Discover PST Files for Azure Upload via Group Policy Object

To discover PST files on the network and then upload them to Azure, complete each of the steps detailed below, in order:

Important: Using UploaderWiz with autodiscover mode may not discover the correct owners for the PST file. If it fails to discover the owner, a unique name is created which can make it hard to identify the owner and configure the project properly.  To set up UploaderWiz more directly without using the autodiscover mode, you can use the instructions in this article instead: Using BitTitan UploaderWiz for File Server Migrations

Note: If this project will be shared and there are security concerns, an SAS token may be used. For set up instructions, visit Generate an SAS token for Azure Storage Accounts

Step 1: Create a network share that is accessible to all of your customer’s computers, and put the UploaderWiz-extracted files in the share folder.

Note: For more information about Windows Server file and storage services, read the File and Storage Services Overview TechNet article.

  1. Log on to the file server as an administrator.
  2. Click Start and search for Server Manager.
  3. Click Server Manager from the search results.
  4. Click File and Storage Services.
  5. Click Shares.
  6. Next to Shares, click Tasks.
  7. Click New Share.
  8. In New Share, Disallow Read and Allow Write., then continue through the New Share Wizard prompts until finished.
  9. Click Create.
  10. Write down the share's network path; you will need this when creating the scheduled task.

Step 2: Download and extract the UploaderWiz files into the share.

  1. Log on to the file server as an administrator.
  2. Download the BitTitan UploaderWiz tool from here. Select the shared directory as the download directory, and click the Save button > Once downloaded, select the file: UploaderWiz.exe > select Extract > Extract All > Browse to the shared directory to extract these files into. Click Extract.


Step 3: Create the batch file, which will be called by the Group Policy Object (GPO).


  • Azure access key and Azure secret key. Read the Manage your storage access keys topic from Microsoft for more information.

    The Azure access key refers to the storage account name. The Azure secret key can be either the primary or secondary access key.
  • Create a private blob container. Take note of the name of the blob container.
  • Generate a shared access signature (SAS) token, and then use it instead of the secret key. With a SAS token, you avoid exposing the secret key to all the users who will run the GPO.  instead of the secret key. Read the Generate a shared access signature token for an Azure Storage Account to be used with UploaderWiz article for more information.


  1. While logged into the file server as an administrator, create a batch file in the share, e.g., discover.bat.
  2. Use a simple text editor (e.g., Notepad), and enter the following command parameters in the file:

    \\servername\sharename\UploaderWiz.exe -accesskey <Storage Account Name> -secretkey <Access key> -container <container name> -type azureblobs -autodiscover true -interactive false -filefilter "*.pst"

    • Replace \\servername\sharename with the share's network path. Example: \\PTS-FILESRV\discover\UploaderWiz\UploaderWiz.exe , where the file server name = PTS-FILESRV, the share name = discover, and the files were extracted into a directory named UploaderWiz.
    • If PST files for all users are in a certain directory, then you can add a flag to define the rootpath. For example, if PST files are always in a directory named c:\pst, then you can add the following flag to your command line parameters: -rootpath c:\pst


Step 4: Create a Group Policy Object that forces the domain-joined computers in a security filter to execute the batch file through a scheduled task.

  1. Log on to the Active Directory Domain Controller as an administrator.
  2. Click Start, and search for Group Policy Management.
  3. Click Group Policy Management.
  4. Right-click the desired Active Directory domain, and then click Create a GPO in this domain and select where to connect it.
  5. Enter a name for the GPO, and then click OK.

    Note: By default, the GPO will apply to all users and computers that successfully authenticate to the Active Directory domain.
  6. To narrow the scope of computers that run the batch file, select Authenticated Users, and click Remove.
  7. To confirm the removal, click OK.
  8. To add a new security filter, click Add.
  9. Type the name of the security group that the target computers are a member of, and click Check names.

    Note: We preconfigured the "US Employees" security group for demonstration purposes. For more information about Active Directory security groups, read the Active Directory Security Groups TechNet article.

  10. Click OK.
  11. Right-click the new GPO, and then click Edit.
  12. In the console tree, under Computer Configuration, click Preferences > ControlPanel Settings > Scheduled Tasks.
  13. Right-click under Scheduled Tasks and click New, and then click Immediate Task (At least Windows 7).

    Note: For more information about Scheduled Task Items, read the Configure a Scheduled Task Item TechNet article.

  14. Enter a name and a description for the Scheduled Task.
  15. Click Change User or Group.
  16. Type system into the Object name text box.
  17. Click Check Names.

    Note: Make sure that the system object name resolves to NT Authority\System.
  18. Under Security options, click Run whether a user is logged on or not and add a checkmark next to Run with highest privileges.
  19. In the Configure for drop-down menu, select Windows 7®, Windows Server™ 2008 R2.
  20. Click the Actions tab
  21. Click New.
  22. In the Action drop-down menu, select Start a program.
  23. In the Programs/script text box, enter the network path for the batch file. Note: If you use the Browse button to find the location of the script, it will add the path as c:\xxxx. This is incorrect, since the script needs to include the UNC path and not the local path. Be sure to replace the c:\ format with the \\servername\sharename\ format.
  24. Click OK.
  25. Click the Conditions tab.
  26. Add a checkmark next to Start only if the following network connection is available, and then select Any connection.

  27. Click OK.
  28. Close the Group Policy Management Editor, and then close Group Policy Management.

The discover.bat file will execute on user computers at the next Group Policy refresh, typically every 90 minutes, with a random offset of 0 to 30 minutes.

Step 5: Check Azure blob container for PST files.

After waiting the allotted GPO refresh time, check your Azure blob container for the PST files.

If PST files are not discovered and uploaded to the container, refer to KB005473, for troubleshooting advice.

Note: UploaderWiz log files are stored in %LOCALAPPDATA%\BitTitan folder.

If PST files have been discovered and uploaded to Azure, then you are ready to continue with your PST migration project. You can create a MigrationWiz Personal Archive project, and autodiscover the PST files in Azure and import them into your project, by following the steps in the PST migration guide. KB004993

Was this article helpful?
0 out of 0 found this helpful