none
GP - Disable encryption between Outlook and Exchange

    Question

  • Hi,

    In outlook 2003/2007 in the security settings of an exchange account there is a box that says "Encrypt data between Outlook and Exchange"

    It is on by default and we need to turn it off.

    There is no group policy for this, im trying to find the registry key so i can create a custom group policy but am not having much luck.

    Does anyone know of a way i can turn this off for all computers in a Domain either by group policy or any other automated method?

    thanks
    Monday, May 19, 2008 1:32 AM

Answers

  • Hi,

    I recommend you to download the Office 2007 policy templates and then edit outlk12.adm.

    http://www.microsoft.com/downloads/details.aspx?FamilyID=92d8519a-e143-4aee-8f7a-e4bbaeba13e7&DisplayLang=en

    1.    Please open “Active Directory Users and Computers”.

    2.    Right click on the domain controller and select “Properties”.

    3.    Click on the “Group Policy”.

    4.    Select the GPO that you want to edit and click “Edit”.

    We recommend you to use GPMC to edit GPOs

    Group Policy Management Console with Service Pack 1

    http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en

    5.    Find “Administrative Templates” under “User configuration” and right click on it.

    6.    Select “Add/Remove Templates” and click on “Add”.

    7.    Find outlk12.adm (Note: Please find the location of Office 2007 policy templates …\ADM\EN-US\)

    8.    Find “User configuration”-“ Administrative Templates”-“Microsoft Office Outlook 2007”-“Tools| Account Settings”-“Exchange”.

    9.    Please find “Enable RPC encryption” in the right pane. You can enable it or disable it.

    After that, please run “gpupdate /force” to force client to apply the GPO.

    Meanwhile, you can download template for 2003 and edit.

    http://www.microsoft.com/office/ork/2003/tools/BoxA19.htm

    Hope it helps.

    Best regards,

    Xiu

    Tuesday, May 20, 2008 1:15 AM
  • Hi,
     
    For Office 2003,it should be the outlk11.adm.
     
    Then please downloadORKSP3AT.EXE from http://www.microsoft.com/office/orkarchive/2003ddl.htm and try to see whether Enable RPC encryption setting is there.
     
    If you can not find that setting,then please try to customize the adm file to meet the request.
    1. Please try to open outlk11.adm with notepad.exe.
    2. Copy the below settings to the adm file and save.
     
    POLICY "Enable RPC encryption"
    KEYNAME Software\Policies\Microsoft\Office\11.0\
    Outlook\RPC
    PART "Check to turn setting on; uncheck to turn setting off" CHECKBOX
    VALUENAME EnableRPCEncryption
    VALUEON NUMERIC 1
    VALUEOFF NUMERIC 0
    END PART
    END POLICY
     
    3.Please try to reload adm file and check whether the setting could be done via GPO.
     
    Hope it helps.
     
    Xiu
    Tuesday, May 20, 2008 4:14 AM

All replies

  • Hi,

    I recommend you to download the Office 2007 policy templates and then edit outlk12.adm.

    http://www.microsoft.com/downloads/details.aspx?FamilyID=92d8519a-e143-4aee-8f7a-e4bbaeba13e7&DisplayLang=en

    1.    Please open “Active Directory Users and Computers”.

    2.    Right click on the domain controller and select “Properties”.

    3.    Click on the “Group Policy”.

    4.    Select the GPO that you want to edit and click “Edit”.

    We recommend you to use GPMC to edit GPOs

    Group Policy Management Console with Service Pack 1

    http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en

    5.    Find “Administrative Templates” under “User configuration” and right click on it.

    6.    Select “Add/Remove Templates” and click on “Add”.

    7.    Find outlk12.adm (Note: Please find the location of Office 2007 policy templates …\ADM\EN-US\)

    8.    Find “User configuration”-“ Administrative Templates”-“Microsoft Office Outlook 2007”-“Tools| Account Settings”-“Exchange”.

    9.    Please find “Enable RPC encryption” in the right pane. You can enable it or disable it.

    After that, please run “gpupdate /force” to force client to apply the GPO.

    Meanwhile, you can download template for 2003 and edit.

    http://www.microsoft.com/office/ork/2003/tools/BoxA19.htm

    Hope it helps.

