If you have a shared Sametime server installation where multiple groups of people are using the server, you may not want all users being able to see all users. As the Sametime Directory service runs with administrator rights, all users can see all users regardless of ACL. As Sametime must be able to "see" all users to authenticate them, locking Sametime out is not a viable solution.
The simple solution/workaround is to disable Directory Services so that the Sametime server never builds the list of users..
Note: This means no one, not even administrators can browse for users within Sametime.