Ten Things You Might Not Know About Group Policy and Office Communicator
Microsoft offers Communicator 2007 R2 administrators a variety of Active Directory hosted group policies that can be used to enhance the many powerful features of its Communicator 2007 R2 unified communications client. This article gives you a list of ten Communicator 2007 R2 group policies that when used properly will empower your users with an enriched unified communications client experience.
Author: Mike Adkins
Publication date: March 2010
Product version: Microsoft Office Communicator 2007 R2
Microsoft offers Office Communicator 2007 R2 administrators a variety of Active Directory hosted group policies that can be used to enhance the many powerful features of its Communicator 2007 R2 unified communications client. These group policies which are specific to Communicator supply Office Communications Server administrators with a way to fine tune the Communicator feature set to meet the needs of their growing unified communications infrastructures. This article gives you a list of ten Communicator 2007 R2 group policies that when used properly will empower your users with an enriched unified communications client experience. However, if these policies are applied on a Microsoft unified communications network by administrative personnel that do not have a full working knowledge of them, unexpected results may occur with the following list of Communicator 2007 R2 components:
Audio and video conferencing
Conservation of network resources
VoIP communication choices
Before we start discussing how the Communicator 2007 R2 group policies are used, we will discuss how these policies are implemented in an Active Directory domain infrastructure. By default, the Communicator group policies are installed into the Active Directory domain that is hosting Communications Server. The Communicator group policies are made available to Microsoft customers through the use of the communicator.adm file. The communicator.adm file contains the templates that are used for the computer and user Communications Server group policies. After you download the communicator.adm file, its contents have to be imported into the domain's Active Directory to make the Communicator group policies available through the domain's group policy editor. For detailed information about downloading the latest version of the communicator.adm file and importing the Communicator group policies into your domain's Active Directory see the “Additional Information” section later in this article.
|You must be a member of the local Domain Administrator group to import the contents of the communicator.adm file into the local domain’s Active Directory.|
After you have imported the administrative template for Communicator into the local Active Directory for your domain, you will be able to graphically view the contents of the administrative templates as shown in Figure 1. One of the first things that you will notice is that there are two sets of Communicator group policies. One set is listed under the Computer Configuration node and the other is under the User Configuration node. Here’s a quick definition of both types of group policies:
Computer Configuration: Administrators can use computer configuration policies to set policies that are applied to computers, regardless of who logs on to the computers. Computer configuration typically contains sub-items for software settings, Windows settings, and administrative templates.
User Configuration: Administrators can use user configuration policies to set policies that apply to users, regardless of which computer they log on to. User configuration typically contains sub-items for software settings, Windows settings, and administrative templates.
By default, the addition of updates to group policies is checked on a 90-minute interval. If you want your users to download their newly updated Communicator policies immediately, do the following:
For user configuration policies, the user must log off and then log back on to Windows.
For computer configuration polices, the user must restart Windows.
Figure 1. From Administrative Tools Active Directory Users & Computers
1. Disable AudioVideo Conferencing (DisableAVConferencing)
The Disable AudioVideo Conferencing policy prevents a user that is signed into the Communicator client from initiating an audio/video (A/V) conference with its peers. However, this group policy does not keep that Communicator user from joining an A/V enabled conference that is being hosted by a Communicator user that does not have this group policy applied to their user or computer account. In this case, the originator of the A/V conference will be able to share their instance of the Communications Server meeting policy and its permissions with all attendees of the A/V enabled conference. The Communications Server meeting application level policy will override the Communications Server Disable AudioVideo Conferencing group policy.
2. Disable PC to PC Video (DisablePC2PCVideo)
The Disable PC to PC Video policy prevents a user that is signed into the Communicator client to initiate a video call with another single Communicator peer. However, that same Communicator client that has the Disable PC to PC Video group policy enabled on their user or computer account is able to initiate an A/V conference with other peers by using the Microsoft Office Live Meeting client.
3. Disable Data Conferencing (DisableDataConferencing)
The Disable Data Conferencing group policy prevents a user that is signed into the Communicator client to escalate to a conference using the Live Meeting client. However, this group policy does not keep that Communicator user from joining a conference that is being hosted by a Communicator user that does not have this group policy applied to their user or computer account. In this case, the originator of the Live Meeting conference will be able to share their instance of the Communications Server meeting policy with all attendees of the Live Meeting conference. The Communications Server meeting application level policy will override the Communications Server Disable Data Conferencing group policy.
