If you're deploying Exchange 2010 then it's likely that you're also deploying archive mailboxes, and working to eliminate .PST files. Once you've put all the work in to migrate .PST files into Exchange, you obviously don't want users to continue working off of these local files. Let's take a look at how to use Group Policy to disable .PST files on our Outlook 2010 clients.
To test this out, I've got a small lab environment with a one 2008 R2 Domain Controller, an Exchange 2010 SP2 server, and a Windows 7 Machine running Outlook 2010. All of the configuration will take place in group policy, and we'll validate it on the Windows 7 machine. The Exchange server will be completely out of the picture here other than to provide a mailbox to open from the client.
The first thing we need to do is download the Office 2010 Administrative Template files (aka ADM templates) from the Microsoft download center. There's 32bit and 64bit versions available – download the appropriate file depending on which version of Office you have installed. In my case, I'm using the 32bit version of Office 2010. I am going to perform my group policy changes on the DC, so I'll download and extract AdminTemplates_32bit.exe on this server.
Copy outlk14.admx to the %systemroot%\PolicyDefinitions\ folder, and copy the associated outlk14.adml file from the admx\en-us folder to %systemroot%\PolicyDefinitions\en-us folder.
Start the Group Policy Management Console and open the GPO that will be applying the custom settings. In this example, I am going to use the Default Domain Policy. Right click and select 'Edit'
Drill down under User Configuration > Policies, and you should see the option to configure Microsoft Outlook 2010 settings. Keep navigating even further, underneath Microsoft Outlook 2010 > Outlook Options > Other > AutoArchive. You'll want to Enable the Disable File|Archive option, and Disable the AutoArchive Settings.
Next, navigate to Microsoft Outlook 2010 > Miscellaneous > PST Settings. Enable the "Prevent users from adding PSTs to Outlook profiles and/or prevent using Sharing-Exclusive PSTs" and set the option to "No PSTs can be added".
Also, enable "Prevent users from adding new content to existing PST files"
On the client machine, run a gpupdate /force to apply the GPO immediately and login. You'll notice the end-user now is blocked from performing PST related operations. For example, the "Open Outlook Data File" option is no longer visible when going to File > Open in Outlook 2010.
Additionally, attempting to import or export PST data results in the following message:
There you go – Outlook 2010 in full PST lockdown mode. Keep in mind that if you are using Outlook 2007, there are ADM templates for that as well. You just need to get the templates loaded into group policy and the configuration should basically be the same exact thing.
No comments:
Post a Comment