I have a few macro’s configured which I triggered via a message rule and are now no longer working.
Upon trying to recreate the rule, I noticed that the Run a Script rule action is no longer available at all.
- Why has this useful feature been removed?
- What alternatives do I have now?
The Run a Script rule action has indeed been removed from Outlook as well as the Start Application action.
These rule actions are considered to be unsafe but there are still ways to run your macro script or application by either re-activating the feature via the Registry or by modifying your macro code.
The Run a Script and Start Application are no longer available by default as a rule action.
Why has the Run a Script rule action been removed?
Microsoft has discovered a security issue with the way scripts and applications are being executed via a message rule.
Apparently there is no real way to fix this or fixing it would be too expensive when compared to the amount of users actually using this rule action and the fact that there are (secure) alternatives available as well.
Personally, I think that the fact that it is a client-based-rule and the impression that Microsoft is trying to clean up the Rules Wizard and align it with the rules available in Outlook on the Web has something to do with this as well. I wouldn’t have anything against a more modern revamp of Outlook's rules management and capabilities and this might actually be a first step.
Affected versions of Outlook
The following versions of Outlook are affected;
- Outlook 2016 (Office 365)
Version 1703 (Build 7967.2161) and later
- Outlook 2016 (MSI)
After applying KB3191883 (May 2017).
Version 16.0.4534.1001 and later
- Outlook 2013
After applying KB3191938 (June 2017).
Version 15.0.4937.1000 and later
Previous versions of Outlook are not affected as they are no longer in mainstream support and seemingly it is not an actual “security vulnerability” but merely a “security issue” that doesn't warrant an update introducing this change of behavior for older Outlook version.
Workaround: Re-enable the Run a Script rule via the Registry
To re-enable the Run as a Script and Start Application rules, you can create and set the
EnableUnsafeClientMailRules Registry value.
As this path might not exist in your Registry yet, you’ll need to create it first. If you are not really into editing the Registry yourself, you can also download this zip file. It contains files for both Outlook 2013 and Outlook 2016.
Note: This should be considered a workaround though as Microsoft deems the use of the Run a Script and Start Application rules unsafe (hence the name) and may remove these rule actions completely when the exploit risk increases or the when the Rules Wizard gets a complete overhaul in the future.
Solution: Modify your macro (recommended)
Instead of relying on a rule to execute the script or application, you can also run it directly via the NewMail or ItemAdd event. Any rule conditions that you might have set like “From a specific person” or any additional actions like “move to folder” can also be done via the macro code.
Depending on your macro code, coding skills and available time, this solution may take some time to implement so until then, you may want to rely on the workaround.