Once you have installed and configured Instant Messaging, management of individual users is simple. This section discusses how to disable a user's access to IM and change a user's home server. It also discusses finding an IM user on the network and controlling external access to IM users.
There may be times when you want to disable a user's access to the IM service. You can do so with the Exchange Task Wizard for the user's account, just as you did to enable Instant Messaging for the user. In this case, however, you choose Disable Instant Messaging (Figure 19-11),which disassociates the user's account from the IM home server.
On the same screen, you can also associate the user's account with a different IM home server by selecting Change Instant Messaging Home Server and then stepping through the remaining screens. If you change the home server for a user, the user will need to exit the instant messaging client software and then reconnect to establish a new connection to the new home server. In addition, the user may experience problems receiving instant messages until this new information is replicated to all of the domain controllers in Active Directory.
Figure 19-11. Disabling Instant Messaging for a user's account.
Another way to disable a user's access to IM is on the Exchange Features tab of the user's property sheet. Simply click the Disable button, and you'll see the status change from Enabled to Disabled.
Sometimes, you'll need to find an IM user on your network. To do this, you'll need to perform an advanced search of Active Directory, since the IM information is held as a set of attributes to the user's account. To use the advanced find feature, start Active Directory Users and Computers and, from the Action menu, choose Find Users, Contacts And Groups (Figure 19-12). Click the Field down arrow and choose User to see a list of all of the attribute fields that can be queried for the user object. Choose the Instant Messaging attribute you want to query, and then wait for the results to be returned. This list could potentially be long, so be patient as it is built by the LDAP services.
Figure 19-12. Advanced find feature in Active Directory Users and Computers.
In many environments, privacy for IM users is a concern. You may find that you want to control which groups of users and servers can access an IM user's presence information and send messages to that user. To control access by other users, display the Exchange Features tab of the user's property sheet, select Instant Messaging, and click Properties. Display the Privacy tab of the Instant Messaging property sheet to set privacy options for the user's account (Figure 19-13).
Figure 19-13. Privacy tab for an IM user.
This tab allows you to place limitations on IM services for the user account by starting either "wide open" or "totally closed," so to speak. For instance, when the Allow Access Only From These Servers And Users option is selected,you can click Add to add a user or group account to the list. This means that no one, except those who are listed in this box, can obtain presence information and send IM messages to this account. Enter the name of the group or user in the Add User Or Computer box, and then click OK.Repeat this step for each user or group you want to add to the list.
On the other hand, if you want to restrict only a few users from obtaining presence information and instant messaging privileges for this user's account, select the Allow Access By All Servers And Users Except option, and those users who you place in the list will be the only ones restricted for this user account.