Controlling the IM Client Through Group Policies


Realizing that many of the same sites that use Exchange IM are also using the Group Policy features of Active Directory, Microsoft provides a broad range of policy settings that can be used to restrict how the Windows Messenger client works. Some of these settings are supported in the original Exchange IM client, but some are not. Windows Messenger is a much more flexible and useful tool, though, so I recommend using it whenever possible.

Like all other Group Policy settings, these policies are applied in the registry. User- specific policies are applied beneath the HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Messenger\Client registry key, whereas machine-specific policies (which override client policies) reside under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client. The restriction keys that Windows Messenger supports allow you to set policies that control individual features. To disable a feature, you have to add the appropriate registry key and set its value to 1. If you use any other value, or if you do something careless like misspell the key name, the restriction won’t be applied. The best way to apply these policies is to create a policy template and apply it to the appropriate sites, domains, or OUs; you can also use a logon script or any other mechanism that allows you to apply registry changes to the Policies keys.

Because Windows Messenger supports three services, there are actually three different places to apply these changes: one for each of the supported services. The communications services are identified by their globally unique identifiers (GUIDs), which means you have to keep track of three big, long, hexadecimal numbers:

  • {83D4679E-B6D7-11D2-BF36-00C04FB90A03} is the GUID for Exchange IM.

  • The generic SIP communications service’s GUID is {83D4679F-B6D7-11D2- BF36-00C04FB90A03}.

  • The Windows .NET Messenger Service (what we old-timers still call “MSN Messenger”) has a GUID of {9B017612-C9F1-11D2-8D9F-0000F875C541}.

Provided you can remember which of those GUIDs belongs to which service, you’re ready to start applying restrictions.

  • Controlling Client Execution You can prevent the client from being run by setting the PreventRun value under the Client key, and no GUID is needed. When this value is set to 1, the client refuses to run; when launched, it immediately quits.

  • Disabling a Specific Provider To turn off an individual messaging provider (say, if you want to prevent users from using the generic SIP service or .NET Messenger), create a value named Disabled under the selected service’s GUID and set it to 1. (For the Exchange 2000 IM client, you can set HKEY_LOCAL_MACHINE\Software\Microsoft\MessengerService\Policies\ExchangeConn to a value of 2 to disable the MSN Messenger provider.)

  • Disabling Specific Windows Messenger Features To turn off voice communication between Windows Messenger users, set the DisablePC2PCAudio value beneath the Client key.

  • You can stop Windows XP users from using the video features of Windows Messenger by setting Client\DisableVideo to 1. This setting doesn’t apply to the downloadable Messenger binary, because only Windows XP supports video sessions.

  • To disable file transfers, set the DisableFileTransfer value to 1. Make sure you couple this setting with appropriate port blocks so that your network is protected from incoming file transfers, too.

  • Setting DisableCollaborationApps to 1 will turn off whiteboarding and application sharing for Windows XP clients; it has no effect on earlier clients because they don’t have that feature.

  • The DisablePC2Phone value controls whether or not the PC-to-phone feature in Windows Messenger is active or not. By default, when this feature is on users who have subscribed to a .NET voice service can make Voice- over-IP (VoIP) calls using the selected service. If you leave this key off and set the CorpPC2Phone value to 1, your users can still initiate VoIP calls, but only to your intranet’s VoIP gateway, not to consumer services.

  • Controlling Client Updates By default, Windows Messenger checks with each registered service provider to see whether there are updates available to that service’s plug-in. The PreventAutoUpdate value controls whether Messenger makes these checks; set it to 1 to stop it from making any checks at all.

    If you want to disable automatic updates for the SIP or .NET Messenger providers, add the DisableAutoUpdate value beneath the appropriate service GUID and set it to 1. There’s no corresponding value for Exchange 2000 IM because it doesn’t support automatic updates for clients.




Secure Messaging with Microsoft Exchange Server 2000
Secure Messaging with Microsoft Exchange Server 2000
ISBN: 735618763
EAN: N/A
Year: 2003
Pages: 169

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net