Most Exchange Server administrators understand the dangers of allowing users to create PST files. The problem is that PST files have been a core Outlook feature for well over a decade. So what can you do to prevent PST file usage in your organization? Sorry to say that upgrading to Outlook 2013
First, it eliminated the option to create ANSI-based PST files. ANSI PST files were the standard PST file format used from Outlook 97 to Outlook 2002. Microsoft switched to a different PST file structure due to the ANSI format's 2 GB size limit and corruption problems. Even so, ANSI-based PST files were supported until Outlook 2013. Microsoft's decision to eliminate them won't solve all of your PST woes, but it will help maintain the integrity of any data that happens to get written to a PST file.
Second, Microsoft eliminated the option to deliver Exchange Server data directly to a PST file. Instead, mailbox data remains in the user's Exchange mailbox, but it's cached to a local OST file so it can be accessed while the user is offline.
This particular feature is helpful because some tech-savvy users configure Outlook to automatically deliver new messages to a PST file. The advantage of doing so is that Exchange mailbox remains empty, allowing end users to completely circumvent mailbox quotas and message retention policies.
Switching to Outlook 2013 won't eliminate PST files an end user already has in place, but it will keep them from automatically having email delivered directly to a PST. If the user wants their mail to be placed in a PST, they'll have to manually move it.
Use Group Policy settings to prevent PST file problems
Microsoft offers limited support for PST file control in the administrative template for Outlook. With the releases of Outlook 2010 and 2013, Microsoft made one small but significant change.
Before I show you this change, let's talk for a moment about the existing Group Policy settings for PST control. The administrative template for Outlook has long included PST-related Group Policy settings. Both of these settings are located at User Configuration \ Administrative Templates \ Microsoft Office \ <outlook version> \ Miscellaneous \ PST Settings
The most important of these settings have arguably been DisablePST, which prevents the creation of and occasionally access to PST files, and PSTDisableGrow, which keeps PST files from getting larger by preventing users from adding data to PST files.
In Outlook 2010 and Outlook 2013, Microsoft created a new Group Policy setting called DisableCrossAccountCopy. This cryptically named policy blocks a user's ability to add data to a PST file. This includes copying data from an Exchange Server mailbox or moving data from one PST file to another.
When this Group Policy setting is enabled, Outlook ignores the DisablePST and the PSTDisableGrow policies. The DisableCrossAccountPolicy takes precedence over the DisablePST and the PSTDisableGrow policies. If you want to prevent PST file usage, the most effective way of doing so with native tools is by using the DisableCrossAccountPolicy setting.
The Microsoft Office Administrative Templates make it relatively easy to prevent PST file usage, but blocking PST usage is only part of it. As a best practice, administrators need to locate PST files that exist throughout the organization and harvest the data within those files. Exchange does not natively provide a good way to do this, but there are third-party tools that can help.
About the author:
Brien Posey is an eight-time Microsoft MVP for his work with Windows Server, IIS, Exchange Server and file system storage technologies. Brien has served as CIO for a nationwide chain of hospitals and health care facilities, and was once responsible for IT operations at Fort Knox. He has also served as a network administrator for some of the nation's largest insurance companies.
This was first published in November 2013