SHOW101  Using IBM® Lotus Domino® 8.5.x Policies to Manage Your Clients   Darren Duke  |   Technical Lead | Simplified Tec...
Agenda <ul><li>Who is this dude and what will I learn?
Section 1 – A complete example, start to finish
Section 2 – Advanced policy and setting options
Section 3 – Other Lotus Notes policy settings
Section 4 – When it all goes wrong
Session wrap up
Q & A </li></ul>
Who is this dude? <ul><li>Darren Duke </li><ul><ul><li>Technical lead and founder of Simplified Technology Solutions, Inc....
From Atlanta, GA (despite the accent – originally from Hartlepool in the UK)
Been “involved” with IBM® Lotus Notes® and Domino since R3
All I do is Lotus portfolio related </li></ul></ul><li>Podcasts, blogs, websites, etc </li><ul><ul><li>http://blog.darrend...
http://www.TipsInTwo.com
http://www.simplified-tech.com
http://www.planetlotus.org
http://www.ThisWeekInLotus.com
“ Experience is then name one gives to their mistakes” – Oscar Wilde </li></ul></ul></ul>
Where did the idea for this session come from? <ul><li>During audits, heath checks, upgrades and training, it became appar...
Don't recognize the benefits of policies
Haven't looked at policies since R6.x
Find policies confusing </li></ul></ul><li>Or even worse.... </li><ul><ul><li>Have never used policies. Shock. Horror. *cu...
Enhance your end users' Lotus Notes experience
Make  your life easier !
Spend more time on the beach/playing Call of Duty/singing in Kimonos/learning Websphere/getting more golden eggs on Angry ...
What will I learn? There's a policy for that! <ul><li>Just like the iPhone.... </li><ul><ul><li>Need to find a clean publi...
Need to get lost in downtown Chattanooga looking for a restaurant? There's an app for that! </li></ul></ul><li>The same is...
Need to add icons to a users bookmark bar? There's a policy for that!
Need to enforce spell check and blank subject lines? There's a policy for that! </li></ul></ul><li>With policies </li><ul>...
Change settings at a moment's notice
Look like a rock star and get a pay raise*
Accomplish tasks faster and more efficiently
Increase your skill set and show the AD folks that, “yes, we have them  too” </li><ul><li>*sorry, we can only guarantee th...
Two sessions in one! <ul><li>Well, not quite, but close
First half of this session will cover an example policy, and the common settings you may wish to apply, from start to finish
Second half will cover advanced policy topics, such an enforcement, inheritance and dynamic policies
RGE = Resume Generating Event </li></ul>
Agenda <ul><li>Who is this dude and what will I learn?
Section 1 – A complete example, start to finish
Section 2 – Advanced policy and setting options
Section 3 – Other Lotus Notes policy settings
Section 4 – When it all goes wrong
Session wrap up
Q & A </li></ul>
Section 1 – An Example Policy <ul><li>First, we will create a registration policy that will automatically populate all the...
Next, we will create a series of policy settings documents to make the end user experience with Lotus Notes much better
Then, we will create an organization policy and assign the settings. This policy will be pushed out to all users within th...
Finally, we will create an additional policy for laptop users so that </li><ul><ul><li>Inheritance will be used to reduce ...
Their passwords are more complex </li></ul></ul></ul>
In the beginning.... <ul><li>When a Domino server is first installed... </li><ul><ul><li>All settings are set to their def...
No policies exist
You maybe overwhelmed with the possible permutations and options
Some default settings are just plain silly </li></ul></ul><li>So, we will take the blank canvas that is the default/initia...
Create an organizational policy for a series of commonly enabled settings </li><ul><li>To make your life easier
To make the end users' experience much, much better  </li></ul></ul></ul></ul>
Example Policy <ul><li>Registration Settings
Desktop Settings
Mail Settings
Security Settings
Additional Policy for Laptop Users </li></ul>
Policy Settings - Registration <ul><li>Allows you to set common options used while registering a new user within Domino
Will significantly reduce  the time you spend registering new users
Standardize common options across new users </li><ul><ul><li>Internet domain
Email address format (darren_duke, darren.duke, dduke)
Quotas and warnings </li></ul></ul></ul>
Registration Example <ul><li>Create a policy to register a new user and create a mail file in a clustered environment
This will allow us to register a new user by entering just 3 pieces of information </li><ul><ul><li>First name
Last name
Password </li></ul></ul><li>Other, “common to all new users” settings will be automatically populated by the policy </li><...
Password quality
Internet address
Mail server, file and address attributes
Certifier and user ID file information </li></ul></ul></ul>
Registration creation <ul><li>Create a new registration settings document </li><ul><ul><li>Open the Domino Directory
Open the Configuration, Policies, Settings view from the navigator
In the Add Settings action, select Registration </li></ul></ul></ul>
Registration creation - Basics <ul><ul><li>Populate some meaningful name and description
Choose a registration server
Set the internet password </li></ul></ul>
Registration creation – Mail 1 <ul><ul><li>Populate mail system </li><ul><li>Lotus Notes, right? </li></ul><li>Choose the ...
Set the mail template for the new mail file
Decide how the mail file should be created
Enter the organization's internet domain to be used in the SMTP email address
Create an internet address format </li><ul><li>darren.duke
dduke
darren_duke </li></ul></ul></ul>
Registration creation – Mail 2 <ul><ul><li>We have a clustered environment, so we will select to create a replica of the m...
Select the ACL level for the new mail file owner </li><ul><li>Set this to Editor </li></ul><li>Enter a manager if you need...
We choose to create a FTI
A quota of 2GB is set
A warning of 2,000MB is set </li></ul></ul>
Registration creation – ID/Certifier <ul><ul><li>Check t he box to create a Notes ID
We're going to  up the key and width to 2048 bits and 128 bits respectively
Set the expire date to 48 months out </li><ul><li>This will be 48 months from when you actually register a new user, not t...
8.5 client </li></ul></ul></ul></ul>
Registration creation – Miscellaneous <ul><ul><li>Add any groups than will have the new user added
Setting is complete so click Save and Close </li></ul></ul>
Create the Registration policy and add the setting <ul><li>Now we'll create a new policy and assign this new setting to it
In the Domino Directory, navigate to Configuration/Policies and click the Add Policy action </li></ul>
Registration policy – add the settings <ul><ul><li>Add a policy name, make it meaningful
Type is explicit
Add an optional category
Select our new registration settings document from the drop down in the Registration Setting Type field
Save and close </li></ul></ul>
Registration policy – time to test! <ul><li>Remember, the goal is to only enter 3 fields in order to get a new user regist...
Open up Domino Administrator and register a new user as you normally would
Enter the certifier ID and password </li></ul>
Registration policy – time to test! <ul><li>On the basics tab, select the new explicit policy we just created from the dro...
Registration policy – time to test! <ul><li>Fill in the following: </li><ul><ul><li>First name
Last name
Password </li></ul></ul><li>Yes, that is it </li><ul><ul><li>All the settings from the “LS 10 New User on Hosted” are appl...
To check this..... </li></ul></ul></ul>
Registration policy – success!!! <ul><li>Check the Advanced check box </li><ul><ul><li>Check some other random tabs
In this case Mail </li><ul><li>All the settings are populated! </li></ul></ul></ul><li>And then bask in the time you saved
Remember to keep your policy updated </li><ul><ul><li>When the mail template is updated
If you need extra mail file replicas </li></ul></ul></ul>
Example Policy <ul><li>Registration Settings
Desktop Settings
Mail Settings
Security Settings
Additional Policy for Laptop Users </li></ul>
Desktop settings for end users <ul><li>Some really useful settings are not enabled by default
We will add this new setting to an existing organizational policy to apply these useful settings
Again, we need a desktop settings document and a policy document </li></ul>
Desktop settings creation <ul><li>Create a new registration settings document </li><ul><ul><li>Open the Domino Directory
Open the Configuration, Policies, Settings view from the navigator
In the Add Settings action, select Desktop </li></ul></ul></ul>
Desktop - Basics <ul><li>Select Enable “Synchronize Contacts” on the replicator tab </li><ul><ul><li>New in 8.5.1 (thanks,...
