Deploying Skype in a Windows domain
One of our goals for 2006 was to make it easier for companies to deploy and manage Skype for Windows in a managed environment. I’m happy to say that by the end of 2006, we’d rolled out a native Microsoft Installer (msi) format installer for Skype (you can download it from the Skype for Business website). This should make it far easier to deploy Skype in a Windows domain than using the native Skype installer.
]]>Over the year-end holidays, when I wasn’t working through my light technical reading or adding items in my personal blog, I started thinking about what more we could do to make it easier to administer or manage Skype in an enterprise setting.
Currently, on the Windows platform, we offer management of a number of features via registry keys — which can be locked using ACLs and deployed via Group Policy Objects using Active Directory. A description of the purpose of each of the registry keys is described in the Guide for Network Administrators, available from Skype’s security web pages.
However, there remains much work to be done. Some of the key questions I have for the future are:
* What’s the best way to manage non-Windows devices (Macs and Linux) in a way that can be federated or managed in an enforceable way?
* Should we support some kind of policy broadcast mechanism, to require and/or suggest that itinerant users on networks to follow certain policies, such as the use of a specific outbound proxy?
There is a lot of work ahead for us — not just in the policy area but in security as a whole. Policy management is just one part of the process, but it is an important part. Feel free to send your thoughts to us at security@skype.com or make reply comments to this posting.
Here’s wishing everyone a safe & happy new year!
