Assigns a client policy to a user or a group of users. Among other things, client policies help determine the features of Microsoft Communicator "14" that are made available to users; for example, you might give some users the right to transfer files while denying this right to other users. Many of the client policies used in Microsoft Communications Server 2010 are derived from the Group Policy settings used in Microsoft Office Communications Server 2007 R2.
Syntax
Grant-CsClientPolicy -Identity <UserIdParameter> [-PolicyName <String>] [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-PassThru <SwitchParameter>] [-WhatIf [<SwitchParameter>]] |
Parameters
Parameter | Required | Type | Description |
---|---|---|---|
Identity |
Required |
XdsIdentity |
Indicates the Identity of the user account the policy should be assigned to. User Identities can be specified using one of four formats: 1) The user's SIP address; 2) the user's Universal Principal Name; 3) the user's domain name and logon name, in the form domain\logon (e.g., litwareinc\kenmyer); and, 4_ the user's Active Directory display name (for example, Ken Myer). Note that the SAMAccountName cannot be used as an identity; that's because these names are not necessarily unique in a forest. In addition, you can use the asterisk (*) wildcard character when using the Display Name as the user Identity. For example, the Identity "* Smith" would return all the users with the last name Smith. |
PolicyName |
Required |
String |
"Name" of the policy to be assigned. The PolicyName is simply the policy Identity (minus the policy scope). For example, a policy with the Identity Redmond (which displays as tag:Redmond when you do a Get-CsClientPolicy) has a PolicyName equal to Redmond; a policy with the Identity RedmondConferencingPolicy has a PolicyName equal to RedmondConferencingPolicy. To assign the global policy to a user, do not include the -PolicyName parameter when calling Grant-CsConferencingPolicy. |
DomainController |
Optional |
String |
|
PassThru |
Optional |
Switch Parameter |
|
WhatIf |
Optional |
Switch Parameter |
|
Confirm |
Optional |
Switch Parameter |
Prompts you for confirmation before executing the command. |
Detailed Description
In Communications Server 2010 client policies replace the Group Policy settings used in previous versions of the product. In Microsoft Office Communicator 2007 and Microsoft Office Communicator 2007 R2 Group Policy was used to help determine what users could do with Communicator and with Live Meeting; for example, there were Group Policy settings that determined whether or not users could save a transcript of their instant messaging sessions; whether information from Microsoft Outlook was incorporated into their presence information; and whether or not users could include emoticons or formatted text in instant messages.
As useful, and as powerful, as Group Policy is, however, the technology still has some limitations, especially when applied to Microsoft Communications Server. For one thing, Group Policy is designed to be applied on a per-domain or per-OU basis; that makes it difficult to target policies towards a more select group of users (for example, all the users who work in a particular department, or all the users who have a particular job title). For another, Group Policy is only applied to users who log on to the domain, and who log on using a computer; Group Policy is not applied to users who access Microsoft Communications Server over the Internet or who access the system by using a cell phone. This means that the same user can have a very different experience depending on the device her or she uses to log on, and where he or she logs on from.
To help address these inconsistencies Communications Server 2010 uses client management policies instead of Group Policies. Client policies are applied each time a user accesses the system, regardless of where the user logs on from and regardless of the type of device he or she is using. In addition, client policies - like other Communications Server 2010 policies - can readily be targeted towards select groups of users; you can even create a custom policy that’s assigned to a single user.
In case you’re wondering, many of the Group Policy settings from Office Communications Server 2007 R2 have been migrated to the new client policies; client policies contain a number of settings - DisableRTFIM; DisableOneNote12Integration; EnableTracing - that have been carried over from Office Communications Server 2007 R2. In addition, client policies also include settings such as DisablePoorNetworkWarnings and DisplayPhoto - that are unique to Communications Server 2010.
Client policies can be configured at the global, site, and per-user scopes. Per-user policies are client policies that can be assigned to a user or group of users. In order to assign these per-user policies you will need to use the Grant-CsClientPolicy cmdlet.
