http://www.microsoft.com/en-us/download/details.aspx?id=27217
| Policy Name | Feature | Type | Values | Description |
| ConfigurationMode | Sign-in | REG_DWORD | Not set = User can choose either automatic configuration or advanced transport and server configuration. 0 = Disable transport configuration and use automatic configuration with DNS lookup. 1 = Enable transport configuration and use the settings specified in ServerAddressInternal, ServerAddressExternal, and Transport. | Specifies how Microsoft Lync identifies the transport and server to use during sign-in. If you enable this policy setting, you must specify the transport and either the server name or the server IP address that Microsoft Lync uses. If you disable this policy setting, Microsoft Lync uses a DNS lookup to identify the transport and the server. If you do not configure this policy setting, the user can choose automatic configuration, or the user can specify the transport protocol and either the name or the IP address of the server in Microsoft Lync user preferences. To set the user preferences, from the Microsoft Lync Tools menu, click Options, click the Personal tab, within the SIP Communications My Account area click Advanced, select Configure Settings, type the server name or IP address in Server name or IP address, and then select a transport. Note: You can configure this policy setting under both Computer Configuration and User Configuration, but the policy setting under Computer Configuration takes precedence. |
| ConfigurationMode\ServerAddressExternal | Sign-in | REG_SZ | String (MaxLen 256) | ServerAddressExternal is a subvalue of ConfigurationMode. If you enable ConfigurationMode, you must specify either the server name or the server IP address of the external server that Microsoft Lync uses. |
| ConfigurationMode\ServerAddressInternal | Sign-in | REG_SZ | String (MaxLen 256) | ServerAddressInternal is a subvalue of ConfigurationMode. If you enable ConfigurationMode, you must specify either the server name or the server IP address of the internal server that Microsoft Lync uses. |
| ConfigurationMode\Transport | Sign-in | REG_DWORD | 2 = TCP (default) 4 = TLS | Transport is a subvalue of ConfigurationMode. If you enable ConfigurationMode, you must specify either TCP or TLS transport protocol. Note: In previous versions of Office Communicator, the client could try to connect to the server over TCP. However, Lync Server 2010 no longer supports TCP for client connections. Although you can still use the Transport setting to configure Lync clients to use TCP, you should only do this in lab deployments, not in production environments. |
| ConfiguredServerCheckValues | Sign-in | REG_SZ | String (MaxLen 256) ConfiguredServerCheckValues_VALUE="Server version names (semicolon-separated list):" | Specifies the additional server versions supported. Specify a semicolon-separated list of server version names, for example RTC/2.8;RTC/2.9, to which Microsoft Lync allows a log on, in addition to the server versions that are supported by default. The space character is treated as part of the version string. |
| DisableHttpConnect | Sign-in | REG_DWORD | 0 or not set = A connection using HTTP is attempted if a TCP or TLS connection cannot be established. (Default) 1 = The HTTP fallback option is disabled. | Disables HTTP fallback for SIP connection. Prevents HTTP from being used for SIP connection if TLS or TCP fail. |
| DisableNTCredentials | Sign-in | REG_DWORD | 0 = Windows credentials are sent. Lync authenticates the user based on the same credentials used to log on to Windows. (Default) 1 = Windows credentials are not sent. User is required to provide logon credentials to Lync. | Requires the user to provide logon credentials for Microsoft Lync rather than automatically using the Windows credentials when Microsoft Lync authenticates the user using NTLM or Kerberos. If you enable this policy setting, Microsoft Lync requires the user to provide logon credentials. If you disable or do not configure this policy setting, Microsoft Lync authenticates the user based on the logon credentials for Windows. Note: You can configure this policy setting under both Computer Configuration and User Configuration, but the policy setting under Computer Configuration takes precedence. |
| DisableServerCheck | Sign-in | REG_DWORD | 0 = Lync checks the server version before signing in. (Default) 1 = Lync does not check the server version before signing in. | Disables server version check. Prevents Microsoft Lync from checking the server version before signing in. |
| EnableBitsForGalDownload | Sign-in | REG_DWORD | 0 = Do not use BITS 1 = Use BITS | This policy allows Microsoft Lync to use BITS (Background Intelligent Transfer Service) to download the Address Book Services files. |
| EnableSIPHighSecurityMode | Sign-in | REG_DWORD | 0 = Low Security Mode. Any transport and any authentication method (including Basic or Digest) can be used. Instant messages can pass directly between clients. 1 = High Security Mode. TLS transport is required. Server authentication must use either NTLM or Kerberos authentication. Instant messages and SUBSCRIBE SIP messages must pass through the SIP server. 2 = Medium Security Mode. TLS is not required, but server authentication must use either NTLM or Kerberos authentication. Instant messages and SUBSCRIBE SIP messages must pass through the SIP server. (Default) | Enables Microsoft Lync to send and receive instant messages securely when using the SIP Communications Service. If you enable High Security, Microsoft Lync requires the TLS transport. If the server authenticates users, it must use either NTLM or Kerberos authentication. Instant messages and Subscribes must pass through the SIP server, preventing outbound peer-to-peer communication. If you enable Low Security, Microsoft Lync can use any transport and any authentication method (including Basic or Digest). Instant messages can pass directly between clients, enabling outbound peer-to-peer communication. If you enable Medium Security, all the High Security applies, except that TLS is not required. If you do not configure this policy setting, Microsoft Lync can use any transport, but if it does not use TLS and the server authenticates users, it must use either NTLM or Kerberos authentication. Instant messages must pass through the SIP server, preventing outbound peer-to-peer communication. Note: This policy does not affect Remote Assistance. Note: You can configure this policy setting under both Computer Configuration and User Configuration, but the policy setting under Computer Configuration takes precedence. |
