Planning for Messaging Records Management
Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Although configuring and managing messaging records management (MRM) features in Microsoft Exchange Server 2010 is technically straightforward, planning for a successful MRM implementation can require time, thought, and input from a variety of business disciplines. In addition to Exchange administrators and the IT department, executives, records managers, human resources personnel, legal advisors, and even end users can play important roles in the planning process.
Where Do I Start?
Before implementing an MRM solution, there are many factors to consider, and not all of them are technical. The following sections describe some of these factors.
Sandbox
To learn about installing, configuring, and maintaining MRM, we recommend that you first set up a test environment (sometimes referred to as a sandbox installation). Exchange administrators who are well versed in the details of setting up and configuring MRM in a test environment are in a better position to consult with and make recommendations to other members of the organization about the technical requirements for a successful MRM solution. You can set up a virtualized sandbox environment by using the Windows Server 2008 operating system and Hyper-V. For more information, see Virtualization with Hyper-V: Overview.
You can also use this virtualized environment to test other messaging policy and compliance features such as personal archive, Multi-Mailbox Search, journaling, and Information Rights Management (IRM).
Policies and Plans
The MRM features in Exchange 2010 help your organization implement its records retention and management policies. An effective MRM implementation begins with a records management policy. As you plan to implement an MRM solution, we recommend that you set up a team for the purposes of creating or updating the records management policy of your organization. Among the groups to consider including in the policy creation or review process are:
Records management professionals
Legal counsel
Human resources
Training
Senior management
Information technology (IT) management
Consultants
The team's task is to create a records management policy that's sufficiently broad in scope to address the organization's current and future needs, but also sufficiently clear and detailed to enable the policy to be implemented by an Exchange administrator as an MRM solution. The process of developing this policy can be lengthy. This is because each team member considers, makes suggestions, and revises the work of the others, balancing legal requirements, budget, complexity, and administrative and human considerations to create a policy from which a manageable MRM implementation can be created.
Concerns for the team to consider, especially in organizations that have a well developed e-mail culture, include:
User concerns and possible resistance to an MRM solution
How to monitor and enforce the organization's messaging policies
Keeping Messages Where They Can Be Managed
To manage messages, the Managed Folder Assistant must have access to them. This means that messages must be stored on an Exchange server for effective MRM. This has two consequences:
Users' mailboxes must often be increased in size so that they can hold more items.
Access to personal folder (.pst) files on users' computers should be limited or eliminated.
Increasing Mailbox Size
Keeping all user messages in mailboxes on the server usually means increasing users' mailbox storage quotas, possibly to a gigabyte (GB) or more. The increased performance of Exchange 2010 helps to make these larger mailboxes manageable. A number of changes have been made to the Extensible Storage Engine (ESE) to increase performance and reduce storage requirements. These changes help you in planning for and deploying larger mailbox quotas at a lower cost. For more details about changes to ESE, see New Exchange Core Store Functionality.
Personal Archive
In Exchange 2010, you can provision personal archives for your users, allowing them to have an online archive mailbox that can be accessed using Microsoft Outlook 2010 and Microsoft Office Outlook Web App. Archive mailboxes provide functionality similar to .pst files used by Outlook, but eliminates the risks associated with using .pst files. For more details about some of the risks your organization is exposed to due to the use of .pst files, and how your users can benefit from a personal archive, see Understanding Personal Archives.
With a combination of larger mailboxes and archive mailboxes, you can plan to reduce the usage of .pst files in your organization, with the goal of eliminating it.
Limiting Access to .pst Files
You can start moving users away from using .pst files by creating a group policy that prevents new items from being added to existing .pst files. Making .pst files read-only gives users access to the .pst files they may already have while encouraging them to keep the messages that they want to keep in their Exchange mailboxes. If you plan to deploy archive mailboxes, data from pst files can be moved to the user's archive mailbox. Eventually, you may want to create a group policy to remove access to .pst files altogether.
Limiting access to .pst files can disrupt the work habits of some users, but it also has a number of advantages.
Keeping user messages on the server and limiting access to .pst files can:
Significantly increase the effectiveness of MRM by keeping messages where they can be managed and monitored.
Reduce the risk of losing important data that's stored on individual hard disks rather than on servers that are backed up regularly.
Help to reduce the loss of the organization's intellectual property when vendors, interns, and employees leave the organization.
Improve users' access to their data by keeping everything in their mailboxes.