Can cause some confusion for users </li></ul></ul></ul>
Desktop – Basics – Recent Contacts <ul><li>A new feature in 8.0 and being improved upon with each release
Adds recipients and senders to a users local address book
There are more options in the Notes client than are in the  policy and appear to have no published Notes.ini setting
You may want to exclude addresses </li><ul><li>Notes.ini DPABRemoveRule
DPABRemoveRule=foobar,bar </li></ul></ul>
Desktop – Mail 1 <ul><ul><li>Local mail file </li><ul><li>Managed replicas are new in 8.5.2 and offer  full  control over ...
Desktop – Mail 2 <ul><ul><li>Client Settings </li><ul><li>Used to determine what a managed replica will pull down
Silently fail over to another cluster server (now with Collab Express too)
Also auto upgrade local NSF files to latest ODS </li><ul><li>Useful for DAOS with local mail.box </li></ul></ul></ul></ul>
Desktop – PreferencesBasics <ul><ul><li>Enable autosave
Autosave every N
Lock ID </li></ul></ul>
Desktop – PreferencesMisc 1 <ul><ul><li>Enable right-double click
Process print in background
Retain view column sorting
Enable MS Office SendTo </li></ul></ul>
Desktop – PreferencesMisc 2 <ul><ul><li>Enable Compress images pasted into documents
Enable Drag and Drop save as EML (new in 8.5.2) </li></ul></ul>
Upcoming SlideShare
Loading in …5
×

LS11 Show101

4,325 views

Published on

Using 8.x policies to manage your Lotus Notes clients presentation from Lotusphere 2011.

Published in: Technology, Business
  • Be the first to comment

LS11 Show101

  1. 1. SHOW101 Using IBM® Lotus Domino® 8.5.x Policies to Manage Your Clients Darren Duke | Technical Lead | Simplified Technology Solutions, Inc. (STS)
  2. 2. Agenda <ul><li>Who is this dude and what will I learn?
  3. 3. Section 1 – A complete example, start to finish
  4. 4. Section 2 – Advanced policy and setting options
  5. 5. Section 3 – Other Lotus Notes policy settings
  6. 6. Section 4 – When it all goes wrong
  7. 7. Session wrap up
  8. 8. Q & A </li></ul>
  9. 9. Who is this dude? <ul><li>Darren Duke </li><ul><ul><li>Technical lead and founder of Simplified Technology Solutions, Inc. (STS)
  10. 10. From Atlanta, GA (despite the accent – originally from Hartlepool in the UK)
  11. 11. Been “involved” with IBM® Lotus Notes® and Domino since R3
  12. 12. All I do is Lotus portfolio related </li></ul></ul><li>Podcasts, blogs, websites, etc </li><ul><ul><li>http://blog.darrenduke.net
  13. 13. http://www.TipsInTwo.com
  14. 14. http://www.simplified-tech.com
  15. 15. http://www.planetlotus.org
  16. 16. http://www.ThisWeekInLotus.com
  17. 17. “ Experience is then name one gives to their mistakes” – Oscar Wilde </li></ul></ul></ul>
  18. 18. Where did the idea for this session come from? <ul><li>During audits, heath checks, upgrades and training, it became apparent that some Domino customers.... </li><ul><ul><li>Under-utilize policies
  19. 19. Don't recognize the benefits of policies
  20. 20. Haven't looked at policies since R6.x
  21. 21. Find policies confusing </li></ul></ul><li>Or even worse.... </li><ul><ul><li>Have never used policies. Shock. Horror. *cue scary music!* </li></ul></ul><li>So, this session was created to help you, the Super.Human.Admin to </li><ul><ul><li>Better manage you Domino environment
  22. 22. Enhance your end users' Lotus Notes experience
  23. 23. Make your life easier !
  24. 24. Spend more time on the beach/playing Call of Duty/singing in Kimonos/learning Websphere/getting more golden eggs on Angry Birds </li></ul></ul></ul>
  25. 25. What will I learn? There's a policy for that! <ul><li>Just like the iPhone.... </li><ul><ul><li>Need to find a clean public toilet? There's an app for that! (no, seriously, there is!)
  26. 26. Need to get lost in downtown Chattanooga looking for a restaurant? There's an app for that! </li></ul></ul><li>The same is true for Notes.... </li><ul><ul><li>Need to set password complexity rules? There's a policy for that!
  27. 27. Need to add icons to a users bookmark bar? There's a policy for that!
  28. 28. Need to enforce spell check and blank subject lines? There's a policy for that! </li></ul></ul><li>With policies </li><ul><ul><li>You can make your Domino admin life a whole lot easier
  29. 29. Change settings at a moment's notice
  30. 30. Look like a rock star and get a pay raise*
  31. 31. Accomplish tasks faster and more efficiently
  32. 32. Increase your skill set and show the AD folks that, “yes, we have them too” </li><ul><li>*sorry, we can only guarantee that you will deserve a raise, not that you will get one. </li></ul></ul></ul></ul>
  33. 33. Two sessions in one! <ul><li>Well, not quite, but close
  34. 34. First half of this session will cover an example policy, and the common settings you may wish to apply, from start to finish
  35. 35. Second half will cover advanced policy topics, such an enforcement, inheritance and dynamic policies
  36. 36. RGE = Resume Generating Event </li></ul>
  37. 37. Agenda <ul><li>Who is this dude and what will I learn?
  38. 38. Section 1 – A complete example, start to finish
  39. 39. Section 2 – Advanced policy and setting options
  40. 40. Section 3 – Other Lotus Notes policy settings
  41. 41. Section 4 – When it all goes wrong
  42. 42. Session wrap up
  43. 43. Q & A </li></ul>
  44. 44. Section 1 – An Example Policy <ul><li>First, we will create a registration policy that will automatically populate all the common settings an administrator would enter when registering new users
  45. 45. Next, we will create a series of policy settings documents to make the end user experience with Lotus Notes much better
  46. 46. Then, we will create an organization policy and assign the settings. This policy will be pushed out to all users within the organization
  47. 47. Finally, we will create an additional policy for laptop users so that </li><ul><ul><li>Inheritance will be used to reduce the number of setting we have to manage
  48. 48. Their passwords are more complex </li></ul></ul></ul>
  49. 49. In the beginning.... <ul><li>When a Domino server is first installed... </li><ul><ul><li>All settings are set to their default configuration
  50. 50. No policies exist
  51. 51. You maybe overwhelmed with the possible permutations and options
  52. 52. Some default settings are just plain silly </li></ul></ul><li>So, we will take the blank canvas that is the default/initial state and </li><ul><ul><li>Create a registration policy to allow a new user to be added by populating only 3 items of information
  53. 53. Create an organizational policy for a series of commonly enabled settings </li><ul><li>To make your life easier
  54. 54. To make the end users' experience much, much better </li></ul></ul></ul></ul>
  55. 55. Example Policy <ul><li>Registration Settings
  56. 56. Desktop Settings
  57. 57. Mail Settings
  58. 58. Security Settings
  59. 59. Additional Policy for Laptop Users </li></ul>
  60. 60. Policy Settings - Registration <ul><li>Allows you to set common options used while registering a new user within Domino
  61. 61. Will significantly reduce the time you spend registering new users
  62. 62. Standardize common options across new users </li><ul><ul><li>Internet domain
  63. 63. Email address format (darren_duke, darren.duke, dduke)
  64. 64. Quotas and warnings </li></ul></ul></ul>
  65. 65. Registration Example <ul><li>Create a policy to register a new user and create a mail file in a clustered environment
  66. 66. This will allow us to register a new user by entering just 3 pieces of information </li><ul><ul><li>First name
