Solved

Disable Email Signatures via GPO

Posted on 2016-10-27
25
62 Views
1 Endorsement
Last Modified: 2016-11-07
I started using a 3rd party program to streamline our email signatures. A number of our users already have a signature setup in Outlook and I don't want them to double up. Is there a way to disable Outlook signatures via GPO? This would be on a SBS 2011 box. Thanks.
1
Comment
Question by:itgolfer
  • 13
  • 9
  • 3
25 Comments
 
LVL 3

Assisted Solution

by:Spencer Scherer
Spencer Scherer earned 250 total points
ID: 41862850
There definitely is.  This will guide you along your way to disabling signatures!

http://www.codetwo.com/kb/how-to-disable-adding-signatures-created-in-outlook-for-exchange-users/
1
 

Author Comment

by:itgolfer
ID: 41862878
Thanks, Spencer. Looking at the link quickly, it looks like I need to download some files for the different versions of Outlook we have. We currently have versions 2010, 2013 and 2016 running so as long as I download those files, it should work for all users?
0
 
LVL 3

Expert Comment

by:Spencer Scherer
ID: 41862882
Yes it will.  You will need to download the files for each individual version listed there that you use (2010, 2013, 2016) and then setup the policy for each individual version as well.  You'll see them listed in your GP Editor.
1
 

Author Comment

by:itgolfer
ID: 41862890
Thanks. So, I need to create 3 separate policies but can point to the security group for all 3?
0
 
LVL 3

Expert Comment

by:Spencer Scherer
ID: 41862900
Yeah, one policy for each version of Outlook.  The same overhead GP can be used to configure all 3 and then apply it where you need.
0
 

Author Comment

by:itgolfer
ID: 41862912
Perfect, thanks.

One other question; on the downloads for the files, is the x64 or x86 related to the version of Office or Windows?
0
 
LVL 3

Expert Comment

by:Spencer Scherer
ID: 41862919
It would be for the version of Outlook / Office installed on the target machine.  If you click on one of the downloads and scroll down to "Install Instructions" it will give you all of the relevant information.   Let me know if you run into any issues!
0
 

Author Comment

by:itgolfer
ID: 41862943
So I've got everything downloaded but I'm not positive what to copy. In the Policy Definitions folder, I already have an en-US folder. The way I'm ready the directions, it says to copy the entire en-US folder from my downloaded folder and paste in the Policy Definitions folder. Is that write or am I just supposed to copy the admx and adml files? I don't want to create more issues.
0
 
LVL 3

Expert Comment

by:Spencer Scherer
ID: 41862958
All you'll need to copy over is the adml and admx files.
0
 

Author Comment

by:itgolfer
ID: 41862963
Thanks! Just the Outlook file or all of them (access, excel, visio, etc.). Sorry for all of the questions.
0
 
LVL 3

Expert Comment

by:Spencer Scherer
ID: 41862970
Just outlook.  The others are to add policies to limit / edit functionality within those programs.
0
 

Author Comment

by:itgolfer
ID: 41863012
Thanks for all your help. I copied the two outlook files for 2013 into the Policy Definitions folder and just added myself for the security group for testing. I'll probably just wait until I reboot to test to make sure the GPO settings are applied. Will this disable an Outlook signature or just prevent the user from creating one?
1
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 3

Expert Comment

by:Spencer Scherer
ID: 41863030
My pleasure! It should prevent both use if they already have one and future creation.
0
 

Author Comment

by:itgolfer
ID: 41864012
Spencer, after making the GPO changes yesterday,  I came in this morning but it still had my signature configured in Outlook and I was able to enable/disable it. I'm not a GPO expert by any means so I could have easily made a mistake. Below is what I've done and if you have any suggestions, I'd greatly appreciate it. Thanks.

-Created GPO and Enabled the policy Do not allow signatures for email messages
-Downloaded the Office 2013 files and copied the outlk15.admx file into the %SystemRoot%\PolicyDefinitions folder and the outlk15.adml file into %SystemRoot%\PolicyDefinitions\en-US folder
-Added my user account under Security Filtering so that I can test it without it affecting other users
0
 
LVL 3

Expert Comment

by:Spencer Scherer
ID: 41864041
If you send a test mail to yourself does the signature still appear as well?  Can you run a group policy results wizard and see if the policy is correctly applying to you and your current machine?
0
 

Author Comment

by:itgolfer
ID: 41864058
How do I run a results wizard?
0
 
LVL 3

Expert Comment

by:Spencer Scherer
ID: 41864061
About a quarter of the way down it details how to use it.  Once you pull up the report you'll see errors (if there are any) indicated by a red x with a possible reason the policy was not applied.  Let me know what the results look like.  Thanks!

https://www.petri.com/solving-group-policy-problems-with-the-group-policy-results-wizard
0
 

Author Comment

by:itgolfer
ID: 41864111
Under Applied GPOs, I see a few of our GPOs. Under Denied GPOs, I see Local Group Policy and then a number of entries inside of { }. I don't see the name of my new GPO anywhere in the report.
0
 
LVL 6

Expert Comment

by:Niten Kumar
ID: 41864863
Hello itgolfer

I think you got the steps wrong.  Did you add the administrative templates using the below method:

After placing the ADM file, open Active Directory Users and Computers, right-click ondomain, choose Properties, Group Policy tab, Edit button. A new window will display; spread Administrative Templates. If the subfolder Microsoft Office Outlook ... does not exist, right click on Administrative Templates, choose Add/Remove Templates, then clickAdd button and add the downloaded file.

You can place the ADM file anywhere.  On the c drive in a folder as long as you add it to administrative templates of the GPO you are creating for Disabling signature.
0
 

Author Comment

by:itgolfer
ID: 41867178
Am I placing the ADM file on each workstation or on the GPO server?
0
 
LVL 6

Accepted Solution

by:
Niten Kumar earned 250 total points
ID: 41867676
The ADM files should go on the domain controller on which you will create the GPO.  The steps to be followed as follows:

1.  Place the ADM files in a folder on the c drive of the Domain Controller.
2.  Open GPMC and go to Group Policy Objects and right-click and create a new GPO.
3.  Right-click on this new GPO and choose edit.  Go to Administrative Templates under User Configuration and right-click and choose Add/Remove Templates.  Add the required outlook template.
4.   Now once templates have been added go and edit the policy setting as shown below.

signature.JPG5.  Now apply the policy to the required OU and test it out.  You will need to have the ADM file dedicated to Outlook version used by the users.

Office 2007 - http://www.microsoft.com/en-us/download/details.aspx?id=22666
Office 2010 - http://www.microsoft.com/en-us/download/details.aspx?id=18968
Office 2013 - http://www.microsoft.com/en-us/download/details.aspx?id=35554
0
 

Author Comment

by:itgolfer
ID: 41868401
I have downloaded the files but when I got to Add/Remove Templates and browse to the folder, they aren't displayed. I have both the ADMX and ADML files in that folder. Not sure what I'm doing wrong.
0
 
LVL 6

Expert Comment

by:Niten Kumar
ID: 41869131
Are you trying to do this for Outlook 2010 users.  If yes then check inside the path ....\ADM\en-us\
0
 

Author Comment

by:itgolfer
ID: 41872628
Eventually, I will as we have instances of 2010, 2013 and 2016. I'm testing it on myself first and I'm running 2013.
0
 

Author Comment

by:itgolfer
ID: 41877285
I wasn't ever able to get it to work so I just deleted the signatures in the user's AppData folder on their PC. It was kind of a pain but it worked. Thanks for the suggestions.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now