Azure Hybrid & Cloud Migration Blog

Solution: How to disable PSTs creation in Microsoft Outlook 2010 | Disable Outlook PST Creation | Prevent Users from adding contents inside Outlook PSTs |

Updated on 8/9/2011

Author: Zahir Hussain Shah

Preventing PST Creation in your environment after implementing Archiving Solution

Tags: How to prevent Outlook PST Creation | How to prevent PSTs in Outlook 2003 / 2007 / 2010 | Disable PST creation in Outlook

Introduction:
Once you have Email Archiving Infrastructure ready to support your Exchange 2010 Messaging Infrastructure, you would be planning to restrict end-users to increase their PSTs, and to some extent you would be more interested to allow them to user their existing PSTs, but in the same time, restrict them from doing the following:

· Cannot create more PSTs

· Cannot add more data into their existing PSTs

Solution:

Let me show you how you can achieve this using Group Policy for Microsoft Office GPO Administrative Templates…

You have to download the Microsoft Office Administrative Template, for each MSOFFICE version, you can easly download it by serach it.

Like one I’m going to use here is Office 2010 Administrative Template files (ADM, ADMX, ADML) and Office Customization Tool

http://technet.microsoft.com/en-us/library/cc178992.aspx (Download it)

Ø Once you download it, open Group Policy Management Console, create new GPO and in the User section, for Administrative Teamplates, import it as follows:
Open the “ADM” folder and the appropriate language subfolder (en-us for English), select the file named “outlk12.adm” and click “Open”.

Ø Once you import it, then setup the PST policies according to your requirement:

Once you are done with changes, close it and let the user to log off and login back.

Since we allowed users to create new PSTs, but when they will try to put anything inside the PSTs, they will get “ACCESS DENIED” error.

You can also enable setting in the GPO, which will completely disabled creation of PSTs as well.

I recommend before you apply this to production users, first test if for some test users and then apply it for production use.

Update: 

Later after writing this article, I was informed about a scenario, where Microsoft Outlook considers the Enterprise Vault (Cache) as same as PST, so in this case, it won’t allow the EV Policies to move data from Exchange Mailbox to EV Vault, and which breaks the EV Client Side Policies, and therefore I was asked to find a solution for this so, even I’m restricting the DisabledPSTGrow but in the same time, I want the EV Vault Cache to work fine, so in this case, there is another Registry Entry you have to create, which will instruct Outlook to allow Authenticated entities like EV Vault to work with moving emails from mailbox to them.

Outlook 2007 / Outlook 2010:
  • Enterprise Vault 2007 Service Pack 3 or higher
  • Microsoft Outlook 2007 hotfix
  • The following registry keys:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office\12.0\Outlook\PST\PSTDisableGrow (DWORD) = 1
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office\12.0\Outlook\PST\PSTDisableGrowAllowAuthenticodeOverrides (DWORD) = 1
Both registry keys must be placed in those exact locations, as one key without the other will cause the Enterprise Vault Client not to hook in to the functionality and Offline Vault will fail to add items.

Outlook 2003

  • Enterprise Vault 2007 Service Pack 3 or higher
  • Microsoft Office Outlook 2003 SP3
  • Microsoft Outlook 2003 Hotfix
  • The following registry keys:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office\11.0\Outlook\PST\PSTDisableGrow (DWORD) = 1
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office\11.0\Outlook\PST\PSTDisableGrowAllowAuthenticodeOverrides (DWORD) = 1

For more information, please see this link

Cheers!

Zahir Hussain Shah
Infrastructure Practice Consultant – Messaging Solutions
MCSE, MCTS, MCTIP Enterprise Administrator, ITIL
Blog: http://zahirshahblog.com | LinkedIn | Twitter 

Azure Hybrid Blog

7 responses to “Solution: How to disable PSTs creation in Microsoft Outlook 2010 | Disable Outlook PST Creation | Prevent Users from adding contents inside Outlook PSTs |”

  1. Thewienerman

    what about for Windows 7 – Whats the path there to disable pst growth with Win 7 32 bit and Outlook 2010?

  2. Zahir Hussain Shah

    It is the same registry path for Windows 7 as well.

    If you create registry in one of the Windows 7 PC, and then export it and using GPO publish it to all machine, or alternatively you can also use OFFICE ADMX templates to publish the settings, the same registry entry will be created in the same container for each office version.

    Do leeme know if you need to know any further thing related to this.

    Zahir

  3. Lyle Swan

    Hi – Is the Enterprise Vault your referring to the Exchange Archiving System or a 3rd Party Application such as Symantec Enterprise Vault? Thanks.

  4. Zahir Hussain Shah

    Hi Lyle,

    See this article is supporting any kind of Archiving System, means as a whole, when we do any kind of Archiving Project in our IT Infrastructure, is to overcome PST related issues, and for compliance, so after implementing or transferring data from distributed data (PSTs) to central Archiving Store, you want to prevent user from being start storing this data back into PSTs or their personal computers, so this article is guding you that how you can stop users from being create or adding data back to their old created PSTs.

    Even if you use EV or Exchange Archiving the same methodology you are going to apply when it comes to prevent users.

  5. Collins

    Nice article.

    However it should noted that remote users who use outlook anywhere to connect to their exchange mailboxes will still have the ability to create pst files if they want too.

  6. How to sell beats

    – Gain key insights into the company for academic or business research purposes.

    As mentioned above, there seems to be no exclusive website for Cholestrex at the time of
    this review. We believe that we need to take a holistic approach in determining whether
    a given product is worthy of our trust and investment.

  7. Thomas Muir (@thomasmuir)

    You mention above that you candisable the creation of PST files. Which setting is this? totaly

Leave a comment