  67. 67. Last name
  68. 68. Password </li></ul></ul><li>Other, “common to all new users” settings will be automatically populated by the policy </li><ul><ul><li>Registration server
  69. 69. Password quality
  70. 70. Internet address
  71. 71. Mail server, file and address attributes
  72. 72. Certifier and user ID file information </li></ul></ul></ul>
  73. 73. Registration creation <ul><li>Create a new registration settings document </li><ul><ul><li>Open the Domino Directory
  74. 74. Open the Configuration, Policies, Settings view from the navigator
  75. 75. In the Add Settings action, select Registration </li></ul></ul></ul>
  76. 76. Registration creation - Basics <ul><ul><li>Populate some meaningful name and description
  77. 77. Choose a registration server
  78. 78. Set the internet password </li></ul></ul>
  79. 79. Registration creation – Mail 1 <ul><ul><li>Populate mail system </li><ul><li>Lotus Notes, right? </li></ul><li>Choose the (home) mail server
  80. 80. Set the mail template for the new mail file
  81. 81. Decide how the mail file should be created
  82. 82. Enter the organization's internet domain to be used in the SMTP email address
  83. 83. Create an internet address format </li><ul><li>darren.duke
  84. 84. dduke
  85. 85. darren_duke </li></ul></ul></ul>
  86. 86. Registration creation – Mail 2 <ul><ul><li>We have a clustered environment, so we will select to create a replica of the mail file on a cluster mate
  87. 87. Select the ACL level for the new mail file owner </li><ul><li>Set this to Editor </li></ul><li>Enter a manager if you need one
  88. 88. We choose to create a FTI
  89. 89. A quota of 2GB is set
  90. 90. A warning of 2,000MB is set </li></ul></ul>
  91. 91. Registration creation – ID/Certifier <ul><ul><li>Check t he box to create a Notes ID
  92. 92. We're going to up the key and width to 2048 bits and 128 bits respectively
  93. 93. Set the expire date to 48 months out </li><ul><li>This will be 48 months from when you actually register a new user, not today </li></ul><li>Notice no ID storage is selected </li><ul><li>We'll use ID Vault for this </li><ul><li>8.5 server
  94. 94. 8.5 client </li></ul></ul></ul></ul>
  95. 95. Registration creation – Miscellaneous <ul><ul><li>Add any groups than will have the new user added
  96. 96. Setting is complete so click Save and Close </li></ul></ul>
  97. 97. Create the Registration policy and add the setting <ul><li>Now we'll create a new policy and assign this new setting to it
  98. 98. In the Domino Directory, navigate to Configuration/Policies and click the Add Policy action </li></ul>
  99. 99. Registration policy – add the settings <ul><ul><li>Add a policy name, make it meaningful
  100. 100. Type is explicit
  101. 101. Add an optional category
  102. 102. Select our new registration settings document from the drop down in the Registration Setting Type field
  103. 103. Save and close </li></ul></ul>
  104. 104. Registration policy – time to test! <ul><li>Remember, the goal is to only enter 3 fields in order to get a new user registered
  105. 105. Open up Domino Administrator and register a new user as you normally would
  106. 106. Enter the certifier ID and password </li></ul>
  107. 107. Registration policy – time to test! <ul><li>On the basics tab, select the new explicit policy we just created from the drop down list </li></ul>
  108. 108. Registration policy – time to test! <ul><li>Fill in the following: </li><ul><ul><li>First name
  109. 109. Last name
  110. 110. Password </li></ul></ul><li>Yes, that is it </li><ul><ul><li>All the settings from the “LS 10 New User on Hosted” are applied
  111. 111. To check this..... </li></ul></ul></ul>
  112. 112. Registration policy – success!!! <ul><li>Check the Advanced check box </li><ul><ul><li>Check some other random tabs
  113. 113. In this case Mail </li><ul><li>All the settings are populated! </li></ul></ul></ul><li>And then bask in the time you saved
  114. 114. Remember to keep your policy updated </li><ul><ul><li>When the mail template is updated
  115. 115. If you need extra mail file replicas </li></ul></ul></ul>
  116. 116. Example Policy <ul><li>Registration Settings
  117. 117. Desktop Settings
  118. 118. Mail Settings
  119. 119. Security Settings
  120. 120. Additional Policy for Laptop Users </li></ul>
  121. 121. Desktop settings for end users <ul><li>Some really useful settings are not enabled by default
  122. 122. We will add this new setting to an existing organizational policy to apply these useful settings
  123. 123. Again, we need a desktop settings document and a policy document </li></ul>
  124. 124. Desktop settings creation <ul><li>Create a new registration settings document </li><ul><ul><li>Open the Domino Directory
  125. 125. Open the Configuration, Policies, Settings view from the navigator
  126. 126. In the Add Settings action, select Desktop </li></ul></ul></ul>
  127. 127. Desktop - Basics <ul><li>Select Enable “Synchronize Contacts” on the replicator tab </li><ul><ul><li>New in 8.5.1 (thanks, Mary Beth!) </li></ul></ul><li>Optional – select “Do not auto add names to Recent Contacts” </li><ul><ul><li>New in 8.5.2
  128. 128. Can cause some confusion for users </li></ul></ul></ul>
  129. 129. Desktop – Basics – Recent Contacts <ul><li>A new feature in 8.0 and being improved upon with each release
  130. 130. Adds recipients and senders to a users local address book
  131. 131. There are more options in the Notes client than are in the policy and appear to have no published Notes.ini setting
  132. 132. You may want to exclude addresses </li><ul><li>Notes.ini DPABRemoveRule
  133. 133. DPABRemoveRule=foobar,bar </li></ul></ul>
  134. 134. Desktop – Mail 1 <ul><ul><li>Local mail file </li><ul><li>Managed replicas are new in 8.5.2 and offer full control over local mail replicas -covered a little later </li></ul></ul></ul>
  135. 135. Desktop – Mail 2 <ul><ul><li>Client Settings </li><ul><li>Used to determine what a managed replica will pull down
  136. 136. Silently fail over to another cluster server (now with Collab Express too)
  137. 137. Also auto upgrade local NSF files to latest ODS </li><ul><li>Useful for DAOS with local mail.box </li></ul></ul></ul></ul>
  138. 138. Desktop – PreferencesBasics <ul><ul><li>Enable autosave
  139. 139. Autosave every N
  140. 140. Lock ID </li></ul></ul>
  141. 141. Desktop – PreferencesMisc 1 <ul><ul><li>Enable right-double click
  142. 142. Process print in background
  143. 143. Retain view column sorting
  144. 144. Enable MS Office SendTo </li></ul></ul>
  145. 145. Desktop – PreferencesMisc 2 <ul><ul><li>Enable Compress images pasted into documents
  146. 146. Enable Drag and Drop save as EML (new in 8.5.2) </li></ul></ul>
  147. 147. Desktop – PreferencesMail <ul><ul><li>Check for new mail
  148. 148. Mail checking interval
  149. 149. Play a sound
  150. 150. Refresh inbox
  151. 151. Show an icon </li></ul></ul>
  152. 152. Desktop – PreferencesNetwork Ports <ul><ul><li>Set the ports you use to compress </li><ul><li>Note, you also have to enable port compression on the server too
  153. 153. Costs CPU (3-5%) but can reduce bandwidth by up to 35% </li></ul></ul></ul>
  154. 154. Desktop – Diagnostic <ul><ul><li>Having a Notes client send in NSD reports can be very helpful for troubleshooting client crashes
  155. 155. (Create and) Select the NSD mail in database </li></ul></ul>
  156. 156. Desktop – Assign it to an organization policy <ul><li>Now we'll create a new policy and assign this new setting to it
