Just recently I was speaking to a Microsoft Premier Field Engineer (PFE) who had just returned home from a rather arduous onsite dispatch. While onsite he was tasked with unwinding a phenomenon commonly referred to as a "Reply-All" storm (defined below). This task had been so tedious that he half-jokingly mentioned that he was thinking about submitting a formal Design Change Request to the Exchange/Outlook Product Groups with a proposal to remove Reply-All functionality from within Outlook. Well this got me thinking... "could the removal of Reply-All functionality actually be done with the tools at an Administrator's immediate disposal today"? Eventually curiosity got the best of me and I started performing some basic research on the issue. Throughout the course of this research I found a jumbled set of different articles and blog posts that appeared rather half baked in scope to me. That being said, what did become abundantly clear was that there were a significant number of administrators (as well as standard users) who have expressed interest in this functionality and have actually been looking for it for some time.
Presto: Blog idea.
To be clear there are a number of different approaches for achieving the goal of disabling Reply-All in Outlook. The most common technique would appear to be the creation and deployment of custom Outlook toolbars. Far more infrequent are macros in Outlook as well as custom Group Policy Objects (the primary topic of this post). Additionally, while future versions of Exchange will include features to deal with this problem much better (read about Exchange 2010 Conversation View here) - I wanted something that people can use now, with versions of software they currently have.
As previously noted, this post is going to focus on the use and deployment of a custom Group Policy to disable the Reply-All functionality in Outlook. This post will not focus on disabling Reply-All in OWA (which would require modifications to the ASP Pages) and will also not cover disabling this functionality in Windows/Outlook Mobile.
My hope is that you will find this post interesting; that it helps clear up some of the confusion on the subject; and that you learn some new skills along the way. Should and when you choose to deploy a scenario like this, I hope this document serves to aid you in increasing the stability of your messaging environments and networks as a whole.
As you will soon see, this post has a little bit of everything, Exchange, Active Directory, Group Policies, Outlook and even some "old/new school" VBA.
I hope you enjoy it and learn something new in the process!
Nearly every user within a corporate messaging environment has at one time or another been the unfortunate chance victim of a "Reply-All Storm".
It starts out innocently enough:
- Typically a formal communication it sent out to a large internal distribution list.
- A member of the distribution list strays off course or asks to be "taken off the distribution list".
- A series of people start replying "ME TOO" via a Reply-All.
- Another member of the list, "Replies All" to the request, and asks everyone to "PLEASE DO NOT REPLY ALL !!!!@!!@!!!".
- Cycle perpetuates itself over and over.
- Users come into the office and notice literally hundreds of emails all with the same subject sitting in their inbox.
- They read the most recent thread, whisper to themselves (geez...not this again), then proceed to delete the entire thread and possibly miss the actual intention of why the original mail was sent out in the first place.
Not only is this extremely annoying, but obviously has larger corporate and financial implications as well:
- Loss of productivity for client base.
- Potential service interruptions for a variety of different reasons.
- Storage implications on the Exchange Back-End.
- Puts unnecessary strain on Exchange, Active Directory and network links.
- A host of Administrative implications ranging from increased backup times, etc.
- Loss of credibility (if say an external contact was a member of the list or even your immediate manager or "higher ups", etc.)
Upon first read this may seem funny but it is actually a very serious problem. For a blow by blow of the infamous "BEDLAM DL3" issue that occurred internally here at Microsoft several years ago I suggest a review of the following post: http://msexchangeteam.com/archive/2004/04/08/109626.aspx. The issue is definitely real and varying degrees of the problem are most likely occurring somewhere in the world at this very second.
Before Getting Started:
I want to stress that the steps outlined below are not going to resolve an immediate Reply-All storm. However, it is very possible that they may help reduce or mitigate a future problem from occurring once your user base learns (either by word of mouth or "the hard way") that there are potential consequences for perpetuating one. Again, I'm talking about helping to bring about positive educational change in your user base over time.
The steps outlined below will effectively remove a user's ability to use the Reply-All functionality in Outlook via creation and deployment of a custom Group Policy Object (GPO). The examples presented below will target a dedicated Active Directory Organizational Unit. This OU will ultimately become the target for the deployment of the GPO as well as the container where user objects that have Reply-All removed will be homed in the Active Directory. That being said, the techniques presented here could be adapted to a broader environmental context based upon the discretion/desire of the administrator.
Thus to perform the steps here you will need at your immediate disposal:
- Access to the Active Directory.
- The ability to create a dedicated Organizational Unit.
- The rights to move members of your user base to said Organizational Unit.
- The ability to modify and/or create a new custom GPO.
- The ability to link/deploy said GPO.
Hypothetical Scenario and Steps:
You come into the office and your immediate manager mentions that the messaging group has been tasked with removing Reply-All ability for all users who participated in a recent Reply-All storm that impacted a large internal distribution list. Upper management has made a decision to not implement bulk message restrictions to the Distribution List itself (e.g. limiting who can send or reply to messages on the DL), but to simply remove Reply-All ability for all users who played a part in perpetuating the storm. The removal of this functionality will be accomplished via deployment of a GPO as opposed to leveraging other potential options.
