_SZ)
Do not emulate keyboard strokes to put links into email as fallback mechanism Requires version 2.0.109
[HKEY_CURRENT_USER\Software\LiquidFiles\SFT] "DoNotUseSendKeysToPasteLink"=1 (DWORD)