Creating a GPO to automatically add the TrustModelData registry key for Lync 2010 clients

Those who may be familiar with the following KB explaining why having a SIP domain for Lync that is different than the internal domain FQDN would present the user with the following message upon logging into their Lync 2010 client:

"Lync cannot verify that the server is trusted for your sign-in address." message when you sign in to Lync 2010 by authenticating to Lync Online
http://support.microsoft.com/kb/2531068

… would know that adding a registry key to the user’s local workstation or laptop can quickly fix the issue.  I recently ran into this issue again at a client and because it isn’t practical to manually add this key into every desktop, I opted to create a GPO using Group Policy Preferences to add the key.  While creating the GPO isn’t difficult, I thought I’d write this post just so I had something to refer to in the future.

Begin by creating a new GPO applied to an OU containing the user accounts (we’re applying a registry key to the HKEY_CURRENT_Users):

Give the policy a meaningful name:

Navigate to User Configuration –> Preferences –> Windows Settings –> Registry:

Right click on the Registry node and select New –> Registry Item:

Proceed with filling in the fields:

Action:  Create

Hive:  HKEY_CURRENT_USER

Key Path:  Software\Microsoft\Communicator

Value Name:  TrustModelData

Value type:  REG_SZ

Value data:  lync.com, outlook.com, lync.glbdns.microsoft.com, microsoftonline.com, <additionalFQDN>

Once the registry is created, proceed to logging on a workstation, execute a GPUpdate, log off and on then check to ensure that the key is automatically created in HKEY_CURRENT_USER\Software\Microsoft\Communicator: