Tuesday, September 2, 2014

Outlook 2010 - Manage Outlook settings with Group Policy - Part 1 - the Office 2010 ADMX files

Researching aspects of Exchange "cached mode", versus "online mode", OST files and Offline Address Books (OAB), I wanted to test how these various elements could be managed by Group Policy.

What if, for example, we want to prevent users from creating .PST files, or using Exchange cached mode (which happens to be the default in Outlook)? This could be for security reasons. We may not want cached copies of the user's mailbox on laptops that could be stolen. Of course, encryption could offer some protection in this respect. However, we might simply want to eliminate this risk by preventing any form of email from being stored on the client machine from the start.

Until now, I had never managed Outlook with Group Policy although I was aware that it was possible. In the lines that follow, I'll configure a GPO (group policy object) to this effect. I will assume that the reader is familiar with Group Policy and in particular the "Group Policy Management Console" (GPMC). This means I may go straight to a GPO without explaining how to open the GPMC.

The first step was to download the Office 2010 ADMX files and the second, to add them to the "central store". If you do not know what ADMX files are, or what the central store is, I would invite you to refer to traditional and online sources to learn about these components of Group Policy. 



Download the Office 2010 template files (ADMX)

When I composed this blog post, the Office 2010 ADMX files could be downloaded from this location:


If the link is no longer valid when you read this, I would conduct an online search (with Bing or Google) to find the new location.

Please note that the Office Customization Tool is part of the download but is not necessary to configure the Office 2010 elements in Group Policy. There was also a choice between 32 bit and 64 bit templates. Select whatever is appropriate for your environment. In my test network, both Windows 7 (SP1) and Office 2010 (SP2) are 64 bit so I only downloaded those files. There is also an Excel file summarizing the different group policy settings. It can be downloaded for reference but is not necessary.

The executable file I downloaded was named "AdminTemplates_64". After "unblocking" it, I execute the file which creates a folder containing some subfolders and in particular the "ADMX" subfolder. This subfolder contains the Office 2010 templates I will import later.



Create the "Central Store"

Next, I must add these templates to the "central store".

But there's a problem... No central store was ever created in my test lab.

So I'll create one now - and show you how, which may be useful if you have not yet created one yourself.

First, using the Default Domain Policy as an example, let's see how we can tell if the central store is being used.



The print in the screenshot is small but the Administrative Templates - Policy Definitions are "retrieved from the local machine".

Of course, that's to be expected since we have not yet created the central store - which will actually take the form of a (sub)folder named "PolicyDefinitions".

We want to create this folder under the SYSVOL share (so it can be replicated to other domain controllers).

Note: the name for the folder should be "PolicyDefinitions" (no space).

Here is the exact path (please refer to the illustration as well):

C:\Windows\SYSVOL\sysvol\domain_name\Policies



There will already be subfolders present in the Policies folder. This is normal. These folders contain settings for existing Group Policies, the Default Domain policy and the Default Domain Controller policy in particular.

In this case, the folder will be empty because we just created it. However, there may already be files and folders inside. This would be the case if we created the central store earlier and populated it with the latest Group Policy templates (Windows 2012 R2 / Windows 8.1 at the time of this blog post). In that case, this is what we might see:



So we have the ADMX files that allow us to manage various Windows OS parameters as well as the language specific ADML files for management, contained in their respective folder. In this example, we have ADML files for US English in the "en-us" folder and for French in the "fr-fr" folder.

 If we close and reopen the GPMC, and examine the Default Domain policy again, we can verify that the administrative templates are now being retrieved from the "central store":



Please note the subfolders of the "Administrative Templates" folder. Once we copy the Office 2010 templates into the PolicyDefinitions folder (the next step), we'll see some more folders specific to Office 2010 components.



 Add the Office 2010 ADMX files to the Central Store

This step is a simple matter of copying the files created earlier into the PolicyDefinitions folder. We should then see the Office 2010 ADMX files among the other ADMX files, in this case (below) an Access 2010 ADMX file:




Note: copy the appropriate ADML files to the corresponding language folder.

In addition, if we open a GPO, we should see the Office 2010 templates:



There are even more Office 2010 templates under the User Configuration section, and among them "Microsoft Outlook 2010":



Now we are ready to create a new GPO that will allow us to manage Outlook settings.

I'll create the GPO (right-click on the "Group Policy Objects" folder and select New) and...



We'll see the specific settings to configure in my next blog post (Part 2).

No comments:

Post a Comment