Q

Allowing remote Notes setup without permitting ID file handling

I am trying to secure the mechanism we use to get a new user setup in a company that has twelve different locations around the country.

Currently we put IDs on a secure FTP site for local IT to install and set up the new employees' workstations. I want to find something better, but I know putting the ID in the directory is not a good option. What is a best practice for allowing remote IT to set up the Notes client, but keep them from "handling" the ID file that would allow them to make a copy if they wanted to?

What you are doing sounds fine, as long as you are careful about the password. Be sure to set each ID password to a different string, which is so hard to type that the user is certain to change it. There is a tool on my Downloads page to help with this. Do not tell the password to anyone except the end user. They call you on the phone, or you call them, to tell them the password. None of the admin people in between know the password.

MEMBER FEEDBACK TO THIS ASK THE EXPERT Q&A:

Sorry, the point of my question is that the Local IT at remote offices do setup the Notes client so they DO know the password. Management does not expect the users to run the setup process, so when the users sits down at the computer, it has to be ready to go -- which means the Local IT has to know the password and they could make a copy of the ID and password if they wanted to. How can I get around this?

—Randy L.

******************************************

How about if the local IT people use their own, more privileged ID to set up the user's machine? Would this work for you? The last operation they perform is to reset the location choice (lower right of screen) to a user location -- which specifies the user's ID file.

—Chuck Connell, Security and Administration Expert

Do you have comments on this Ask the Expert question and response? Let us know.

Dig Deeper on Lotus Notes Domino Password Management

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchWindowsServer

Search400

  • iSeries tutorials

    Search400.com's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...

SearchDataCenter

SearchContentManagement

Close