Lync security filter don´t block NTLM logons with Lync attendee client

Hi,

Im currently testing Ruis Security Filter on a Lync edge server.
I want to disable NTLM logons both with the Lync "fat" client and the Attendee Console.
I only want anonymous users to be able to join scheduled Lync meetings.

The filter successfully blocks NTLM logons from the "fat" client. The block can be found in the application log on the edge server.

However, when I select join the meeting using my company credentials in the Lync Attendee client nothing is registred in the application log by the security filter and I successfully logon to the meeting.

Can the security filter in some way also block NTLM logon from the attendee client?

BR, Magnus 

April 21st, 2012 8:29pm
If you don't want to use NTLM, you can use to disable NTLM authentication on the Security tab on the lync control panel.
Free Windows Admin Tool Kit Click here and download it now
April 21st, 2012 9:58pm

Not what Im looking for, then NTLM will disabled also from internal network.

I want to allow anonymous users to be able to join Lync meeting thru my edge server.
But, I dont want my corporate users to be able to join meetings over internet with AD creddentials. 
This means that I need to enable:

Remote user access (must be enabled to support anonymous access to meetings)
Anonymous user access

I can disable remote user access in the user policy, but still an attacker can lock out/guess passwords with NTLM.
The security filter solves the issue for the Lync "fat" client, but the filter does not catch logons from the attendee client.

So the question remains, Can the security filter in some way also block NTLM logon from the attendee client?

In addition I know that I can solve this with an director server with NTLM disabled, but I dont plan to implement a director.

BR, Magnus

 

April 22nd, 2012 9:25am

hello Magnus,

This solution is not supported by Microsoft. You need to contact Rui who wrote the script to get your answer. You can contact him through http://blogs.technet.com/b/drrez/archive/2011/04/11/protecting-the-edge-server-against-dos-and-password-brute-force-attacks-in-lync-server-2010.aspx

Free Windows Admin Tool Kit Click here and download it now
May 1st, 2012 12:31pm

You can go this website http://lyncsecurityfilter.com/

The solution is available for trial version and is not provided by Microsoft.

May 2nd, 2012 8:46am
Ok, Thanks
Free Windows Admin Tool Kit Click here and download it now
May 3rd, 2012 9:35pm

hi Magnus,

You're correct that the Security Edge Filter didn't initially monitor and block NTLM connections from Lync Attendee. However, this has been fixed as of a month ago. The Security Edge Filter is now able to track failed authentication requests coming from Lync Attendee clients.

Thanks,

Rui Maximo

www.lync-solutions.com

June 27th, 2013 11:58pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics