Questions in setting up Security group policies for Lync 2013 Users

Similar Messages

• Group Policies for OS X users

  Hey folks,
  I'm trying to determine approprate GPO settings for some computer-based OS X accounts. I have a computer in the bedroom and one in the kitchen that both auto-login as special domain accounts. One is something like kuser (for kitchen) and the other is buser (for bedroom). They are domain users b/c they need access to my photo library and itunes library (both shares on a 2003 member server).
  Since printing in a domain enviroment pretty much requires storing the user/pass in the SMB URL and that is stored in plain text, I want to make sure these users have VERY limited access in the domain. I want to prevent login to anything other than the two special computers. However the AD "log onto" setting doesnt seem to effect OS X.
  So, are there GPOs that will have ANY effect? Obvisouly the windows specific settings will have no effect, but can anyone recomend what I need to do to secure the domain against someone trying to use these special users?
  Thanks!
  -N

  I'm very confused by what you're trying to accomplish, but you don't necessarily need a GPO to grant or restrict access to resources. You'll use permisssions on computer objects in the Active Directory Users & Computers console.
  For example, if you don't want a particular domain account to use a particular computer, you can simply deny access to that user in that computer object.
  If I'm missing your point, can you please clarify what you're after?
  bill
  1 GHz Powerbook G4   Mac OS X (10.4.3)  

• Questions on MCX Policies for Laptop/Mobile Users:

  Questions on MCX Policies for Laptop/Mobile Users:
  I have several managed Macs running Leopard. Many of them are MacBook laptops. My main MCX policies involve mapping printers and mounting network volumes at login. These are simple computer and group policies to help make the users life a little easier when it comes to finding and using network resources such as file server volumes and network printers.
  Since most of my users are laptops, they are expressing 2 major concerns involving their laptops when they are off the LAN (i.e.; on the road at a cafe, working at home, staying at a hotel or when they have no network at all)
  1) When users are off our LAN, the Mac still tries to mount the network volumes in their OD/MCX login items when the user logs in (with cached mobile credentials). Can this be avoided? Windows PCs do not do this. If the PC laptop cant find an AD DC, they simply don't run the login scripts and thus dont try to mount/map network volumes. How can I make the Mac laptops only mount network volumes when they are on the LAN?
  2) Most Mac users have a Cisco VPN client, and use it regularly to connect to the company's LAN from home, hotels etc. Of course when they log into the network via VPN, their network volumes are not mounted automatically. Is their a way to re-run the MCX managed login items script once they connect to the VPN and mount (i.e.; "map") their network drives? Sure, users can simple use the "Connect To Server" option in the FInder (or perhaps try and use the god-awful Leopard Finder side bar discovery browser thingy which I hate - never mind), but I need a consistent automated way to mount volumes quickly and easily for my mobile users. There must be a way to run (or re-run) the login items part of my MCX policies.

  Ping!
  I'm looking for this functionality too. Anyone have a solution to either of these? One that came to mind is to wrap the login items in a script which detects if the LAN is available.

• I am trying to set up a group contact for my golf league, but can't find a way to do this on the iphone

  I am trying to set up a group contact for my golf league, but can't find a way to do this on the iphone

  That's because you can't.  You make the contact group on the computer application with which you're synching your contacts.  Or you can find an app in the app store.

• Article for managing contacts and group for Lync 2013

  I came across this article, but it says it's for Lync 2010.  Is there an updated one somewhere for Lync 2013?
  http://office.microsoft.com/en-us/communicator-help/manage-your-contacts-and-contacts-list-HA101835254.aspx#_Toc311106901

  Hi
  Check this link for Lync 2013
  http://office.microsoft.com/en-in/videos/video-add-contacts-and-create-groups-in-lync-2013-VA104023099.aspx
  http://office.microsoft.com/en-in/videos/redir/HA102828912.aspx?CTT=5&origin=VA104023099
  http://office.microsoft.com/en-in/videos/redir/HA102832427.aspx?CTT=5&origin=VA104023099
  Whenever you see a helpful reply, click on Vote As Helpful & click on Mark As Answer if a post answers your question.

