Topic Last Modified: 2011-02-17

This topic discusses the policies and settings that you must consider before you deploy Microsoft Lync Server 2010 clients.

Most of the settings that determine Microsoft Lync 2010 features and functionality are configurable through Microsoft Lync Server 2010 Control Panel. However, there are several essential policies and settings that significantly impact client functionality and that can be configured only by using Group Policy or Lync Server Management Shell.

Some of these key policies are client bootstrapping policies that specify, for example, the default servers and security mode that the client should use until sign-in is complete. Because these policies take effect before the client signs in and begins receiving in-band provisioning settings from the server, they must exist in the client computer’s registry before initial sign-in. You can use Group Policy to configure these policies. There are also certain settings that you should configure by using Lync Server Management Shell before client deployment.

Group Policy Settings for Client Bootstrapping

If you plan to configure any of the client Group Policy settings listed in the following table, you must do so before users sign in to the server for the first time.

Group Policies Needed for Client Bootstrapping

Group Policy setting Description

ConfigurationMode

Specifies how Lync 2010 identifies the transport and server to use during sign-in. If you enable this policy setting, you must specify ServerAddressInternal, ServerAddressExternal, and Transport.

ConfigurationMode\ServerAddressExternal

If you enable ConfigurationMode, you must configure this setting, which specifies the server name or IP address used by clients and federated contacts when connecting from outside the external firewall.

ConfigurationMode\ServerAddressInternal

If you enable ConfigurationMode, you must configure this setting, which specifies the server name or IP address used when clients connect from inside the organization’s firewall.

ConfigurationMode\Transport

If you enable ConfigurationMode, you must specify either Transmission Control Protocol (TCP) or Transport Layer Security (TLS).

ConfiguredServerCheckValues

Specifies a list of server version names separated by semi-colons that Lync Server 2010 will log on to, in addition to the server versions that are supported by default.

DisableHttpConnect

During sign-in, Lync Server attempts to connect to the server by using TLS or TCP. If neither of these transport methods is successful, Lync tries to connect by using HTTP. Use this policy to disable the fallback HTTP connection attempt.

DisableNTCredentials

Requires the user to provide logon credentials for Lync rather than automatically using Windows credentials during sign-in to a SIP server.

DisableServerCheck

By default, Lync checks the server name and version before signing in. Set this policy to 1 in order to bypass the version check.

EnableBitsForGalDownload

Enables Lync to use Background Intelligent Transfer Service (BITS) to download the Address Book Services files.

EnableSIPHighSecurityMode

Enables Lync to send and receive instant messages more securely. This policy has no effect on Windows .NET or Microsoft Exchange Server services.

If you do not configure this policy setting, Lync can use any transport. But if it does not use TLS and if the server authenticates users, Lync must use either NTLM or Kerberos authentication.

EnableStrictDNSNaming

Enables Lync to automatically detect and more securely communicate with SIP servers that have non-standard fully qualified domain names (FQDNs).

EnableTracing

Enables tracing for Lync, primarily for use to assist customer problem solving.

FirstRunLaunchMode

Defines the behavior of the Lync First Run user experience. This setting determines whether the First Run is enabled and whether it runs automatically.

HelpMenuText

Specifies the text to display to the user in the Help menu for the Help website.

HelpMenuURL

Specifies which website to open when the user selects the Help menu item in the Help menu. Both HelpMenuText and HelpMenuURL need to be specified in order for the Help menu item to appear in Lync.

PreventRun

Prevents users from running Lync. You can configure this policy setting under both Computer Configuration and User Configuration, but the policy setting under Computer Configuration takes precedence.

SavePassword

Enables Lync to store passwords.

SipCompression

Defines when to turn on SIP compression. By default, SIP compression is enabled based on the adapter speed. Note that setting this policy might cause an increase in sign-in time.

Additional Policies and Settings

The policies and settings listed in the following table can significantly impact the user experience and should be configured before client deployment.

Group Policy setting Description Windows PowerShell cmdlet Cmdlet parameters

GalDownloadInitialDelay

Specifies the time period before a download of the global address list (GAL) occurs. The default value is 60 minutes, which means Lync Server delays the download of GAL file for a random period of between 0 and 60 minutes.

None

None

Portrange\Enabled

Specifies whether the port ranges sent by the server should be used by the client for media and signaling. Used in conjunction with the subvalues MinMediaPort and MaxMediaPort.

CsConferencingConfiguration

ClientMediaPortRangeEnabled

Portrange\MinMediaPort

Specifies the starting port number to use for media. Combines with MaxMediaPort to specify the range of ports. The recommended minimum range is 40 ports.

CsConferencingConfiguration

ClientMediaPort (represents the starting port number to use for client media)

Portrange\MaxMediaPort

Specifies the highest port number to use for media. Combines with MinMediaPort to specify the range of ports. The recommended minimum range is 40 ports.

CsConferencingConfiguration

ClientMediaPortRange (indicates the total number of ports available for client media; default is 40)

Client Version Policy Settings

The default Client Version Policy requires that all clients run Lync or Microsoft Office Communicator 2007 R2. If clients in your environment are running earlier versions of Communicator, you may need to reconfigure the Client Version rules to prevent clients and devices from being unexpectedly blocked or updated when connecting to Lync Server. You can modify the default rule, or you can add a rule higher in the Client Version Policy list to override the default rule. Additionally, as Cumulative Updates (CUs) are released, you should configure the Client Version Policy to require the latest updates. For details, see Specify the Client Versions Supported in Your Organization in the Operations documentation

See Also