Peter Hinchley

The default address book in Microsoft Outlook 2007 is the Global Address Book. It is also the first address book consulted when resolving names in the address list of an email. Although these settings are typically appropriate, they can result in corporate users inadvertently sending an email to an external contact in the Global Address Book that has the same name as an internal contact. This issue can be avoided by setting Internal Contacts as the default address book, and by modifying the address book search order such that Internal Contacts precede the Global Address Book. These tasks can be performed by the end-user, but what if you need to apply the change to thousands of users? Unfortunately the Outlook 2007 group policy template does not provide an option for configuring these settings. They can be changed using code, but I didn't like the idea of either pushing a "patch" to all users within the organisation, or of using a script to apply the patch at logon. I ultimately resolved the issue by using group policy preferences in combination with item-level targeting.

Let's start by reviewing the requirements:

1. Set the default address book to Internal Contacts.

   

2. Set the address book search order to: Internal Contacts, Global Address Book, Contacts.

   

3. The settings must be applied to both existing and new users.
4. Users must be able to override the new settings.

Now let's review a few concepts:

1. The address book preferences are stored within a user's local Outlook profile as binary data.
2. User-based policy settings are applied when a user logs onto the computer.
3. The Outlook profile of a new user is created when the user launches Outlook for the first time.
4. It is possible to use item-level targeting to control when/to whom a group policy preference is applied.
5. Any group policy preference configured with the "Apply once and do not reapply" setting will only be "considered" once. Hence, if this setting is combined with item-level targeting, and the targeting rule determines that the policy should not be applied, no attempt will be made to review the policy at a later date, for according to the operating system it has already been processed. In other words, "Apply once and do not reapply" really means, process only once, regardless of whether the policy is successfully applied.
6. If Outlook discovers existing profile settings when it is first launched by a new user, these settings will be archived, and a completely new profile will be created. For example, if a profile named COMPANY existed, the profile would be renamed to Backup of COMPANY and a new profile created. Hence, if a group policy preference creates a registry entry to set the default address book, and this entry is created at user logon, and therefore before a new user launches Outlook, the setting will be effectively ignored, for it will be archived, and a new profile created when Outlook is first started.

Ok, now that we've got that out of the way, here is the solution:

1. Using the Group Policy Management Console, edit an existing Group Policy object.
2. Expand User Configuration > Preferences > Windows Settings > Registry.

3. Create a new registry item and set an Action value of Update, Hive of HKEY_CURRENT_USER, Key path of Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\COMPANY\9207f3e0a3b11019908b08002b2a56c2, Value name of 01023d06, Value type of REG_BINARY and Value data of X. Where COMPANY should be replaced with the name of the Outlook profile used in the organisation, and X is a binary value extracted from the corresponding registry entry of a computer where the default Outlook address book has been configured correctly. The value will be a long sequence of hexadecimal characters in the form: 00000000DCA740C8C04...

4. Select the Common tab and check the option for Item-level targeting.

   

5. Click the Targeting button.

6. Create two items. The first item should be configured with a Match type of Key exists, a Hive of HKEY_CURRENT_USER and a Key path of Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\COMPANY. The second item should be configured with a Match type of Value exists, Hive of HKEY_CURRENT_USER, Key path of Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\COMPANY\9207f3e0a3b11019908b08002b2a56c2, Value name of 01023d06, and Value type of REG_BINARY. The two items should be joined with an AND clause.

   

7. Create another new registry item identical to that described in step 3 with the exception that the Value name is set to 11023d05 and the Value data should be replaced with the binary data extracted from the 11023d05 value of a computer where the default Outlook address book has been configured correctly.
8. Select the Common tab and apply the same item-level targeting as defined in step 6. Ensure the targeting rules are identical to those in step 6. In particular, ensure the second rule checks for the existence of 01023d06 and not 11023d05, as 11023d05 is created whenever a user opens the Addressing dialog (second image in this post) even if they don't make any changes to the address book search order. As such, 11023d05 cannot be used to reliably indicate if the address book settings have been modified.

That's it. The changes we've made work as follows:

1. When a new user logs onto a computer, the two registry entries will not be immediately created, as the settings are only added when the Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\COMPANY key exists, and this key is only created when a user launches Outlook.
2. The first time the policy is refreshed after the user has launched Outlook, the two registry entries will be created. This occurs because the above key exists, but the 01023d06 value does not (the value is only created when a user changes the default address book).
3. Once the value 01023d06 has been defined, it can be changed by a user (through the Outlook interface) without being overwritten by policy, as the item-level targeting rules ensure the policy is not applied when the value 01023d06 exists. This effectively causes the policy to behave as if the "Apply once and do not reapply" setting was enforced, except this time it actually works, for as previously described, the "apply once" option does not work effectively when combined with item-level targeting.

It's worth noting that this procedure only works if all instances of Outlook in the enterprise are configured with an identical mail profile name (I've assumed the profile is named COMPANY, but you should change it to the name of the profile used in your organisation).