General introduction of OST file encryption

OST file (.ost) is an offline folder file in Microsoft Outlook. Offline folders make it possible for the user to work offline and then to synchronize changes with the Exchange server the next time they connect. The ability to work offline is useful in environments with limited or unreliable connectivity.

In this article, I’ll talk about OST file encryption setting in Microsoft Outlook.

I’ve seen many problems like “I can not change the default Compressible Encryption setting in Outlook 2003 to High Encryption”  or “I’m trying to enable the ‘High Encryption’ setting for our OST files but no matter what I’ve tried it doesn’t stick” .

  1. Where to set OST file encryption

In Outlook 2003(other versions nearly the same location), when setting up an exchange email account, you can set OST file encryption.

  • In Control Panel, open Mail;
  • Click E-mail accounts, choose Add a new e-mail account, click Next;
  • Choose Microsoft Exchange Server, click Next;
  • Type in the server name and User Name;
  • In More Settings, In Advanced, click Offline Folder File Settings;

There are three different Encryption Settings.

-No Encryption

-Compressible Encryption (default)

-High Encryption

You will not have the possibility to compact the .OST File when you select “High Encryption”.

  1. What’s the problem


  • In outlook 2002 or earlier

When create your first exchange mail account, you can set any of the three Encryption case and keep the change.

You are allowed to have only one exchange mail account at a time. So when you create your second account, you should remove the existing one. Then if you change Encryption Settings of your offline folders, it turns again to the last setting and can’t be change any more. In this case, you must delete the OST file generated during the last setting under the outlook file default directory.

This is reasonable because a domain user is allowed to have a unique exchange mail account. And it’s OK in this case.

  • In outlook 2003

When create your first exchange mail account, you can set any of the three Encryption case but cannot keep the change. To check it after you set the Encryption Settings, it turns again to No Encryption and can not change it anymore.

Here comes the problem, the buttons and choices are there but are not in use. So of course the outlook users get confused.

  • In outlook 2007 or later

The encryption of these folders was not too good, so it has been removed from Outlook 2007. The now recommended way is to use EFS on the file system, and let that handle the encryption.

  1. Summary


Finally, as is discussed and seen on the Internet, it caused a lot of confusion in Outlook 2003 and that the High Encryption setting was not as strong as the terminology implied. Because confusion and the fact that encryption is also available at the file system level, this setting was removed in Outlook 2007. The current recommendation in Outlook 2007 is that if you wish for the .ost to be encrypted is to use the Encrypted File System (EFS) or in later versions of the operating system you can also use Bit-Locker Encryption.

Comments are closed.