Jamf Nation Community

What's the purpose of the lockdown for Lync? To force users to always save conversations or never save conversations? I'm guessing to prevent saving conversations.

Keep in mind nothing stops them from copying/pasting a chat message into another file when done. And nothing prevents the other parties in the conversation from saving the chats (when they're external to the organization). At most you'd only be causing an inconvenience without resolving the issue.

I definitely agree this is something that should be manageable by an administrator. The structure of the plist file makes this difficult. Administrators do need the additional ability, though, to prevent copying/pasting if also preventing saving history. I've got a feature request in with Microsoft for this. Be sure to send them feedback for this too.

josaxo -

We, too, would like to lock down the ability to save conversations (to match our Windows policy). Were you able to implement your solution?

Took a look at the plist and it doesn't seem unreasonable to script something to do this. I don't have a script for it right now, but you would essentially be doing this ...

1) Find the key with a value that starts with 'sip'
2) Modify the dictionary in in that value to turn off archiving and saving.

Rieck - We have been partially successful in the implementation of this solution. There are two parts:
1: The lockdown of the Save Conversation checkbox. I am able to deploy the updated .nib file, which disables the checkbox, preventing the user from toggling the option.
2: Update the com.microsoft.Lync plist with the following:
WHOAMI=$(whoami)
EMAIL=$(dscl . read /Users/$WHOAMI EMailAddress | awk '$1 {print $2}' | sed -e 's/./(dot)/g' | sed -e 's/@/(at)/g' | awk '{print tolower($0)}')
/usr/libexec/PlistBuddy -c "Set :sip:$EMAIL dict" /Users/$WHOAMI/Library/Preferences/com.microsoft.Lync.plist /usr/libexec/PlistBuddy -c "Set :sip:$EMAIL:SaveConversation bool FALSE" /Users/$WHOAMI/Library/Preferences/com.microsoft.Lync.plist
/usr/libexec/PlistBuddy -c "Set :sip:$EMAIL:ShowSaveReminder bool FALSE" /Users/$WHOAMI/Library/Preferences/com.microsoft.Lync.plist
The issue is with the way in which the JSS executes the policy as root. Essentially, the $WHOAMI returns a 'root' value, resulting in the following errors:
Script result: No such key: EMailAddress
Set: Entry, ":sip::SaveConversation", Does Not Exist
File Doesn't Exist, Will Create: /Users/root/Library/Preferences/com.microsoft.Lync.plist
Set: Entry, ":sip::ShowSaveReminder", Does Not Exist
File Doesn't Exist, Will Create: /Users/root/Library/Preferences/com.microsoft.Lync.plist

I'd like to find a way to fill all existing user templates with these values, but my attempts have failed thus far.

list /Users loop on those values skipping things like Library or Shared or . then just substitute the users names in the commands pretty straight forward looping scenario.

something like this in perl.
sub copyPrefs { my @files = @_; my $userdir = "/Users/"; my $rc; opendir D, $userdir or die "$progname: $userdir: $! "; my @users = readdir(D) or die "Unable to read $userdir: $! "; closedir D; foreach my $user (@users) { next if($user =~ /Desktop/); next if($user =~ /Shared/); next if($user =~ /^./); my $userlibdir = $userdir . "/" . $user . "/Library/"; next unless(-d $userlibdir); my ($uid, $gid) = (stat $userlibdir)[4, 5]; ## your plistbuddy commands go here, set $dst to your plist file so it can be chown'd chown $uid, $gid, $dst; } return;
}

Hi nessts - I have yet to implement/test your code but I appreciate the feedback and will post my results.