• How can I set the default home page for all new users in Firefox 4

  I'm trying to deploy FF 4.0rc1 in a corporate environment but I can't find a way to set the default home page or any other settings for that matter.
  Is there a way to set the default home page for all new users and lock it so that the users can't change home page?
  Best regards
  Jonas

  In Firefox 4 the template folder for new profiles (C:\Program Files\Mozilla Firefox\defaults\profile\
  ) doesn't exist. You can create that \defaults\profile\ folder and place a file user.js in it with the prefs that you want to initialize.
  See:
  *http://www-archive.mozilla.org/catalog/end-user/customizing/briefprefs.html
  You can also use a mozilla.cfg file to set the default value for prefs.<br />
  See: http://kb.mozillazine.org/Locking_preferences
  defaultPref(); // set new default value
  pref(); // set pref, but allow changes
  lockPref(); // lock pref, disallow changes

• Help Please.  I am setting up my macbook pro for a second user but office didn't transfer over.  Is there a way to have additional users on the same comp have office available without having to re-install it for each user?

  Help Please.  I am setting up my macbook pro for a second user but office didn't transfer over.  Is there a way to have additional users on the same comp have office available without having to re-install it for each user?

  mpr130 wrote:
  Help Please.  I am setting up my macbook pro for a second user but office didn't transfer over. Is there a way to have additional users on the same comp have office available without having to re-install it for each user?
  How did you attemp to transfer Office?
  OS X Lion: Set up a guest account

