Debbie Lynd and Ted Niblett

reprinted from THE VIEW, November/December 2002. www.eVIEW.com
©2002 THE VIEW. All rights reserved. No portion of this publication may be reproduced without written consent.

In contrast to registration and setup settings, the settings for desktop configuration, security, and archiving of mail files are dynamic. When an administrator changes a preference in any of these categories, it takes effect almost immediately. The next time a user authenticates with his or her home server, the Notes client’s dynamic configuration process verifies whether any of the policy settings have changed on the server since the last time the client retrieved them. If the settings have changed, the client pulls down the newer settings.

The Desktop Settings Document

Desktop settings are a superset of setup settings. All of the settings available in the Setup Settings document are available in the Desktop Settings document, so you can apply them when the Notes client is first set up using Setup Settings, and then (for the life of the Notes client) continue to apply changes in the client using the Desktop Settings.(3)

3 As with setup profiles, once dynamic configuration has pulled down a specific group of policy settings, it won’t pull from the same document a second time until the server’s version of the note changes.

Desktop Settings — The Basics Tab

The basic desktop settings for the directory servers are the same as the settings available in Setup Settings documents.

The Local Mailfile option allows you to create a local replica of the mail file on the user’s workstation.

The settings for Deploy Version and Upgrade Deadline allow you to assign client software updates to Notes 6 users through the Smart Upgrade process, which in release 6 has come under the management of policies. To implement Smart Upgrades, (4) the client must be Notes 6 and a Smart Upgrade Kit database must be created on the server (you can create the database using the Smart Upgrade Kit template). Once the database is created, you must modify the Smart Upgrade DB link field in the Basics tab of the Server.

4 Smart Upgrade is a new feature in Domino 6 that enables administrators to configure and assign updates centrally. The Notes 6 client can now download and install client updates automatically, therefore eliminating the need for desk-side visits from the administrator.

Configuration document to include a link to the Smart Upgrade database. This field is new in Domino 6. Now, when a new release is available, the administrator downloads the new update from Lotus’s Web site, then creates a Kit document in the Smart Upgrade database and modifies the Deploy Version and Upgrade Deadline fields in the Desktop document.

The Deploy Version field, in the Server Options section on the Basics tab ( Figure 9 ), identifies the version of the Notes client that users should be upgraded to. This value must match the version entered in the Destination version field of the Kit document in the Smart Upgrade database. The Upgrade Deadline field specifies the date by which users must upgrade.

Figure 9 -- Desktop Settings — The Basics Tab

Note!
It's important to consider dial-up users when you specify the deadline. Once the upgrade deadline is reached, they could be forced to go through the upgrade while dialed up. Smart Upgrade doesn't consider the link speed because it doesn’t know how a user is connected — via modem or network.

The Mail Template Information and Client Versions sections of the Basics tab (shown in Figure 10 ) allow you to control the upgrade of mail files based on client version and type of mail client. They are part of Seamless Mail Upgrade , a mechanism for upgrading the design of a user’s mail file after an upgrade. Seamless Mail Upgrade is complementary to, and independent of, Smart Upgrade.

Figure 10 -- The Mail Template Information and Client Versions Sections

Also on the Basics tab, you’ll find the Homepage/ Welcome Page Options , which make it easy to deploy a custom welcome page and limit the users’ ability to change it. These options are shown in Figure 11.

Figure 11 -- Options for Deploying a Custom Welcome Page

Note!
To add a folder to the Desktop Settings document, the folder must first be created in the Notes client. Once created, the folder can be dragged and dropped from the Notes client into the bookmark area of Desktop Settings. Once that is accomplished, you can add databases to the folder in Desktop Settings. Open the database in the Administrator client that you want to add and use drag and drop from the window tab of the database to the folder in the bookmark area. When a user is assigned the policy that includes these desktop settings, the folder will be created in the user’s Bookmarks database and displayed with other folders.

