Thursday, May 24, 2007

Want to prevent people from using PSTs on your network?


You have Exchange for a reason, it stores your email, and you do diligence to back it up daily. The problem is those pesky users keep moving mail to their PSTs. Hard drives crash, laptops are lost and along with that, email.

Why not force your users to keep all of their mail on the Exchange Server?

Well, it's a simple Group Policy object for Office 2003 and Office 2007.The problem is, SBS 2003 doesn't allow you to send out Registry edits without building a template for it. Well, a company called DesktopStandard has you covered with their PolicyMaker - Registry Extension plug in to Group Policy! This program is free (with registration) and can be installed on your SBS 2003/SBS 2003 R2 box. And it's my understanding, this company is working closely with Microsoft to build it's tools.

Once you've got that handy program loaded, you'll have to work around a minor issue if you have IE7 installed. Make the following Registry Key change:
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING
Create the REG_DWORD with the value of mmc.exe, and ensure the value is 0.

Once that's all finished, we're ready to create the registry keys. To do so, here are the steps:

  1. Click Start, Administrative Tools, and click on Group Policy Management.

  2. When the GPMC opens, right-click domain.local and click on Create and Link a GPO here...

  3. Call the Policy something familiar to you, like Prevent PST Usage.

  4. You'll now see what you just created in the list of GPOs, right-click it and choose Edit...

  5. In the new gpedit MMC window that opens, under User Configuration, and User Settings, select the new node called Registry

  6. In the right pane, right-click in some white-space and choose New, Registry Item.

  7. On the new property page that opens, fill out the following:

    • Action: Create

    • Hive: HKEY_CURRENT_USER

    • SOFTWARE\Microsoft\Office\12.0\Outlook\PST\

    • Value name: PstDisableGrow

    • Value type: REG_DWORD

    • 00000001

    Similar to the following picture:

  8. If you have any Office 2003 versions on your network, you'll want to also repeat the last step, but make the registry key for version "11.0" instead: SOFTWARE\Microsoft\Office\11.0\Outlook\PST\



You will not see the two registry keys in the "Report" of the policy, in fact, the policy will appear to be blank! The reason for this is the report only shows items that have an .ADM template file associated with them. Registry keys do not.

On the clients, this registry setting will take place once Group Policy refreshes, you can force this by typing gpupdate /force from a command prompt window. You will be able to see these registry settings applied to the client by running the command: Start, then Run, then type in RSOP.MSC and hit ENTER. This command gathers the resultant set of policy and shows it for the machine you are on presently.

There you have it! This policy prevents the PST files from growing (hence writing to PST files) It does not prevent the user from loading up any PST file and reading mail out of it.

Gotta love the power of Group Policy!

9 comments:

Anonymous said...

Great article. Helped me to unlock my PST ;)

Unknown said...

i tried the same thing but it does lock he PST file but also the OST file. I am using outlook 2003 and set the regsitry key as specified by you and with that also set value for the PST max size but after that the same value is set to OST.

Anonymous said...

When I open the GPO and go to User Configuration, I dont see "User Settings." Is there something else I need to add?

Sean Daniel said...

Nope, just make sure you have that 3rd party application installed correctly.

Anonymous said...

Except that DesktopStandard was bought by Microsoft, and I cant seem to find a copy of that program anywhere. The microsoft site apparently has it, but it only works for Vista.

Sean Daniel said...

You can install it on a domain joined Vista PC, along with the GPMC management tools and as long as the logged in account is a domain admin, you can edit the GP to your hearts content. :o)

Alex said...

Where is fine tool-ost to pst software, convert from ost to pst software will convert *.ost to *.pst extension, that can be easily opened by any email client, compatible with Microsoft Outlook, recover your contacts, messages and calendars, is very easy to use even for beginners, we do not care about you computer skills, friendly graphic interface permits to perform all operations in several mouse clicks.

Anonymous said...

Great article (again, as usual), although i'm running into a snag. I've tried installing the GPMC on a Vista Machine, but i can't due to a message telling me the Microsoft has blocked installation of the product on Vista machines. Is there ANY way to get this working on a SBS2k3 machine. I've ploughed through the technet group policy site, but can't find anything and as far as i can tell the GPExtensions are only available in Server 2008 based machines. Any help would grately be appreciated.

Kind regards,
Philipp

Sean Daniel said...

as far as I know, it's not blocked are you sure there isn't a policy and that you are an admin?