A simple method of locking down a Mumble server is to put a password on the server. That way no one can join the server without a password. This method, while simple to setup, is much more complex to maintain. You have to distribute the password in such a way that only people who are supposed to have it do, and when that password is compromised you have to reset it and go through that whole process again.

An easier, more secure method, is to only allow authenticated/registered users (the @auth group) to be able to speak (or even listen) in your Mumble server. This method requires that you disable self-registration.

How?

  1. First, login to your Mumble server using an account that is allowed to change the ACL on your root channel. This is usually an account which is a member of the @admin group, or the SuperUser account.
  2. Next, right-click on your root channel, then click Edit. This will bring up the Edit Channel dialog.(screenshot)
  3. On the Edit Channel dialog, click on the ACL tab.(screenshot)
  4. Under Active ACLs click on the @auth group in the list to highlight it. On the right under Permissions make sure the following boxes are checked under the Allow column: Speak, Whisper, Text message.(screenshot)
  5. Next, under Active ACLs select the @all group that is below the @auth group (add it if it does not exist). Set the following Deny permissions: Speak, Whisper, Text message. If the Register Self Allow permission is checked, uncheck it.(screenshot)
  6. Finally, make sure the @all group is highlighted, then move it above the @auth group by clicking the Up button.(screenshot)
  7. Click the OK button

This will result in un–registered users being unable to communicate with anyone on your Mumble server. You might want to leave the Whisper or Text message options unchecked in step five if the users have no other way of asking for you to register their account.