Return Types
Grant-CsClientPolicy does not return a value. Instead, the cmdlet assigns users instances of the Microsoft.Rtc.Management.WriteableConfig.Policy.Client.ClientPolicy object.
Examples
-------------------------- Example 1 --------------------------
Copy Code | |
---|---|
Grant-CsClientPolicy -Identity "Ken Myer" -PolicyName SalesPolicy |
In the preceding example, the client policy SalesPolicy is assigned to the user with the Identity Ken Myer. Note that, when assigning a policy, you use the policy "name" rather than the full policy Identity. (The "name" is simply the policy Identity minus the scope identifier, so tag:SalesPolicy would be SalesPolicy.)
-------------------------- Example 2 --------------------------
Copy Code | |
---|---|
Get-CsUser -LDAPFilter "Department=Sales" | Grant-CsClientPolicy -PolicyName SalesPolicy |
In the second example, all the users who belong to the Sales department are assigned the SalesPolicy client policy. To carry out this task the command first uses the cmdlet Get-CsUser and the -LDAPFilter parameter to return a collection of all the users who are members of the sales department (that is, who have a department attribute value equal to Sales). The collection of users is then "piped" to Grant-CsClientPolicy, which assigns the policy SalesPolicy to each user in the collection.
-------------------------- Example 3 --------------------------
Copy Code | |
---|---|
Get-CsUser -LDAPFilter "(&(Title=Accountant)(l=Redmond))" | Grant-CsClientPolicy -PolicyName RedmondAccountingPolicy |
In Example 3, the client policy RedmondAccountingPolicy is assigned to all the users who meet two criteria: the user must have the job title Accountant, and the user must work in the city of Redmond. To do this, the command first uses Get-CsUser and the -LDAPFilter parameter to return a collection of all the users who work in Redmond and have the job title Accountant. The filter value "(&(Title=Accountant)(l=Redmond))" limits the returned data to users who have the job title Accountant (Title=Accountant) and (&) work in Redmond (l=Redmond). When writing LDAP queries, the l attribute represents the locality (city) for the user account in question.
After Get-CsUser returns the relevant user accounts that collection is then piped to Grant-CsClientPolicy, which assigns the policy RedmondAccountingPolicy to each user in the collection.
-------------------------- Example 4 --------------------------
Copy Code | |
---|---|
Get-CsUser -LDAPFilter "(|(Title=Accountant)(Title=Senior Accountant))" | Grant-CsClientPolicy -PolicyName AccountingPolicy |
The preceding command assigns the policy AccountingPolicy to all the users who meet either of two criteria: either the user has the job title Accountant or the user has the job title Senior Accountant. To carry out this task Get-CsUser and the -LDAPFilter parameter are used to return a collection of users with the job titles Accountant or Senior Accountant. The filter value "(|(Title=Accountant)(Title=Senior Accountant))" limits return data to users with the job title Accountant (Title=Accountant) or (|) the job title Senior Accountant (Title=Senior Accountant). This filtered collection is then piped to Grant-CsClientPolicy, which assigns the client policy AccountingPolicy to each user in the collection.
-------------------------- Example 5 --------------------------
Copy Code | |
---|---|
Get-CsUser -Filter {RegistrarPool -eq "atl-cs-001.litwareinc.com"} | Grant-CsClientPolicy -PolicyName AtlantaBranchPolicy |
In Example 5 all the users with accounts "homed" on the registrar pool atl-cs-001.litwareinc.com are assigned the client policy AtlantaBranchPolicy. To do this, Get-CsUser is first called to return the appropriate user accounts; including the -Filter parameter and the filter value {RegistrarPool -eq "atl-cs-001.litwareinc.com"} ensures that only user accounts homed on the registrar pool atl-cs-001.litwareinc.com will be returned. This collection is then piped to Grant-CsClientPolicy which, in turn, assigns each user the client policy AtlantaBranchPolicy.