Make Outlook Web App more effective because all user messages are available anywhere with only a Web connection.
Reduce the cost of legal discovery during a lawsuit. The process of capturing and discovering information that's stored in .pst files is labor-intensive and expensive because .pst files must first be located on user computers and then the contents must be processed by legal personnel.
Configuring User's Systems to Prevent Moving or Copying Exchange Mailbox Data to .pst Files
Outlook 2010 allows you to effectively control your organization's mailbox data so it can't be moved or copied to a .pst file. This allows users to open .pst files and copy the data into an Exchange mailbox, but not copy or move messages from the Exchange mailbox to .pst files. Using Outlook 2010, you can provide your users with a migration path to move messaging data from .pst files to their primary Exchange mailbox or their archive mailbox (if it's provisioned).
To disable the copying of Exchange mailbox data to a .pst file, set the following registry value for your Outlook 2010 users. You can set the registry value by configuring administrative templates in a group policy. You can add Outlook 2010 Group Policy settings to a Group Policy object by adding the Outlook14.adm policy file. For more information about adding or removing an administrative template, see Add or remove an Administrative Template (.adm file).
Warning
Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.
Registry path |
HKEY_CURRENT_USER/Software/Microsoft/Office/14.0/Outlook |
Registry value |
DisableCrossAccountCopy |
Value type |
REG_MULTI_SZ |
Value data |
Domain names used for user's primary SMTP e-mail addresses. For example, use contoso.com to prevent copying or moving data from any mailbox that uses a contoso.com e-mail address as the primary SMTP e-mail address. Use * (asterisk) to prevent moving or copying data from any mailbox. Note In Exchange 2010, domains used for generating e-mail addresses for recipients in your organization are configured as accepted domains. For more information, see Managing Accepted and Remote Domains. |
Note
Using the DisableCrossAccountCopy registry value on a computer running Outlook 2010 doesn't prevent the Outlook 2010 user from copying data to the primary or archive mailbox.
Configuring User's Systems to Operate Without .pst Files in Outlook 2010
Note
The registry values in this section can also be set for Microsoft Office Outlook 2007. Change the Outlook version from 14 to 12.0 to apply these changes to Outlook 2007.
Disable copying or moving messages to .pst files Create a group policy that sets the following registry subkey to a value of
1
. This setting prevents users from moving or copying messages to .pst files. Users can still create new .pst files but they can't add anything to them. This setting blocks only Microsoft Outlook .pst files. It allows Microsoft SharePoint .pst files to be connected and updated in a user's Outlook profile. A similar registry key can be used to disable writing to .pst files in Office Outlook 2003.Warning
Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.
Registry path
HKEY_CURRENT_USER/Software/Microsoft/Office/14.0/Outlook/PST
Registry value
PstDisableGrow
Value type
DWORD
Value data
1
Disable AutoArchive Create a group policy that sets the following registry subkeys to a value of
0
. These settings disable the AutoArchive menu in Outlook and remove the AutoArchive option, which is shown when the user clicks Tools > Options, and then clicks the Other tab.Registry path
HKEY_CURRENT_USER/Software/Policies/Microsoft/Office/14.0/Outlook/Preferences
Registry value Value type Value data ArchiveDelete
DWORD
0
ArchiveMount
DWORD
0
ArchiveOld
DWORD
0
DeleteExpired
DWORD
0
DoAging
DWORD
0
PromptForAging
DWORD
0
Disable creation of new .pst files Create a group policy that sets the following registry subkey to a value of
5575
. This setting removes the Outlook Data File option in Outlook, which is shown when the user clicks File, and then points to New.Registry path
HKEY_CURRENT_USER/Software/Policies/Microsoft/Office/14.0/Outlook/DisableCmdBarItemsList
Registry value
TCID1
Value type
DWORD
Value data
5575
Pilot Program
Starting with a pilot implementation can help you to fine tune your MRM solution and learn about end-user satisfaction before an organization-wide implementation. For example, you may discover that users find a six-month retention period for the Inbox too short, and that they're more comfortable with a one-year limit. Or you may discover that additional journaling would result in a need to upgrade your archiving solution.
Members of an MRM planning team may also be good candidates for the first members of an MRM pilot program. Additional members can be recruited from IT personnel and from interested management personnel. When the pilot program is in stable operation, you can recruit additional members of the organization to join. Any user reluctance to adopt managed messaging can sometimes be lessened with the promise of a larger mailbox, automatic e-mail management (including automatic deletion of routine notices and messages that can be placed in a short-retention folder), and training to deal with any questions or concerns.