  157. 157. In the Domino Directory navigate to Configuration/Policies and click the Add Policy action </li></ul>
  158. 158. Desktop – Assign it to an organization policy <ul><ul><li>Add a policy name - make it meaningful
  159. 159. Type is Organizational
  160. 160. Add an optional category to make it easy to understand
  161. 161. Select our new desktop settings document from the drop down in the Desktop Setting Type field
  162. 162. Save and close </li></ul></ul>
  163. 163. Desktop – Assign it to an organization policy <ul><li>Notes about what we just did </li><ul><ul><li>We can reuse the same organization policy to push out other settings, i.e Mail, Archiving, etc
  164. 164. When a user authenticates with their home server, then new settings will be pushed down to the client and applied if necessary
  165. 165. We set most settings to “Set Initial Value” so that end users can change them if they so wish </li></ul></ul></ul>
  166. 166. Managed Replicas – Overview and Sidebar <ul><ul><li>Requires 8.5.2+ server AND client
  167. 167. Used to fully manage local mail replicas
  168. 168. Allow asynchronous mail send from client
  169. 169. Allows the Notes client to auto replicate is new mail has arrived
  170. 170. Allows auto ODS client upgrades (good for DAOS)
  171. 171. Can control size of local NSF if needed
  172. 172. Can significantly improve the Notes mail user experience </li><ul><li>Remember to Full Text Index via the Desktop Policy/Replication tab </li></ul><li>Excellent video via IdoNotes </li><ul><li>http://www.youtube.com/watch?v=-TrJHtJ9-MU&hd=1 </li></ul><li>Next – Managed Replicas side bar..... </li></ul></ul>
  173. 173. Managed Replicas – Mail Settings <ul><ul><li>Local mail file: </li><ul><li>Create local replica (the old way)
  174. 174. Create managed replica (if one already exists do nothing)
  175. 175. Create managed replica or convert local replica to managed replica
  176. 176. Delete local or managed replica </li></ul><li>A local managed replica is now considered a best practice </li><ul><li>Local replicas were always best practice, just not easy to maintain </li></ul></ul></ul>
  177. 177. Managed Replicas – Mail Settings 2 <ul><ul><li>Mail file location </li><ul><li>On Server
  178. 178. Local
  179. 179. I use “Local” </li></ul><li>Use Local mail.box to send messages </li><ul><li>Allows asynchronous send when using server replica
  180. 180. No more waiting for that large attachment to send
  181. 181. Put “1” so outbound mail is sent immediately
  182. 182. Fill in prior to selecting “Local” in the above field </li></ul></ul></ul>
  183. 183. Managed Replicas – Managed Replica Settings 1 <ul><ul><li>Keep full documents for the most recent x days </li><ul><li>Newly created managed replicas only
  184. 184. Does not affect existing local (managed or not) replicas </li></ul><li>Selective replica </li><ul><li>Makes the managed replica a partial replica
  185. 185. If you do this, train your users on partial replication
  186. 186. If selected “remove documents” option is also shown </li></ul></ul></ul>
  187. 187. Managed Replicas – Managed Replica Settings 2 <ul><ul><li>Amount of free space required before cache is created </li><ul><li>Size in MB that must be free on local workstation before replica is created </li></ul><li>Truncation amounts </li><ul><li>Only applies to documents older than the “Keep full documents for the most recent x” setting
  188. 188. Will pull down specified amounts in KB for each setting </li></ul></ul></ul>
  189. 189. Managed Replicas – Client Settings 1 <ul><ul><li>Auto-retrieve document setting </li><ul><li>Only applies to truncated documents
  190. 190. The client pulls down the data from the server as the message is opened
  191. 191. Enable document without attachment </li><ul><li>Get body only, truncate attachments
  192. 192. Fastest setting </li></ul><li>Enabled document with attachment </li><ul><li>Get body and attachments </li></ul></ul></ul></ul>
  193. 193. Managed Replicas – Client Settings 1 <ul><ul><li>Enable server to poll for new mail and trigger replication </li><ul><li>Allows local replica to replicate automatically as soon as new mail is triggered on the server
  194. 194. Replicates immediately (no waiting on scheduled replication) </li></ul><li>Enable silent failover when server goes down </li><ul><li>If you are on a clustered mail server no more pesky popup boxes asking the user do they want to switch servers
  195. 195. There is a notes.ini setting for releases 8.0+ for this feature </li><ul><li>HidePromptFailoverInc=1 </li></ul></ul></ul></ul>
  196. 196. Managed Replicas – Client Settings 2 <ul><ul><li>Enable upgrade of all local NSFs to latest ODS </li><ul><li>Automates the conversion of all local NSF files, including mail and mail.box
  197. 197. Helps with DAOS and sending “known attachments” to server on reply and forward </li></ul></ul></ul>
  198. 198. The truth about settings – you need more than one <ul><li>“Desktop” is really just one of the trilogy of the settings you want to implement as standard
  199. 199. The others are “Mail” and “Security”
  200. 200. We will now create a mail settings document and assign it to our organizational policy </li></ul>
  201. 201. Example Policy <ul><li>Registration Settings
  202. 202. Desktop Settings
  203. 203. Mail Settings
  204. 204. Security Settings
  205. 205. Additional Policy for Laptop Users </li></ul>
  206. 206. Mail settings for end users <ul><li>Some really useful settings are not enabled by default
  207. 207. We will add this new setting to an existing organizational policy to apply these useful settings
  208. 208. Again, we need a new settings document and an existing policy document </li></ul>
  209. 209. Mail Settings Document <ul><li>Create a new mail settings document </li><ul><ul><li>Open the Domino Directory
  210. 210. Open the Configuration, Policies, Settings view from the navigator
  211. 211. In the Add Settings action, select Mail </li></ul></ul></ul>
  212. 212. Mail Settings - Basics <ul><ul><li>Enter a meaningful name and description </li></ul></ul>
  213. 213. Mail Settings - MailBasics 1 <ul><ul><li>Disable ownership changing
  214. 214. Enable spell check
  215. 215. Enable blank subject warning
  216. 216. Enable auto closing of original email when reply or forward </li></ul></ul>
  217. 217. Mail Settings - MailBasics 2 <ul><ul><li>Enable inbox maintenance
  218. 218. Enter a number of days for inbox removal
  219. 219. Enable non-removal of unread emails </li></ul></ul>
  220. 220. Mail Settings - MailAttention Indicators <ul><ul><li>Enable recipient icons </li></ul></ul>
  221. 221. Mail Settings - MailMessage Recall <ul><li>Check with your legal counsel or upper management before enabling this </li><ul><ul><li>It can cause issues with retention policies
  222. 222. I didn't stay at a Holiday Inn Express last night, so don't ask me </li></ul></ul></ul>
  223. 223. Mail Settings - MailMessage Disclaimers <ul><li>If your organization requires this, this is where to set it
  224. 224. You also need to set the server configuration document, too! </li></ul>
  225. 225. Mail Settings - CalendarDisplay <ul><ul><li>Enable display new (unprocessed) notices </li></ul></ul>
  226. 226. Mail Settings - CalendarScheduling <ul><ul><li>Change the availability to hours that suit your organization's work day
  227. 227. Enable checking for conflicts </li></ul></ul>
  228. 228. Mail Settings - CalendarAlarms <ul><ul><li>My pet peeve, and one of the silliest settings is that alarms are disabled by default!
