Configuring client bootstrapping policies in Lync Server 2013
Topic Last Modified: 2013-02-21
The Group Policy Management Console (GPMC) and the Group Policy Object Editor are tools that you use to manage Group Policy. Included with the Office Group Policy Administrative Template are Lync 2013.admx (ADMX) and .adml (ADML) Administrative Templates, which contain the registry-based policy settings that you configure for Group Policy objects in the domain. ADML files are language-specific complements to ADMX files. Each ADMX and ADML file contains the policy settings for a single Office application. For more information, see “Office 2013 Administrative Template files (ADMX, ADML)” in the Office 2013 documentation at https://go.microsoft.com/fwlink/p/?linkid=267516.
For Lync 2013, there are several client bootstrapping policies that you should consider configuring before users sign in to the server for the first time. For example, the default servers and security mode that the client should use until sign-in is complete. You can use Group Policy to establish these settings in users’ computer registries before they sign in and begin receiving in-band provisioning settings from the server. The following table lists the Group Policy settings that are available for Lync 2013.
Group Policy Settings for Lync 2013
| Group Policy setting | Description |
|---|---|
Specify Server |
Specifies how Lync 2013 identifies the transport and server to use during sign-in. Within this setting, you specify the following:
|
Additional server versions supported |
Specifies a list of server version names separated by semi-colons that Lync Server 2013 will log on to, in addition to the server versions that are supported by default. |
Disable automatic upload of sign-in failure logs (DisableAutomaticSendTracing) |
Automatically uploads sign-in failure logs to Lync Server for analysis. No logs are automatically uploaded if sign-in is successful. If this policy is not configured, the following happens:
When this setting is disabled, sign-in logs are automatically uploaded to the Lync Server for both Lync on-premises and Lync Online users. When this setting is enabled, sign-in logs are never uploaded automatically. |
Disable HTTP fallback for SIP connection |
Prevents Lync Server from trying to connect to the server by using HTTP, if TLS or TCP are unavailable. By default, Lync first attempts to connect to the server by using TLS or TCP and, if neither of these transport methods is successful, Lync tries to connect by using HTTP. Use this policy to disable the fallback HTTP connection attempt. |
Require logon credentials |
Requires the user to provide logon credentials for Lync rather than automatically using Windows credentials during sign-in to a SIP server. |
Disable server version check |
If you set this policy to 1, prevents Lync from checking the server name and version before signing in. By default, Lync makes these checks before signing in. |
Enable using BITS to download Address Book Service files |
Enables Lync to use Background Intelligent Transfer Service (BITS) to download the Address Book Services files. |
Configure SIP security mode |
Enables Lync to send and receive instant messages more securely. This policy has no effect on Windows .NET or Microsoft Exchange Server services. If you do not configure this policy setting, Lync can use any transport. But if it does not use TLS and if the server authenticates users, Lync must use either NTLM or Kerberos authentication. |
Global Address Book Download Initial Delay |
Specifies the time period before a download of the global address list (GAL) occurs. The default value is 60 minutes, which means the server delays the download of GAL file for a random period of between 0 and 60 minutes. |
Prevent users from running Microsoft Lync |
Prevents users from running Lync. You can configure this policy setting under both Computer Configuration and User Configuration, but the policy setting under Computer Configuration takes precedence. |
Allow storage of user passwords |
Enables Lync to store passwords. |
Configure SIP compression mode |
Specifies when to turn on SIP compression. By default, SIP compression is enabled based on the adapter speed. Note that setting this policy might cause an increase in sign-in time. |
Trusted Domain List |
Lists the trusted domains that do not match the prefix of the customer SIP domain. |
Policies configured on the server take precedence over Group Policy settings and client options configured by the user. The following table summarizes the order in which settings take precedence when a conflict occurs.
Group Policy Precedence
| Precedence | Location or Method of Setting |
|---|---|
1 |
Lync Server 2013 in-band provisioning |
2 |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Office\15.0\Lync |
3 |
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office\15.0\Lync |
4 |
The Lync - Options dialog box in Lync 2013 |
To define Group Policy settings by using the Lync 2013 administrative template files
Create a root-level folder to contain all language-neutral ADMX files. For example, create the root folder for the central store on your domain controller at this location:
%systemroot%\sysvol\domain\policies\PolicyDefinitionsNote
This procedure assumes that you want to manage multiple computers in your domain. In this case, you store the templates in a central store in the Sysvol folder on the primary domain controller. This provides a replicated central storage location for domain Administrative Templates.
Create a subfolder for each language that you’ll use. These subfolders will contain the language-specific ADML resource files. For example, create a subfolder for United States English (EN-US) at this location:
%systemroot%\sysvol\domain\policies\PolicyDefinitions\EN-US