Out in the wild, there are two types of servers: Public servers and private servers. If you are running a private server chances are you wish to somehow restrict people from joining your server. There are multiple ways to do it depending on how much you want to control who joins your server:
Unpublished Server
Just by not publishing your servers IP/Port publicly (and by making sure it is not listed on the official TS3 server web list) you can eliminate a lot of unwanted visitors. Just give out the IP+Port to anyone you wish to join. Depending on how public the IP is technically savvy users can scan for open ports and find your server anyhow, so this method of restriction is really not very strong, but enough for some.
Servers with Password
By editing a virtual server (just connect with the client, right click on the server name and select "Edit Virtual Server") you can set a global server password which is required by all clients to connect. The only exception are users that have the permission b_virtualserver_join_ignore_password, which by default are only server admins. Tell this password only to users you wish to join your server. This is the most common way to restrict server access, but still it doesn't give you full control: Any of the people you invite to your server can invite anybody else (he knows the password now after all). Also there is no way to revoke the privilege to join the server (once he knows the password, he knows the password).
Invite only servers
For those scenarios where you want total control over who joins your server and also the ability to revoke this privilege the invite only server comes to play. Here is the recipe:
(1) Set some cryptic long server password that you do NOT remember/write down. The result is nobody except users with the privilege b_virtualserver_join_ignore_password can connect.
(2) Create a server group called something like "AllowedUsers" that has b_virtualserver_join_ignore_password set to true (use the Normal or a copy of the Guest group as base to avoid having to put users in multiple server groups). Add all users that should be able to join your server to this group, so they can join without knowing the password that you made sure nobody knows.
(3) If you wish to invite a new user to your server you need to make sure he is added to the "AllowedUsers" during connect, to do this you create a "Privilege key" (old name: token) which grants access to the "AllowedUsers" group. Tell the user his privilege key needs to be added as "One-Time Privilege Key" in Connections->Connect->More for him to be able to join. Alternatively you can give the invited user a direct link that already contains the privilege key so all he has to do is click the link to connect in the right way. The link would look something like this:
(4) To revoke any users privilege to join your server just remove him from the "AllowedUsers" group.Code:ts3server://voice.teamspeak.com?nickname=John&token=eKnFZQ9EK7G7MhtuQB6+N2B1PNZZ6OZL3ycDp2OW/
Note: Instead of using a virtual server password and the b_virtualserver_join_ignore_password permission you could also use a ban that bans all users (name=.*) and the permission b_client_ignore_bans. The advantage of this method is you can write some explanation as ban reason, e.g. "Server is invite only, ask George for details" so users are better informed. The disadvantage of this method is that you can't use the ban system in "regular" ways any more when everybody on your server has the permission to ignore bans. But on an invite only server this might not really matter (you have other, better, ways of ensuring a user cannot ever return).