    Best regards,

    Xiu

    Tuesday, May 20, 2008 1:15 AM
  • thanks for that Xiu.

    It worked perfectly for Outlook 2007, however the for outlook 2003, the OUTLK10.amd file does not seem to have this setting anywhere.

    Is there a way this can be done for outlook 2003 as well?

    thanks
    Tuesday, May 20, 2008 2:01 AM
  • Hi,
     
    For Office 2003,it should be the outlk11.adm.
     
    Then please downloadORKSP3AT.EXE from http://www.microsoft.com/office/orkarchive/2003ddl.htm and try to see whether Enable RPC encryption setting is there.
     
    If you can not find that setting,then please try to customize the adm file to meet the request.
    1. Please try to open outlk11.adm with notepad.exe.
    2. Copy the below settings to the adm file and save.
     
    POLICY "Enable RPC encryption"
    KEYNAME Software\Policies\Microsoft\Office\11.0\
    Outlook\RPC
    PART "Check to turn setting on; uncheck to turn setting off" CHECKBOX
    VALUENAME EnableRPCEncryption
    VALUEON NUMERIC 1
    VALUEOFF NUMERIC 0
    END PART
    END POLICY
     
    3.Please try to reload adm file and check whether the setting could be done via GPO.
     
    Hope it helps.
     
    Xiu
    Tuesday, May 20, 2008 4:14 AM
  • worked perfectly..

    thanks very much
    Tuesday, May 20, 2008 4:43 AM
  • Glad to hear it works now.
    Tuesday, May 20, 2008 4:52 AM
  • Hi,
     
    For Office 2003,it should be the outlk11.adm.
     
    Then please downloadORKSP3AT.EXE from http://www.microsoft.com/office/orkarchive/2003ddl.htm and try to see whether Enable RPC encryption setting is there.
     
    If you can not find that setting,then please try to customize the adm file to meet the request.
    1. Please try to open outlk11.adm with notepad.exe.
    2. Copy the below settings to the adm file and save.
     
    POLICY "Enable RPC encryption"
    KEYNAME Software\Policies\Microsoft\Office\11.0\
    Outlook\RPC
    PART "Check to turn setting on; uncheck to turn setting off" CHECKBOX
    VALUENAME EnableRPCEncryption
    VALUEON NUMERIC 1
    VALUEOFF NUMERIC 0
    END PART
    END POLICY
     
    3.Please try to reload adm file and check whether the setting could be done via GPO.
     
    Hope it helps.
     
    Xiu

    I have been able to deploy the modified template successfully, & I can see the changes to registry but it doesn't change the settings in Outlook Profile of the user, any thaughts?
    Thursday, December 03, 2009 3:10 AM
  • I'm having the same problem in our setup.

    I would rather not disable the encryptionrequired on the server-side, so I made a GPO according to microsoft's article (http://support.microsoft.com/kb/2006508) but that doesn't seem to work. I can see the changes in the registry and in rsop.msc but not in Outlook, the checkbox for encryption is not ticked. Does anybody know how I can resolve this?

    Kind Regards,

    Davy Neirynck



    Tuesday, December 22, 2009 2:18 PM
  • Hi Guys,

    Sorry to bump an old thread however am having the same issue with Outlook 2010.

    Now the ADM templates clearly state that "Enable RPC Encryption" when set to Enabled will enable RPC Encryption however when set to Disabled or Not-Configured it has no effect.

    What I need to do is clear the "Encrypt data between Microsoft Office Outlook and the Exchange server" flag however it appears to be a manual process?

    Help?

    Rob

     

    Thursday, January 19, 2012 6:44 AM
  • Did you ever find a solution for this? We have the same problem. We need to disable encryption because the (old) Steelhead optimisation appliances we have do not support optimisation of encrypted MAPI, and I's rather use GPO than have to do it manually (and risk users changing it back).
    Friday, May 18, 2012 12:58 PM
  • I know its an old question but the above example works flawless in any direction (disable/enable rpc encryption)

    - You must set this as user setting, it will not work as computer setting!

    Thats all

    Thursday, February 21, 2013 9:19 AM