Chances are, if you read my site, you also read the Exchange team blog. This means you’ve seen the PST Capture Tool! I’ve had a chance to work with this tool for a little while now and have found it to be a delight!
“PSTs are bad M’kay?“
This is a line we’ve all recited a time or two (ok maybe not exactly that line), but do we even know why? Are we just parrots, or do we actually have a reason for condemning this hugely prolific file format?
Let’s start by acknowledging that PST files aren’t all bad. M’kay? If you run Outlook at home, or if you use IMAP/POP-based accounts (Gmail, Hotmail, etc) at work, using a PST file can actually be a good idea. While it is possible to direct internet mail to the Exchange mailbox, this would create several problems:
- Wasting expensive Exchange disk space
- Potential violation of company policies
- Internet mail is now subject to corporate retention (and discovery!) policies
- Makes moving to a job more painful
I’d even go so far as to say you might want to use PST files for archiving corporate email! If you run a small shop – or a big one that isn’t subject to any retention policies. A group policy configuring AutoArchive (and a note to your users) might be a good way to implement spring cleaning in your Exchange data stores.
See, PST files actually can serve a purpose!
Then there is the other side of the coin:
In most situations, PST files represent unmanaged storage of email. For someone who is charged with administering an email environment, this means we aren’t able to do our job. If users begin to rely on something that we aren’t taking care of; what happens when it breaks? We’ve all had the uncomfortable task of telling someone we can’t get their data back at least once in our careers. It doesn’t make for fun times.
More important than our comfort; many organizations are subject to regulations which require them to turn email data over to the courts upon request. A judge wont want to hear your sob story about how PST files aren’t searchable, and how you’re going to have to look across the whole network by hand to find that email thread.
I recently completed an Exchange 2010 deployment for a government organization that was subject to such legislation. Once we activated the Personal Archive for their users, they decided to put the kibosh on PST files. To enforce this, we laid out a three phased approach:
- Prevent the users from making new PST files
- Prevent the users from adding content to existing PST files
- Use the abovementioned PST Capture Tool to import PSTs as necessary
The first two steps were quite simple to accomplish. Outlook reads a registry value called PSTDisableGrow (REG_DWORD). We deployed a GPO to implement this as follows:
Set PSTDisableGrow to “1” (without the quotes). This will allow users to mount PST files in Outlook, but it will not allow any new content to be placed within. Don’t worry about overkill here. I used a single GPO for all 3 settings. Outlook version X doesn’t care about extra registry settings in Outlook Y’s key.
PSTDisableGrow has some siblings; read more about DisablePST, DisableCrossAccountCopy and DisableCopyToFileSystem here.
That’s all for now, have a great week!
EDIT: Be sure to also check out this relevant blog post by the Microsoft Exchange product group: Deep Sixing PST Files
Howdy, Just a notice that when I come to the homepage I keep getting send straight to this comment page, I’m really sure why but thought you may like to know Mainly on the home page) Regards
I have had to tell someone more then once that their data could not be recovered. No it is not fun. I understand your points about the PST file not being all that bad M’kay. I would say however that I strongly dislike Exchange. Over the last few years I have helped close to a dozen business make the switch over to Google Apps. These were smaller companies mostly. The largest one had around 20 employees. I’m telling you, the cost is far less, support is cheap and so many great free features. Lastly you do not need to worry about PST files or having them ever go corrupt and it’s easy to manage group policies with out having to sweat over why Exchange is not working the way it is supposed to.
Would it be possible to restrict end users in moving There pst files to a pc not belonging to the domain?
Exchange and/or Outlook would not be able to prevent where a user copies a file. I would look into DLP software if this is really necessary; but a better solution would to prevent email from leaving Exchange in the first place. If you prohibit PST use, you can then control data using IRM or other built-in technologies.
I think I implemented DisableCopyToFileSystem exactly as described at the bottom of this article, http://technet.microsoft.com/en-us/library/ff800883(v=office.14).aspx. However, all it does is generate a warning that it’s prohibited, and then allows the message to be placed on the destination location anyway. Are you aware of any additional changes or conflicting settings which may be interfering with the desired behavior?
Can you elaborate on the gpo settings? I’m using a preference item that successfully deploys to hkey default user, but not hkcu. From my testing only a hkcu registry setting works.
I haven’t tried this with 2013, but here is what worked for me (2007-2010):
Disconnect all PSTs from the Default Outlook Profile: https://blogs.technet.microsoft.com/undocumentedfeatures/2016/01/12/disconnect-all-psts-from-the-default-outlook-profile/