Outlook Client Group Policies

 < Day Day Up > 

Outlook Client Group Policies

With a baseline understanding of how Group Policy functions in a Windows Active Directory Domain environment, Microsoft Exchange 2003 administrators can look at how Group Policy, GPOs, and security templates can be leveraged to enhance the ability of Management Exchange Outlook 2003 clients in the enterprise.

An all-in-one solution, Exchange administrators can also use the Group Policy function to create Administrative Distribution Points for pushing client software to the desktops. Working with predefined Group Policy templates available from Microsoft, administrators can now manage areas and control access and changes, ranging from restrictions and preventing configuration modifications to controlling the look and feel that affects the overall user experience when working with the Exchange Outlook 2003 client software.

In this section, you review the tools and options for managing the Exchange Outlook 2003 clients, specifically using Group Policy and predefined templates. You explore the options available with Group Policy when deploying and working with the Outlook client, Outlook Group Policy templates, and the steps for configuring administration privileges for managing the Exchange client through Group Policy.

Exchange Client Policy Options

To further enhance the management functionality when working with Exchange Outlook 2003 clients, the ORK now provides a predefined security template for managing Outlook clients using the Group Policy functionality of Windows domains.

Called Outlk11.adm , this template enables administrators to centrally manage and configure many of the security functions and preferences normally required to be configured at each individual Outlook client. Using Outlk11.adm, administrators can fully manage and configure the following areas:

  • Outlook Preferences The preferences options available with the security templates can be defined in the same manner as using the Options tab available in the Tools menu of the Outlook client. When defining preferences, administrators can control the standard look and feel of each component available with Outlook. Options include areas for enforcing items such as spell check and email format, calendaring views, and contacts options.

  • Exchange Settings Configuration items, such as profile configurations and auto archiving, can now be centrally configured.

  • SharePoint Portal Server Settings In addition to the Outlook client settings, using the templates enables administrators to configure access to SharePoint Portal server resources through the Outlook client.

Though the Outlk11.adm template enables you to configure many import options and preferences with the Outlook 2003 Exchange clients, not all areas are available with the template.

Adding the Outlook Administrative Template

Because the additional administrative templates are not configured by default when Windows Server 2003 is installed, administrators must download or install the Administrative Outlook Template manually. Available on the ORK, the Outlk11.adm is placed on the local drive of the systems where the ORK is installed.

To begin setting up the Outlook security template Outlk11.adm , start by installing the GPMC on the domain controller where the policy will be administered.

Next install the Microsoft ORK on a system where the template can be accessed from a domain controller for import into the Domain Group Policy.

TIP

To download the GPMC from Microsoft, go to

http://www.microsoft.com/windowsserver2003/downloads/default.mspx

The Office 2003 Resource Kit (ORK) can be downloaded from the Microsoft Office Web site at

http://www.office.microsoft.com/home/default.aspx


After the ORK is installed, the Outlk11.adm file is automatically extracted and placed in the C:\Windows\Inf directory (where C: represents the drive where the Windows installation resides) on the local system drive where the ORK was installed.

To import the Outlook security template Outlk11.adm into the Domain Group Policy using the Group Policy Management Tool, use the following steps:

TIP

When importing the Outlk11.adm security template, it is best practice to import the template to the Default Domain Group Policy.


  1. From a domain controller in the domain where the policy will be applied, open the Group Policy snap-in by selecting Start, All Programs, Administrative Tools, Group Policy Management.

  2. Select the location Default Domain Policy where Outlk11.adm will be imported to, as shown in Figure 29.1.

    Figure 29.1. Group Policy Management Console.

    graphics/29fig01.jpg

  3. From the Action menu select Edit; this opens the Group Policy Object Editor window.

  4. On the Group Policy Object Editor, select Administrative Templates under the User Configuration option and right-click to choose Add/Remove Templates, as shown in Figure 29.2.

    Figure 29.2. Group Policy Object Editor.

    graphics/29fig02.gif

  5. From the Add/Remove Templates dialog box, click the Add button.

  6. Navigate to the location where Outlk11.adm was placed, as noted in step 2. Select the template to import OUTLK11.ADM and click the Open button.

  7. Ensure that the OUTLK11 template has added the Add/Remove Templates dialog box, and click Close to continue.

You should now see the Microsoft Outlook 2003 template under the Administrative Templates folder in the Group Policy Editor.

Assigning Group Policy Delegates

Although Group Policy has traditionally been the management task of Windows domain administrators, with delegation, permissions can be assigned to additional resources and accounts to manage Exchange 2003 Outlook clients. Using the Delegation Wizard of the GPMC, accounts can assign and delegate rights to add, modify, and delete Group Policy Objects.

It is important to delegate the proper rights for administrators to manipulate the Microsoft Outlook 2003 Group Policy. Using the delegation option of the GPMC, administrators can assign a very small group of users permission to edit Outlook policies at the domain level. To enhance this functionality, it is also possible to allow diverse groups of administrators to configure group policies at lower levels of the Active Directory domain tree.

When assigning permissions, administrators can delegate the following rights:

  • Create GPO

  • Create WMI filters

  • Permissions on WMI filters

  • Permissions to read, edit, and so forth an individual GPO

  • Permissions on individual locations to which the GPO is linked (SOM)

Using the Group Policy Delegation Wizard makes it easy to give the appropriate groups of administrators the rights they need to do their job and continue to administer Windows Server 2003 in the most secure way possible.

How to Delegate Rights over GPOs

To understand the steps required to assign rights over GPOs, let's look at the following scenario to assign one Active Directory account permission at the domain level. The rights that will be assigned to the account will be the Edit Group Policy Objects Only permissions.

To begin, open the GPMC by selecting Start, All Programs, Administrative Tool, Group Policy Management. Then follow these steps:

  1. On the GPMC, select Domain Folder, Your Domain, Group Policy Objects, Default Domain Policy.

  2. Select the Delegation tab in the right pane of the Domain Group Policy Object.

  3. To add an account, select the Add button, enter the name of the account to be added, and click the OK button.

  4. Select the rights to be assigned to the account by selecting the permission Edit in the drop-down box, as shown in Figure 29.3; select OK to continue.

    Figure 29.3. Add Group or User permissions.

    graphics/29fig03.gif

The account has now been assigned rights to edit the domain-level GPO. Review the information and test settings to ensure that the permissions have been applied correctly.

Managing Group Policy Configurations

Through Group Policy, Outlook configuration settings can be configured and applied differently depending on how the GPO is applied.

Exchange administrators can not only centrally manage one group of Exchange 2003 Outlook clients, but they can configure and apply a completely different set of options enforced on a different group or OU in the domain by following these steps:

  1. Open the GPMC and select the organizational unit to which to apply the GPO.

  2. Select Action from the menu bar and select Link an Existing GPO.

  3. From the Select GPO dialog box, choose the domain policy and click OK to link the domain policy to the desired organizational unit.

TIP

When linking the GPOs, access to the GPMC can be obtained through the Active Directory Users and Computers (ADUC) snap-in. Select the properties of the domain you are working with and select the Group Policy tab.


 < Day Day Up > 


Microsoft Exchange Server 2003 Unleashed
Microsoft Exchange Server 2003 Unleashed (2nd Edition)
ISBN: 0672328070
EAN: 2147483647
Year: 2003
Pages: 393
Authors: Rand Morimoto

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net