Documents generated in CRM (e.g. single letter, serial letter) are always opened without a warning because they are considered trustworthy.
However, documents imported by the user or interface are always checked for their trustworthiness before being opened (read or edited).
There are three application settings for this:
Figure: Configuration of the application parameters
With the help of these application parameters, the trustworthiness check when opening documents can be adapted to your own requirements.
Application parameter: MIMETypeList - property: WARN_MIMETYPE
Listing of all MIME types where the user gets a new warning before opening the document (no matter if read or write mode).
In the delivery version, this includes e.g. exe, bat or office files with macros, such as doc, docm, xls, xlsm, xlsb, ppt, etc.
Office files without macros are not included here (such as xlsx, docx, pptx) – consequently no warning message appears there.
In the delivery version, this includes the following MIME types:
Application parameter: MIMETypeList - property: WARN_MIMETYPE_EXCLUDE
List of all MIME types. where the user does not receive a warning before opening the document, although they are included in the warning list above via a regular expression.
For example, the warning list includes all Office documents with macros via the regular expression application/vnd\..macroenabled..
For example, if you want to exclude all PowerPoint documents from this, you can either include all PowerPoint MIME types individually here or simply map them as a regular expression >> "application/vnd\.ms-powerpoint\..*"
In the delivery version, this entry is empty.
Application parameter: MIMETypeList - property: WARN_FILEEXT
Listing of all file extensions whose MIME type is trusted (such as text/plain for ps1 files), but which would still cause an application to run when opened.
In the delivery version, this includes the following file extensions:
Special feature Windows Client
If the system setting "Windows specific access to open documents" is not activated, text-based documents are always opened in the text editor and not executed. In this case, no warning message appears, although a ps1 file is opened here, for example.
The MimeType of a file can be determined quite easily, e.g. via https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types.
Application scenario I
Example: The customer always wants to allow external PowerPoint documents.
Determining the Mime Type for PowerPoint
ppsx = application/vnd.openxmlformats-officedocument.presentationml.slideshow
ppsm = application/vnd.ms-powerpoint.slideshow.macroEnabled.12
ppt = application/vnd.ms-powerpoint
pptm = application/vnd.ms-powerpoint.presentation.macroEnabled.12
Entry of all four MIME types in the exception list for WARN_MIMETYPE_EXCLUDE
Entry of a regular expression that maps all four MIME types: application/vnd\.ms-powerpoint.*
Subsequently, external PowerPoint files are opened in the application without any prompt.
Application scenario II
Example: The customer always wants to allow external Word and Excel documents.
Entry of the following regular expressions, which maps all Word and Excel MIME types
Subsequently, external Word and Excel files are opened in the application without any prompt.