How to Centralize Outlook Signature - Part 2

As i promise today i'm here to continue and explain final steps which need to centralize Outlook signature. So let's recap what was doing in  Part 1 and what need to do to proceed with the centralize of Outlook signature. With few words the first step is to download PsExec from After that create the GPO in your Domain Controller to allow remote connection through PsExec. When deploy the GPO in the clients run the WinRM command to allow clients to accept remote commands through Powershell. All these are prerequisites that must complete.



If you would like to read the other parts in this article series please go to:



Now we will proceed with the tasks that needed to centralize Outlook signature.

  1. Create the Outlook Signature Template.
  2. Download and Configure Powershell Script base on your requirements
  3. Create GPO and deploy it in your enviroment.


  1. Create the Outlook Signature Template.
  • Create new Signature in Outlook with any name that you want. For example <company name>.
  • Design the signature base on the policy of the company and change the user properties (Name, Email, and Title) with the specific user properties or Attributes from Active Directory in Outlook Signature. In the Example i use a very simple signature template just to show you.

  • To find the name of user property, Login in your Domain Controller and open the Active Directory Users and Computers.
  • Choose one of the user and right click select Properties.
  • Select the Tab Atribute Editor and find the property that you want to use. For example to use the name of the user find in the Attribute Editor for the Name attribute.

  • After change the user properties with the attributes of Active Directory copy the Signature in a new Word file and rename it as the Outlook signature name.
    For example if you save the outlook signature name as companysignature save the word file as companysignature.docx.
  • Create a new folder in \\domainname\netlogon\ as sig_files or whatever you want.
  • Create another one folder in \\domainname\netlogon\sig_files\ with your company name.
  • Copy the Word file in the specific path of the Domain Controller  \\domainname\netlogon\sig_files\<companyname>
  • I don’t have test to copy in any other UNC file in my server.


  1. Download and Configure Powershell Script base on your requirement.
  • Download the PowerShell script from 
  • Open the Powershell scipt(you can open it with any editor like Notepad++ or Powershell ISE) and edit the Custom Variables of powershell scipt. If you don't change the data from custom Variables then the powershell script will never run.
    $Signature = add the signature name that you have create in Outlook.
    $SigSource = Add the path of your word file that include the signature.
    $SignatureVersion = Except from the first time when you have a change in User Properties or in Powershell Script must be change to understand and deploy the changes in the users.


  1. Create GPO and deploy it in your enviroment.
  • Login in your Domain Controller and open the Group Policy Management
    Go in Group Policy Object , Right Click  and select New to create the new Policy.
  • After create the Group Policy, go in the right side find the Group Policy, Right Click and select Edit.

  • Go in User Configuration - - > Policies - - > Windows Settings - - > Scripts(Logon/Logoff)

  • From the right side with right click in Logon select Properties.
  • Click in Tab PowerShell Script​.
  • Click Add. 


  • Click Browse and find the powershell script.
  • Click Open and OK.

  • Go in the Organization Unit that you want to apply and with right click choose Link an Existing GPO.
  • Choose the GPO that you have create.

  • After link the GPO verify that you have click in the Organization Unit that you want to deploy the Group Policy, go in the right side and with right click in the Group Policy click Enforced.

  • Last step is to go in Group Policy Objects , choose your GPO and select in which Group or Users will be applied in Security Filtering. If your don’t choose specific Group ot Users the default is Authenticaed Users. It’s better to change and add exactly where must be applied.


That's it. We finish and now when the user Log off and login again will be deploy the new Outlook signature.

If you want to check it go in one of the users or use your test user and Log off/Login. Open the Outlook and try to create new email and you will see the new signature.

If nothing change then you must check very carefull all the steps from the begining to identify where is the problem. Most common issues are 2

  • The prerequisites aren't configure correctly.
  • Sometimes maybe forget to configure the users or groups which be applied from the Policy in Security Filtering.

In the Powershell script you can configure another Custom Variables like:

  • don't allow users to change the signature.
  • Add more attributes to configure in the signature like Tel, Country or any attribute that has the Active Directory.

I have explain the basic features of this script because it's so much and can't explain in one Article.

If you intrested you can send me any request in my email or commented to explain more for the Powershell script.

I hope my article to give you knowledge and not become boring !!!!

See you soon!!


Disqus Comments