After migrating users' data from .PST files to Exchange Server 2007 mailboxes, you must to lock down Microsoft Outlook to prevent further access to remaining .PST files. Previously, we implemented a group policy setting that let users open existing .PST files, but prevented them from placing any additional data into those files. This tip explains how to completely deny users the ability to open .PST files in Exchange Server environments.
To completely deny users the ability to open .PST files, you must lock down Microsoft Outlook's
I did, however, find some registry settings that you can use to disable Microsoft Outlook 2007's AutoArchive menu completely, and remove the AutoArchive option from the Other tab in the Options properties sheet. Access the Options properties sheet by choosing the Options command in Outlook 2007's Tools menu.
Note: Because you will be editing the registry, I recommend embedding these commands in a script and testing that script on a lab machine before attempting these modifications on a production machine.
Next, set the value of each of the following registry keys to 0:
Now we're going to disable the use of .PST files on users' workstations. To do so, the administrative template for Microsoft Outlook must be installed.
Open the Group Policy Object Editor and navigate through the group policy tree to: User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Miscellaneous -> PST Settings.
I recommend verifying that the group policy setting Prevent Users From Adding New Content to Existing .PST Files is still enabled. Next, enable the Prevent Users From Adding .PSTs to Outlook Profiles and/or Prevent Using Sharing-Exclusive PSTs.
When you enable this setting, you need to decide which setting you want to use. The default setting lets users continue to add .PST files. Therefore, simply enabling the policy setting doesn't help reach our goal.
The next option is to disallow the addition of .PST files. While this may seem like the best option, it does have some nasty side effects. If you block all .PST files, then some Microsoft Outlook features, such as SharePoint lists and Internet calendars, will cease to function.
The final option is to add only sharing-exclusive .PSTs. This is usually your best option because it prevents users from copying mail items to and from .PST files. It also won't prevent certain Outlook features from working.
I prefer to use the Group Policy Object Editor to lock
down .PST files. However, some Exchange administrators prefer to use a registry setting that
removes the Outlook Data File option from the menu when a user selects the New command from
Outlook's File menu. If you want to try this approach, go to the following registry key and
set its value to 5575:
About the author: Brien M. Posey, MCSE, has previously received Microsoft's MVP award for Microsoft Exchange, Windows Server and Internet Information Server (IIS). He has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal website at www.brienposey.com.
Do you have comments on this tip? Let us know.
Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.
This was first published in September 2008