  229. 229. Enable all alarms and adjust the advance time as necessary </li></ul></ul>
  230. 230. Mail Settings - iNotesConfiguration <ul><ul><li>8.5 and 8.5.1 added some nice settings to iNotes
  231. 231. Making iNotes as similar as possible to Notes clients makes end users happy
  232. 232. Enable mail threads
  233. 233. Enable refresh inbox
  234. 234. Enable unread count
  235. 235. Enable scroll hints </li></ul></ul>
  236. 236. Mail Settings - Client Detection <ul><ul><li>Another great setting used for calendar interoperability between Notes/Domino and other messaging platforms, specifically for repeating options in meeting invites
  237. 237. Allows administrators to map internet domains to specific messaging platforms like MS Exchange, Zimbra and Mozilla
  238. 238. or
  239. 239. Allows the end user to select manually when sending an invite
  240. 240. This can also affect Lotus Notes invitees
  241. 241. You will need to train your end users about this feature if you choose manual </li></ul></ul>
  242. 242. Mail – Assign it to an organization policy <ul><li>Notes about what we just did </li><ul><ul><li>We can reuse the same organization policy we created earlier to push out with other settings, i.e Desktop, Archiving, etc
  243. 243. We set most settings to “Set Initial Value” so that end users can change them if they so wish
  244. 244. Next up is the last of our common client settings, Security </li></ul></ul></ul>
  245. 245. Example Policy <ul><li>Registration Settings
  246. 246. Desktop Settings
  247. 247. Mail Settings
  248. 248. Security Settings
  249. 249. Additional Policy for Laptop Users </li></ul>
  250. 250. Security Settings <ul><li>Ostensibly this contains settings to make the administrator's life easier
  251. 251. Or
  252. 252. To make the Domino environment more secure
  253. 253. We will add this new setting to an existing organizational policy to apply these useful settings
  254. 254. Again, we need a new settings document and an existing policy document </li></ul>
  255. 255. Security Settings Document <ul><li>Create a new security settings document </li><ul><ul><li>Open the Domino Directory
  256. 256. Open the Configuration, Policies, Settings view from the navigator
  257. 257. In the Add Settings action, select Security </li></ul></ul></ul>
  258. 258. Security Settings - Basic <ul><ul><li>Enter a meaningful name and description </li></ul></ul>
  259. 259. Security Settings – Password MgmtBasics <ul><ul><li>Lotus Notes has the capability to allow for some very sophisticated password options
  260. 260. To allow for this option, enable Custom Password Policy and a new tab appears
  261. 261. Enable Update Internet Password
  262. 262. Enable Password Expiration, the required change interval and a grace period </li></ul></ul>
  263. 263. Security Settings – Password MgmtCustom Password Policy <ul><ul><li>Yes, you can force users to change their password the first time they use a Lotus Notes client </li><ul><ul><li>No more “lotusnotes”, “p@ssword”, etc </li></ul></ul><li>Fill in the fields that are required by your organizations' complexity requirements </li></ul></ul>
  264. 264. Security Settings – Password MgmtNotes Shared Login <ul><ul><li>Replacement for “Single Sign-On” option that is now controlled via a policy
  265. 265. Enable if you wish to have Notes automatically login with the end users Windows password
  266. 266. Be careful using with “ID Lock Out” - the password prompt is hidden! </li></ul></ul>
  267. 267. Security Settings – ID Vault <ul><ul><li>One of the best features in 8.5
  268. 268. Not usually set manually, but via the ID Vault wizard
  269. 269. See LS10 SHOW101 for more details on ID Vault
  270. 270. Shown here for reference only </li></ul></ul>
  271. 271. Security – Assign it to an organization policy <ul><li>Notes about what we just did </li><ul><ul><li>We can reuse the same organization policy we created earlier to push out with other settings, i.e Mail, Archiving, etc
  272. 272. Most of the security settings do not have a drop down option. More on that later.
  273. 273. We are now done. Some useful settings are now enabled and will be pushed down to the Lotus Notes client. </li></ul></ul></ul>
  274. 274. Example Policy <ul><li>Registration Settings
  275. 275. Desktop Settings
  276. 276. Mail Settings
  277. 277. Security Settings
  278. 278. Additional Policy for Laptop Users </li></ul>
  279. 279. Additional policy for laptop users <ul><li>To create a new policy we can </li><ul><ul><li>Start afresh with all new policy and settings documents
  280. 280. Start afresh with all new policy document, reuse similar settings, create new settings for changes </li><ul><li>Both of these are time consuming and error prone </li></ul><li>OR
  281. 281. We can use policy inheritance to inherit values from a parent policy and change only the items we wish in the child </li><ul><li>Fast, and we are assured whenever a parent changes, the child will too
  282. 282. Create a child policy, set for inheritance
  283. 283. Add new settings documents to change as required </li></ul></ul></ul></ul>
  284. 284. Additional policy for laptop users <ul><li>Recap </li><ul><ul><li>All of the settings from the “LS10 Example” policy (created earlier) will be inherited to these users
  285. 285. Their passwords are more complex </li></ul></ul><li>Our new users will be in a group called “Laptop Users” </li><ul><ul><li>This will be assigned the new explicit dynamic policy we are about to create </li></ul></ul></ul>
  286. 286. Edit an existing policy <ul><li>Create a new child policy from an existing policy document </li><ul><ul><li>Edit an existing policy in the Domino Directory, Configuration, Policies navigator
  287. 287. The one we will edit will be the parent for our new laptop policy </li></ul></ul></ul>
  288. 288. Edit an existing policy <ul><li>Use the Create Child button to create new policy document </li></ul>
  289. 289. Edit an existing policy <ul><li>Enter a policy name for the child </li><ul><ul><li>Notice the parent policy is indicated here </li></ul></ul></ul>
  290. 290. More complex passwords <ul><li>We will add a new Security Settings document to this policy </li><ul><ul><li>Click the New button in the policy document
  291. 291. Add a name and description to the new security settings document
  292. 292. To add inheritance to all fields manually is tedious, so select the Inheritance action button and select Enable for all fields </li></ul></ul></ul>
  293. 293. More complex passwords <ul><ul><li>Notice how all options now have “Inherit for parent policy” checked </li><ul><li>These settings will now be inherited from the parent </li></ul><li>The parent policy, via its own settings, has a password length of 8. For this policy we will set it to 12
  294. 294. Our new change will be entered under the Password Mgmt/Custom Password Policy tab </li><ul><ul><li>Uncheck Inherit, so that this policy will specify its own setting
  295. 295. Change the password length value to 12
  296. 296. So any children of this policy cannot change from 12, we check enforce </li></ul></ul></ul></ul>
  297. 297. More complex passwords <ul><ul><li>Save and close and assign the setting to our child policy
  298. 298. Once the child policy document is saved, we now have child policy that can be used as a dynamic policy </li></ul></ul>
  299. 299. Assigning the dynamic policy <ul><ul><li>Assuming we already have a group called “Laptop Users”, we will now assign that via a dynamic policy
  300. 300. Open the Policy Assignment tab on your child policy document and use the drop down pick list to select the group </li></ul></ul>
  301. 301. Forcing precedence <ul><ul><li>So that this new policy will always be applied, this new policy will have the highest precedence </li></ul></ul>
  302. 302. Testing child polices and inheritance <ul><ul><li>Users in the Laptop Users group will now be assigned the new policy
  303. 303. Using the Policy Synopsis Tool (covered in detail later), we can see the new settings as assigned to a member for the above group </li><ul><ul><li>Note the PwdLenMin =12 came from Laptop Users
  304. 304. While
  305. 305. PwdLowMin=1 came from LS10 Example
  306. 306. This is due to the inheritance we just created </li></ul></ul></ul></ul>
  307. 307. Editing the policy or setting <ul><li>Any of the policies or settings we just created can be edited or removed just like any other Lotus Notes document </li></ul>
  308. 308. Section 1 - Summary <ul><li>We just created a set of policy settings documents that will allow for a much better Lotus Notes experience for both end users and administrators
  309. 309. We can have a single policy document and assign settings to it
  310. 310. We set most settings to “Set default value” so an end user can still change the setting </li></ul>
  311. 311. Agenda <ul><li>Who is this dude and what will I learn?
