Explore some nontechnical ways to get around the fact that a registry key change preventing the creation of new accounts has no effect on existing accounts.
In “What happens when Outlook POP3 mail is delivered to an Exchange mailbox with Outlook in Cached Mode?” (May 2009, InstantDoc ID 101935) I show you how to deal with POP3 mail that goes to an Exchange Server mailbox when Outlook is in Cached Mode. By default, users can create additional accounts within their Outlook profiles, unless explicitly prevented by administrative measures. In Stop Users from Creating New Email Accounts (October 2008, InstantDoc ID 100237), I list the registry entries needed to prevent account creation by protocol. But what happens when the user already has other accounts in his or her Outlook profile prior to applying this registry key preventing email account creation?
This registry key doesn’t make changes to existing profiles. If users have already added an Internet protocol account to their Outlook profile, it will remain. However, users won’t be able to add a new account if the appropriate keys are added. When the DisablePOP3 value is added to a workstation’s registry, then the POP3 option is removed from the account type drop-down list of available types in the Add New E-mail Account dialog box. (You’ll notice that the POP3 option is missing in Figure 1.) The same applies for other protocols disabled for this user.
For review, these are the DWORD values to prevent account creation:
These values would be applied to the following registry key:
In the registry key <version> represents the base release number for Office:
- Outlook 2007 12.0
- Outlook 2003 11.0
Of course you can push out this change through logon script, Group Policy, or the Office Customization Tool, among other methods.
If a user already has an Internet protocol account in their Outlook profile, administrators should probably follow corporate policies and procedures to have it removed. From a technical standpoint the protocol, such as POP3, can usually be blocked at the firewall or gateway, though this solution isn’t as elegant as removing it at the client.