So, if you have a Microsoft Teams Room system and have gone into the Windows settings, you might have noticed when you attempted to login that there is an administration account and a Skype account.
The question is, why is there a Skype account and what does it do?
Well let’s start with the architecture of the systems so we can understand why this user is needed and then we can go over some of the reasons why this user is so important.
System Architecture very broad overview
All MTR systems are built on Windows 10 and they are available to login to the administrator account. But as you login you will see a Skype user there as well. To get to the administrator account you will need to choose that account. If you choose the Skype user you will see the MTR application launch automatically and then will need to go back into Windows settings via the MTR app.
Here is the login of an MTR unit where you have 2 users. The default login for admin is “sfb”
The MTR application is a Windows 10 store application that runs on the device by default when the Skype user is run and auto logs in. Therefore there is a very important document from Microsoft that gives proper guidance:
By default, Microsoft Teams Rooms attempts to connect to the Windows Store to get the latest version of Microsoft Teams Rooms software, so the device will require regular internet access. Before contacting Microsoft with support issues, be sure the Microsoft Teams Rooms device is loaded with the latest version of the app.
By default, Microsoft Teams Rooms connects to Windows Update to retrieve operating system and USB peripheral device firmware updates, and installs them outside of configured business hours. You can configure business hours by signing into the administrator account and running the Settings app.
So, here is a description where there is a distinction between the Windows Store update and the Windows update that the administrators need to be aware of. You might have blocked Windows Store updates when you blocked Windows updates and you will need to be aware that both are needed if you decide to use SCCM for your update mechanism.
This is the Windows 10 app from the Windows Store
But because of this architecture, things like antivirus software might not be needed as the Skype user has very limited capabilities and the underlying OS is locked down due to the only need of running the MTR app. You can install applications to run, but be aware that when doing this, neither Microsoft or the MTR partner tests with those applications running and it may interfere with proper operation of the units.
What can go wrong with the Skype user?
It is strongly recommended that you not modify this user even though you are able to see the user in the administrator settings of Windows. The reason why is because this user is locked down so that when it is run many things automatically happen. Things like auto login or others SHOULD NOT be modified by GPO.
This is one of the many reasons when joining a domain you should adhere to the Microsoft guidance found here as many things can affect the Skype user logging in and stating that would normally be pushed with GPO.
Some of the following will effect the Skype user are the following, but you should make sure that your units are free from GPO in the OU they reside to prevent issues with this Skype user.
Many organizations have the following GPOs, which affect Skype Room System appliance PC functions. Ensure that you override or block the inheritance of these GPOs in the Skype Room System OU:
* Timeout of logon sessions (auto lockout)
* Power management related policies
* Requiring additional authentication steps
* Prompting users for slow network connections
* Start a certain program at logon
*Create another domain user account on all domain-joined machines.
*Push Windows Update to Skype Room System
This Skype user is 100% necessary and is there and architect-ed so that this is not your normal Windows 10 PC and is indeed a purpose-built unit to install in your meeting room solutions. These devices are there to run as advanced collaboration solutions on a platform that administrators can trust and know they are built specifically for this solution.
This article is reposted here with the consent of the author. The views and opinions expressed in this article are those of the author and do not necessarily reflect the official policy, position, view, or opinion of Crestron Electronics, Inc., or of any of its employees. Crestron Electronics is not responsible for, and does not verify the accuracy of, any of the information contained in this article.
Author: Jimmy Vaughn