Let’s go now to the Databases tab ( Figure 12). The bookmarks outline on the Databases tab (in the Book- marks to merge with user’s bookmarks section) is similar to the bookmarks in setup profiles. What’s new is that an administrator can drag and dropfolders of bookmarks into the Desktop Settings document; the Notes 6 client then merges these bookmarks into the user’s existing bookmarks, placing the new folders in the user’s Bookmarks database. Thereafter, when the administrator makes changes to the folder in the Desktop Settings document, such as adding or removing an individual database from the folder, Notes updates the local folder to match the folder in the settings document.

Figure 12 -- Bookmarks Folders on the Databases Tab of Desktop Settings

Deleting a database from a folder in the bookmarks area of the Desktop Settings document is simple: Right-click on the database, select “Remove from folder,” and it’s gone!

The bookmarks outline on the Databases tab of the Desktop Settings document is similar to the bookmarks in setup profiles. What’s new is that an administrator can drag and drop folders of bookmarks into the Desktop Settings document; the Notes 6 client then merges these bookmarks into the user’s existing bookmarks, placing the new folders in the user’s Bookmarks database.

The Security Settings Document

Historically, security settings have been managed from several different places in Notes and Domino. The security settings that have been traditionally under administrative control, such as password fields, required the administrator to update the Domino Directory for each person. Updates to other settings required user cooperation, and still others could not be controlled from a central location. Policies change all that, allowing administrators to maintain these settings without modifying individual Person documents.

The Set Password Fields action (available from the Actions menu when in the People & Groups tab in the Domino Directory) is still available to support R5 clients and to manage password checking/ expiration in the Domino 6 environment until you implement Domino 6 security policies; however, this action will have no effect on a Notes 6 client once security policies are in place.

The Password Management tab of the Security Settings document (shown in Figure 13 ) allows you to manage all of the password settings from one screen. These options include letting users change their Internet passwords from a browser, updating users’ Internet passwords when the Notes ID password changes, checking the Notes Password during user authentication, enabling/disabling password expiration, setting the required change interval for passwords, specifying the Notes password history length, and selecting the required password quality. You can also elect to accept/reject passwords based on their length, rather than their quality.

Figure 13 -- Security Settings — The Password Management Tab

Security Settings — The Execution Control List Tab

The Execution Control List tab is shown in Figure 14 . The options on this tab provide a method for automatically updating users’ ECLs. No more sending a button in a mail memo and hoping the user clicks it! The Edit and New buttons allow you to modify or create multiple Administration ECLs, therefore making it easier to maintain settings for various types of users by creating separate ECLs for various groups of people based on their requirements. The Update Mode settings are “Refresh” or “Replace”; the Update Frequency can be set to “When the Admin ECL Changes,” “Daily,” or “Never.”

Figure 14 -- Security Settings — The Execution Control List Tab

The Archiving Settings Document

In R5 and earlier releases, it was difficult for administrators to apply and enforce archiving standards. Centralized, server-based archiving was available in those releases, but the settings that controlled archiving and document retention were decentralized and optimized for local archiving, so end users often controlled their own archive settings.

In Domino 6, administrators can manage all archive settings for the domain in one place. For compatibility with existing installations, Domino 6 fully supports private, per-user archive settings, but it no longer requires them. Administrators can disable these settings at will. And central control is only part of the story. Domino 6 makes archiving more flexible: you can maintain archives on servers other than the user’s mail server, and define separate selection and handling criteria for individual views and folders in the mail file.

Note!
You can learn about ECLs in Valerie Freund's article “Configuring Execution Control Lists for Improved Security, Efficient Administration, and User-Friendly Operation,” in THE VIEW, May/ June 2001.

Figure 15 -- The Archiving Settings Document — The Basics Tab

Archiving Settings — The Logging Tab

The Logging tab (Figure 16 ) includes the setting “Log all archiving activity into a log database.” This setting determines whether log databases are to be used. Log databases create a new document each time archiving on a mail database is completed, listing the result of the archive, how many documents were archived, how many were deleted, and so forth.

Figure 16 -- Archiving Settings — The Logging Tab

The Log Directory, Log Prefix, Log Suffix, and Number of Characters from Original Filename fields create the log path mask , defining the path and filename for each archived log database.

Archiving Settings — The Schedule Tab

Use the Schedule tab (Figure 17 ) to enable or disable client-based scheduled archiving. If you disable it, all other options are removed. The additional options define whether to allow or prohibit end-user modification of the archive schedule, the default archive schedule, and the locations affected by these archive settings.

Figure 17 -- Archiving Settings — The Schedule Tab

Archiving Settings — The Advanced Tab

The Advanced tab (Figure 18 ) contains the setting for enabling or disabling the deletion of documents with responses. If documents with responses are deleted, the response documents will not be displayed in the Discussion Threads view, or any other custom view that uses the response hierarchy.

Figure 18 -- Archiving Settings — The Advanced Tab

Archiving Settings — The Selection Criteria Tab

The Selection Criteria tab (Figure 19 ) is where you go to define the rules for cleaning up documents in the mail database, as well as to define the Archive database path mask , which defines the directory and filename for the Archive database. To make these settings, you must open a new or existing Archiving Criteria document, using the New Criteria or Add Criteria buttons.

Figure 19 -- Archiving Settings — The Selection Criteria Tab

On the Selection Criteria tab, click New Criteria to create a new document, or click Add Criteria if you want to use an existing criteria document that you defined earlier. The Archive Criteria Settings document that opens is shown in Figure 20.

Figure 20 -- The Archive Criteria Settings Document

The Basics tab of the Archive Criteria Settings document contains all of the following options:

• The Enable archive criteria checkbox:

  Allows you to enable/disable archiving criteria. Until this option is enabled, the settings on the Basics tab are ignored.

• The How should documents be archived? section:

  Provides the option to archive and clean up or just clean up.

• The How should documents be cleaned up? section:

  Contains an option for cleaning up mail documents by either deleting the older documents in the database or reducing the size of the documents. If you choose to reduce the size of the documents, an additional option is displayed. You can either remove attachments and leave the summary information only, or remove the attachments and leave 40 KB of the body field.

• The Which documents should be cleaned up? section:
  1. If you select All Documents, then you make selections that determine whether cleanup is based on documents not being accessed (read) or modified or on an expiry (expiration) date, within the specified number of days, months, or years.
  2. If you leave All Documents unchecked, then you should complete the Archive By View/ Folder settings.
  3. If you make selections for the template server and mail template database, the views and folders for the template become the available selections for the checkboxes at the bottom of the screen.

Want to learn a lot more about ND6 Policy administration?
Debbie Lynd, co-author of the above article on Policy-Based User Management, is also a top-rated VIEW speaker and she's presenting a session titled Improve Client Management with Policies in ND6 at THE VIEW Notes/Domino 6 Upgrade Seminar. This session is just one of the real-world technical training sessions at this 3-day seminar that's guaranteed to shorten your learning curve and prepare you to roll out Release 6 across your enterprise, implement key features, and train your users. This event is being held this Spring in 6 cities worldwide: New York City London Copenhagen Chicago Washington DC Sydney March 31-April 2 April 14-16 May 12-14 June 16-18 July 14-16 August 11-13 Click here for more information! “I gained valuable knowledge that will save me a wealth of time and stress in developing a project plan, identifying critical system and environment preparations, and creating detailed testing requirements.” — Gary Wade, Lotus Notes Administrator, City of Orlando				Both authors of the above article on Policies will be diving further into the subject at ADMIN2003, THE VIEW Notes/Domino Administration Conference. Their sessions include The Building Blocks of Policies in Domino 6 and Leveraging Policies to Manage Users, plus a hands-on Policy Implementation Lab. Las Vegas, April 30- May 2, 2003 These Policy sessions are part of the End User Management Track, just one of 7 tracks offering more than 60 technical sessions. Other tracks dive deep into: Messaging Performance Security Collaboration Server and Database Admin Web & Wireless topics Plus there's on-site certification testing, ask-the-experts sessions, networking opportuinities and much more. ADMIN2003 is guaranteed to improve your skills and increase your company's Notes/Domino ROI, or your money back! Click here to learn more about ADMIN2003!