[This is pre-release documentation and subject to change in future releases. This topic's current status is: Milestone-Ready]

Topic Last Modified: 2010-07-18

There are several essential policies and in-band settings that you should check and reconfigure if necessary before you deploy Microsoft Communications Server 2010 clients.

Some of these policies are client bootstrapping policies that specify, for example, the default servers and security mode that the client should use until sign-in is complete. Because these policies take effect before the client signs in and begins receiving in-band settings from the server, you use Group Policy to configure them.

There are also some key client policies and in-band settings that can significantly impact client functionality and should be configured before client deployment.

Group Policy for Client Bootstrapping

The client Group Policy settings listed in the following table must be configured before users sign in to the server for the first time.

Table: Group Policies Needed for Client Bootstrapping

Group Policy Description

ConfiguredServerCheckValues

Specifies a list of server version names separated by semi-colons that Microsoft Communicator will log in to, in addition to the server versions that are supported by default.

DisableHttpConnect

During sign-in, Communicator attempts to connect to the server using TLS or TCP. If neither of these transport methods is successful, Communicator tries to connect using HTTP. Use this policy to disable the fallback HTTP connection attempt.

DisableNTCredentials

Requires the user to provide logon credentials for Communicator rather than automatically using the Windows credentials during sign-on to a Session Initiation Protocol (SIP) server.

DisableServerCheck

By default, Communicator checks the server name and version before signing in. Set this policy to 1 in order to bypass the version check.

EnableSIPHighSecurityMode

Enables Communicator to send and receive instant messages securely when using the SIP Communications Service. This policy has no effect on Windows .NET or Microsoft Exchange Server services.

If you do not configure this policy setting, Communicator can use any transport. But if it does not use TLS and if the server authenticates users, Communicator must use either Microsoft Windows NT LAN Manager (NTLM) or Kerberos authentication.

EnableStrictDNSNaming

Allows Communicator to automatically detect and securely communicate with SIP servers that have non-standard fully qualified domain names (FQDNs).

HelpMenuText

Specifies the text to display to the user in the Help menu for the Help Web site.

HelpMenuURL

Specifies which Web site to open when the user selects the Help menu text item in the Help menu. Both HelpMenuText and HelpMenuURL need to be specified in order for the Help Menu item to appear in Communicator.

PreventRun

Prevents users from running Communicator. You can configure this policy setting under both Computer Configuration and User Configuration, but the policy setting under Computer Configuration takes precedence.

SavePassword

Enables Communicator to store passwords.

ServerAddressExternal

Specifies the server name or IP address used by federated contacts when connecting from outside the external firewall. Set this policy if you want to override the shared setting in HK_CU\Software\Microsoft\Shared\UcClient\ServerAddressInternal

ServerAddressInternal

Specifies the server name or IP address used by Communicator when connecting from inside the organization’s firewall. Set this policy if you want to override the shared setting in HK_CU\Software\Microsoft\Shared\UcClient\ServerAddressInternal.

TourLaunchMode

Controls the availability of the Communicator Tour.

TourURL

Provides an address for the Communicator Tour. The address can point to the local machine, or to an HTTP or HTTPS site in the Windows Internet Explorer Local intranet or Trusted sites security zones.

Transport

Defines the network protocol used by Communicator: Transmission Control Protocol (TCP), or Transport Layer Security (TLS).

Client Version Policy

The default Client Version Policy enforces a minimum of Microsoft Office Communicator 2007 R2 with the January 2010 cumulative update. If clients in your environment are running earlier versions, you may need to reconfigure the Client Version rules to prevent clients and devices from being unexpectedly blocked or updated when connecting to Communications Server 2010. You can modify the default rule, or you can add a rule higher in the Client Version Policy list to override the default rule. Additionally, as cumulative updates are released, you should configure the Client Version Policy to require the latest updates.

Key In-Band Settings

The in-band settings listed in the following table can significantly impact the user experience and should be configured before client deployment.

Office Communications Server 2007 R2 Group Policy Communications Server 2010 in-band setting Description Windows PowerShell cmdlet Cmdlet Parameters

Portrange\Enabled

ucPortRangeEnabled

Specifies whether the port ranges sent by the server should be used by the client for media and signaling. Used in conjunction with the subvalues MaxMediaPort and MinMediaPort.

TBD

Portrange\MaxMediaPort

ucMaxMediaPort

When combined with the ucMinMediaPort, specifies the range of ports used for media. The recommended minimum is 40 ports.

TBD

Portrange\MinMediaPort

ucMinMediaPort

When combined with the ucMaxMediaPort, specifies the range of ports used for media. The recommended minimum is 40 ports.

TBD

See Also