Share via


Haiku #77

Gone phishin'? Not if

You used the CSIM

Filter cmdlets.

We don't mean to alarm anyone, but the Internet isn't always a friendly place. We know, we know, but trust us: it's true. Most of us tend to think of the Internet as a happy place, a place where we all going skipping merrily through the flowers, holding hands, singing songs, and wearing all of our clothes. But, hard as this might be to believe, the Internet does have a dark side. For example, every morning the author of today's haiku opens his email and sees invitations to Web sites that promise to verify his bank account password; connect him to a beautiful girl who has admired him from afar and is dying to meet him; and to help him BECOME THE MAN SHE'S ALWAYS DREAMED OF!!!

Which, as near as he can tell, would make him a young Cary Grant.

Now, it's always possible that some of these sites are semi-legitimate, at least in the sense that they won't actually do you any harm. (Unless the sugar pills they want to sell you end up turning you into an old Ulysses S. Grant rather than a young Cary Grant.) On the other hand, many of these sites are designed specifically to do you harm: many of them are "phishing" sites designed to trick you into giving away such things as your user name, your password, or your credit card number. Likewise, there are other sites out there that won't steal anything from you, but might not be the sort of place you want your users lurking in during work hours.

If you know what we mean.

Of course, by itself Microsoft Lync Server 2010 can't prevent your users from going places they really shouldn't go. However, by using the CsImFilterConfiguration cmdlets (Get-CsImFilterConfiguration, New-CsImFilterConfiguration, Remove-CsImFilterConfiguration, and Set-CsImFilterConfiguration) you can at least make it a little harder for users to share hyperlinks (to any web site, legitimate or not) via instant messaging. If you enable IM filtering (and, by default, IM filtering is not enabled), then any time you send an instant message Lync Server scans that message for the presence of a hyperlink.

Note. How does Lync Server know whether or not something is a hyperlink? Basically it's just looking for text that starts with certain prefixes, such as http: , ftp: , or www. For example, Lync Server will identify the following as being a hyperlink:

https://blogs.technet.com/b/csps/

However, it won’t identify this string value as being a hyperlink:

xxxxxxhttps://blogs.technet.com/b/csps/xxxxxxx

Why not? Because the string doesn't start with http: . If you'd like to review the default prefixes Lync Server considers to be hyperlink prefixes, just run a command like this one:

Get-CsImFilterConfiguration –Identity global | Select-Object –ExpandProperty Prefixes

Let's suppose that Lync Server does find a hyperlink in an instant message; what then? Well, as an administrator, you have three options available to you:

· Block the message from being sent altogether. If you choose this option, messages containing hyperlinks will be stopped dead in their tracks and won't be sent. Instead, the user trying to send the hyperlink will see an error message similar to this:

This message was not delivered to Ken Myer because the message contents are restricted by policy. For more information, contact your system administrator.

To block the use of hyperlinks altogether, use Set-CsImFilterConfiguration (or New-CsImFilterConfiguration) to enable IM filtering and to set the Action property to Block. In other words:

Set-CsImFilterConfiguration –Identity global –Enabled $True –Action Block

· Allow the message to be sent, but issue a warning that the message contains hyperlinks. If you do this, two things will happen. First, the "toast" that appears when a user is first notified about the instant message will appear with a warning; this warning is something you compose. Second, any hyperlinks in the message itself will also be prefaced by that warning. In other words, the message text might look like this:

Warning: Be sure you are following company policy before clicking a hyperlink in this message:

Hey, Ken. Go to https://blogs.technet.com/b/csps/ to BECOME THE MAN SHE'S ALWAYS DREAMED OF!!!

How do you configure Lync Server to do this? That's easy: set the Action property Warn, and configure a value for the WarnMessage property:

Set-CsImFilterConfiguration –Identity global –Enabled $True –Action Warn –WarnMessage "Warning: Be sure you are following company policy before clicking a hyperlink in this message"

· Allow the message to be sent, but disable the hyperlink so that a user can't just click the link and be transported to that site. If you go this route, hyperlinks will be prefaced by an underscore, making them unclickable:

Hey, Ken. Go to _https://blogs.technet.com/b/csps/ to BECOME THE MAN SHE'S ALWAYS DREAMED OF!!!

Obviously a user could copy the link portion of the text and then paste that link in to Internet Explorer, but at least that requires them to do a little bit of work and (keep your fingers crossed here) a little bit of thinking before they visit the site in question.

To configure this behavior, set the Action property to Allow. (And yes, that's kind of misleading, to say the least, seeing as how we aren't really allowing hyperlinks. But, for better or worse, that's what we're stuck with.) For example:

Set-CsImFilterConfiguration –Identity global –Enabled $True –Action Allow

Incidentally, you can also set an AllowMessage just like we did a WarningMessage. But that sounded like too much work for one haiku.

IM filtering can be configured at the site scope as well as the global scope; that gives you the ability to, for example, allow some things in the Dublin site that you don't allow in the Redmond site. As we noted earlier, you can use the Get-CsImFilterConfiguration cmdlet to review the prefixes that Lync Server tags as hyperlink prefixes. If you're wondering "Can we modify that list of prefixes?" the answer this: you bet you can. Without going into a lot of detail, here's a command that adds a prefix (urn: ) to the list:

Set-CsImFilterConfiguration -Identity global -Prefixes @{add="urn:"}

And here's a command that removes the prefix urn: from the list:

Set-CsImFilterConfiguration -Identity global -Prefixes @{replace="urn:"}

Pretty simple, if we do say so ourselves.

We should probably point out that, in testing the commands used in today's haiku, we occasionally ran into some odd situations. Most of the time things worked as expected. However, on a couple of occasions we would change the Action property to Allow then start a new instant messaging session. We would include a hyperlink in the first instant message in a session; that hyperlink would be clickable, but any other messages in that session would correctly put the underscore in front of the hyperlink:

_https://blogs.technet.com/b/csps/

Why would that happen? We don't know: it didn't always happen and, to be honest, we don't expect it will happen to you. (Our test machines, which technically don't even meet the hardware requirements for running Lync Server in the first place, often do … interesting … things.) Nevertheless, we thought we should mention it, just in case. If any of you implement IM filtering and run into similar weirdness, please let us know and we'll dig into it a little further.

In the meantime we just got the following email:

Watch and you will see the difference in her reaction! With ourMoneyBack Guarantee youHave Nothing to Lose andLOTS to Gain!

Money back guarantee? Nothing to lose and lots to gain? We'd be crazy not to visit that site!

In other words, we've got things to do this morning. See you tomorrow!