PIN Policies
,Lync Server 2010 enables users to join audio conferences either through a Lync client or by simply dialing in from a phone. When dialing from a phone, the users are unauthenticated until entering an extension and matching PIN. This is required because when joining conferences from a Lync client, users are already authenticated after passing Active Directory credentials to log in to Lync. When dialing in from a phone, the PIN and extension provide a method for Lync to still validate the user as internal to the organization. Administrators can define PIN policies that apply globally to all users, only to a specific site, or to assigned user accounts.
Caution
The PIN policy discussed here is separate from an organization’s PIN for Exchange Unified Messaging. The PINs between the two systems are not synchronized in any way, and users must maintain them separately. For that reason, strong end-user communication is encouraged so the users understand the difference and the need to change PINs in both locations. Future versions of Lync Server and Exchange Server might introduce synchronization of PINs and PIN policies.
When configuring a PIN policy, administrators have the following options:
• Minimum PIN length—The minimum number of digits a user may use for a PIN. Only a minimum value can specified, so users may choose any number of digits for their PIN equal to or more than this value.
• Maximum logon attempts—The number of times a user may attempt to authenticate with a PIN before the PIN is locked out and must be reset by an administrator. If a user successfully authenticates with a PIN, this counter is reset to zero.
• PIN Expiration—Determines whether a PIN will expire. The PIN expiration value is set in days. Using a value of 0 for PIN expiration means the user PINs will never expire.
• Allow common patterns—Determines whether commonly used patterns are allowed for a PIN. Examples of common patterns are repeating digits, four consecutive digits, or PINs that match a user’s phone number or extension.
• PIN History Count—The number of PINs the system remembers before a user is allowed to reuse a PIN. This parameter is only available through the Lync Server Management Shell.
To create a new PIN policy, perform the following steps:
1. Open the Lync Server 2010 Control Panel.
2. Click Conferencing.
3. Click PIN Policy.
4. Click New and select either Site policy or User policy.
5. Select a Minimum PIN length.
6. Select whether to Specify maximum logon attempts and enter a maximum number of attempts.
7. Select whether to enable PIN Expiration and enter a number of days.
8. Select whether to enable Allow common patterns.
9. Click Commit when complete. Figure 19.4 shows a sample PIN policy where the PIN never expires.
Figure 19.4 Creating a PIN Policy
To create a new PIN policy using the Lync Server Management Shell, use the following syntax:
New-CsPinPolicy –Identity <PIN Policy Name> –AllowCommonParameters <$True | $False>
-MaximumLogonAttempts <Number of attempts> -MinPasswordLength <Minimum number of PIN
digits> -PinHistoryCount <Number of PINs remember> -PinLifetime <Number of days a PIN
is valid>