locked
How to restrict an lync account with access to computer logon. RRS feed

  • Question

  • Hello,

    We have some lync accounts configured for physical lync supported phones.

    I want to restrict misuse of these accounts, so basically no one should be able to login to any computer,

    or atleast no access to wireless.

    Thanks

    Monday, October 28, 2013 2:21 PM

Answers

  • Hi,

    if you are using them as common area phones or hotdesking-like purpose (I guess..), you can just configure a common area phone, which uses AD contact object that cannot log in.

    ref: http://technet.microsoft.com/en-us/library/jj994076.aspx 

     

    thanks,


    If this post meets your needs, please Vote/Propose/Mark it. Have a nice day!

    • Marked as answer by Beadmin Friday, November 1, 2013 7:48 AM
    Thursday, October 31, 2013 9:57 AM

All replies

  • Hi - that's not strictly lync-related but you might have a number of options to achieve that:

    1) create a windows account, then enable it for Lync. Configure his phone/extension and a static PIN. tell the PIN to the user. Have the user to sign-in to his phone through PIN authentication. However, it scales pretty bad, and you will still need to tell the user his Windows credentials to allow him to change PIN via dialin simple URL.

    2) use one of the options around denying windows users logon to computers (like deny logon locally http://technet.microsoft.com/en-us/library/cc957048.aspx). 


    Alessio Giombini | Microsoft Solutions Architect | Twitter: @AlessioGiombini
    Lync 2013 Detailed Design Calculator: try it at http://goo.gl/jU1hZR

    Monday, October 28, 2013 2:30 PM
  • Thanks for the help Alessio,

    I like the idea of creating GPO deny logon, I have created a OU and added this account

    Also this policy: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

    but wiard, I still can login to a machine.


    • Edited by Beadmin Tuesday, October 29, 2013 10:11 AM a
    Tuesday, October 29, 2013 10:10 AM
  • Hi - I would recommend you post this question on another forum as this is quite OT with Lync.


    Alessio Giombini | Microsoft Solutions Architect | Twitter: @AlessioGiombini
    Lync 2013 Detailed Design Calculator: try it at http://goo.gl/jU1hZR

    Tuesday, October 29, 2013 3:26 PM
  • Make Sense.. Thanks.
    Thursday, October 31, 2013 9:12 AM
  • Hi,

    if you are using them as common area phones or hotdesking-like purpose (I guess..), you can just configure a common area phone, which uses AD contact object that cannot log in.

    ref: http://technet.microsoft.com/en-us/library/jj994076.aspx 

     

    thanks,


    If this post meets your needs, please Vote/Propose/Mark it. Have a nice day!

    • Marked as answer by Beadmin Friday, November 1, 2013 7:48 AM
    Thursday, October 31, 2013 9:57 AM