4. Allow Hyperlinks in Instant Messages (PolicyEnableURL)
Communications Server hosts a way to filter instant messages for hyperlink content at the application level. This is done by configuring the Intelligent Instant Messaging (IIM) filter at the level of its pool. If the IIM filter has the Allow instant messages that contain hyperlinks, but convert hyperlinks to plain text option enabled, then the group policy Allow Hyperlinks in Instant Messages will be overridden by the IIM filters application level policy and the Communicator clients will receive hyperlinks that begin with an underscore and have been converted to text in their IM conversation windows. On the other hand, if the IIM filter is set to Allow Instant Messages that contain hyperlinks and the group policy Allow Hyperlinks in Instant Messages is disabled, the sending Communicator client will create the URL as text in its IM conversation window, and the receiving Communicator clients will receive and display the URL as text. Also, if Enable URL filtering is not selected in the Communications Server IIM filter, the group policy Allow Hyperlinks in Instant Messages will take precedence for the management of hyperlinks for the Communicator clients on your network.
5. Disable Simultaneous Ringing (DisableSimultaneousRinging)
The Disable Simultaneous Ringing group policy prevents the Communicator client from using the simultaneous ringing feature on the Enterprise Voice (EV) enabled menu. This group policy will take precedence over the global Communications Server Enterprise Voice settings for the chosen Communications Server Meeting policy. So if the Communications Server Meeting policy has simultaneous ringing enabled for Enterprise Voice enabled users and the Disable Simultaneous Ringing policy is enabled for specific Communicator users through group policy, those specific Communicator users will not have the availability of the simultaneous ringing feature with their Communicator client. However, in this scenario all users that do not have the Disable Simultaneous Ringing group policy enabled and applied will be using the simultaneous ringing setting of the Communications Server meeting policy. Please remember, if the Communications Server meeting policy has simultaneous ringing disabled, all Communications Server Enterprise Voice users that adhere to this Communications Server meeting policy have simultaneous ringing disabled regardless of the Disable Simultaneous Ringing group policy setting.
6. Maximum Allowed Number of Contacts (MaximumNumberOfContacts)
The default value for this policy is set to 150. The maximum allowed value for this Communicator group policy is 1000. The group policy value will override the Communications Server pool server setting. The group policy provides a way to manage the number of contacts that certain groups of users can have. The benefit of this is that this group policy can be used to help manage the amount of resources that the Communications Server pool servers will have to use during user sign-in peak periods. When Communicator users sign in to the Communications Server environment, their contact list is evaluated, and this evaluation generates additional SIP requests and responses that the Communications Server pool sever and Communications Server back-end databases have to process. In large Communications Server initial deployments, it is wise to keep the number of contacts value to a lower level until the deployment is completed. Then increase the number of contacts through Active Directory by using this Communicator group policy in manageable increments. This will help eliminate the possibility of Communications Server front-end server performance issues during the sign-in process of the Communications Server pool’s Communicator clients.
7. Specify Dynamic Port Ranges (PolicyPortRange)
This Communicator policy allows the management of TCP and UDP connections for the Communicator client. The Communicator client will use the ephemeral port range for the RTP traffic, which is used for audio and video communications. This group policy can be used when it is imperative that you limit the port range for the RTP media traffic which the Communicator client will generate. When enabled, the Specify Dynamic Port Ranges group policy requires the use of the following two sub group policies.
PortRange/MaxMediaPort: If the Specify Dynamic Port Ranges Communicator group policy is enabled, you must set the value of the PortRange/MaxMediaPort group policy to the port number that will be the highest in the range of ephemeral ports that will be used for streaming audio and video traffic that is using the RTP protocol.
PortRange/MinMediaPort: If the Specify Dynamic Port Ranges Communicator group policy is enabled, you must set the value of the PortRange/MinMediaPort group policy to the port number that will be the lowest in the range of ephemeral ports that will be used for streaming audio and video traffic that is using the RTP protocol.
For detailed information about using these Communicator dynamic port ranges group policies, see Media Port Range Registry Keys at http://go.microsoft.com/fwlink/?LinkId=187328.
8. Telephony Mode (TelephonyMode)
The Communicator client supports several modes of VoIP communications. These modes are remote call control, Communications Server Enterprise Voice, and communication between two Communicator clients. The TelephonyMode Communicator group policy allows Communicator clients to use a locked down configuration that will meet the VoIP policies form the Communications Server infrastructure. The following are the possible settings for this policy:
0 = Enable computer-to-computer calling only. No call control is enabled (default).
1 = Enable enterprise voice telephony features.
2 = Enable RCC and computer-to-computer calling.
3 = Enable both enterprise voice and RCC.
4 = Enable RCC without computer-to-computer calling.
5 = IM and Presence only; no audio.
For more detailed information about using the TelephonyMode policy, see Communicator 2007 R2 Call Scenarios at http://go.microsoft.com/fwlink/?LinkId=187329.
For a comparison of Communicator 2005 and Communicator 2007 R2 remote call control configurations, see http://technet.microsoft.com/en-us/library/bb870385.aspx.