  312. 312. Section 1 – A complete example, start to finish
  313. 313. Section 2 – Advanced policy and setting options
  314. 314. Section 3 – Other Lotus Notes policy settings
  315. 315. Section 4 – When it all goes wrong
  316. 316. Session wrap up
  317. 317. Q & A </li></ul>
  318. 318. Section 2 – Advanced policy and setting options <ul><li>Policy vs Setting
  319. 319. The Policy Document
  320. 320. The Settings Document
  321. 321. Inherit and enforce
  322. 322. What is the effective policy
  323. 323. Dynamic Policies </li></ul>
  324. 324. Policy vs Setting <ul><li>Policy document </li><ul><ul><li>Comprised of one or more “settings” documents
  325. 325. Is used to assign a policy to a user, group, OU or entire organization
  326. 326. Is very simple
  327. 327. Can change from version to version and release to release </li></ul></ul><li>Setting document </li><ul><ul><li>Provides up to10 different, (somewhat) logical groupings of Lotus Notes or iNotes settings. This is in 8.5.1, earlier versions may have less groupings
  328. 328. Is assigned to a policy document
  329. 329. Users assigned these settings (via the policy document) will get the values as set
  330. 330. Is rarely simple
  331. 331. Can control almost every aspect of a Lotus Notes client and the Notes user
  332. 332. Usually changes from version to version and release to release </li></ul></ul></ul>
  333. 333. Section 2 – Advanced policy and setting options <ul><li>Policy vs Setting
  334. 334. The Policy Document
  335. 335. The Settings Document
  336. 336. Inherit and enforce
  337. 337. What is the effective policy
  338. 338. Dynamic Policies </li></ul>
  339. 339. Policy document overview – Creation <ul><li>From the Domino Directory left navigator </li><ul><ul><li>Policies
  340. 340. Add Policy </li></ul></ul></ul>
  341. 341. Policy document overview – Basics <ul><li>Policy name </li><ul><ul><li>Either a meaningful name if “Explicit”
  342. 342. Or a root Org “*/”
  343. 343. Or an OU name “*/OU/O” </li></ul></ul><li>Policy Type </li><ul><ul><li>Explicit – set via person doc or dynamic policy (new in 8.5.x)
  344. 344. Organizational – set to all users of the Org or OU </li></ul></ul><li>Description </li><ul><ul><li>Free text </li></ul></ul><li>Category </li><ul><ul><li>Free text </li></ul></ul></ul>
  345. 345. Policy document overview – setting type <ul><li>Assign or create a setting </li><ul><ul><li>Available options are controlled by pubnames.ntf version </li></ul></ul><li>Different releases, different options </li><ul><ul><li>And even nomenclature can change
  346. 346. Activities in 8.0.2, Connections in 8.5.1
  347. 347. More “setting types” in 8.5.x
  348. 348. Domino 7 had 5 setting types </li></ul></ul><li>New tabs in 8.5 </li><ul><ul><li>Policy Assignment
  349. 349. Policy Precedence
  350. 350. Covered later in detail </li></ul></ul></ul>8.0.2 8.5.1
  351. 351. Ways to apply a policy <ul><li>There are 3 ways to apply a policy </li><ul><ul><li>(1) With an organizational policy document </li><ul><li>All users within this O or OU will automatically be assigned the policy </li></ul><li>(2) Explicitly with an explicit policy document </li><ul><li>An individual user is assigned this via the person document under the administration tab, policy management section </li></ul><li>(3) Via dynamic policies (new in 8.5) </li><ul><li>A group can be assigned a policy and when a user is added to the group, they are assigned that policy </li></ul></ul></ul></ul>
  352. 352. Policy Security <ul><li>If it appears you can't create or edit policies, check the ACL </li><ul><ul><li>You need [PolicyCreator] to add rules
  353. 353. You need [PolicyModifier] to edit rules
  354. 354. You need [PolicyReader] to read rules </li></ul></ul><li>Policy documents are encrypted... </li><ul><ul><li>With the Owners ID
  355. 355. Guess what happens when the owner leaves... </li><ul><li>They stop working
  356. 356. They will need to be re-saved
  357. 357. So always populate the “Administrators” field </li></ul></ul></ul></ul>
  358. 358. Section 2 – Advanced policy and setting options <ul><li>Policy vs Setting
  359. 359. The Policy Document
  360. 360. The Settings Document
  361. 361. Inherit and enforce
  362. 362. What is the effective policy
  363. 363. Dynamic Policies </li></ul>
  364. 364. Demystify “How to apply this setting” <ul><li>It is a feature that allows an admin to </li><ul><ul><li>Optionally set default values and let the user change the values </li><ul><li>New mail check time
  365. 365. Enabled calendar alarms </li></ul><li>Optionally set default values and prevent the user from making changes </li><ul><li>Enforce security settings
  366. 366. Implement company procedures </li></ul></ul></ul><li>There are four possible options when applying settings </li><ul><ul><li>Don't set value
  367. 367. Set initial value
  368. 368. Set whenever modified
  369. 369. Set value and prevent changes </li></ul></ul><li>Check boxes and drop downs indicate setting exposure </li><ul><ul><li>Checkboxes - no Notes client setting is available for the user to change </li><ul><li>Use Custom Password Policy (Security Settings) </li></ul><li>Drop downs - the setting is exposed to the Notes client and the user may change </li><ul><li>Spell-check messages before sending (Mail Settings) </li></ul></ul></ul></ul>
  370. 370. Don't set value – drop down <ul><li>No value is specified
  371. 371. Uses the initial client install setting
  372. 372. End user can change the value on their client
  373. 373. The setting is usually “off” or “disabled”
  374. 374. “Off” is the standard setting for almost all policies, including some ones that should really be “on” </li><ul><ul><li>Calendar alarms. Because you remember every meeting, right?
  375. 375. Spell check before send.
  376. 376. Enable Autosave. Never seen an NSD before! </li></ul></ul></ul>
  377. 377. Set initial value <ul><li>The setting specifies the “new” default value </li><ul><ul><li>And is sent to the end user a single time </li></ul></ul><li>End user can change the value on their client </li><ul><ul><li>Then their custom value is used going forward </li></ul></ul><li>Use this to apply helpful end user settings </li><ul><ul><li>See previous slide :)
  378. 378. We'll cover more of these later
  379. 379. Remember, you really don't want your end users randomly playing with preferences </li></ul></ul></ul>
  380. 380. Set value whenever modified <ul><li>The newest option and the least useful
  381. 381. End user can change the value on their client
  382. 382. However, the end users' value is overwritten by the policy </li><ul><ul><li>This “refresh” happens when the policy is applied, approx every 12 hours
  383. 383. If you have end users you hate, this is for you </li><ul><li>You can drive them insane </li></ul></ul></ul><li>I can't really think of a use for this </li></ul>
  384. 384. Set value and prevent changes <ul><li>The value you specify is used in the client
  385. 385. End user cannot change the value on their client </li><ul><ul><li>It will most likely be grayed out and disabled on the client </li></ul></ul><li>Use this to apply security settings and to protect the end user from themselves </li><ul><ul><li>Lock ID after N minutes of inactivity
  386. 386. Push ECL settings to Notes clients </li></ul></ul></ul>
  387. 387. Other nuggets <ul><li>Existing inheritance is is also inherited
  388. 388. Existing enforcement is also enforced
  389. 389. Be careful with “Set value whenever modified” </li><ul><ul><li>You will overwrite any end users' custom settings
  390. 390. Yes, this is always the CEO, CIO or their assistants </li></ul></ul></ul>
  391. 391. Section 2 – Advanced policy and setting options <ul><li>Policy vs Setting
  392. 392. The Policy Document
  393. 393. The Settings Document
  394. 394. Inherit and enforce
  395. 395. What is the effective policy
  396. 396. Dynamic Policies </li></ul>
  397. 397. Inherit and enforce....eh? <ul><li>Inheritance is powerful, but confusing </li><ul><ul><li>Allows an administrator to provide settings at a high level, but provides for control at a granular level
  398. 398. Prevents the need to keep all settings up to date and in unison
  399. 399. Hugely simplifies audit requirements
  400. 400. Any policy document can be used as a parent (or template) to create child settings documents </li><ul><li>Any enforced settings are passed to any child policies and the child setting is ignored
  401. 401. Any inherited settings are pulled from the parent policy but can be changed, if required
  402. 402. This allows general settings to be controlled at the parent, and if required, changed at the child </li></ul></ul></ul><li>An example of inheritance </li><ul><ul><li>All users need the same internet address format and domain
  403. 403. All users in a given OU will be local replica users
