Unified Communications with Microsoft: Allow only the Organiser to record Lync meeting

Friday, August 28, 2015

Allow only the Organiser to record Lync meeting

Recently, someone asked me if it is possible to configure Lync 2013/Skype for Business environment where only the meeting organizer can record.

Background

The ability for Lync meeting participants to record a meeting is controlled via the CsConferencingPolicy. The CsConferencingPolicy controls the following settings in relation to recording:

AllowConferenceRecording
This setting controls whether meeting participants, including the organizer can record. If meeting organizer is assigned a CsConferencingPolicy where AllowConferenceRecording is set to $False, no one in the meeting will be able to record, regardless of the CsConferencingPolicy assigned to attendees. In other words, the AllowConferenceRecording setting in the CsConferencingPolicy applied to the meeting organizer “overrides” the AllowConferenceRecording setting in the CsConferencingPolicy applied to any attendee.

AllowExternalUsersToRecordMeeting
This setting determines if external users can record a meeting. It is applied to the meeting organizer and determines whether meetings created by the organizer will allow external users to record. In this case, ‘external user’ applies to both “anonymous” as well as Federated attendees.

If a user who is assigned a CsConferencingPolicy with this policy parameter configured to $False joins a meeting of an organizer who has this setting configured as $True, the user would then be able to record – as long as that user is an “external user”. Put another way, although Alice may not be allowed to create Lync Meetings that allow her or her attendees to record when hosted at her company’s site, if she joins a conference hosted at a Federated partners site, she would be able to record as long as the Meeting Organizer has this policy set to $True.If AllowConferenceRecording is $False, this setting will be ignored.

EnableP2PRecording
This setting determines whether point to point sessions may be recorded. This setting is based on the CsConferencingPolicy applied to both users. For example, if Bob and Alice begin a P2P Audio and Application Sharing sessions, and Alice’s policy allows her to record P2P sessions and Bob’s does not, then Alice would be able to record the session.

If we had AllowOnlyOrganizerToRecord, this blog post will not have existed but... we don't. So, what can be done?

When user sign-in, the assigned conferencing policy parameters are sent to the client via in-band provisioning.

As we can see, Bob have conferencing policy that allows recording (the company does not allow external users to record in any conferencing policy).

Alice is on the same meeting policy as Bob (recording is allowed).

Based on this Lync server side (policy) settings, when Bob joins Alice's meeting, recording will be allowed for both.

Before I get to the solution, we should also take a look what exactly happens when user joins a meeting. There is one component of particular interest - the actual in-band meeting provisioning.

As we see above, during the sign-in, user receives provisioning as for what is allowed for meetings that this user organizes. However, when user joins a meeting, a new provisioning is sent to every participant based on the Organizer's policy. This is, if Alice (the organizer) policy does not allow recording, when Bob joins, even thou his policy allows recording, Bob cannot record while on Alice's meeting.This provisioning is sent in INFO header.

Solution

I asked myself - what if I intercept this particular INFO header and override the specific value that is used to "tell" the client if recording is allowed or not? Id worked! Here is how it is done:

Needless to say, although I verified the functionality with Lync 2013 and Skype for Business server, it have not been tested under load and there is no guarantee that will perform well in large environment.

Installation

1. Download the script from this link.
2. Copy the file (BlockRecording.am) to "E:\Program Files\Skype for Business Server 2015\Server\Core" (or the drive where server components are currently installed.
3. In Lync Management Shell, run the following command:

New-CsServerApplication –Identity “registrar:your_pool.contoso.com/BlockRecording” –Uri http://mspl.com/BlockRecording -ScriptName BlockRecording.am –Critical $False –Enabled $True -Priority 7

***If this is Enterprise Edition pool, the file must be present on all servers.

4. In event viewer, look for event id 30208 (application was registered successfully)

Test Scenario

Create new online meeting using account which has Conferencing policy where Recording is allowed. When join with this (Organizer) account, Recording control should be available. Any other user who join (despite if the conferencing policy for this user allows recording or not) should not have Recording control.