| EnableStrictDNSNaming | Sign-in | REG_DWORD | 0 = Lync can communicate using TLS transport with any SIP server that has an FQDN that ends with the domain portion of the user's SIP URI. (Default) 1 = Lync can communicate using TLS transport with a SIP server only if the server's FQDN is an exact match with the domain in the domain portion of the SIP user's SIP URI, or the FQDN is sip. followed by the domain portion of the user's SIP URI, for example, sip.contoso.com. | When Lync is configured for automatic connection and TLS is enforced, the EnableStrictDNSNaming policy enables Lync to send and receive instant messages securely when using the SIP Communications Service. If you set the EnableStrictDNSNaming policy to Enabled, Lync clients can connect to a server only if the server name matches the user's SIP URI domain, or if the server's FQDN is sip.<URI domain>. For example, if the user's SIP URI is someone@contoso.com, Lync will be able to connect following servers only: - contoso.com - sip.contoso.com Accordingly, if you decide to enable EnableStrictDNSNaming, you must make sure that your SIP server's FQDN matches one of these strict naming formats. If you do not configure this policy or you set it to Disabled, Lync clients can communicate with any SIP server that has an FQDN that ends with the domain part of the user's SIP URI. For example, Lync will be able to communicate with servers named sip.division.contoso.com or lc.contoso.com. One reason for not enabling this policy is if your organization has multiple subdomains and, when setting up certificates, you need the flexibility of allowing non-strict server names. Note: You can configure this policy setting under both Computer Configuration and User Configuration, but the policy setting under Computer Configuration takes precedence. |
| EnableTracing | Tracing | REG_DWORD | Not set = User can specify in Lync options 0 = Disabled 1 = Enabled | Turns on tracing for Lync, primarily to assist with customer problem solving. If this policy is not configured, then the user can specify the choice in Lync options. Otherwise, the corresponding behavior is enforced and the user has no choice. |
| FirstRunLaunchMode | First Run | REG_DWORD | 0 = Enabled with Auto Launch (Default) 1 = Disabled 2 = Enabled without Auto Launch | Defines the behavior of the Microsoft Lync First Run user experience. This setting determines whether First Run is enabled, and whether it runs automatically. |
| HelpMenuText | Extensibility | REG_SZ | String (MaxLen 32) | You can specify a Help website for Microsoft Lync by using the HelpMenuURL and HelpMenuText keys. HelpMenuText specifies the text to display to the user in the Help menu for the Help website specified by HelpMenuURL. Note that both Help Menu Text and Help Menu URL need to be specified in order for the Help Menu item to appear in Microsoft Lync. |
| HelpMenuURL | Extensibility | REG_SZ | String (MaxLen 256) | You can specify a Help website for Microsoft Lync by using the HelpMenuURL and HelpMenuText keys. HelpMenuURL specifies which website to open when the user selects the Help menu text item specified by HelpMenuText. Note that both Help Menu Text and Help Menu URL need to be specified in order for the Help Menu item to appear in Microsoft Lync. |
| PreventRun | Sign-in | REG_DWORD | 0 = Enables Lync 2010 (Default) 1 = Disables Lync 2010 | Prevents users from running Microsoft Lync. If you enable this policy setting, users cannot run Microsoft Lync. If you disable or do not configure this policy setting, users can run Microsoft Lync. Note: You can configure this policy setting under both Computer Configuration and User Configuration, but the policy setting under Computer Configuration takes precedence. |
| SavePassword | Sign-in | REG_DWORD | Not set = User choice (Default) 0 = Users do not have the option to save password 1 = Users have the option to save password | Allows Microsoft Lync to store user passwords. If you enable this policy setting, Microsoft Lync can store a password on request from the user. If you disable this policy setting, Microsoft Lync cannot store a password. If you do not configure this policy setting and the user logs on to a domain, Microsoft Lync does not store the password. If you do not configure this policy setting and the user does not log on to a domain (for example, if the user logs on to a workgroup), Microsoft Lync can store the password. Note: You can configure this policy setting under both Computer Configuration and User Configuration, but the policy setting under Computer Configuration takes precedence. |
| SipCompression | Sign-in | REG_DWORD | 0 = Always disabled (do not compress) 1 = Always enabled (compress) 2 = Enable compression based on adaptor speed (Default) 3 = Enable compression based on ping round-trip time | Defines when to turn on SIP compression. Default: Based on adaptor speed. Setting this policy may cause an increase in sign-in time. |
No comments:
Post a Comment