Outlook Anywhere settings from GPO


If you want to make sure all of your employees (ok, maybe not yours but you get it) have the right settings in their Outlook profile so that they can always use the mail client even when they are outside of the office, you should push these settings from a GPO.

Download Template

Download this file http://download.microsoft.com/download/F/B/C/FBC43645-89EA-4FB4-828C-DFE27C360233/article-961112.adm

Save the file temporary to your desktop or directly to %WinDir%inf

Set up the GPO

Open the GPMC and create a new group policy with an easy to understand name like “Outlook 2007 Anywhere”

Edit the GPO

Add the template to the “Outlook 2007 Anywhere” GPO

  1. Right click on “Administrative Templates” under User Configuration and chose “Add/remove Templates” from the drop down menu.
  2. Click “Add”

    and select the file named “article-961112.adm” (if you saved the file to the desktop just drag it in to this window) and Click “Open”
  3. Now that the template is added click “Close”

Configure the Outlook Anywhere template

Now open the added template and change the configuration to meet your needs.

  1. RPC/HTTP Connection Flags
    Enable the setting and pick the flags you need
    Flag1: Enables the ‘Connect to Microsoft Exchange using HTTP checkbox’ on the Connection tab.
    Flag2: Enables the ‘Connect using SSL only’ checkbox
    Flag3: Enables the ‘Only connect to proxy servers that have this principal name in their certificate’ checkbox
    Flag4: Enables the ‘On fast networks, connect using HTTP first, then connect using TCP/IP’ checkbox
    Flag5: is not implemented as an option in Outlook 2007 so it is not included in any policy settings.
    Flag6: Enables the ‘On slow networks, connect using HTTP first, then connect using TCP/IP’ checkbox
  2. Proxy Server Name
    Enable the setting and specify the server name, this should be your DNS MX record.
  3. Only connect if Proxy Server certificate has principal name
    Enable the setting and enter your certificates common name, if you have a wildcard certificate it will look like on the image but if you have a single server certificate it is probably the same as the DNS MX record.
  4. Proxy authentication setting
    Enable the setting and choose authentication type. This should be set to “NTLM authentiction”.

Now all you have to do is to link the GPO to the domain and wait for the replication and policy update times.
If you have users that are connected to the domain via VPN make sure that the GPO “Slow link detection” is configured to your meet needs.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: