Admin control of Skype features
I just got back from Japan, where we held a seminar about Skype security features with some developers and customers. One of the things I learned was that we haven’t gotten the word out about the ways that IT administrators can set enterprise-wide policies on Windows computers running Skype. There are a couple of controls that were very important to the IT administrators I spoke with, and those were features to disable API interfaces and to disable file transfers on a particular instance of Skype.
]]>These controls are enabled by setting particular Windows registry keys, which of course can be pushed out via Windows Server policy objects and controlled using normal ACLs:
Under the registry key [HKLMSOFTWAREPoliciesPhone], you can set either or both of the following registry keys:
"DisableApi"=dword:00000001
"DisableFileTransfer"=dword:00000001
Setting the DisableApi key to 1 will completely disable the Skype public API interface. This could be helpful when enforcing an enterprise policy concerning the use of software plug-in modules. Setting the DisableFileTransfer key to 1 will disable file transfer. In this case, inbound file transfers will be automatically rejected (the remote user will see a "Cancelled" message) and outbound file transfers will cause a messagebox to pop up containing an error message. (At present, these controls are available only on Skype for Windows.)
One of the comments I received from an IT administrator in Tokyo was that we should provide more granular controls covering more of Skype’s functionality elements, so that more locked-down business environments could authorize or restrict access to, say, text chats or to voice calling as well. It would be interesting to know how useful end-users and IT administrators would find such controls.