• IISARR URLS for Lync 2013 not working externally

  Hello All,
  Currently facing issue of opening lyncdiscover.domain.com from external.
  I have created the server farm uing IISARR for Lync2013 & added 5 rules under the server farm as shown below:
  meet.domain.com
  dialin.domain.com
  lyncdiscover.domain.com
  owebapp.domain.com
  When I tried browse all the above URL's none of the URLs are opening & showing below errors as attached screen shot:
  Also when I tried test by using Lync 2013 Connectivity Analyzer showing below errors
  SIP Uri: [email protected]
  Logging test parameters:
  User Name: 
  Discovery Type: Automatic Discovery
  Network access: NetworkAccessInternal
  Selected client: ApplicationLMX
  Starting Lync server autodiscovery
  Please wait; this test may take several minutes to complete...
  Starting automatic discovery for secure (HTTPS) internal channel
  lyncdiscoverinternal.domain.com can't be resolved by the DNS server. Skipping internal discovery.
  For more information on DNS requirements for automatic discovery, please refer to http://go.microsoft.com/fwlink/?LinkId=278998 
  Starting automatic discovery for secure (HTTPS) external channel
  Sending HTTP request to https://lyncdiscover.domain.com/[email protected]
  Cookie  found in autodiscover response: StatusCode: 500, ReasonPhrase: 'URL Rewrite Module Error.', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
    Cache-Control: private
    Date: Mon, 08 Sep 2014 11:51:26 GMT
    Server: Microsoft-IIS/8.5
    Content-Length: 5694
    Content-Type: text/html; charset=utf-8
  Autodiscover: SendRequest(): the URL https://lyncdiscover.domain.com/[email protected] couldn't be connected.  Complete HTTP headers:\r\n Cache-Control: private
  Date: Mon, 08 Sep 2014 11:51:26 GMT
  Server: Microsoft-IIS/8.5
  Couldn't connect to URL https://lyncdiscover.domain.com/[email protected]
  Reason: Internal server error (HTTP status code 500)
  System.Exception: Exception of type 'System.Exception' was thrown.
     at Microsoft.LyncServer.WebServices.AutoDiscoverManager.TerminateAD(String mesg)
     at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<SendRequest>d__d.MoveNext()
  --- End of stack trace from previous location where exception was thrown ---
     at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
     at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
     at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
     at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<TryNextUrl>d__3.MoveNext()
  --- End of stack trace from previous location where exception was thrown ---
     at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
     at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
     at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<StartDiscoveryJourney>d__0.MoveNext()
  --- End of stack trace from previous location where exception was thrown ---
     at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
     at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
     at LyncConnectivityAnalyzerCore.Utilities.<RetrieveUserLocation>d__3e.MoveNext()
  Server discovery failed for secured external channel against https://lyncdiscover.domain.com/
  Starting automatic discovery for unsecure (HTTP) external channel
  Sending HTTP request to http://lyncdiscover.domain.com/[email protected]
  Cookie  found in autodiscover response: StatusCode: 500, ReasonPhrase: 'URL Rewrite Module Error.', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
    Cache-Control: private
    Date: Mon, 08 Sep 2014 11:51:44 GMT
    Server: Microsoft-IIS/8.5
    Content-Length: 5765
    Content-Type: text/html; charset=utf-8
  Autodiscover: SendRequest(): the URL http://lyncdiscover.domain.com/[email protected] couldn't be connected.  Complete HTTP headers:\r\n Cache-Control: private
  Date: Mon, 08 Sep 2014 11:51:44 GMT
  Server: Microsoft-IIS/8.5
  Couldn't connect to URL http://lyncdiscover.domain.com/[email protected]
  Reason: Internal server error (HTTP status code 500)
  System.Exception: Exception of type 'System.Exception' was thrown.
     at Microsoft.LyncServer.WebServices.AutoDiscoverManager.TerminateAD(String mesg)
     at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<SendRequest>d__d.MoveNext()
  --- End of stack trace from previous location where exception was thrown ---
     at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
     at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
     at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
     at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<TryNextUrl>d__3.MoveNext()
  --- End of stack trace from previous location where exception was thrown ---
     at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
     at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
     at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<StartDiscoveryJourney>d__0.MoveNext()
  --- End of stack trace from previous location where exception was thrown ---
     at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
     at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
     at LyncConnectivityAnalyzerCore.Utilities.<RetrieveUserLocation>d__3e.MoveNext()
  Server discovery failed for unsecured external channel against http://lyncdiscover.domain.com/
  None, AutoInternalDNSFail, AutoInternalSecureD, AutoInternalUnsecureD, AutoExternalSecureD, AutoExternalUnsecureD, ManualDNSFail, ManualSecureD, ManualUnsecureD, AuthBrokerInternalLMXCheckGET, AuthBrokerInternalLMXCheckPOST, AuthBrokerExternalLMXCheckGET, AuthBrokerExternalLMXCheckPOST,
  MobilityMCXInternalLMXCheckGET, MobilityMCXInternalLMXCheckPOST, MobilityMCXExternalLMXCheckGET, MobilityMCXExternalLMXCheckPOST, LMXSIPServerInternalDNS, LMXSIPServerExternalDNS, MobilityUCWAInternalCheckPOST, MobilityUCWAExternalCheckPOST
  Automatic discovery of the Lync server failed. Please verify the server requirements at http://go.microsoft.com/fwlink/?LinkId=278998 
  Microsoft Lync Connectivity Analyzer cannot analyze deployment readiness until a discovery test has completed successfully.
  =============================================================================
  NOTE : For my current Set Up for Lync 2013 please refer this link & kindly ignore the SQL archiving & monitoring issue for database mismatch version as it is resolved:
  http://social.technet.microsoft.com/Forums/lync/en-US/032a8ef2-636d-40ae-a4f1-951e9a39999f/lync-2013-archiving-and-monitoring-sql-database-version-mismatch-issues?forum=lyncdeploy
  Any help really appreciated
  Regards
  Anand S
  Thanks & Regards Anand Sunka MCSA+CCNA+MCTS

  Hi,
  Please make sure there is no typos in the URL rewrite rule.
  You can configure IIS ARR to display more information with the error with the following path:
  Open IIS Manager –> Sites –> Default Web Site –> Error Pages –> Edit Feature Settings.
  Select Detailed error
  Then you can access simple URL again to check the full error message.
  More details:
  http://unifiedme.co.uk/2014/04/iis-arr-500-internal-server-error-get-meaning-full-info/
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
  sure that you completely understand the risk before retrieving any suggestions from the above link.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• How to Install Ethical wall for Lync 2013

  Hello!
  So many times I've tried to installed Ethical wall in Lync Front end 2013 Server but I think m doing msticke the step am doing.....So can anyone tell where I'll get right docs to install step by step ethical wall for lync 2013
  Yogi

  The other competitive solution is from Devcentrics Technologies....
  http://devcentrics.com/Home/DCF The product name is DC Stockade with following features;
  Enables ethical wall in Lync deployment        
  Option to chose either users, group or VLAN based e-wall        
  Allow or block Federated domains        
  Allow or block PIC domains        
  Block or mask the profanity words as per compliance policies
  Setup alert for violation(s)
  Archiving & reporting of violations
  User defined custom reports & an advanced dashboard
  Options to integrate with SMS and service desk system
  Role based access on the application
  Easily configurable & web based user interface
  Integrated with Active Directory        
  Auto IM Bot for ethical wall
  Regards, DevC | Unified Communications Architect | www.devcentrics.com - A UC Partner

• OU For Lync 2013 Central Forest deployment when using GAL Sync

  Hello,
  We are attempting to set up Lync 2013 in a Central Forest configuration. We have a 2 way forest trust in place. The primary forest being A.com, the secondary forest being B.com. Exchange 2010 is deployed in both forests. Lync 2013 is deployed in forest A.com.
  We currently have FIM 2010 installed, using GAL Sync between both forests. For GAL Sync, we have an OU in Forest A.com active directory called GALSync. There are currently contacts in that OU that correspond with the user accounts in forest b.com. Here's
  my question:
  When configuring FIM MA's for Lync 2013 Central Forest deployment, can I point the LCSCFG.xml file to the SAME GALSync OU we use for  GAL Sync? Will it see the contacts already exist and just update with the necessary attributes needed to provision
  the forest B.com users for Lync? Do I need to create a separate OU for the Lync MA to use? Or, am I going about this in the wrong way?
  Any help you can provide will be greatly appreciated.
  Thank you

  Thanks for the reply Anthony
  Almost right. The only difference is that the remote users will get the autodiscover url and the ews url from their local domain and dns.
  Here is how it is setup:
  Shared public namespace           
  mycompany.com (email address and sip address use this in both domains)
  Central Forest (mycompany.com)
  Lync 2013
  Exchange 2013
  Autodiscover url              
  autosdiscover.mycompany.com/autodiscover/autodiscover.xml             
  192.168.10.10
  EWS Url                               
  https://mail.mycompany.com/EWS/Exchange.asmx                      
  192.168.10.11
  Remote Forest (Fabrikam.com)
  Lync 2010
  Exchange 2010
  Autodiscover url              
  autosdiscover.mycompany/autodiscover/autodiscover.xml       
  192.168.11.23
  EWS Url                               
  https://mail.mycompany.com/EWS/Exchange.asmx                      
  192.168.11.24
  User in Fabrikam login locally with their Fabrikam credentials. They have a Lync enabled contact in mycompany. There is a 2 way trust in place. They login to mycompany Lync fine.
  When they do the autodiscover DNS lookup, they return the same autodiscover and EWS url, but they point to the local Exchange 2010 since their mailbox and user account still resides there and that is the system that the Fabrikam account has access to.
  Autodiscover works fine for Outlook.
  I will take a look at Fiddler

• What is best recommendstion for DNS LB for lync 2013 Edge servers

  What is best recommendation for DNS LB for lync 2013 Edge servers ?. We have F5 LB for edge and want to decide if we can go with DNS base LB for Edge servers.
  Anil MCC 2011,ITIL V3,MCSA 2003,MCTS 2010, My Blog : http://messagingschool.wordpress.com

  It will be better to Use Hardware Load balancing (F5).
  If you choose to use DNS load balancing for a pool but still need to implement hardware load balancers for traffic such as HTTP traffic, the administration of the hardware load balancers is greatly simplified. For example, configuring the hardware load balancer
  will be simpler as it will only manage the HTTP and HTTPS traffic, while all other protocols will be managed by DNS load balancing
  Also for more info., you can check below links
  http://technet.microsoft.com/en-us/library/gg615011.aspx
  http://technet.microsoft.com/en-us/library/gg398634.aspx
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Mai Ali | My blog: Technical | Twitter:
  Mai Ali

• Do we need License for Lync 2013 Edge server?

