One of These Things is Not Like the Others: Challenge 12: Answer
Before we present the answer to last week's Lync Server PowerShell Challenge, we felt we should apologize to everyone for that Challenge. After all, based on the emails we received, a couple of people noted that – gasp! – they actually had to think about this one before they could come up with the answer! We sincerely apologize for any problems that might have caused. It was never our intention to make anyone think: after all, we would never ask anyone to do something that we aren't willing to do ourselves.
Again, our apologies.
On the off-chance that some of you haven't had a chance to memorize all of the weekly challenges, last week we presented the following four commands and asked you which command was not like the others:
Remove-CsClientVersionPolicy –Identity global |
Remove-CsClientVersionPolicy –Identity site:Redmond |
Remove-CsClientVersionPolicy –Identity RedmondUserPolicy |
Remove-CsClientVersionPolicy –Identity Registrar:atl-cs-001.litwareinc.com |
The answer that we came up with (and that all but one of you came up with as well) was this: Remove-CsClientVersionPolicy –Identity global. Why? Well, as most of you pointed out, whenever you try to remove a global policy in Lync Server that policy doesn't actually get removed. Suppose we have the following four client version policies:
· Global
· site:Redmond
· RedmondUserPolicy
· Registrar:atl-cs-001.litwareinc.com
If we run the four commands shown above, here are the client version policies we'll have left:
· Global
Why didn't the global policy get removed? Because you can't remove a global policy. (Or a global collection of settings, for that matter.) In Lync Server 2010, global policies are used if you haven't configured any other policies. In the case of client version policies, suppose you don't have any policies set at the site, service, or the per-user scope. In that case, users will fall under the jurisdiction of the global policy. That's why you can't remove the global policy: if you did, there would be nothing to dictate which client applications these users can (or cannot) use. Go ahead and run Remove-CsClientVersionPolicy as many times as you want; the global policy won't ever go away.
So does that mean Remove-CsClientVersionPolicy –Identity global is a totally useless command? No; far from it. Instead, when you "remove" a global policy what you end up doing is resetting all the property values in that policy back to their default settings.
Let's show a very simple example of that. By default, the global client version policy looks like this:
Identity: Global
Rules : {RuleId=2336c611-a243-4c5d-994b-eea8a524d0e4;Description=;Action=Block;ActionUrl=;MajorVersion=1;MinorVersion=2;BuildNumber=;QfeNumber=;UserAgent=RTC;UserAgentFullName=;Enabled=True;CompareOp=LEQ, RuleId=342c9b90-4cef-483a-a73a-4fe75c88711d;Description=;Action=Block;ActionUrl=;MajorVersion=5;MinorVersion=;BuildNumber=;QfeNumber=;UserAgent=WM;UserAgentFullName=;Enabled=True;CompareOp=LEQ, RuleId=7b4566b0-2bb0-420f-a99f-913
477b32af7;Description=;Action=Block;ActionUrl=;MajorVersion=2;MinorVersion=0;BuildNumber=6362;QfeNumber=97;UserAgent=OC;UserAgentFullName=;Enabled=True;CompareOp=LSS, RuleId=4730866f-8594-431b-ad57-6f1c798ce0d8;Description=;Action=Allow;ActionUrl=;MajorVersion=2;MinorVersion=9999;BuildNumber=9999;QfeNumber=9999;UserAgent=OC;UserAgentFullName=;Enabled=True;CompareOp=LEQ...}
Description :
Note. Yes, it is kind of a mess. But that's what it looks like.
Let's now run a command that removes all but one of the policy rules, and changes the Description to boot:
Identity: Global
Rules : {RuleId=2336c611-a243-4c5d-994b-eea8a524d0e4;Description=;Action=Block;ActionUrl=;MajorVersion=1;MinorVersion=2;BuildNumber=;QfeNumber=;UserAgent=RTC;UserAgentFullName=;Enabled=True;CompareOp=LEQ}
Description : Global policy with a single rule.
Got that? OK, now let's run Remove-CsClientVersionPolicy against the global policy. Here's what we see:
Identity: Global
Rules : {RuleId=2336c611-a243-4c5d-994b-eea8a524d0e4;Description=;Action=Block;ActionUrl=;MajorVersion=1;MinorVersion=2;BuildNumber=;QfeNumber=;UserAgent=RTC;UserAgentFullName=;Enabled=True;CompareOp=LEQ, RuleId=342c9b90-4cef-483a-a73a-4fe75c88711d;Description=;Action=Block;ActionUrl=;MajorVersion=5;MinorVersion=;BuildNumber=;QfeNumber=;UserAgent=WM;UserAgentFullName=;Enabled=True;CompareOp=LEQ, RuleId=7b4566b0-2bb0-420f-a99f-913
477b32af7;Description=;Action=Block;ActionUrl=;MajorVersion=2;MinorVersion=0;BuildNumber=6362;QfeNumber=97;UserAgent=OC;UserAgentFullName=;Enabled=True;CompareOp=LSS, RuleId=4730866f-8594-431b-ad57-6f1c798ce0d8;Description=;Action=Allow;ActionUrl=;MajorVersion=2;MinorVersion=9999;BuildNumber=9999;QfeNumber=9999;UserAgent=OC;UserAgentFullName=;Enabled=True;CompareOp=LEQ...}
Description :
See how that works? We've deleted any changes that were made to the global policy and then restored all the original, default values.
Note. As a matter of fact, we do have an article that talks a little bit more about global policy values and where they come from.
And no, sorry, the stork doesn't bring them.
Anyway, that's the answer that we came up with. If you run Remove-CsClientVersionPolicy against any policy other than the global policy, that policy will actually be removed, and head off towards that great Central Management Store in the sky.
We should also note that there was a dissenting opinion: Thomas L. opted for this command:
Remove-CsClientVersionPolicy –Identity RedmondUserPolicy
Why? Well, as he pointed out, this command deals with a per-user policy, a policy that must be explicitly assigned to a user. The other commands deal with global, site, and service-scope policies. Those policies don't get assigned to users; instead, users just sort of inherit them based on the site where their user account lives, the Registrar they log on to, or the fact that there aren't any other policies that apply to them.
Needless to say, Thomas L. is right. But, then again, Thomas L. is always right!
Incidentally, Thomas L. has also graciously invited us to visit him in the village of Cookham in the UK, and promises to open his wine cellar to us. "Let's see if the rest of your invitees can match that..." he added. So what do you say folks: you're not going to let Thomas L. beat you, are you?
At any rate, we'll call it a day so that you can all start thinking about ways to outdo Thomas L. And, if you need a break, we posted a new Challenge as well. See you next week.