Editor's note: SearchDomino.com is pleased to present tips featuring excerpts from THE VIEW articles on a monthly basis. You can read the full article in recent or upcoming issues of THE VIEW. This week's tip was excerpted from article in the November/December issue of THE VIEW entitled "Policy-Based User Management in Notes/Domino 6," which provides comprehensive information on the settings you can control using policies, plus guidance...
on how to organize and use policies effectively.
Notes/Domino 6 introduces policy-based management, a powerful feature that enables administrators to centrally define, organize, and control hundreds more user settings than they could in previous releases – including settings that must be made before first-time users connect to their home servers. There are five types of policy settings documents: Registration, Setup, Desktop, Security, and Archiving. The settings for desktop configuration, security, and archiving mail files are dynamic -- when an administrator changes a preference in one of these categories, it takes effect almost immediately. The next time a user authenticates with their home server, the Notes client's dynamic configuration process verifies whether any of the policy settings have changed on the server since the client last retrieved them. If any settings have changed, the client pulls the newer settings from the server.
There are two flavors of policy documents: organizational and explicit. Organization policies allow you to associate groups of settings with any subset of a named hierarchy (such as ABC Corp., Sales/ABC Corp., and so on). All members of the specified organization or organizational unit automatically inherit the associated settings. Explicit policies enable the administrator to customize settings for different users across organizational lines. These policies are assigned in users' Person documents.
Given the range of control now possible, implementing policy-based management requires a structured approach to create a maintainable set of policies. Before you create your first policy settings document, we suggest that you create a planning document. Start with the organizational hierarchy and apply the settings for each of the five categories to the organizational levels. Follow these guidelines:
- Start at the top. Determine which settings apply to everyone within your organization and apply those settings to an organizational policy with Enforcement enabled. Enforcement will cause the settings to always be applied.
- Create a map of all the variable settings and the groups to which they apply.
- Where possible, apply those settings using the organizational structure; create a policy for the organization "O" that includes all the settings that apply to everyone and follow that with policies for the organizational units within the organization.
- Create explicit policies for the groups that cross organizational boundaries.
- Most importantly, keep it simple. The more complexity that you add to your policy implementation, the more maintenance work you make for yourself down the road. Remember, one of the main goals of policy-based management is to reduce the number of administrative tasks, improving the administration and performance of Domino.
- Think about when settings are applied. Registration settings apply only to the registration task of the Domino Administrator client. Setup settings apply to the initial client setup; they are applied prior to bookmarks being added to the desktop. Archive, security, and desktop settings are applied by dynamic configuration, at the beginning of each client session with the home server. Archiving is invoked by the command Compact –a (or Compact –A for server archiving), or it can be invoked automatically for scheduled client-based archiving.
A word of caution – don't forget to disable setup profiles in Person documents when you upgrade your clients. Make this a step in your upgrade plan.
About the authors: Ted Niblett is a product manager at IBM/Lotus Software. Debbie Lynd is director of content for THE VIEW Conferences and Seminars.