  Hello Team,
  We are currently running Lync 2013 Standard Edition Server. We are planning to enable users for External access and planning to deploly Lync 2013 edge server.
  1. Do we need License for Lync 2013 Edge server?
  2. Any other client licenses needed?
  Please advise.

  Hi,
  No you don't required any additional License in order to install Lync Edge server. the only license required at OS level i mean windows server licence in terms of Lync concern you don't require any additional License   
  check this 
  https://products.office.com/en-us/lync/microsoft-lync-licensing-overview-lync-for-multiple-users
  http://lyncuc.blogspot.in/2013/02/lync-2013-licensing-guide-how-to.html
  And for client also you don't require any additional license with your existing client license will work for externally as well
  Whenever you see a helpful reply, click on Vote As Helpful & click on Mark As Answer if a post answers your question.

• SQL Cluster requiremnt for Lync 2013

  Hi
  We are are planning to deploy Lync 2013 enterprise. Planning to use SQL cluster. Would like to clarify whether we must create a sepearte sql instance for Lync 2013 or can we use an existing shared instance to create a seperate database for Lync. 
  We prefer 2nd approach. Is there any issues or demerits using existing shared SQL instances?
  Thanks and regards,
  Aboo Arif

  Hi AbooArif.
  This kind of question is very common. Basically here is the Microsoft Documentation about it.
  Database software support in Lync Server 2013 
  https://technet.microsoft.com/en-us/library/gg398990.aspx
  This point is the important: "If you collocate Lync Server databases with other databases, we highly recommend assessing all factors that might affect availability and performance, as well as ensuring that, if one node fails, the remaining node can
  handle the load. To verify failover capabilities, we recommend testing all failover scenarios."
  We can say the following: It's recommended to use a separate SQL server for Lync, however collating Lync database with other SQL databases will work, but has an high probability of present some performance problems. Many customers prefer to use this option
  considering the cost of SQL licenses.
  It is important to consider all the hardware requeriments for the Lync Server BackEnd role:
  https://technet.microsoft.com/en-us/library/gg398835.aspx because the normal issue when customers share the SQL server with other instances is due to performance issues. Also note
  that if you have multiple front end pools, these cannot share a SQL server.
  PLEASE REMEMBER, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answered"

• Physical cpu to virtual cpu ratio for LYNC 2013 FE

  what
  should be the physical cpu to virtual cpu ratio for LYNC 2013 FE and Edge server, it is same like exchange 1:1 ?

  Putting this here as well:
  I don't believe this is documented anywhere.   I typically see 6 cores, but I've run with 4 or 8 but in the end it's all about watching performance.
  System Center Advisory for Lync can complain if it's not at least 8.
  http://support.microsoft.com/kb/2877496
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications

• Bandwidth required for Lync 2013 audio video call

  Hi,
  what is the required bandwidth required for  lync 2013 audio video call from out side of company network. considering users will use owa integration with exchange 2013  for audio video call. 
  i tried with lync bandwidth calculator but could not figure it out. 
  actually i have some remote site where users have connectivity of 160 kbps only.

  There are a number of variables such as call type and video resolution, but I would suggest using this table as a guide:
  http://technet.microsoft.com/en-us/library/jj688118.aspx
  For example for capacity purposes with a Lync peer-to-peer call you're looking at 57Kbps (86 with FEC)
  If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer" | Blog
  www.lynced.com.au | Twitter
  @imlynced