Skype for Business Prevent Automatic Client Sign in on Common Area Computers
I came across an interesting scenario today where there was a requirement to prevent the Skype for Business client from automatically signing back in using the previous credentials entered. For computers that are used in public or common areas, users who use the Skype for Business client application for conferences etc would have to manually sign out of the client and delete their sign in information in order for the next user to use the device using their own credentials.
An interesting “feature” of the Skype for Business application is that even if you click “Delete my Sign-In Info” link it doesn’t actually prevent Skype for Business attempting to sign back in on next logon with the previous credentials, especially if the previous user has ticked the “Remember Password” option.
Looking into the workload for the client I decided to take a registry snapshot before and after the “Delete my sign-in info” link was clicked. Comparing the registry between before and after displayed 94 entries that had been deleted or modified in some way.
Interestingly, although when delete my sign in info was executed the default sign in address was still the previous user.
Looking closer at the problem, I discovered that in addition to the registry, the default sign in address is picked up from a file called AccountProfiles.dat, which is located in %APPDATA%\Microsoft\Office\15.0\Lync\. The workload suggests that the Skype for Business client first interrogates this file for the default user sign in information before looking at the registry. Therefore simply deleting this file is not sufficient to prevent automatic sign in and you must remove / edit the registry entries too.
To make editing the registry a little easier, I decided I would export the entire Lync key from HKCU\Software\Microsoft\Office\15.0\ in its clean state with no user accounts created and store this as a .reg file. This I could use as a clean reference point for the registry and make editing a lot simpler and without the need for complex scripting.
Using this clean registry key I could now combine what I needed to make this happen. In essence the following logical steps are required to ensure the solution works
- Close the Skype for Business Client Application
- Delete the registry key HKCU\Software\Microsoft\Office\15.0\Lync
- Delete the folder in %USERPROFILE%\APPDATA\Roaming\ Microsoft\Office\15.0\Lync\
- Delete the folder in %USERPROFILE%\APPDATA\LocalAppData\ Microsoft\Office\15.0\Lync\ ** Not necessary for the process, but for absolute device cleaning purposes only
- Import the clean registry key exported before first user sign in
- Re-open Skype for Business Client Application
This process does not require log-off or a system reboot as we are editing the current user registry hive.
In order to automate this process I have created a batch script that can be run as a scheduled task or as a log off script in order to complete the above process as below:
:: Script to delete sign in information of Skype for Business User and prevent auto sign back in @ECHO OFF taskkill /f /fi "imagename eq lync.exe" reg delete "HKCU\Software\Microsoft\Office\15.0\Lync" /f rmdir "%AppData%\Microsoft\Office\15.0\Lync\" /q /s rmdir "%LocalAppData%\Microsoft\Office\15.0\Lync" /q /s reg import "C:\lync-clean.reg"
I have also exported the cleaned version of the registry key that can be used on any machine running Skype for Business or Lync 2013 client together with the batch script available for download on my OneDrive here: http://1drv.ms/1CgwEng
(Filename: Lync-Clean.zip)
If you use User Account Control privileges you will need to run this script / scheduled task with elevated permissions.
Below are a couple of screen shots that show the process in action
Before – Launching the Skype for Business Application would display the previous sign in address and attempt to sign in automatically
After – Script has been executed and the sign in address is back to default
Mark is an Independent Microsoft Teams Consultant with over 15 years experience in Microsoft Technology. Mark is the founder of Commsverse, a dedicated Microsoft Teams conference and former MVP. You can follow him on twitter @UnifiedVale
I want to do the opposite of this. I need to force all my users to sign into SFB as soon as they have logged into their computers. Is there a method for achieving this?
Ensure you have auto sign in support e.g sip address equals user principal name and sip srv records. Then put shortcut to client in startup folder
Mark, I tried to download the registry key but I couldn’t. Could you upload again the file to OneDrive? Thank you for your help.
https://gallery.technet.microsoft.com/lync/Skype-for-Business-038e1fd6