How to implement a PST override handler to bypass the PSTDisableGrow policy in Outlook 2007


This article describes how to implement an Personal Folders file (.pst) override handler to bypass the PSTDisableGrow policy in Microsoft Office Outlook 2007.

More Information

To bypass the PSTDisableGrow policy, follow these steps.


To bypass the PSTDisableGrow policy and to follow the steps in this article, make sure that you have the following declarations in the MAPI header files of the Windows Platform software development kit (SDK).
// {892EBC6D-24DC-4d90-BA48-C6CBEC14A86A}
0x892ebc6d, 0x24dc, 0x4d90, 0xba, 0x48, 0xc6, 0xcb, 0xec, 0x14, 0xa8, 0x6a);

// {FBB68D34-F561-44fb-A8CA-AE36696342CA}
0xfbb68d34, 0xf561, 0x44fb, 0xa8, 0xca, 0xae, 0x36, 0x69, 0x63, 0x42, 0xca);

MAPIMETHOD(RegisterTrustedPSTOverrideHandler) \
(THIS_ LPCWSTR pwzDllPath, LPVOID pvClientData) IPURE; \


MAPIMETHOD(GetPersistedRegistrations)(THIS_ SPropValue **ppmval) IPURE; \
MAPIMETHOD(SetPersistedRegistrations)(THIS_ SPropValue *pmval) IPURE; \



Assume that you have a DLL that was created by a third-party. The DLL contains the following export statement.
extern "C" HRESULT __cdecl HrTrustedPSTOverrideHandlerCallback(IMsgStore *pmstore, IUnknown *pOverride, LPVOID pvClientData)
You must sign this DLL by using a digital certificate that is trusted on a user's computer. Any digital certificate that is trusted for code signing will work. For more information about how to sign and check code, visit the following Microsoft Developer Network (MSDN) Web site:
After you sign the DLL, you must enable the PSTDisableGrowAllowAuthenticodeOverrides registry value to bypass the PSTDisableGrow policy. To do this, follow these steps:
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate the following registry subkey:
  3. Click the Edit menu, point to New, and then click DWORD Value.
  4. Type PSTDisableGrowAllowAuthenticodeOverrides, and then press ENTER.
  5. Right-click PSTDisableGrowAllowAuthenticodeOverrides, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
After you enable this registry value, you must manage the user's trust list, especially the list of Trusted Root Certification Authorities.

Control flow for the initial unlock

The following sequence of events occurs after the Setup process:
  1. The application code loads a PST store, it calls the QueryInterface function on the message store for the IPSTOVERRIDEREQ interface, and then it calls the following method:
    IOVERRIDEPSTREQ::RegisterTrustedPSTOverrideHandler(LPCWSTR pwzDllPath, LPVOID pvClientData)
  2. The PST provider uses the WinTrust API to verify that the DLL is signed and trusted.
  3. The PST provider loads the DLL that calls the HrTrustedPSTOverrideHandlerCallback export statement. The export statement passes an IMsgStore* pointer to the PST’s store object. The export statement also passes an IUnknown pointer and the LPVOID parameter from step 1 to the PST’s override object.

    • We recommend that the DLL use the IMsgStore* pointer to verify that the particular store is one that the third-party code can use.

    • We recommend that the DLL checks the process to make sure that the DLL is not unlocking the PST for code it does not know about.
  4. The DLL calls the QueryInterface function on the override object for the IPSTOVERRIDE1 interface.

  5. The DLL calls the IPSTOVERRIDE1::OverridePSTDisableGrow() method, and this method sets a flag to unlock the store for the rest of the session.

  6. If the DLL wants to unlock the PST for other processes, the DLL calls the IPSTOVERRIDE1::SetPersistedRegistrations() method by passing the path of the DLL in a SPropValue property that has the following characteristics:
    • A Value.MVszW property that is set to an array of strings
    The SPropValue property is stored in a MAPI property in the PST’s internal range. This property is inaccessible to ordinary MAPI applications.

    • The IPSTOVERRIDE1::SetPersistedRegistrations() method is not implemented for non-Unicode PSTs.

    • To avoid dynamic linking concerns with .exe files, the IPSTOVERRIDE1::SetPersistedRegistrations() method will preemptively fail if any of the paths in the array do not have a file name extension of .dll.
    • When you use persisted registrations, this adversely affects the performance of applications, such as Outlook and Windows Desktop Search, that open PSTs. Developers should consider the performance effect when they use or expand the usage of persisted registrations.

Control flow for future unlocks

  1. When you load the PST provider, it detects that one or more DLLs were registered by using the IPSTOVERRIDE1::SetPersistedRegistrations() method.

  2. The PST provider calls the IPSTOVERRIDEREQ::RegisterTrustedPSTOverrideHandler method by using the path of the DLL.

    Note The LPVOID parameter will be NULL in this scenario.

  3. Steps 2 through 6 of the “Control flow for the initial unlock” section are now repeated.


For more information, click the following article number to view the article in the Microsoft Knowledge Base:

954268 A hotfix is available for Outlook 2007 that enables certain MAPI applications to create new items in a .pst file after the PstDisableGrow registry entry is configured


Article ID: 956070 - Last Review: Sep 11, 2008 - Revision: 1