Skype 會議室系統網域加入考慮Skype Room System domain joining considerations

若要瞭解如何將 Skype 會議室系統裝置電腦加入您的網域,請閱讀本主題。Read this topic to learn how to join a Skype Room System appliance PC to your domain.

網域加入考慮Domain joining considerations

您可以將 Skype 會議室系統裝置電腦加入 Active Directory 網域,或將其留在工作組中。You can join the Skype Room System appliance PC to the Active Directory domain or leave it in a Workgroup. 在進行這項決策前,請先考慮下列幾點:Consider the following points before making this decision:

  • 網域-加入 Skype 會議室系統裝置電腦可協助您自動匯入貴組織的私人根憑證鏈。Domain-joining the Skype Room System appliance PC helps in importing your organization's private root certificate chain automatically.

  • [網域-加入 Skype 會議室系統裝置電腦] 可讓您授與網域使用者和群組的管理許可權。Domain-joining the Skype Room System appliance PC enables you to grant domain users and groups administrative rights. 如此一來,您就不需要記住本機電腦層級的系統管理員帳戶密碼。By doing so, you will not have to remember the local machine level administrator account password.

  • 當您將 Skype 會議室系統裝置電腦加入網域時,必須建立個別的組織單位(OU),這樣您才能將群組原則物件(GPO)排除專案提供給所有 Skype 會議室系統電腦物件所在的 OU。When you join an Skype Room System appliance PC to the domain, it is required that you create a separate Organizational Unit (OU), so that you can provide Group Policy Object (GPO) exclusions to the OU where all the Skype Room System machine objects reside. 當您這麼做時,請先在 OU 中建立電腦物件,然後再將 Skype 會議室系統裝置電腦加入網域。When you do this, create machine objects in the OU before joining the Skype Room System appliance PC to the domain.

  • 許多組織都有下列 Gpo,這些 Gpo 會影響 Skype 室系統裝置的電腦功能。Many organizations have the following GPOs, which affect Skype Room System appliance PC functions. 請確定您覆寫或封鎖 Skype 會議室系統 OU 中這些 Gpo 的繼承:Ensure that you override or block the inheritance of these GPOs in the Skype Room System OU:

    • 登入會話超時(自動封鎖)Timeout of logon sessions (auto lockout)
    • 與電源管理相關的原則Power management related policies
    • 需要其他驗證步驟Requiring additional authentication steps
    • 拒絕存取本機磁片磁碟機Denying access to local drives
    • 提示使用者進行緩慢的網路連線Prompting users for slow network connections
    • 在登入時啟動特定程式Start a certain program at logon
    • 在所有加入網域的電腦上建立另一個網域使用者帳戶。Create another domain user account on all domain-joined machines.
    • 將 Windows 更新推送至 Skype 會議室系統Push Windows Update to Skype Room System
  • 或者,您也可以決定將裝置電腦留在工作組中。Alternatively, you might decide to leave the appliance PC in the workgroup. 與桌面 Microsoft 團隊或商務用 Skype 用戶端一樣,這需要您手動匯入 Skype 會議室 System 裝置電腦上的根憑證鏈。As with the desktop Microsoft Teams or Skype for Business client, this requires you to manually import the root certificate chain on the Skype Room System appliance PC. 如果您的部署是使用公用憑證(例如 Entrust、VeriSign 等),就不需要匯入根憑證鏈。You're not required to import the root certificate chain if your deployment is using a public certificate (for example, Entrust, VeriSign, and so on).

如果您打算將 Skype 會議室系統電腦加入網域,以避免將 Skype 會議室系統電腦不小心加入非預期的 OU (可能無法從 Gpo 中移除),請確認您加入正確的 OU。If you plan to join Skype Room System machines to the domain, to avoid joining Skype Room System machine inadvertently to an unintended OU, which may not be free from GPOs, please ensure you join the correct OU. 您可以使用來自 Skype 聊天室系統電腦的下列 Cmdlet,在正確的 OU 中加入,且不會收到可能會封鎖 LRS 功能的 Gpo。You can use the following cmdlet from the Skype Room System machine to join in the correct OU and does not receive GPOs that might block LRS functionality. 請與您的系統管理員或 OEM 合作夥伴,以執行這些 Cmdlet:Contact your system administrator or OEM partner to run these cmdlet:

$username = "contso.local\LRS01"
$password = ConvertTo-SecureString "password123" -AsPlainText -Force
$myCred = New-Object System.Management.Automation.PSCredential $username, $password
Add-Computer -DomainName contoso.local -Credential $mycred -OUPath "OU=LyncRoomSystem,OU=Resources,DC=CONTOSO,DC=LOCAL"

即使您建立個別的 OU 和封鎖繼承,仍有一些原則可能會造成較高層面的問題。Even if you create a separate OU and block inheritance, there are some policies which could cause issues at a higher level. 沒有 [覆寫] 設定的群組原則會使用 [封鎖原則繼承] 設定來擊敗 OU。A Group Policy with No Override setting beats an OU with a Block Policy Inheritance setting. 如需詳細資訊,請參閱在群組原則檔中與封鎖原則繼承一文中的「不改寫」。For more information, see the article No Override as Compared to Block Policy Inheritance in the Group Policy documentation.

您可能有多種方法可以解決這些問題。You may have multiple approaches to solving these problems. 我們建議您與 Active Directory 專家協商,以確保您有提供適當 GPO 設定的 OU,或至少有先前描述之原則不存在的 OU。We advise you to consult with your Active Directory experts to ensure you are provided with an OU that has appropriate GPO settings, or at least an OU in which the previously described policies do not exist. 建議啟用 Skype 會議室系統裝置的服務品質(QoS)。It is advised to enable Quality of Service (QoS) for Skype Room System devices.

裝置組態:建立新的或編輯現有組態Device Configuration: Create New or Edit Existing

管理服務品質Managing Quality of Service