How Do I Implement MRM?
When it's time to implement your MRM solution in your organization, you may want to consider a phased implementation to allow the people in the organization and your Exchange system to adapt to the changes required.
Human Considerations During an MRM Implementation
Gradually introducing MRM to users gives them time to adapt to necessary changes in their work habits. A workable plan is to:
Start a pilot program to test and refine the solution.
Invite additional users to join the pilot program. Larger mailboxes and availability of an archive mailbox can be an incentive to join.
When you're ready to roll out MRM to the entire organization, start by offering training on MRM and relevant organization messaging policies.
Increase the size of users' mailboxes.
Apply retention policies to users' mailboxes, but with expiration turned off. Encourage users to familiarize themselves with MRM and to the appropriate retention tags according to their needs and the organization's message retention policy.
Three weeks after retention policies are applied to users, enable MRM and make .pst files read-only.
Be ready to provide a high level of support for users at the start of MRM implementation. (Training in advance of rollout reduces user questions and concern.)
Monitor system performance.
Monitor user compliance.
System Considerations During an MRM Implementation
Your Exchange system must adapt to MRM. The first time the Managed Folder Assistant runs, it typically processes a large number of items. This can be a resource-intensive process for both the Mailbox server and the network. It can also result in Outlook clients consuming large amounts of time and network resources while synchronizing mailbox contents with the server. You should plan carefully to avoid overloading resources. Running the Managed Folder Assistant when the load on the server is light and adding users gradually rather than all at once can help to ensure a smooth transition.
Training and the Human Element
People take their e-mail personally, even when it isn't their personal e-mail. If faced with abrupt changes to the organization's messaging policies, users may feel annoyed or confused, especially if the new policies involve automatically deleting messages. Changes to long-established methods (such as never emptying the Inbox or saving everything to .pst files) have the potential to cause significant disruption for some users. To assure that your MRM implementation proceeds with as little disruption as possible, consider the following recommendations.
- Phased implementation
Introduce MRM gradually rather than all at once.
Training
Training users helps to address concerns in advance and makes for a smoother implementation. Some training topics to consider include:An introduction to the organization's messaging policies.
The necessity for MRM in the modern workplace, including an overview of the potential legal liability that results from a lack of records management, and how that liability can cost the organization money and endanger jobs.
How automatic e-mail deletion can be a timesaver by automatically deleting outdated content that routinely accumulates.
How larger mailbox sizes provide more room for message storage.
How server-based storage increases mobile access to data.
How there may be unavoidable changes to the way users perform certain tasks (for example, not being able to add messages to .pst files), and the necessity of paying more attention to classifying and handling messages.
How MRM helps to conserve the organization's IT resources.
- Advance notice
Notify users in advance that changes are coming. Specifically, notify users of the exact dates that MRM will be implemented and remind them about the changes that will occur.
- User support
Excellent user support in the early phases of the implementation can ease the transition to MRM. Issues that arise during the deployment phase are usually less technical than might be expected. Often, the concerns revolve around users asking questions of the "What do I do?" nature. Having a team of people who can answer this type of question will help to manage these concerns.
Compliance, Monitoring, and Enforcement
The following are some of methods by which users can evade MRM policies:
Saving messages to .pst files (if .pst files aren't disabled by group policy)
Forwarding messages to other locations (such as an external e-mail account)
Saving messages as files on their computers
Sending messages to Microsoft OneNote (by using Outlook 2010 or Outlook 2007)
Printing messages
If your organization has deployed managed folders, by placing all of their mailbox folders in the managed folder that has the longest retention setting.
Educating users about the messaging policies of your organization can help to ensure compliance. However, monitoring may be necessary to ensure that your MRM solution is effective. Enforcement of messaging policies will likely require involvement and guidance from senior management.
Complying with Legal Discovery Orders
In Exchange 2010, Multi-Mailbox Search helps you to comply with legal discovery orders for electronically stored information. You can use Multi-Mailbox Search to search the contents of specified Exchange 2010 mailboxes. You can create powerful search queries using a number of search parameters. Messages returned by the search are copied to the specified Discovery mailbox. To learn more about Multi-Mailbox Search, see Understanding Multi-Mailbox Search.
© 2010 Microsoft Corporation. All rights reserved.