Tag Archives: Exchange Server

How to Append Outlook 2010 Safe Senders List via Group Policy Object

I recently wrote an article about using the Exchange Management Shell to quickly add/remove addresses in the Outlook Safe Sender’s list. However, it’s dependent upon Exchange 2007/2010 and while it gets the job done for current users (or a subset of users), it doesn’t solve the problem for future users.

Fortunately, we can use a Group Policy Object (GPO) to do the same thing. Our GPO will point Outlook 2010 to a text file in a common location (such as the Netlogon share) with entries to be appended to the user’s Safe Senders list. For it to work, we’ll need the Office 2010 Administrative Template Files as well as a way to enforce Registry Entires on the client OS (this is built-in to the Windows Server 2008 GPO Editor due to Microsoft’s aquisition of PolicyMaker).

First, create a simple text file named “SafeSenders.txt” (or whatever you prefer) and populate it with the entries you want to end up in Outlook’s Safe Senders list (one address/domain per line, no headers are necessary). Save this next file in a location accessible to all users such as the Netlogon share.

Second, download the Office 2010 Administrative Template files and Office Customization Tool and extract the contents. We don’t need all of it, just the .adm or admx templates for Outlook. When you have them extracted, you can add them to your Group Policy Management Editor by right-clicking on “Administrative Templates” and selecting “Add/Remove Templates.” Add the outlk14 template and you’ll be all set.

Once added, drill down to the following:

User Configuration > Administrative Templates > Microsoft Outlook 2010 > Outlook Options > Preferences > Junk Email

Open “Specify Path to Safe Senders List” and set it to “Endabled.” For the path, use \\YourDomain\netlogon\SafeSenders.txt or whatever path/filename you will be using. Hit OK and now Outlook 2010 will know where to locate the import file. However, this setting will not force Outlook to actually import it. For that, we need to modify the registry.

If you have Windows Server 2008/2008 R2 as your domain controller and Windows Vista/7 as your client, this will not require any third party utilities, it’s all built right in to the Group Policy Management Editor.

Drill down to Preferences – Windows Serttings, right click on Registry and select New > Registry Item and use the following settings:


Action: Update
Hive: HKEY_CURRENT_USER
Key Path: Software\Policies\Microsoft\Office\14.0\Outlook\Options\Mail
Value Name: JunkMailImportLists
Value Type: REG_DWORD
Value Data: 1
Base: Decimal

Hit OK and then close out of the Group Policy Management Editor and assign this new GPO to the relevant Organizational Unit (OU). Once the GPO is applied to the system, restarting Outlook 2010 will force it to import the new Safe Senders List. If a user deletes one of those entries out of Outlook, it will be imported again the next time Outlook is launched.

The same Outlook setting can be applied to Outlook 2003/2007 with their relative administrative templates, but the registry setting will still need to be applied with by another product if the client OS is not Windows Vista/7 or the domain controller is anything other than Windows Server 2008/2008 R2.

Resources
Office 2010 Administrative Template files and Office Customization Tool

2007 Office system Administrative Template files and Office Customization Tool

Office 2003 Administrative Template, OPAs, and Explain Text Update

Configure junk e-mail settings in Outlook 2010

The Definitive Guide to Troubleshooting Outlook Calendaring Issues.

If you work in an environment with multiple versions of Outlook crossing multiple time zones (especially those in the US with Daylight Savings Time), I absolutely promise you that you will see a lot of issues, particularly with Outlook 2010 now in the mix. Knowing everything below should give you the information you need to bring an issue to resolution without escalating it… which is exactly why I wrote it for our help desk 😉

First, I highly recommend that you read through the following guides:

Outlook meeting requests: Essential do’s and don’ts

How to troubleshoot missing and duplicate appointments in Outlook

These guides contain a ton of useful information you should know in order to adequately troubleshoot issues related to meeting requests either disappearing or not behaving as expected.

In regards to an appointment displaying at the wrong time (generally off by 1-2 hours) for an attendee, thoroughly review this document.

How to address time zone changes by using the Time Zone Data Update Tool for Microsoft Office Outlook

If absolutely nothing else, please remember these points:

  1. If the user has Outlook installed on multiple machines, and the determination has been made to rebuild the profile, then the Outlook profile must be rebuilt on all machines, including deleting the existing OST file.
  2. It makes a BIG difference if Outlook 2010 is anywhere in the mix.  Microsoft made major revisions to how Outlook calculates meeting times with 2010.  Delegates (i.e. EA’s) and their executives should all be upgraded simultaneously to the same version of Outlook.
  3. Meeting times are calculated.  That means that an appointment doesn’t start at 1 PM CST, it starts at “7 PM -6 GMT,” and the endpoint decides what that means by performing the calculation based on what it knows about the meeting time and the organizers Time Zone.  The Exchange server plays no role in that unless you are viewing it through Outlook Web Access.  This is why a meeting start time may be different on an iPhone than it is in Outlook, because each one independently decides when that meeting really starts.
  4. If a meeting time differs from where it is supposed to be, there is a mismatch of time zone/DST settings with either the meeting organizer, their delegate, the attendee, or the person that forwarded the meeting request.  Any Outlook client that touched that meeting request must be thoroughly vetted.  Again, if 2010 is in the mix (particularly the end point), that’s a big issue and the user should be taught how to use the Time Zone Data Update Tool.
  5. Time zone settings are set in both Windows and in Outlook.  The DST settings are set in Windows.  All of them are equally important and you should verify they match.
  6. An end user should ALWAYS have the “Automatically Adjust for DST” flag set in Windows unless they live in a time zone that does not recognize DST.  Simply setting the clock +/- one hour is insufficient.
  7. When looking at the Outlook calendar, always switch to “View by Category” or use Outlook Web Access in order to know 100% that a meeting isn’t really there.
  8. If a meeting does not exist in Outlook, Outlook Web Access, or on a mobile device, then it simply does not exist.  It’s gone for good and will need to be recreated.  None of us can bring it back so light a candle and say a prayer.
  9. Remember, OST files get corrupted, NK2 files get corrupted, and PST files are just flat out evil.  Know what each of those does and how to correct them.  Read up on ScanPST.exe, you can use it for OST files too.

…and last but not least, at my very first job in IT my manager drilled this in to me:  “We do not work on unpatched software.” That means the very first thing you should do with Outlook is verify it is on the latest service pack (and it wouldn’t hurt to check for hotfixes).  It won’t always fix the issue, but at least you are working with the latest code.