Monday, May 14, 2012

Please send me the link...

Lync have a number of settings on how hypertext links are to be handled in the system. One of the reasons on why this must be configurable is security. An evil hacker could quite easily send SPAM (SPIM) instant messages linking to a webpage or an executable or a script doing some nasty stuff. The Lync administrator could decide to make all links in instant messages to be non-clickable i.e. not hypertext, prefixed with an underscore or gently remind their users about the risk before clicking on a link.

One of the functions of the Lync server is called URL Filter and you will find the GUI to configure the filter under, Lync Control Panel / IM and Presence / URL Filter.

Simply turning on the URL filter, leaving the hyperlink prefix (aka UrlFilterAction or Action) as the default "Do not filter", will prefix any link with an underscore so that the link is not active when received. If we set a message in the AllowMessage message box (as in the illustration above) a notification message will be inserted at the beginning of each instant message containing hyperlinks.


Instead of using the GUI, powershell could be used of course
Set-CsImFilterConfiguration -Identity Global -Enabled $true -Action Allow -AllowMessage "Warning, this message contain a hyperlink!"

We could also allow the link to be active, clickable, but still send a warning message in the instant message that carries the link.

Set-CsImFilterConfiguration -Identity Global -Enabled $true -Action Warn -WarnMessage "Warning! You might be clicking a link!"


We can see that link is clickable and the user is gently reminded that there might be a risk involved in clicking the link. Now if we would like to further escalate this reminder we could even turn off hypertext altogether in IM conversations. This we can do with a parameter in the Set-CsClientPolicy command - no GUI is available for this setting unfortunately.

Set-CsClientPolicy -EnableURL $false

When EnableURL is set to true, hyperlinks embedded in an instant message will be clickable which mean that users can click a link and their web browser will open to the specified location. When set to false, hyperlinks appear in instant messages as plain text, like below.


Now this will not block to user to a 100% from using this URL, even here the user could copy the link text and paste it into their web browser. To completely block links from even reaching the user via instant messaging we could use the "Block hyperlinks" action of the URL filer. This could be configured either in the Control Panel GUI or by the powershell command.

Set-CsImFilterConfiguration -Identity Global -Enabled $true -Action Block



From the Lync documentation:
Set-CsClientPolicy
Set-CsImFilterConfiguration

No comments:

Post a Comment