Restrict users from deleting recoverable deleted items

Posted on 2005-04-20
Last Modified: 2010-06-17
How can I restrict users from permanetly deleting items from the recoverable deleted items?  Or better yet, hide the recoverable deleted items from their view?  I have a mailbox store policy that holds deleted items for 60 days before deleting them, but not sure if that is making the items undeleteable?  
Question by:gravelpits
    LVL 2

    Expert Comment

    To stop them from clicking 'Recover Deleted Items' do the following. On the client machines search for and rename the file dumpster.ecf . This is actually an Add-in in Outlook. You will find(in Outlook 2003) it in Tools-Options-Other-Advanced-Add-in Manager called Deleted Item Recovery.

    When you rename this file it greys out the option to recover deleted files. The same can be accomplished by unticking the add-in

    If you have done this and for some reason want the option back, rename the file to its original name go into the add-in manager and click add, select the dumpster.ecf file and it will re-add the option(after you have restarted outlook, you may have to tick it again too)

    Hope this helps


    Author Comment

    That sounds like a winner Daniel, but is there any way that you know how to accomplish this through a group policy?  I don't want any one signing on to the network to be able to delete those items.  Thank you for you help.  

    Author Comment

    Ok, I tried that and office just reinstalls the add in if you rename the file.  
    LVL 2

    Accepted Solution

    It must do that with different versions of outlook, i tested it on mine and it worked ok.. I have found a article explaning how to do it via Group policy. I have not tested this yet but it looks sound.


    Recently, an Exchange administrator I know asked how to partially disable the Recover Deleted Items functionality in Outlook. He wanted the "dumpster" to operate as usual, retaining deleted items for a specified number of days for each mailbox store, but he wanted to grant only administrators the ability to recover deleted items. His company needed to be able to recover deleted items for litigation purposes but didn't want the rank and file to be able to intentionally or accidentally destroy evidence.

    I suggested that he use Group Policy to disable the Recover Deleted Items command on the Tools menu for everyone but administrators. In fact, you can use Group Policy to disable any toolbar or menu command, but the catch is that you must obtain unique IDs for each command you want to disable. Let's walk through the process.

    The first step is to obtain the policy template files from the Microsoft Office resource kit. You can use the version of the resource kit from the Office XP or Outlook 2002 enterprise CD-ROM, or you can download orktools.exe from and run the file to install the tools. The policy templates are .adm files that are installed automatically in your winnt\inf or windows\inf folder. If you install the resource kit tools on a user workstation, you can copy the office10.adm (for general Office XP settings) and outlk10.adm (for Outlook 2002) files to the same winnt\inf (or windows\inf) folder on your domain controller (DC).

    Next, you create the Group Policy. Windows applies Group Policies at the domain or organizational unit (OU) level in Active Directory (AD). You can apply more than one policy for each domain or OU, setting an order of precedence. I recommend creating a separate policy that applies to Outlook settings instead of appending the Outlook settings to an existing policy. If you create a separate policy for Outlook settings, you can delegate management of that policy to an administrator who is familiar with Outlook.

    To create a new policy, open the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in, right-click the OU to which you want to apply the policy, then choose Properties. On the Properties dialog box, click the Group Policy tab, which Figure 1 shows, then click New. Next, change the name from New Group Policy Object, the default, to something more descriptive.

    After you create the new Group Policy, you can return to the Group Policy tab and click Edit to edit the policy. The policy contains two hierarchies: Computer Configuration and User Configuration. Because you'll typically apply Outlook settings on a per-user basis, you'll work with User Configuration settings most often.

    To add the Outlook 2002 policy template from the Outlook resource kit, expand the User Configuration hierarchy, right-click Administrative Templates, then choose Add/Remove Templates. In the Add/Remove Templates dialog box, click Add, then select and open the outlk10.adm template that you copied to the winnt\inf folder. Do the same for the office10.adm template. Then, close the Add/Remove Templates dialog box.

    The policy templates represent virtually all the Outlook and general Office options that appear in the UI, plus a few extras. For example, if you want to prevent users from using Visual Basic for Applications (VBA) to customize their Office applications, look under Microsoft Office XP, Security Settings to find a policy that lets you Disable VBA for Office applications. Many of these options are also available in the Custom Installation Wizard. The advantage of using a policy is that you control the setting centrally, enforcing it whenever users that the policy applies to start Outlook.

    Because you want to disable a toolbar command, you would typically look in the Microsoft Outlook 2002 policy list under Disable items in the user interface. Unfortunately, the Recover Deleted Items command doesn't appear on the list of predefined commands that the policy template supports. However, under Custom is a Disable command bar buttons and menu item policy, which is exactly what you need.

    The next step is to locate the ID for the Recover Deleted Items command. The Microsoft article "OL97: How to Use Command Bars in Outlook Solutions" ( explains how to use VBA code to generate a list of toolbar and menu command IDs. However, I find it easier to use Dmitry Streblechenko's OutlookSpy developer tool ( to look up the ID. The ID for the Recover Deleted Items command is 5654.

    To use Group Policy to disable one or more commands, open the Disable command bar buttons and menu items policy, select Enabled to make that policy active, then click Show. Click Add, then enter the IDs for the commands you want to disable. When you finish adding IDs, click OK, then click OK again to save the changes to the policy.

    Next, you can use one of the Office policies to add an explanation in the form of a tooltip to your disabled toolbar and menu commands. From the Microsoft Office XP policies, under Disable items in user interface, open the Tooltip for disabled toolbar buttons and menu items policy. Select Enabled to turn on the policy, then type your tooltip text into the box provided. Click OK to save the policy change.

    The finishing touch is to set the permissions for the Group Policy. Right-click the Group Policy, choose Properties, then select the Security tab, which Figure 3 shows. By default, any new Group Policy applies to all authenticated users. You can choose to remove the Authenticated Users group and add another security group that includes the users you want the policy to apply to, and you can add an administrator or security group of administrators that you want to administer the policy.

    After you configure this Group Policy, the Recover Deleted Items command will be disabled for users to whom the policy applies the next time they log on to Windows and start Outlook. If these users hold the mouse pointer over the Recover Deleted Items command, they'll see the tooltip you added. You can use this technique to disable any toolbar or menu command in Outlook or in other Office programs if you add the appropriate .adm file to the Group Policy.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    Learn more about the importance of email disclaimers with our top 10 email disclaimer DOs and DON’Ts.
    Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
    Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now