Managing Skype in business

Skype means free or cheap calls but it’s based on peer-to-peer file sharing principles. How can you tame consumer VoIP tools for use in a business network?

Telephone calls are expensive, and VoIP solutions have become a popular alternative to the traditional PABX. One of the more popular tools is the eBay-owned Skype, a consumer VoIP service that’s gained sizable market share among business uses.

There’s a lot that’s good about Skype: free PC-to-PC calls, as well as instant messaging, multi-person conference calls and video calling. It also lets your clients call internationally-hosted free phone numbers without incurring international call costs – something that can get pricey when it’s a US 1-800 number for sales information or the audio channel to a webinar or a WebEx conference. But there are also plenty of issues with Skype, as you also get the problem of managing a large number of individual accounts and dealing with the bandwidth requirements of Skype’s unique directory service.

The Skype Business control panel gives you the tools to manage an entire company
The Skype Business control panel gives you the tools to manage an entire company
Like any other business software, Skype installs need to be carefully managed. It may be all right for users to install it on their home PCs themselves for talking to friends and family, but it’s not something that should go straight onto a business PC. That’s why Skype now provides a business-friendly MSI-based installer, so you can manage installs through Microsoft System Center or any other software deployment tool. But there’s more to managing Skype than controlling what software is on a business PC.

Unlike many other VoIP services, Skype doesn’t use a centralised directory service. Built on techniques developed for P2P file sharing, Skype uses a distributed directory that shares its details across the millions
of PCs currently connected to the network. While that sounds innocuous, there’s a problem for networks connected to high-bandwidth connections, as Skype’s directory needs supernodes to direct Skype-to-Skype calls between users behind NAT connections. Skype supernodes don’t only just manage directory lookups, they also proxy voice calls and file transfers. If your clients have plenty of bandwidth there’s a risk that any Skype clients on their network can become a supernode, affecting network performance and using up the business’s bandwidth allocation very quickly.

The set of Active Directory Group Policies you can use to control instances of Skype on a network you manage don’t allow you to disable Skype, but they allow you to control many of Skype’s key features, from locking down the ports used to connect to the Skype network, to controlling how copies check for updates, and disabling third-party add-ons by limiting access to the Skype API. One of the more useful features prevents all the copies of Skype on a network you manage from becoming supernodes.

The ADM template files are on the Skype Web site at (there’s a PDF guide to using them at You can use them with any Active Directory management tool to build and manage the GPOs you need, so you can assign appropriate policies to individuals, groups or roles within an AD.


These are the key policies to use to keep Skype under control on your clients’ networks:
Setting this policy prevents users from using Skype’s built-in file transfer tools. This closes a possible channel for unauthorised file transfers.

Skype’s API allows third-party applications to link into Skype (and Skype to link out into other desktop tools). Disabling this minimises security risks, reducing the risk of Skype acting as a malware vector. It also prevents unauthorised call recording, as well as blocking Skype’s access to Outlook and other productivity tools.

Locking Skype down to use specific ports can help with network management and security. Use this policy to set the listening port, where Skype listens for connections. Other related policies allow you to control the HTTP ports used, as well as preventing UDP connections.

Use this policy to prevent all the copies of the Skype client on your clients’ networks from becoming supernodes, keeping bandwidth usage to a minimum.

Skype will normally check automatically for new versions. This GPO prevents them from doing so, making sure that your clients’ installations are all the same version – making it easier to support and manage. You can use the MSI installer to roll out new versions as and when needed.

There’s another side to managing Skype: paying for it. The standard model for working with Skype is for each user to individually buy credit that can be used for calls. Skype now offers a Business control panel which can be used to manage all the users at a single company. You can use it to assign credit to individual accounts, and also get details of what calls have been made and what text messages users have sent.  Accounts can be given quotas to keep spending under control. The control panel will also help you manage any numbers associated with a business Skype account, assigning dial-in numbers to individual Skype users and moving them between accounts as and when required.


Show other articles by this author

Share |
Write comment
security image
smaller | bigger



Subscribe and get the magazine in the post before it's online

Subscribe and get access to all of the back issues

To read a sample eMagazine - March 2010



If Autoruns, Processor Explorer, FileMon, RegMon and the other SysInternals tools aren't already in your arsenal, then you need to take a look at the instructions for these invaluable free utilities on the Sysinternals site. If you already know, love and tote them around on a USB stick, memorise instead; this hosts the full set of tools as EXEs files, complete with help files, so you can run them from any machine you need to work on without needing to install them or even unpack a ZIP file. read more


Unified communications


The #1 Bestseller for Only 77p

Key resources

Login to view Key Resources