  404. 404. Set different password length or complexity rules at the OU level
  405. 405. Example for password length follows </li></ul></ul></ul>
  406. 406. Inherit example 1 <ul><li>The following examples are from the Notes Admin help </li><ul><ul><li>“Great programmers write good code. Great programmers steal good code” </li></ul></ul><li>Each OU level has set its own password length with no inheritance or enforcement </li><ul><ul><li>John Doe/Acme will be assigned a PQ of 8
  407. 407. Jane Doe/Sales/Acme will be assigned a PQ of 7
  408. 408. Joe User/NE/Sales/Acme will be assigned a PQ of 6 </li></ul></ul></ul>
  409. 409. Inherit example 2 - inherit <ul><li>*/NE/Sales/Acme is set to inherit from */Sales/Acme
  410. 410. This allows all */Sales/Acme users to receive the same PQ length regardless of their location in the OU hierarchy </li><ul><ul><li>John Doe/Acme will be assigned a PQ of 8
  411. 411. Jane Doe/Sales/Acme will be assigned a PQ of 9
  412. 412. Joe User/NE/Sales/Acme will be assigned a PQ of 9 </li></ul></ul></ul>
  413. 413. Inherit example 3 - enforce <ul><li>Enforcement over-rides any child setting
  414. 414. */Acme is set to enforce in all child policies
  415. 415. This allows all */Acme users to receive the same PQ length regardless of their location
  416. 416. It also prevents any lower policy from over-riding it </li><ul><ul><li>All user will be assigned a PQ of 8
  417. 417. Jane Doe/Sales/Acme will be assigned a PQ of 8
  418. 418. Joe User/NE/Sales/Acme will be assigned a PQ of 9 </li></ul></ul></ul>
  419. 419. Section 2 – Advanced policy and setting options <ul><li>Policy vs Setting
  420. 420. The Policy Document
  421. 421. The Settings Document
  422. 422. Inherit and enforce
  423. 423. What is the effective policy
  424. 424. Dynamic Policies </li></ul>
  425. 425. What is my effective policy? <ul><li>With so many different ways of assigning a policy it can be useful to understand how they are evaluated and assigned </li><ul><ul><li>Organization level polices are applied first
  426. 426. Explicit policies with dynamic policies are applied next
  427. 427. Finally, explicit policies without dynamic policies are applied </li></ul></ul><li>This can still be difficult to resolve the exact policy a user is assigned and how they are assigned it </li><ul><ul><li>Policy Synopsis is your friend
  428. 428. Available from the Person view in Domino Administrator </li></ul></ul></ul>
  429. 429. Using Policy Synopsis <ul><li>Select a user from the person view in Domino Administrator
  430. 430. Expand Tools and click “Policy Synopsis”
  431. 431. Select the desired options </li><ul><ul><li>Hold CTRL to select multiple “Detailed” reports
  432. 432. Select a synopsis database location
  433. 433. Hit OK
  434. 434. The synopsis DB will open
  435. 435. Default DB is local/polcysyn.nsf </li></ul></ul></ul>
  436. 436. Reading a Policy Synopsis <ul><li>Open the “Policy Synopsis Database”, and the synopsis document
  437. 437. Each policy setting field is listed with its value
  438. 438. It helps if you know the field names ;) </li></ul>
  439. 439. Section 2 – Advanced policy and setting options <ul><li>Policy vs Setting
  440. 440. The Policy Document
  441. 441. The Settings Document
  442. 442. Inherit and enforce
  443. 443. What is the effective policy
  444. 444. Dynamic Policies </li></ul>
  445. 445. Dynamic Policies <ul><li>Is really just a new tab in the policy document and is an explicit policy
  446. 446. Allows policies to be assigned to users or groups
  447. 447. Allows the precedence of the policies to be assigned
  448. 448. Can radically simplify the need for setting explicit policies to individual end users
  449. 449. A dynamic policy is created by populating the Policy Assignment tab in the policy document </li><ul><ul><li>You need either [PolicyCreator] or [PolicyModifier]
  450. 450. Understand the policy hierarchy and precedence </li></ul></ul></ul>
  451. 451. Dynamic Policies – precedence <ul><li>Allows effective policy to be calculated should there be a setting conflict </li><ul><ul><li>If the same user or group has more than one dynamic policy assignment, precedence resolves any potential conflicts
  452. 452. Dynamic policies have a higher or lower relative precedence to other dynamic policies
  453. 453. Precedence level 1 is highest and policies can be increased or decreased via actions in the “Dynamic Policies” view </li></ul></ul></ul>
  454. 454. Dynamic Policies – be careful <ul><li>Be sure you know who is getting what setting and from where that setting is being applied </li><ul><ul><li>As with any policy manager, AD, LDAP, etc multiple settings from multiple locations can lead to “spaghetti soup”
  455. 455. Figuring out the issues can be time consuming and difficult
  456. 456. Make sure to use “Policy Synopsis” to help figure it out </li></ul></ul><li>Test, test and test </li><ul><ul><li>Production is not a test environment
  457. 457. “What does this Limey know, I know what I'm doing”. Well maybe....... </li><ul><li>Yes, it is sure fire way to get instant feedback. Watch that phone ring!
  458. 458. But it can be an RGE (resume generating event) for you
  459. 459. So, don't do it! </li></ul></ul></ul></ul>
  460. 460. Policy Settings Documents – Note to Self <ul><li>RTFM – for every release </li><ul><ul><li>Policy settings are added often </li></ul></ul><li>Settings documents are the way of the future </li><ul><ul><li>Make sure you don't miss a setting option because you did not RTFM </li></ul></ul><li>In case you're not getting this...
  461. 461. RTFM=F1 </li></ul>
  462. 462. Section 2 – Advance policy and setting options - Summary <ul><li>In this section we covered various enhancement to the policy and setting framework
  463. 463. We have seen how enforcement, inheritance and dynamic policies can make administration of policies simpler
  464. 464. We have learned to use the Policy Synopsis Tool to evalue an effective policy for a give end user </li></ul>
  465. 465. Agenda <ul><li>Who is this dude and what will I learn?
  466. 466. Section 1 – A complete example, start to finish
  467. 467. Section 2 – Advanced policy and setting options
  468. 468. Section 3 – Other Lotus Notes policy settings
  469. 469. Section 4 – When it all goes wrong
  470. 470. Session wrap up
  471. 471. Q & A </li></ul>
  472. 472. Policy Settings “Types” <ul><li>There are currently 7 settings types in 8.5.1 and 8.5.2 </li><ul><ul><li>Registration*
  473. 473. Setup
  474. 474. Archiving
  475. 475. Desktop*
  476. 476. Mail*
  477. 477. Roaming
  478. 478. Security* </li></ul></ul><li>There are an additional 3 settings for Lotus add-ons </li><ul><ul><li>Connections
  479. 479. Lotus Traveler
  480. 480. Symphony
  481. 481. * covered in Section 1 </li></ul></ul></ul>
  482. 482. Other Lotus Notes Policy Settings <ul><li>Archive Settings
  483. 483. Setup Settings
  484. 484. Roaming Settings
  485. 485. Summary </li></ul>
  486. 486. Policy Settings – Archiving <ul><li>One of the most divisive options in an organization </li><ul><ul><li>Just like Fight Club, the first rule of archiving is never talk about archiving
  487. 487. I use it, I like it </li></ul></ul><li>It can also be used to disable local archiving, not just enable it </li></ul>
  488. 488. Archiving Document <ul><li>Create a new archiving settings document </li><ul><ul><li>Open the Domino Directory
  489. 489. Open the Configuration, Policies, Settings view from the navigator
  490. 490. In the Add Settings action, select Archiving </li></ul></ul></ul>
  491. 491. Archiving Document - Basics <ul><ul><li>Add a name
  492. 492. If you wish to prohibit archiving altogether, check the box. All other options disappear
  493. 493. Select where archiving will be performed, source location and destination location </li><ul><li>User's local workstation </li><ul><li>Less disk space used on server
  494. 494. Easier to full text index
  495. 495. Difficult to backup </li></ul><li>Server </li><ul><li>Costs server disk space
  496. 496. Easy to backup </li></ul></ul></ul></ul>
  497. 497. Archiving Document - Basics <ul><ul><li>If you do server to server archive then you need to set up a special compact command
  498. 498. “ compact -a” or “compact -A” will allow the server to server archiving to work
  499. 499. If your archive policy seems not to be working, try running it from the Domino console and watch for errors
  500. 500. Thankfully there is a warning on the settings document reminding you to do this
  501. 501. Some organizations have archive destinations set to another server with cheap storage </li><ul><li>For example from an AS400 to Linux </li></ul></ul></ul>
  502. 502. Archiving Document – Selection Criteria <ul><ul><li>Create a new criteria, add an existing criteria or remove criteria
  503. 503. You will need at least one criteria for archiving to work!
