Executive Summary:

Because Microsoft Office Outlook 2007 and 2003 don’t have a mechanism for preventing the creation of secondary email accounts, you need to come up with your own solutions if you want to stop users from creating these accounts. You can add or configure registry keys on the workstation to prevent Outlook account creation by users.


Q: How do you prevent users from configuring additional email accounts in Outlook?

A: In Microsoft Office Outlook 2007 and 2003, there’s no configuration setting in the UI to prevent secondary email accounts from being created. By default, users can add a POP3 account to their existing Outlook Exchange profile for example, assuming a POP3 server is reachable. However, you can add or configure registry keys on the workstation to prevent Outlook account creation by users. The keys differ depending on the account type you want to disable. You can implement them for individual users through HKEY_CURRENT_USER, like so HKEY_CURRENT_USER\Software\Microsoft\Office\\Outlook\Options

Depending on the version of Outlook you’re running, here are the version numbers to use: For Outlook 2007 use 12.0, for Outlook 2003 use 11.0, and for Outlook 2002 use 10.0.

After the HKEY_CURRENT_USER path, you’ll add DWORD values for the protocols you want to disable: for POP3 use DisablePOP3, for IMAP4 use DisableIMAP, for MAPI use DisableExchange, for HTTP use DisableHTTP, and for Other use DisableOtherTypes.

With these keys toggled on with a value of 1, the user will be unable to add new accounts of the type disabled. In Office 2007, if POP3, IMAP, and HTTP are disabled, then the Internet E-mail option for them in the Add New Internet E-mail Account box will be grayed out, as shown in Figure 1, when a user tries to create a new account using Tools, Account Settings, E-mail.

If you create or update installations using the Office Customization Tool (OCT) in Office 2007, or the Custom Installation Wizard or Custom Maintenance Wizard in Office 2003, you can configure this setting for new Office deployments or update current ones. In the OCT, the setting is found in Features, Modify user settings, Microsoft Office Outlook 2007, Miscellaneous, Prevent users from adding e-mail account types, as shown in Figure 2. Administrators can also distribute a .registry file to control new email account creation in Outlook. Registry files are easily distributed through logon scripts or application deployment products. The following is a sample .registry file that's used to disable POP3, IMAP, and HTTP on an Outlook 2007 workstation:

Windows Registry Editor Version 5.00 \[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\12.0\Outlook\Options\] “DisablePOP3” = dword:00000001 “DisableIMAP” = dword:00000001 “DisableHTTP” = dword:00000001

These configurations can also be implemented through Group Policy and the Outlook Group Policy administrative template, outlk12.adm. To download outlk12.adm, use the search term admintemplates.exe at download.microsoft.com. The configuration applied through Group Policy is identical to the OCT configuration with the exception of the registry key location. For Outlook 2007, the registry values would be placed under HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office\12.0\OptionsNote that the policy entries take precedence over the individual custom registry entries applied with the OCT.