Disabling OST creation for Shared Devices via PowerShell

Create the Device Group
Endpoint Manager - Groups - New Group


Group type - Security
Group Name - AAD_Sec_Device_OST_Disable
Group Description - Devices in this group will not allow users to create OST files
Add members if you already know the devices you want to target.

The group is now created


====================================================================

Create the PowerShell script

Open notepad and add the following text -
New-Item -Path "HKCU:\SOFTWARE\Microsoft\Office\16.0\Outlook\OST" -Force
New-Item -Path "HKCU:\SOFTWARE\Microsoft\Office\16.0\Outlook\cached mode" -Force
New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Office\16.0\Outlook\OST" -Name "NoOst" -Value 2 -PropertyType DWORD -Force
New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Office\16.0\Outlook\cached mode" -Name "Enable" -Value 0 -PropertyType DWORD -Force

Save the notepad file as - DisableOSTcreation.ps1
Ensure the file extension is .ps1



=====================================================================

Deploy the PowerShell script

Endpoint Manager - Devices - Scripts


Add - Windows 10


Name - Disable OST creation
Description - Users will not create OST files when logging on to devices targeted by this script


Script settings -
Script location - browse and upload the PowerShell script - DisableOSTcreation.ps1
Run this script using the logged on credentials - Yes
Enforce script signature check - No
Run script in 64 bit PowerShell Host - No


Assignments - Add the device group we are targeting that was created earlier
AAD_Sec_Device_OST_Disable


Review and add


Add -

===================================================================

Testing -

Summary -
Device Group created - AAD_Sec_Device_OST_Disable
PowerShell script created - DisableOSTcreation.ps1
Script policy created targeting this device group - AAD_Sec_Device_OST_Disable
Device group member - DESKTOP-VJO85Q4

User Experience -
User logs on - dem.shared -
Outlook opens in online mode -


Log on as another user and test -
User logs on - user01 -
Outlook opens in online mode


Log on as another user and test -
User logs on - user02 -
Outlook opens in online mode


=====================================================================


 
About the author -
Terry Munro is an IT specialist based in Brisbane, Australia.
He draws upon over 20 years experience designing and delivering technical solutions to a variety of enterprise clients in the private, Government and Education sectors, to revolutionise client businesses through collaboration and getting the most value from a variety of cloud solutions.
He is passionate about learning new technologies and is a firm believer in sharing knowledge to provide a better experience for all.
You can connect with Terry on LinkedIn - https://www.linkedin.com/in/terry-munro/