  504. 504. This is the one settings document that creates additional settings documents </li><ul><li>“Archive Criteria Settings”
  505. 505. We'll cover this new document in a later slide </li></ul><li>You can add multiple criteria to a single settings document </li></ul></ul>
  506. 506. Archiving Document – Logging <ul><li>Logging is optional </li><ul><ul><li>But enabled by default
  507. 507. Will log all archive activity, and doclinks to archived documents
  508. 508. When enabled, specify the location and naming format for the log file </li><ul><li>Defaults to settings below </li></ul></ul></ul></ul>
  509. 509. Archive Criteria Document <ul><li>The “extra” settings document </li><ul><ul><li>You will need to check the “Enable this criteria” to make it work!
  510. 510. Choose how should document be archived </li><ul><li>Tip, “without” = “delete” (potential RGE) </li></ul><li>Choose how should documents be cleaned up </li><ul><li>“ reduce” = leave header, include doclink </li></ul><li>Choose which documents should be cleaned up </li><ul><li>“ older than” only works on >= R7 servers </li></ul><li>Finally, if you wish change the template
  511. 511. Optionally, you can select only to archive from certain folders </li></ul></ul><li>Select a destination folder and naming format </li><ul><ul><li>The actual server it will be archived to is specified on the archiving settings document, not here </li></ul></ul><li>Remember to add the criteria! </li></ul>
  512. 512. Archiving Document – Advanced <ul><li>Specifies options about the documents that are eligible for archiving </li><ul><ul><li>Only archive a document when all responses match criteria </li><ul><li>recommended </li></ul><li>Use a custom expiration field </li></ul></ul></ul>
  513. 513. Archiving Summary <ul><li>This is a policy setting that makes sense to set explicitly to users or groups (with Dynamic Policies)
  514. 514. You still need to issue a “compact -A” or “compact -a” on the server to carry out any server side archiving
  515. 515. If you use local archives, make sure you back them up </li><ul><ul><li>If you lose the drive, you lose the archive </li></ul></ul><li>It can be very beneficial for the server </li><ul><ul><li>Less indexing
  516. 516. Keeps production mail files slim and svelte </li></ul></ul></ul>
  517. 517. Other Lotus Notes Policy Settings <ul><li>Archive Settings
  518. 518. Setup Settings
  519. 519. Roaming Settings
  520. 520. Summary </li></ul>
  521. 521. Policy Settings – Setup Document <ul><li>Don't use this policy setting! </li><ul><ul><li>All “Setup” options are now available in desktop settings documents
  522. 522. It is recommended you migrate to using desktop settings documents </li></ul></ul><li>Allows you to set common options used when Lotus Notes is started for the first time by a user
  523. 523. Sets options in the location document and user preferences
  524. 524. As this is deprecated, see the Desktop Settings slide </li></ul>
  525. 525. Other Lotus Notes Policy Settings <ul><li>Archive Settings
  526. 526. Setup Settings
  527. 527. Roaming Settings
  528. 528. Summary </li></ul>
  529. 529. Policy Settings – Roaming Document <ul><li>Allows a policy to control roaming </li><ul><ul><li>Easier to manage than manually setting on a per user basis </li></ul></ul><li>See LS10 SHOW103 for more details on roaming
  530. 530. Again, Dynamic Policies can be your friend </li><ul><ul><li>Create a group called “Roaming Users”
  531. 531. Add a Dynamic Policy with this setting to this group
  532. 532. Add or remove users from group as required </li></ul></ul></ul>
  533. 533. Other Lotus Notes Policy Settings <ul><li>Archive Settings
  534. 534. Setup Settings
  535. 535. Roaming Settings
  536. 536. Summary </li></ul>
  537. 537. Other Lotus Notes Policy Settings - Summary <ul><li>With other settings documents you can control a whole host of other Lotus Notes and end user related options
  538. 538. Setup is deprecated, use desktop settings instead
  539. 539. Archiving, like fiber and exercise, is good for you and your server even though no one likes it </li></ul>
  540. 540. Agenda <ul><li>Who is this dude and what will I learn?
  541. 541. Section 1 – A complete example, start to finish
  542. 542. Section 2 – Advanced policy and setting options
  543. 543. Section 3 – Other Lotus Notes policy settings
  544. 544. Section 4 – When it all goes wrong
  545. 545. Session wrap up
  546. 546. Q & A </li></ul>
  547. 547. When it all goes wrong <ul><li>When a policy will not assign </li><ul><ul><li>Check the user's effective policy using the Policy Synopsis Tool
  548. 548. Delete the policy documents in the user's local address book (names.nsf) </li></ul></ul></ul>
  549. 549. Deleting local policy documents <ul><ul><li>Open the local names.nsf file for the user in question
  550. 550. From the view menu, select Go To while holding down the Shift and Control keys </li><ul><li>Shift + Control will show hidden views </li></ul><li>Select the view ($Policies) in the dialog </li></ul></ul>
  551. 551. Deleting local policy documents <ul><ul><li>In the ($Policies) view you will see a series of policy documents
  552. 552. To reset all policies on the client simply delete all of the policy documents from this view
  553. 553. Restart the affected Lotus Notes client and the policies will be retrieved from the server
  554. 554. Mail policies may take up to 12 hours, as they are controlled by AdminP </li></ul></ul>
  555. 555. Agenda <ul><li>Who is this dude and what will I learn?
  556. 556. Section 1 – A complete example, start to finish
  557. 557. Section 2 – Advanced policy and setting options
  558. 558. Section 3 – Other Lotus Notes policy settings
  559. 559. Section 4 – When it all goes wrong
  560. 560. Session wrap up
  561. 561. Q & A </li></ul>
  562. 562. Session wrap up <ul><li>In this session we have seen how </li><ul><ul><li>Policies can be used to alleviate apparent end user issues with Lotus Notes
  563. 563. Lotus Notes can do complex password requirements
  564. 564. You can force Lotus Notes users to change their password the first time they use Lotus Notes
  565. 565. To create a series of useful settings and assign them to an organization policy and/or an explicit policy </li></ul></ul><li>We have also learned </li><ul><ul><li>What inheritance and enforcement are and how they affect an end user's effective policy
  566. 566. How to use the Policy Synopsis tool
  567. 567. That other Lotus Notes policy settings can have a beneficial impact on server and end user management </li></ul></ul></ul>
  568. 568. Other sessions you may want to attend <ul><li>ID105- DAOS Deployment and Best Practices
  569. 569. BP101 - Adminblast 2011: Over 60 Tips in 60 Minutes!
  570. 570. SHOW105 – Assemble 'n Go: Integrate Data and Directories with Tivoli Directory Integrator
  571. 571. BP103 – Got Problems? Let's Do a Health Check
  572. 572. SHOW110 – How To Build a Better Cluster
  573. 573. BP111 - “CSI Domino” : Investigating Server Crashes and Deciphering NSD's
  574. 574. BP116 – Backup 101: The What, How and When </li></ul>
  575. 575. Agenda <ul><li>Who is this dude and what will I learn?
  576. 576. Section 1 – A complete example, start to finish
  577. 577. Section 2 – Advanced policy and setting options
  578. 578. Section 3 – Other Lotus Notes policy settings
  579. 579. Section 4 – When it all goes wrong
  580. 580. Session wrap up
  581. 581. Q & A </li></ul>
  582. 582. Questions (and hopefully Answers) <ul><li>?????? </li></ul>
  583. 583. Legal Disclaimer © IBM Corporation 2011. All Rights Reserved. The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results.

×