Configure client bootstrapping policies in Skype for Business Server 2015

 

마지막으로 수정된 항목: 2016-12-20

Summary: how to manage Group Policy.

The Group Policy Management Console (GPMC) and the Group Policy Object Editor are tools that you use to manage Group Policy. Included with the Office Group Policy Administrative Template are 비즈니스용 Skype.admx (ADMX) and .adml (ADML) Administrative Templates, which contain the registry-based policy settings that you configure for Group Policy objects in the domain. ADML files are language-specific complements to ADMX files. Each ADMX and ADML file contains the policy settings for a single Office application. For more information, see “Office 2013 Administrative Template files (ADMX, ADML)” in the Office 365 documentation at https://go.microsoft.com/fwlink/p/?linkid=267516.

For 비즈니스용 Skype, there are several client bootstrapping policies that you should consider configuring before users sign in to the server for the first time. For example, the default servers and security mode that the client should use until sign-in is complete. You can use Group Policy to establish these settings in users’ computer registries before they sign in and begin receiving in-band provisioning settings from the server. The following table lists the Group Policy settings that are available for 비즈니스용 Skype.

Group Policy Settings for 비즈니스용 Skype

Group Policy setting Description

Specify Server
(ConfigurationMode)

Specifies how 비즈니스용 Skype identifies the transport and server to use during sign-in. Within this setting, you specify the following:

  • ServerAddressExternal: Specifies the server name or IP address used by clients and federated contacts when connecting from outside the external firewall.

  • ServerAddressInternal: Specifies the server name or IP address used when clients connect from inside the organization’s firewall.

  • Transport: Specifies either Transmission Control Protocol (TCP) or Transport Layer Security (TLS).

Additional server versions supported
(ConfiguredServerCheckValues)

Specifies a list of server version names separated by semi-colons that 비즈니스용 Skype 서버 2015 will log on to, in addition to the server versions that are supported by default.

Disable automatic upload of sign-in failure logs (DisableAutomaticSendTracing)

Automatically uploads sign-in failure logs to 비즈니스용 Skype 서버 2015 for analysis. No logs are automatically uploaded if sign-in is successful. If this policy is not configured, the following happens:

For 비즈니스용 Skype 온라인 users: Sign-in failure logs are automatically uploaded.

For 비즈니스용 Skype on-premises users: A confirmation dialog box is shown to the user before upload.

When this setting is disabled, sign-in logs are automatically uploaded to the 비즈니스용 Skype 서버 for both 비즈니스용 Skype on-premises and 비즈니스용 Skype 온라인 users. When this setting is enabled, sign-in logs are never uploaded automatically.

Disable HTTP fallback for SIP connection
(DisableHttpConnect)

Prevents 비즈니스용 Skype 서버 from trying to connect to the server by using HTTP, if TLS or TCP are unavailable. By default, 비즈니스용 Skype first attempts to connect to the server by using TLS or TCP and, if neither of these transport methods is successful, 비즈니스용 Skype tries to connect by using HTTP. Use this policy to disable the fallback HTTP connection attempt.

Require logon credentials
(DisableNTCredentials)

Requires the user to provide logon credentials for 비즈니스용 Skype rather than automatically using Windows credentials during sign-in to a SIP server.

Disable server version check
(DisableServerCheck)

If you set this policy to 1, prevents 비즈니스용 Skype from checking the server name and version before signing in. By default, 비즈니스용 Skype makes these checks before signing in.

Enable using BITS to download Address Book Service files
(EnableBitsForGalDownload)

Enables 비즈니스용 Skype to use Background Intelligent Transfer Service (BITS) to download the Address Book Services files.

Configure SIP security mode
(EnableSIPHighSecurityMode)

Enables 비즈니스용 Skype to send and receive instant messages more securely. This policy has no effect on Windows .NET or Microsoft Exchange Server services.

If you do not configure this policy setting, 비즈니스용 Skype can use any transport. But if it does not use TLS and if the server authenticates users, 비즈니스용 Skype must use either NTLM or Kerberos authentication.

Global Address Book Download Initial Delay
(GalDownloadInitialDelay)

Specifies the time period before a download of the global address list (GAL) occurs. The default value is 60 minutes, which means the server delays the download of GAL file for a random period of between 0 and 60 minutes.

Prevent users from running 비즈니스용 Skype
(PreventRun)

Prevents users from running 비즈니스용 Skype. You can configure this policy setting under both Computer Configuration and User Configuration, but the policy setting under Computer Configuration takes precedence.

Allow storage of user passwords
(SavePassword)

Enables 비즈니스용 Skype to store passwords.

Configure SIP compression mode
(SipCompression)

Specifies when to turn on SIP compression. By default, SIP compression is enabled based on the adapter speed. Note that setting this policy might cause an increase in sign-in time.

Trusted Domain List
(TrustModelData)

Lists the trusted domains that do not match the prefix of the customer SIP domain.

Policies configured on the server take precedence over Group Policy settings and client options configured by the user. The following table summarizes the order in which settings take precedence when a conflict occurs.

Group Policy Precedence

Precedence Location or Method of Setting

1

비즈니스용 Skype 서버 2015 in-band provisioning

2

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Office\16.0\Lync

3

HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office\16.0\Lync

4

The Options dialog box in 비즈니스용 Skype

  1. Create a root-level folder to contain all language-neutral ADMX files. For example, create the root folder for the central store on your domain controller at this location:

    %systemroot%\sysvol\domain\policies\PolicyDefinitions

    note참고:
    This procedure assumes that you want to manage multiple computers in your domain. In this case, you store the templates in a central store in the Sysvol folder on the primary domain controller. This provides a replicated central storage location for domain Administrative Templates.
  2. Create a subfolder for each language that you’ll use. These subfolders will contain the language-specific ADML resource files. For example, create a subfolder for United States English (EN-US) at this location:

    %systemroot%\sysvol\domain\policies\PolicyDefinitions\EN-US

 
표시: