PST Lockdown

PST files are very much of their time, but just like public folders and pre-windows 2000 logon names, they are still used in anger almost everywhere I go. They are usually scattered around the network and/or on users C:\ drives, causing mayhem and corruption wherever they go.

Admittedly, there were good reasons to use them back in the days of Exchange 2003, when disks were expensive and Mailbox Stores were limited to 70GB. These days it’s a much better idea to use a 3rd party archiving solution or integrate them back into the original mailbox. The problem here is that users love to hang on to what they know, even if they loathe it themselves. So how to stop those pesky users from messing around with PST files? Enter the magical wizardry of Group Policy, back to save the day as always.

The first thing you will need is to have the correct Administrative templates loaded for either Office 2010 or Office 2013. I’m going to pretend that nobody is running Office 2007 as it is now 8 years old and a bit old hat.

Go and edit your existing Office group policy or create a new one, and configure the following settings:

Microsoft Outlook 2010/2013 > Outlook Options > Other > AutoArchive > AutoArchive Settings – Disabled

Microsoft Outlook 2010/2013 > Outlook Options > Other > AutoArchive > Disable File|Archive – Enabled

Microsoft Outlook 2010/2013 > Miscellaneous > PST Settings > Prevent users from adding PSTs to Outlook profiles and/or prevent using Sharing-Exclusive PSTs – No PSTs can be added

Microsoft Outlook 2010/2013 > Miscellaneous > PST Settings > Prevent users from adding new content to existing PST files – Enabled

If you create the above configuration in Group Policy and apply it to your users, you will find that users a) will not be able to access the ‘Open Outlook Data File’ option in Outlook, b) Currently attached PST files will remain connected but data cannot be added to them and c) Users will not be able to use the Import/Export functions or AutoArchive functions with regards to PST files.

Once you’ve made these changes, you can move onto the process of hunting down and getting rid of those dreaded PST files without worrying about more file cropping up around you!

Good luck and god speed.

Advertisements

Office 365 – MFA support for the Windows Office 2013 suite on it’s way!

Great news for users of Office 365 Multi Factor Authentication! Office 365 MFA is soon to be fully supported in the Office 2013 Windows client applications.

At the moment, MFA only supports web based applications like OWA. If you have MFA enabled and want to use rich client applications such as Outlook 2013, you have to use an App Password. This is a randomly generated 16 digit persistent passcode which is assigned to an individual application, such as Word 2013.This provides a higher level of security than a user specified password however is not as secure as true MFA.

This new functionality will pave the way for customers making use of the integrated Office 365 MFA authentication. Especially considering that it is totally free to enable!

Currently the update is only available to those people taking part in a Private Preview, however interested parties can keep their eyes on the Office 365 roadmap at http://roadmap.office.com to find out about release dates for this update.