How to Disable .PST Files in Outlook 2010 using Group Policy

Home > Blogs > Exchange Server > How to Disable .PST Files in Outlook 2010 using Group Policy

How to Disable .PST Files in Outlook 2010 using Group Policy

Like This Blog 1 Mike Pfeiffer
Added by July 23, 2012

If you’re deploying Exchange 2010 then it’s likely that you’re also deploying archive mailboxes, and working to eliminate .PST files. Once you’ve put all the work in to migrate .PST files into Exchange, you obviously don’t want users to continue working off of these local files. Let’s take a look at how to use Group Policy to disable .PST files on our Outlook 2010 clients.

To test this out, I’ve got a small lab environment with a one 2008 R2 Domain Controller, an Exchange 2010 SP2 server, and a Windows 7 Machine running Outlook 2010. All of the configuration will take place in group policy, and we’ll validate it on the Windows 7 machine. The Exchange server will be completely out of the picture here other than to provide a mailbox to open from the client.

The first thing we need to do is download the Office 2010 Administrative Template files (aka ADM templates) from the Microsoft download center. There’s 32bit and 64bit versions available – download the appropriate file depending on which version of Office you have installed. In my case, I’m using the 32bit version of Office 2010. I am going to perform my group policy changes on the DC, so I’ll download and extract AdminTemplates_32bit.exe on this server.

Copy outlk14.admx to the %systemroot%\PolicyDefinitions\ folder, and copy the associated outlk14.adml file from the admx\en-us folder to %systemroot%\PolicyDefinitions\en-us folder.

Start the Group Policy Management Console and open the GPO that will be applying the custom settings. In this example, I am going to use the Default Domain Policy. Right click and select ‘Edit’

Drill down under User Configuration > Policies, and you should see the option to configure Microsoft Outlook 2010 settings. Keep navigating even further, underneath Microsoft Outlook 2010 > Outlook Options > Other > AutoArchive. You’ll want to Enable the Disable File|Archive option, and Disable the AutoArchive Settings.

Next, navigate to Microsoft Outlook 2010 > Miscellaneous > PST Settings. Enable the “Prevent users from adding PSTs to Outlook profiles and/or prevent using Sharing-Exclusive PSTs” and set the option to “No PSTs can be added”.

Also, enable “Prevent users from adding new content to existing PST files”

On the client machine, run a gpupdate /force to apply the GPO immediately and login. You’ll notice the end-user now is blocked from performing PST related operations. For example, the “Open Outlook Data File” option is no longer visible when going to File > Open in Outlook 2010.

Additionally, attempting to import or export PST data results in the following message:

There you go – Outlook 2010 in full PST lockdown mode. Keep in mind that if you are using Outlook 2007, there are ADM templates for that as well. You just need to get the templates loaded into group policy and the configuration should basically be the same exact thing.

Enjoy!

Mike Pfeiffer – Microsoft MVP
Director of Unified Communications
Interface Technical Training

Videos You May Like

Creating Users and Managing Passwords in Microsoft Office 365

0 642 3

In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365.   For instructor-led Office 365 training classes, see our course schedulle: Spike Xavier SharePoint Instructor – Interface Technical Training Phoenix, AZ 20347: Enabling and Managing Office 365    

How to clone a Windows Server 2012 or 2012 R2 Domain Controller

3 1482 3

One of the coolest new features in Window Server 2012 and Windows Server 2012 R2 is the ability to clone a Domain Controller. In the past, if we had virtualized Domain Controllers and we actually took a snapshot of it and then rolled back to that snapshot, it would break the logon service on that … Continue reading How to clone a Windows Server 2012 or 2012 R2 Domain Controller

Detailed Forensic Investigation of Malware Infections – April 21, 2015

4 608 5

How does an investigator hunt down and identify unknown malware? In this recording of our IT Security training webinar on April 21, 2015, Security expert Mike Danseglio (CISSP / CEH) performed several malware investigations on infected computers and identify symptoms, find root cause, and follow the leads to determine what’s happening. He demonstrated his preferred … Continue reading Detailed Forensic Investigation of Malware Infections – April 21, 2015

Write a Comment

See what people are saying...

  1. Avatar Abhishek Joshi

    Can we bypass these registry key during backup…in our scenario backup is failing due to this policy…and working fine if we removed the GPO. as our backup uses vss to first take snapshot. during that time it wont allow to create temp.pst

Share your thoughts...

Please fill out the comment form below to post a reply.