Obtain and review the most recent thread in the Reply-All storm and build a list of all individual user accounts that either caused or played a part in perpetuating the storm. Build a master list of these users and denote the current location of their user objects within the Active Directory. Once done, receive "buy-off" from management that these users can and will eventually be moved into a dedicated Organizational Unit that will have a GPO applied that prevents the Reply-All button from being active within Outlook.
Once you have obtained buy-off, build a new Organizational Unit with an obvious clear name. To do so, go into Active Directory Users and Computers, right-click a user container, then select New, Organizational Unit, then provide it with a clear name.
In the examples to follow my OU will be titled: "Users who have Reply All Removed"
Move the users into the new" Users who have Reply All Removed" organizational unit via Active Directory Users and Computers (or your favorite LDAP tool) created in Step-2.
If not already available proceed to download the appropriate Office Administrative Template files. In my scenario all my users can be assumed to be using Outlook 2007 Service Pack 2. The template files can be downloaded here:
Legacy Office Administrative Template Files can be downloaded from Office Online. So if your client base is running Outlook 2003, go here: http://www.microsoft.com/office/orkarchive/2003ddl.htm
Extract the Administrative Template files by running AdminTemplates.exe. Once extracted you should have 3 folders created (ADM, ADMIN, and ADMX):
Build a new Group Policy that links users of the "Users who have Reply All Removed" organizational unit. To do so:
- In Active Directory Users and Computers get Properties of the "Users who have Reply All Removed" organizational unit.
- Select the Group Policy Tab.
- On the Group Policy Tab, select New and give the policy a clear and applicable name such as "Remove Reply-All Ability"
- Once named, select Edit.
- The Group Policy Editor (GPE) opens.
Add the Office/Outlook Administrative Templates
In Group Policy Editor:
- Navigate to User Configuration\Administrative Templates.
- Right-Click Administrative Templates and select Add/Remove Templates.
- On the Add/Remove Templates page select: Add
- Browse to the Outlook Administrative Template and Select Open (in my case I uncompressed the file to my desktop so the path was: c:\Documents and Settings\ericnor\Desktop\OLK2K7 Admin Templates\ADM\en-us\outlk12.adm):
If performed successfully you should now see that the Microsoft Office Outlook 2007 Administrative Template files have been added in Group Policy Editor:
Once you have successfully added the Outlook Administrative Template, you need to properly define and enable the necessary policies. To successfully block "Reply All" functionality we need to enable and define two specific policies in the Administrative Template:
- A policy to disable the actual command button as well as the menu option.
- A policy to disable the keyboard shortcut.
- In Group Policy Editor navigate to the following path: User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Disable Items in User Interface\Custom.
- Once here you will notice 2 policies that will currently show as "Not Configured":
- Disable Command Bar Buttons and Menu Items.
- Disable ShortCut Keys.
- To disable the Command Bar Reply-All button we need to select the Disable Command Bar Buttons and Menu Items Policy.
- Once the policy is open set the State of the policy to Enabled then select the "Show..." button.
- Any and all Outlook Command Bar Buttons that are currently disabled will be present here in a numerical context (although presumably this would be the first time working with the template so you would not see any numerical values present). Click Add, and in the "Enter the Item to Be Added" field, type 355. Once done click OK. You will be returned to the Show Contents page which should now resemble the following. Click OK:
(It's worth making a note here: All command buttons and menu options are referenced by their numerical Command IDs. I will show you how to determine these values in a follow-up post, so that you can apply what you have learned to other command buttons and short-cuts should you desire).
- Back on the Disable Command Bar Buttons and Menu Items policy page, select Apply and OK.
- The "state" of the policy should now show as Enabled.
- Now we need to disable the keyboard shortcut for Reply All. To do so, we need to open the Disable Shortcut Keys policy, configure our settings and enable it. To do so:
- Select and open the"Disable Shortcut Keys" policy.
- Select Enable, and then click the "Show..." button.
- This will bring up the Show Contents page.
- Select Add.
- In the Add Item Window type the following: 82,12
- Click OK which will shift the focus back to the Show Contents pane. Your value should look like this:
(Short-cut keys are always distinguished via the decimal representation of their ASCII character value. In addition the keyboard modifier (e.g. the keyboard combination used to activate the short-cut) needs to be converted to decimal notation and referenced here. As previously noted, I will detail how these values are calculated and converted in a follow-up post).
- Back on the Disable Shortcut Keys property pages, select Apply and OK.
- Back in Group Policy Editor, both policies should now show as Enabled:
- At this point both of your policies are enabled and configured.
- Close Group Policy Editor.
- You will be returned to the Group Policy tab for the "Users who have Reply All Removed" Organizational Unit. Click Apply then Close.
Provide "The List" to Help Desk.
You should inform the Help Desk that there is a very high probability that users on "the list" will be calling in to complain that their Reply-All functionality no longer works. Your Help-Desk personnel should know why.
Create a Distribution List then and add all members of "the List". Send an informational to all users informing them that their "Reply-All" functionality has been removed due to misuse and for "x" amount of time. Once the GPO has been applied to the user workstation, these users will notice that the "Reply to All" button is disabled. If one of these users were to hover their mouse over the disabled button they will be presented with the following information:
They will also notice that the menu option for Reply-All is now disabled:
If the user attempts to issue the keyboard shortcut for Reply-All (CTRL + SHIFT + R), nothing will happen.
I will cover additional related "Techy stuff" on this process in a follow-up post!