How to Disable the negative effects of the Outlook Social Connector 

Organizations may need to disable all or parts of the Outlook Social Connector to protect their privacy, business contact data, and employees' personal information but still have use of it. Disabling the Social Connector or some of its functions is a crucial step for fast and consistent replication of Contact Synchronization of the GAL Sync AND/OR for normal Contacts Sync with Contacts in a folder which also are in the GAL and are being replicated to mailboxes.  

This document describes how to completely unload the Outlook Social Connector using Active Directory group policy, or disable some of the offending functions, and also by a batch file for laptops and off the domain computers and to leave it on and partially turn off the relevant functions.

The Problem:

Outlook Social Connector is changing the modify times of all contacts which leads to long sync times due to the unnecessary mass updates to the destination side Contacts.  This prompts Diditbetter Software (and other Sync programs) to resync all of these items for no real reason other than the social status of the contact.  We call these "Phantom Syncs" because they are not necessary.

 

The Fixes:  

Running a batch file as Administrator to unload the OSC (Outlook Social Connector) as part of Group policy
and/or

By copying the file directly on the users destination machine and running the batch file (as Administrator) and accept the UAC prompt (if required) and putting in a local administrator credentials to run the fix.

and/or

Creating an Active Directory Group Policy and totally disable and unload the OSC add and apply it to your Domain Computers
and/or
Creating a group policy which leaves the OSC add in loaded, and turns off certain parts of the OSC on your Domain Computers to avoid Phantom Syncing contacts with not data changed.
 

Enabling some or combination of these fixes stops the users Outlook (all versions) from loading the OSC on startup of Outlook and thereby periodically updating the contacts in their mailbox based on the contacts exterior “social status”, or with Active Directory and Exchange or O365 when doing GAL Sync.

 

Run the Batch file manually or with some sort of workstation management.   

OSC_Disable.bat - finds all versions of Outlook and changes the load behavior to 0 or unloaded.  Simply unchecking it in the interface is not an option since an update will reactive the add in.

 

For "off the domain" or laptops not directly on the domain, for proper Contact Sync you will need to run a batch file as admin on the destination users Machine.  It has only to be run once per machine, even if it is used by several people.  
This will work for any known version of Outlook client and is essential for consistent and fast synchronization.

 

The contents of the file is listed below.

The batch file is located here and also on the Add2Exchange Machine in the directory:

C:\Program Files (x86)\OpenDoor Software®\Add2Exchange\Setup\OSC_Disable.bat or from :   
 

Important:  This file is also able to run on any “off domain” Outlook clients whose mailbox syncing Contacts through sync programs.

NOTE:  The actual batch file may not need to be run if your Machine management software can inject registry keys to machines.

 

 

NOTE: Unchecking the option from within Outlook Add ins tab (from the interface) is temporary and will reactivate after an Office update.

reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\Outlook\Addins\OscAddin.Connect

 

if %ERRORLEVEL% EQU 0 (

reg add HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\Outlook\Addins\OscAddin.Connect /t REG_DWORD /v LoadBehavior /d 0 /f

)

 

reg query HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\OscAddin.Connect

 

if %ERRORLEVEL% EQU 0 (

reg add HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\OscAddin.Connect /t REG_DWORD /v LoadBehavior /d 0 /f

)

 

reg query HKLM\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\Outlook\AddIns\OscAddin.Connect

 

if %ERRORLEVEL% EQU 0 (

reg add HKLM\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\Outlook\AddIns\OscAddin.Connect /t REG_DWORD /v LoadBehavior /d 0 /f

)

 

reg query HKLM\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Office\Outlook\AddIns\OscAddin.Connect

 

if %ERRORLEVEL% EQU 0 (

reg add HKLM\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Office\Outlook\AddIns\OscAddin.Connect /t REG_DWORD /v LoadBehavior /d 0 /f

)

 

reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\Outlook\AddIns\OscAddin.Connect

 

if %ERRORLEVEL% EQU 0 (

reg add HKLM\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\Outlook\AddIns\OscAddin.Connect /t REG_DWORD /v LoadBehavior /d 0 /f

)

 

reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Office\Outlook\Addins\OscAddin.Connect

 

if %ERRORLEVEL% EQU 0 (

reg add HKLM\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Office\Outlook\Addins\OscAddin.Connect /t REG_DWORD /v LoadBehavior /d 0 /f

)

 

 

Creating a New GPO For Completely Unloading the Outlook Social Connector add-in

 

 

Gal and Contacts Sync – automated load behavior fix – OSC  must be set to "unloaded" (once) on all destination Outlook Machines

 

Used the Microsoft way of installing, and activating the Group Policy and disabling Outlook Social Connector found HERE but this option does not work in all cases. 

 

We have found that this MS solution suggested in the link above does not work specifically for non-domain Outlook clients (home or laptops), or E1 accounts since E1 configuration and MS Online account type does not take part in the Group Policy rules.  Also there could be trouble applying the default group policy on every user, so to apply to the machine is the more direct and consistent way to apply.  It can be run every time  the computer boots, or once on a laptop.  If you run the batch file as administrator it will prompt for UAC if applicable and may prompt for the creds of a user with Administrative rights, and then continue.

Sometimes you may want some of the functions and not all the functions for more granular control and a combination of on domain solution and off the domain solutions are required.  See the last section below.

  

To facilitate the actual creation of the GP, we have created a directory in the setup with the necessary files to run a powershell which automatically creates the group policy. The compressed directory can be located here: 

It is also available in this location on the replication server: C:\Program Files (x86)\OpenDoor Software®\Add2Exchange\Setup\GPO_Creation

 

Copy the directory to your Domain Control and as the Domain Admin.  To activate it run the powershell:  \GPO_Creation\GPO_OSC.ps1 as powershell.

 

If UAC on the DC makes it fail, you can create it manually and apply it to your domain group policy.

  

Step 1. Open Administrative Tools in Control Panel and select Group Policy Management

Step 2. Right click on the empty space and click New

Step 3. Name the New Group Policy and click OK 

Step 4. Right click and Edit the new Group Policy Object 
Step 5. Drill Down to Scripts (startup/Shutdown)

Step 6. Double Click Startup and then click Add 

Step 7. Browse for the OSC_Disable.bat and click OK. Note: (Put the Batch file in the GP object location) 

Step 8: Click Apply and OK

Step 9: Go back to the Group Policy Management Window and Double Click on your new Group Policy

Step 10. Add Security Filtering (Domain Users and Domain Computers) and click ok.

Add the scope to Domain Computers or apply to the the workstations container and apply.

Link it to your domain.

 

This Policy will eventually get all Domain Computers, but again not on laptops not logging directly into the domain (cached creds) and at home or off the domain systems.

Again, for Off the domain computers,  the batch file must be run as admin on Laptops not on the domain or not checking in to the domain (Cached Credentials). Copy the batch file to the computer and Run as Administrator.  If prompted, allow UAC elevation, or allow with a local admin credentials.

 

Close Outlook on the machine and reopen it, or to test the policy, log out and back on or run a gpupdate. 

 

TO VERIFY the policy or batch file worked:  Open Outlook on the machine,  go to  Tools, Options, Add ins.  Select GO for the add ins.  Select Outlook Social Connector and make sure status says “Unloaded”

 

IF so you are done and after the next full sync, you will have fast, consistent and accurate Contact Synchronizations.

 

Tip:  To determine which users have mailbox clients which have not had the successful applied fix, let Add2Exchange Sync several times after the policy has applied and then at about 10:00 AM open The Add2Exchange Console, and select Global Options, and "View Relationships by Duration" and note which users are consistently longer than the others.  It is probable these accounts have a machine which has not applied the fix.

 

 

How to Disable Parts of the Outlook Social Connector

Using AD Group Policy 

Organizations which use Windows Active Directory may still use a GPO to have the OSC still enabled but restrict the functionality.
To configure the policy, follow the instructions to make the Policy and then return to this page for granular configuration:  
Manage the Outlook Social Connector with Group Policy: 

Once the policy is created and applied, expand the User Configuration section. Expand Policies and then Administrative Templates. You will see a new folder called Classic Administrative Template (ADM) has been created

Expand Classic Administrative Template (ADM) and select Outlook Social Connector. You will see a set of configuration or policies on the right panel

Focus on the right panel; double click on the following three policies as it's depicted below and enable each of them. 

If you Turn off Outlook Social Connector, then none of the other functions are relevant.
But if you leave it on, select you can select just the relevant options. 

Be sure to select to disable the option: Block Global Address List Synchronization. 
If we are doing Automatic Gal Sync with Diditbetter Software and the Contacts already have the pictures in the contacts in the folder, you can optionally select not to download pictures from Active Directory.

Close the GPO

Within GPMC, select the domain unit and apply the new Disable Social Connector GPO to the Active Directory Organizational Unit or Units containing your Domain Computers.

Force a restart, GPO update, log off and back on or reboot clients.