You cannot send or receive executable files like .exe or .bat in Outlook. This is a security feature designed to prevent malware distribution. The block is enforced by Outlook’s attachment security settings. This article explains how administrators can modify these settings to allow specific file types.
Key Takeaways: Unblocking Executable Attachments in Outlook
- Group Policy Editor (gpedit.msc): The primary method for system administrators to change Outlook’s Level1 file block list for all users on a computer.
- Windows Registry Editor: Allows manual editing of the file block list for a single user profile when Group Policy is not available.
- File > Options > Trust Center > Trust Center Settings > Attachment Handling: The user interface where blocked file types are listed, but the list itself is controlled by policy or registry.
Why Outlook Blocks Executable Attachments by Default
Outlook uses a security feature called Attachment Security to protect users. It categorizes potentially dangerous file extensions into two levels. Level1 files are completely blocked. You cannot open, save, or send them. Common Level1 files include .exe, .bat, .ps1, .js, and .vbs.
This block happens at the application level, not the email server. Even if your mail server allows the attachment, Outlook will intercept it. The setting is stored in the Windows Registry or enforced via Group Policy. Standard users cannot change this through Outlook’s standard options menu. Only an administrator can modify the system-wide policy or registry keys.
The Two Levels of File Blocking
Level1 files are blocked entirely. Level2 files, like .docm or .xlsm, can be saved to disk but not opened directly from Outlook. The user must save the file first and then open it from Windows Explorer. The methods below focus on removing file types from the Level1 block list.
Steps to Modify the Attachment Block List
You need administrator rights on the Windows computer to complete these steps. The change affects all user profiles on that machine.
Method 1: Using the Local Group Policy Editor
This method is for Windows 11 or Windows 10 Pro, Enterprise, or Education editions. The Home edition does not include the Local Group Policy Editor.
- Open the Group Policy Editor
Press the Windows key + R, typegpedit.msc, and press Enter. - Navigate to the Outlook Security Settings
Go to User Configuration > Administrative Templates > Microsoft Outlook 2016 > Outlook Options > Security > Security Form Settings > Attachment Security. - Open the Level1 File List Policy
Double-click the policy named “Level1 File”. - Enable and Modify the Policy
Select the Enabled option. In the “Level1 Remove” box, type the file extensions you want to unblock. For example, to unblock .exe and .bat files, typeexe;bat. Use a semicolon to separate multiple extensions. - Apply the Change
Click Apply, then OK. Close the Group Policy Editor. - Update Group Policy
Open Command Prompt as administrator. Typegpupdate /forceand press Enter. Restart Outlook for the change to take effect.
Method 2: Editing the Windows Registry
Use this method if you are on Windows Home edition or prefer direct registry editing. Creating a backup of the registry before proceeding is recommended.
- Open the Registry Editor
Press Windows key + R, typeregedit, and press Enter. - Navigate to the Outlook Key
Go to HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security. The version number 16.0 corresponds to Outlook 2016, 2019, 2021, and Microsoft 365. Use 15.0 for Outlook 2013. - Create or Modify the Level1Remove Value
In the right pane, look for a String Value namedLevel1Remove. If it does not exist, right-click in the empty space, select New > String Value, and name itLevel1Remove. - Enter the File Extensions
Double-click theLevel1Removevalue. In the Value data field, enter the extensions you wish to remove from the block list. For example, enterexe;bat. Click OK. - Restart Outlook
Close the Registry Editor and completely close and restart Outlook. The changes should be active immediately.
If the Attachment is Still Blocked After Configuration
Outlook Still Shows the Blocked Attachment Icon
If the policy or registry change was made but an existing email still shows the attachment as blocked, the change is not retroactive. The security check happens when the email is received. You must ask the sender to resend the email after the policy is in place on your computer.
Group Policy Overrides Registry Settings
In a corporate environment, a domain Group Policy from a server will override your local policy or registry settings. You must contact your IT department to request a change to the central policy that applies to your computer.
File Extension is Mismatched or Double
Outlook also blocks files that have double extensions, like “document.pdf.exe”. It will detect the final .exe extension and block it. Renaming the file to have a single, allowed extension before attaching it is the only workaround if you cannot modify the block list.
Outlook Attachment Security Modes Compared
| Item | Level1 Blocked Files | Level2 Restricted Files |
|---|---|---|
| User Action Allowed | No open, save, or send | Save to disk only |
| Common File Types | .exe, .bat, .ps1, .js | .docm, .xlsm, .pptm |
| Default Behavior | Attachment is removed from view | Attachment is shown with a warning |
| Modification Method | Group Policy or Registry | Group Policy or Registry |
| Security Risk | Very High | Moderate |
You can now send and receive executable file attachments by modifying the Level1 block list. Remember that lowering these security settings increases your risk of malware infection. For a related security feature, explore the Trust Center settings for macro handling in Office documents. An advanced tip is to use the registry path HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\Security for machine-wide policies that are more resistant to user changes.