9. Disable RCC Forwarding (DisableRCCForwarding)
Remote call control is a feature of a PBX that allows the VoIP phones on a network to come online and share the same configuration that is configured for them on the PBX that hosts the VoIP network. One of the features that is shared by most PBXs is call forwarding. Call forwarding allows VoIP phones to forward calls to destinations that are chosen by the VoIP phones user. When a Communicator client is configured as a remote call control client, it cannot inherit the call forwarding features that are designed into the Communications Server Enterprise Voice client. Instead it will inherit the call forwarding features that are provided by the PBX that is hosting it on the VoIP network. Third-party remote call control call forwarding is not a fully supported feature. However, it is recognized as a compatibility issue that appears intermittently when the Communicator client is brought into an existing VoIP network as a remote call control client with a legacy PBX installation. As a means to troubleshoot issues with remote call control call forwarding, the Disable RCC Forwarding group policy was implemented. This allows administrators to toggle the remote call control call forwarding feature on or off while troubleshooting remote call control call forwarding issues.
10. Disable Sharing Control with Users in an Application Sharing Session (PolicyDisableApplicationSharingControl)
This policy can be effectively applied only under Computer Configuration in the Group Policy Editor. The policy is listed under Computer Configuration and User Configuration for the Communicator group policies. However, the policy will not work with the user configuration because of the design of Communicator application sharing.
For detailed information about using the Communicator policy Disable Sharing Control with Users in an Application Sharing Session, see Microsoft Office Communications Server 2007 R2 Common Issues with GPO and Registry Settings at http://go.microsoft.com/fwlink/?LinkId=148115.
After you have applied the Group Policy Object (GPO) to the Active Directory domain or organizational units that host the Communications Server enabled users or Windows computers, you will need to make sure that the Communicator group policies are applied correctly to the Windows clients on the network.
The Microsoft Resultant Set of Policy (RSoP) snap-in that ships with Windows is the easiest way to find out if the correct Communicator policies have been applied in Windows or to the Communicator user.To use RSoP to verify Communicator policies
Click Start, click Run, type rsop.msc, and then click OK.
When the RSoP application opens, all the available group policy information for the Windows client will be visible in the RSoP dialog box, and you will be able to view the group policies listed under Computer Configuration and User Configuration as shown in Figure 2.
Figure 2. Resultant Set of Policy - showing the user configuration
If you cannot see the Communicator policies that you have applied to the user or computer configuration of the Windows client in the RSoP snap-in, use the following commands at a command prompt on the Windows client to see if you can update and access the GPO that is hosting the Communicator group policies that you have deployed:
c:\>gpupdate/force This command will attempt to pull the updated user or computer group policy information to the Windows client. The command will prompt you to restart, but if restarting or logging back on to the Windows is not an immediate option, type N for no. Next, you can use the following command line tool to see if the group policy has been downloaded to the Windows client.
c:\>gpresult The results of this command will display the distinguished name of the user or computer on which the command is run. If you have just moved the user or computer into an OU that has the Communicator group policies applied to it, you will be able to confirm that Active Directory updated that user or computer. The gpresult command will also display the time the last group policy update took place on the Windows client computer.
The Communicator 2007 R2 group polices give the Communications Server administrator a way to manage the client deployment that is very specific to their Communications Server infrastructure. Having a good understanding of the intended design and uses for the Communicator group policies is needed to make sure that the implementation of the Communicator client on your network is managed correctly. The overall result of proper group policy use is almost seamless to the end user who will be able to optimally use their Communicator client as a unified communications client throughout their workday.
To learn more, check out the following:
Group Policy for Unified Communications Clients, http://go.microsoft.com/fwlink/?LinkId=178987
Microsoft Office Communications Server 2007 R2 Client Group Policy Documentation, http://go.microsoft.com/fwlink/?LinkId=146075
Office Communicator 2007: Communicator 2007 Policies Documentation, http://go.microsoft.com/fwlink/?LinkId=101686
Visit the Communications Server main page at http://go.microsoft.com/fwlink/?LinkId=132607.
View the complete Communications Server documentation library at http://go.microsoft.com/fwlink/?LinkId=132106.
Download the Communications Server content as Word documents at http://go.microsoft.com/fwlink/?LinkId=133609.
Download the Communications Server documentation as a compiled help file at http://go.microsoft.com/fwlink/?LinkId=160355. (Scroll down to the Additional Information section and download OCSDocumentation.chm.)
Read weekly articles for Communications Server IT professionals on NextHop at http://go.microsoft.com/fwlink/?LinkId=181907.
Read NextHop articles in the Technical Library at http://go.microsoft.com/fwlink/?LinkId=185344.
Subscribe to NextHop feeds on the OPML List for NextHop page at http://go.microsoft.com/fwlink/?LinkId=185345.
Read weekly articles for Communications Server developers on UCode at http://go.microsoft.com/fwlink/?LinkId=177892.
Follow tweets from the Communications Server team at http://go.microsoft.com/fwlink/?LinkId=167909.