Create a group policy to prevent .PST file storage in Exchange 2007

Use the Group Policy Object Editor in Active Directory to prevent users from storing new data in .PST files on Exchange 2007 and Microsoft Outlook 2007.

To gradually eliminate .PST files from your Exchange Server organization, you must first stop users from adding...

more data to them. This tip explains how to use the Group Policy Object Editor in Active Directory (AD) to prevent users from storing new data in .PST files in Exchange Server 2007 and Microsoft Outlook 2007.

The actual steps to keeping users from adding data to .PST files vary, depending on which versions of Exchange Server and Microsoft Outlook your organization uses. This article focuses on Exchange Server 2007 and Outlook 2007; however, these steps can be easily adapted for use with Exchange 2003 or Outlook 2003. No matter which version of Exchange Server or Outlook you're using, this process requires thorough planning and preparation.

First, understand that users must store data somewhere. If you eliminate users' abilities to store data in .PST files, you must allow them to store data in Exchange mailboxes without worrying about exceeding quotas or having old messages be deleted. Keep in mind -- this isn't a permanent solution.

Although most users' mailboxes will increase in size, it's difficult to judge by how much. However, the growth shouldn't be overwhelming at first. There are a couple of things that you should do to prepare for this:

  • Verify that your mailbox servers have enough extra disk space on the mailbox store volume and transaction log volume.
  • Ensure that your backups have enough capacity to handle extra mailbox data.

Next, remove quotas from users' mailboxes so that the mailboxes can accommodate data that would ordinarily be stored in .PST files. To do this:

  1. Open the Exchange Management Console (EMC) and navigate through the console tree to Server Configuration -> Mailbox. The upper half of the details pane will display all Exchange 2007 servers in your organization.
  2. Select the server that contains the database from which you want to remove the quota. The lower half of the details pane will display the storage groups and databases contained on the server.
  3. Right-click on the database you want to remove the quota from and select Properties. The management console then will display the Mailbox Database Properties sheet. You can use its Limits tab to remove the quota from mailboxes in the store.

    Exchange Server 2007 has the ability to set quotas on individual mailboxes -- not just on the mailbox store. Setting quotas individually isn't recommended; if you did set individual mailbox quotas, you must remove each quota individually.

  4. Alert users of upcoming storage changes to prepare them. Send a memo explaining that existing user data is safe, and .PST files won't be deleted. You should also inform users that mailbox quotas have been adjusted to meet new storage needs.

    I would avoid telling users that mailbox quotas have been completely removed. This might result in abuse. You may also want to inform users that some additional changes will occur in the near future.

Prepare Active Directory (AD)

Now that you've prepared your Exchange server to accommodate additional data, you must create group policy settings in Active Directory to prevent users from writing any additional data to .PST files. Active Directory (AD) doesn't natively offer this capability, but Microsoft offers some Outlook-specific group policy templates that you can download.

If you're using Outlook 2007, you should download the 2007 Office system Administrative Template files (ADM, ADMX, ADML) and Office Customization Tool version 2.0. This download includes an executable file named AdminTemplates.exe. Save it to a temporary folder and then double-click on the file to extract individual template files to a location that you specify.

NOTE: If some users are using previous versions of Outlook, then the required templates are included in the Microsoft Office Resource Kit for the particular version of Outlook that you are using.

  1. Open the Group Policy Object Editor and load the group policy to which you want to add the Outlook-related settings. For example, if you want to manage Outlook settings at the domain level, open the Active Directory Users and Computers console.
  2. When the console opens, right-click on the container for your domain, and select Properties. Go to the Group Policy tab, select the Default Domain Policy option and then click Edit.
  3. Once the Group Policy Object Editor opens, right-click on the listing for Administrative Templates (under the User Configuration section), and choose Add/Remove Templates. You will see a list of currently loaded templates.
  4. Click Add, and then navigate to the folder containing the templates that you downloaded. Select the OUTLK12.ADM file, click Open and then Close.

Create a group policy

After preparing the Group Policy Object Editor, create a group policy setting that prohibits users from adding any additional data to .PST files.

Navigate through the Group Policy Object Editor tree to User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Miscellaneous -> PST Settings.

There are many different .PST file-related group policy settings that control .PST files (Figure 1). The only option that we want to enable at this time is the Prevent Users from Adding New Content to Existing .PST Files option.

Prevent Users from Adding New Content to Existing .PST Files
Figure 1. Enable the Prevent Users from Adding New Content to .PST Files option. (Click on image for enlarged view.)

More on this topic

Enabling this option won't prevent users from creating new .PST files; however, it does prevent them from placing any data into a newly created file.

Remember, Microsoft Outlook isn't the only application that uses .PST files. Microsoft SharePoint also uses them. The aforementioned group policy setting is Outlook-specific; SharePoint users can still use .PST files with that application.

Finally, the Group Policy Object Editor acts like a front-end interface to the registry. When you edit the group policy, you're actually editing the system registry. For instance, enabling the Prevent Users from Adding New Content to .PST Files option is the same as creating the following registry key and setting its value to 0:


About the author: Brien M. Posey, MCSE, is a five-time recipient of Microsoft's Most Valuable Professional Award for his work with Windows Server, Internet Information Server (IIS), Exchange Server, and File Systems and Storage. Brien has served as CIO for a nationwide chain of hospitals and healthcare facilities, and was once a network administrator for Fort Knox. You can visit Brien's personal website at

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale

Dig Deeper on Exchange Server setup and troubleshooting