Home » Archive » Skype for Business Prevent Automatic Client Sign in on Common Area Computers

Skype for Business Prevent Automatic Client Sign in on Common Area Computers

I came across an interesting scenario today where there was a requirement to prevent the Skype for Business client from automatically signing back in using the previous credentials entered. For computers that are used in public or common areas, users who use the Skype for Business client application for conferences etc would have to manually sign out of the client and delete their sign in information in order for the next user to use the device using their own credentials.

An interesting “feature” of the Skype for Business application is that even if you click “Delete my Sign-In Info” link it doesn’t actually prevent Skype for Business attempting to sign back in on next logon with the previous credentials, especially if the previous user has ticked the “Remember Password” option.

Looking into the workload for the client I decided to take a registry snapshot before and after the “Delete my sign-in info” link was clicked. Comparing the registry between before and after displayed 94 entries that had been deleted or modified in some way.

Interestingly, although when delete my sign in info was executed the default sign in address was still the previous user.

Looking closer at the problem, I discovered that in addition to the registry, the default sign in address is picked up from a file called AccountProfiles.dat, which is located in %APPDATA%\Microsoft\Office\15.0\Lync\. The workload suggests that the Skype for Business client first interrogates this file for the default user sign in information before looking at the registry. Therefore simply deleting this file is not sufficient to prevent automatic sign in and you must remove / edit the registry entries too.

To make editing the registry a little easier, I decided I would export the entire Lync key from HKCU\Software\Microsoft\Office\15.0\ in its clean state with no user accounts created and store this as a .reg file. This I could use as a clean reference point for the registry and make editing a lot simpler and without the need for complex scripting.

Using this clean registry key I could now combine what I needed to make this happen. In essence the following logical steps are required to ensure the solution works

  1. Close the Skype for Business Client Application
  2. Delete the registry key HKCU\Software\Microsoft\Office\15.0\Lync
  3. Delete the folder in %USERPROFILE%\APPDATA\Roaming\ Microsoft\Office\15.0\Lync\
  4. Delete the folder in %USERPROFILE%\APPDATA\LocalAppData\ Microsoft\Office\15.0\Lync\ ** Not necessary for the process, but for absolute device cleaning purposes only
  5. Import the clean registry key exported before first user sign in
  6. Re-open Skype for Business Client Application

This process does not require log-off or a system reboot as we are editing the current user registry hive.

In order to automate this process I have created a batch script that can be run as a scheduled task or as a log off script in order to complete the above process as below:

:: Script to delete sign in information of Skype for Business User and prevent auto sign back in
taskkill /f /fi "imagename eq lync.exe"
reg delete "HKCU\Software\Microsoft\Office\15.0\Lync" /f
rmdir "%AppData%\Microsoft\Office\15.0\Lync\" /q /s
rmdir "%LocalAppData%\Microsoft\Office\15.0\Lync" /q /s
reg import "C:\lync-clean.reg"

I have also exported the cleaned version of the registry key that can be used on any machine running Skype for Business or Lync 2013 client together with the batch script available for download on my OneDrive here: http://1drv.ms/1CgwEng

(Filename: Lync-Clean.zip)

If you use User Account Control privileges you will need to run this script / scheduled task with elevated permissions.

Below are a couple of screen shots that show the process in action

Before – Launching the Skype for Business Application would display the previous sign in address and attempt to sign in automatically

After – Script has been executed and the sign in address is back to default




  1. I want to do the opposite of this. I need to force all my users to sign into SFB as soon as they have logged into their computers. Is there a method for achieving this?

    • Ensure you have auto sign in support e.g sip address equals user principal name and sip srv records. Then put shortcut to client in startup folder

  2. Mark, I tried to download the registry key but I couldn’t. Could you upload again the file to OneDrive? Thank you for your help.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: