In a recent Daily Drill Down, “Understanding Exchange 2000 Server instant messaging,” I explained how to prepare for and deploy instant messaging (IM) on your Exchange 2000 server. But deploying complex software features such as instant messaging is only half the game. Once it’s in place, you still have work to do—you must manage the users who are going to utilize it. In this Daily Feature, we’ll look at what you need to do to manage instant messaging users.

Working with users
Managing IM users is somewhat easier than managing mailbox-enabled users because there are fewer options to consider or set. The first step in enabling IM for users is to deploy the Instant Messaging client software to the users for installation on their systems. You can deploy the IM client included on the Exchange 2000 Server CD or you can download it from Microsoft’s site. You can deploy the software using whatever method you normally prefer for distributing software, including deploying through group policy or through SMS or simply placing the installation executable on a shared network folder that’s accessible by all users.

In addition to deploying the IM client, you must also configure user accounts to enable or disable IM for those accounts as needed. IM is disabled by default. To enable or disable IM, open the Active Directory Users And Computers console, open the property sheet for the user, and click the Exchange Features tab. Click Instant Messaging in the Features list and click Enable. In the Enable Instant Messaging dialog box, click Browse, select the user’s IM home server, and click OK. From the Instant Messaging Domain Name drop-down list, select the IM domain for the user and then click OK. Click OK again to close the user property sheet.

In many cases, you won’t need to make any modifications on the user’s workstation to support IM. If your users go through a proxy server to get to the Internet, however, you’ll have to make a change to their Internet Explorer settings. IM uses the Internet Explorer profile to determine how to connect to IM servers, so the IM servers and IM domain need to be excluded in the user’s Internet Explorer settings. Right-click the Internet Explorer icon on the user’s desktop and choose Properties, or in Internet Explorer, choose Tools | Internet Options. Click the Connections tab and click LAN Settings. Click Advanced to open the Proxy Settings dialog box, provide the FQDN of the IM servers and of the IM domain in the Exceptions list, and then click OK. You can also use group policy to apply these exceptions at the site, domain, or OU level. Open the group policy object at the desired level and open the User Configuration\Windows Settings\Internet Explorer Maintenance\Connection node. Then specify the exceptions in the Proxy Settings policy.

Moving IM accounts
In some cases, you might need to move a user’s IM account from one IM server to another, whether for load balancing or because the user is moving to a different department or division. Rehoming an IM account is an easy process thanks to the wizard that Exchange 2000 Server provides for that task.

Open the Active Directory Users And Computers console and locate the account you want to move. Right-click the user and choose Exchange Tasks to start the Exchange Tasks Wizard. Click Next at the opening page, select Change Instant Messaging Home Server, and then click Next. Click Browse and select the target home server; then click Next | Finish.

Controlling privacy for IM users
At least some of your users will probably be concerned with privacy as it relates to IM. They may not want their online status known or they may want it known only to specific users. In addition, users might want to block specific people from sending them messages.

The first step you can take is to configure privacy properties for users through their IM properties in Active Directory. Open the Active Directory Users And Computers console and open the user’s property sheet; then click the Exchange Features tab. Select Instant Messaging, click Properties, and then click the Privacy tab in the Instant Messaging dialog box. By default, Exchange 2000 Server allows messages from all servers and users, but you can configure the account to allow all servers and users except those listed or to allow only those servers and users that are listed. Select the applicable option and add user addresses or server names to the list.

The other changes that affect privacy need to be made from the IM client. You can use these options to block specific users from seeing your online status or to block them from sending you messages. In the IM client, choose Tools | Options and click the Privacy tab. Use the Allow and Block lists to specify which users can see your status and send messages and which cannot. If you don’t want anyone other than those already in your Allow list to be able to see your online status or send you messages, select All Other Users in the Allow list and click Block.

You can’t block users explicitly until they subscribe to your presence information by adding you to their contacts. After that happens, however, you can block them because they will show up in the Allow list. You can select the Alert Me When Other Users Add Me To Their Contact Lists option to receive an alert when someone subscribes to your presence information. You can then block the user if needed. Click View to see which users have added you to their contact lists.