How to prevent Outlook for Windows from adding native signatures

Problem:

You are managing email signatures centrally in your organization by using dedicated signature software (such as CodeTwo Email Signatures 365 or CodeTwo Email Signatures On-prem). You would like to disable native/personal signatures added in Outlook for Windows to avoid the problem of duplicated signatures in your users’ emails.

Solution:

To turn off Outlook for Windows native signatures centrally, you can use one of the modern Web Add-in’s advanced options (CodeTwo Email Signatures 365 only), a Group Policy Object (GPO) or Microsoft Intune. Click the links below to learn more.

• Disabling native Outlook signatures with the modern Web Add-in
• Disabling native Outlook signatures with GPO
• Centrally disabling signatures in Outlook for Windows with Intune

Using Web Add-in to disable native Outlook signatures

If you use CodeTwo Email Signatures 365 together with our Outlook Web Add-in, you can centrally disable native Outlook signatures for all your users for whom the add-in was deployed. It’s possible for both the users who get Outlook (client-side) signatures in Outlook and who use the add-in to preview cloud (server-side) signatures in Outlook. To achieve this, sign in to CodeTwo Admin Panel and access the Web Add-in’s settings page, as described here. Turn on Always disable default (native) Outlook signatures for all users with the CodeTwo add-in under advanced settings (Fig. 1.).

Fig. 1. Disabling native Outlook signatures for users with both cloud and CodeTwo Outlook signatures (combo mode).

As of now, native signatures will no longer be added automatically when users compose a new message or use the reply/forward option in Outlook, regardless of the signature mode. Learn more

Disabling native Outlook signatures with GPO

Downloading policy definitions (ADM/ADMX files)

If you don't have the Administrative Template policy settings (ADM or ADMX) files for the Outlook version used in your organization, you need to download them:

• Office 2016, Office 2019, Office 2021 LTSC, Office 2024 LTSC or Microsoft 365 Apps for enterprise
• Office 2013
• or find them yourself in the Microsoft Download Center.

Creating a new GPO in Windows Server

1. To install policy definitions in Windows Server 2008 and newer, open the location of the downloaded ADM/ADMX files.
2. Open the ADMX folder and copy all the .admx files to the following directory:

%SystemRoot%\PolicyDefinitions

3. The ADML files are a significant part of the policy definition and need to be installed along with the ADMX files. If you open the PolicyDefinitions folder (see step 2) you can see at least one directory with the name that corresponds to your system's locale, e.g., en-US. Inside the downloaded policy settings package, in the ADMX folder, there are several subfolders with similar locale-related names. In order to complete the installation of the policies, you need to:
   • Ensure that you have opened the PolicyDefinitions folder and the ADM/ADMX files' download location (Fig. 3.).
   • Find out which directories with language-based names exist both in the PolicyDefinitions folder and in the download location.
   • In the download location, copy the folders whose names can also be found in the PolicyDefinitions folder.
   • Paste the copied folders into the PolicyDefinitions folder (see Fig. 3.).

Fig. 3. Copying files to PolicyDefinitions.

4. Now you need to create a new Group Policy Object. Open the Group Policy Management Editor by launching gpmc.msc from the Windows Start menu.
5. In the left pane, right-click your domain and select Create a GPO in this domain, and Link it here.
6. Name your new GPO (e.g., No signatures) and click OK.
7. Select the newly created object to open it.
8. On the Scope tab, remove Authenticated Users from the Security Filtering pane and add Domain Computers instead.
9. In the same pane, add the Security Group that you created earlier (e.g., Users with no signature), as shown in Fig. 4.

Fig. 4. Setting up a new GPO object for a specific security group.

10. Finally, right-click your GPO in the left pane and select Edit from the shortcut menu. In the window that appears, navigate to User Configuration > Policies > Administrative Templates (or Classic Administrative Templates) > Microsoft Outlook [2010] (the number depends on your Outlook version) and Outlook Options, then Mail Format (Fig. 5.).

Fig. 5. The location of the enabled policy.

11. In the right pane you will see the Do not allow signatures for e-mail messages option. Enable it, as shown in Fig. 5.

(Optional) Remove manually created email signatures

The GPO you’ve set up blocks access to the signature settings. However, it does not delete signatures that have already been created. To delete existing native Outlook email signatures, follow these steps.

1. Paste the following code into any text editor:

Get-ChildItem -Path "$env:USERPROFILE\AppData\Roaming\Microsoft\Signatures" | ForEach-Object {Remove-Item -Path $_.FullName -Recurse}  # This script accesses the roaming profile of the active user and deletes all email signatures found there.

2. Save the file with a *.ps1 extension, for example, RemoveSignatures.ps1. Then, copy it to a network location, preferably accessible by all domain users.
3. Edit your No signatures GPO and go to User Configuration > Windows Settings > Scripts (Logon/Logoff) and open Logon properties or Logoff properties.
4. Click the PowerShell Scripts tab and find your PowerShell script using the browser.

Fig 6. Applying a new Logon script.

5. Apply the changes.

All users have to log out and then log in for the changes to be applied. Moreover, you can manually force the policy update by running gpupdate /force. Keep in mind that these changes do not take effect immediately because the time of this process depends on your environment's configuration.

Additional steps for click-to-run and Microsoft 365 Outlook versions

Once you complete the procedure described above, the following key will be added to the Windows registry for each user included in the GPO:

HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office\16.0\common\mailsettings
"disablesignatures"=dword:1

Unfortunately, Outlook for Microsoft 365 and Outlook installed using the click-to-run installer seem to ignore this key. As a result, the policy to disable personal signatures is not applied at all for users with these versions of Outlook.

To solve the problem, you need to either:

• Use a Cloud Policy instead of a GPO (recommended) or
• add a slightly different registry key, which will work with the affected Outlook versions, to your policy (as shown below).

Here’s how to do it:

1. Right-click your No signatures (or whatever you named it) policy and choose Edit.
2. Once you’re in the editor window, go to User Configuration > Preferences > Windows Settings in the left-hand pane.
3. Next, right-click Registry, and choose New > Registry Item, as shown in Fig. 7.

Fig. 7. Adding a new registry key to your policy.

4. In the dialog that opens, provide the following details (Fig. 8.):

• Software\Microsoft\Office\16.0\Common\MailSettings in the Key Path field (bear in mind your Office version may be different, so you’ll need to replace 16.0 with the actual number of your version),
• disablesignatures in the Value name field,
• choose REG_DWORD for Value type,
• in the Value data field type 1,
• select Decimal as Base.

Fig. 8. Configuring the registry key settings.

5. Finally, click OK.

See also:

• How to disable native signatures in Outlook on the web (OWA) and the new Outlook for Windows
• How to disable native signatures in Outlook for Mac
• How to disable native signatures in Outlook for iOS/Android
• An email rule is applied more than once to the same message