Topic Last Modified: 2011-02-17

This topic discusses the policies and settings that you must consider before you deploy Microsoft Lync Server 2010 clients.

Most of the settings that determine Microsoft Lync 2010 features and functionality are configurable through Microsoft Lync Server 2010 Control Panel. However, there are several essential policies and settings that significantly impact client functionality and that can be configured only by using Group Policy or Lync Server Management Shell.

Some of these key policies are client bootstrapping policies that specify, for example, the default servers and security mode that the client should use until sign-in is complete. Because these policies take effect before the client signs in and begins receiving in-band provisioning settings from the server, they must exist in the client computer’s registry before initial sign-in. You can use Group Policy to configure these policies. There are also certain settings that you should configure by using Lync Server Management Shell before client deployment.

Group Policy Settings for Client Bootstrapping

If you plan to configure any of the client Group Policy settings listed in the following table, you must do so before users sign in to the server for the first time.

Group Policies Needed for Client Bootstrapping

Group Policy setting Description


Specifies how Lync 2010 identifies the transport and server to use during sign-in. If you enable this policy setting, you must specify ServerAddressInternal, ServerAddressExternal, and Transport.


If you enable ConfigurationMode, you must configure this setting, which specifies the server name or IP address used by clients and federated contacts when connecting from outside the external firewall.


If you enable ConfigurationMode, you must configure this setting, which specifies the server name or IP address used when clients connect from inside the organization’s firewall.


If you enable ConfigurationMode, you must specify either Transmission Control Protocol (TCP) or Transport Layer Security (TLS).


Specifies a list of server version names separated by semi-colons that Lync Server 2010 will log on to, in addition to the server versions that are supported by default.


During sign-in, Lync Server attempts to connect to the server by using TLS or TCP. If neither of these transport methods is successful, Lync tries to connect by using HTTP. Use this policy to disable the fallback HTTP connection attempt.


Requires the user to provide logon credentials for Lync rather than automatically using Windows credentials during sign-in to a SIP server.


By default, Lync checks the server name and version before signing in. Set this policy to 1 in order to bypass the version check.


Enables Lync to use Background Intelligent Transfer Service (BITS) to download the Address Book Services files.


Enables Lync to send and receive instant messages more securely. This policy has no effect on Windows .NET or Microsoft Exchange Server services.

If you do not configure this policy setting, Lync can use any transport. But if it does not use TLS and if the server authenticates users, Lync must use either NTLM or Kerberos authentication.


Enables Lync to automatically detect and more securely communicate with SIP servers that have non-standard fully qualified domain names (FQDNs).


Enables tracing for Lync, primarily for use to assist customer problem solving.


Defines the behavior of the Lync First Run user experience. This setting determines whether the First Run is enabled and whether it runs automatically.


Specifies the text to display to the user in the Help menu for the Help website.


Specifies which website to open when the user selects the Help menu item in the Help menu. Both HelpMenuText and HelpMenuURL need to be specified in order for the Help menu item to appear in Lync.


Prevents users from running Lync. You can configure this policy setting under both Computer Configuration and User Configuration, but the policy setting under Computer Configuration takes precedence.


Enables Lync to store passwords.


Defines when to turn on SIP compression. By default, SIP compression is enabled based on the adapter speed. Note that setting this policy might cause an increase in sign-in time.

Additional Policies and Settings

The policies and settings listed in the following table can significantly impact the user experience and should be configured before client deployment.

Group Policy setting Description Windows PowerShell cmdlet Cmdlet parameters


Specifies the time period before a download of the global address list (GAL) occurs. The default value is 60 minutes, which means Lync Server delays the download of GAL file for a random period of between 0 and 60 minutes.




Specifies whether the port ranges sent by the server should be used by the client for media and signaling. Used in conjunction with the subvalues MinMediaPort and MaxMediaPort.




Specifies the starting port number to use for media. Combines with MaxMediaPort to specify the range of ports. The recommended minimum range is 40 ports.


ClientMediaPort (represents the starting port number to use for client media)


Specifies the highest port number to use for media. Combines with MinMediaPort to specify the range of ports. The recommended minimum range is 40 ports.


ClientMediaPortRange (indicates the total number of ports available for client media; default is 40)

Client Version Policy Settings

The default Client Version Policy requires that all clients run Lync or Microsoft Office Communicator 2007 R2. If clients in your environment are running earlier versions of Communicator, you may need to reconfigure the Client Version rules to prevent clients and devices from being unexpectedly blocked or updated when connecting to Lync Server. You can modify the default rule, or you can add a rule higher in the Client Version Policy list to override the default rule. Additionally, as Cumulative Updates (CUs) are released, you should configure the Client Version Policy to require the latest updates. For details, see Specify the Client Versions Supported in Your Organization in the Operations documentation

See Also