In my work as a Notes/Domino consultant, I constantly see new wrinkles on the issue of where to store Notes ID files. Some storage locations work well and are secure, while other locations lead to huge security holes. Also, some schemes make sense for one organization but not for another. So here is a review of various places to store Notes ID files, with my comments on each.
- ID Recovery database -- A great place to hold backup copies of all Notes ID files. Every organization should use the ID recovery database. If you are not doing so now, it is easy to set up. All new IDs will automatically be stored in the Recovery database and you can also "catch up" by adding existing IDs easily. The Recovery database is extremely secure, since you can specify that two (or more) people must work together to retrieve an ID from the database. For more information see the Domino Administration Help database.
- Domino Directory (names.nsf) -- This is the default location for newly created ID files and many organizations use it for backup copies of IDs. In my opinion, putting IDs in the Directory is only a good idea on one condition: if the initial passwords for the IDs are unique and of very high quality. Otherwise, you are inviting everyone in the organization to detach someone else's ID and guess the password. For a high-security installation, Notes ID files should never be stored in the Directory.
- Shared drive on the network -- Notes ID files in a shared network drive can be used as both backup storage for IDs and/or as the primary storage for "live" ID files. In the latter case, the network drive is the location of each person's ID that his or her NOTES.INI points to. My opinion about storing IDs on network drives is similar to my thoughts about using the Domino Directory. If you use a network drive, the IDs better have unique, high-quality passwords. And if you want a really secure environment, don't use network drives at all for ID files.
- Local disk of personal computer -- This is the standard location for the active Notes ID files in most organizations. This scheme has the advantage that another person can access your ID file only by walking into your office and sitting down at your computer. (I am ignoring system administrators who may be able to map to your C: drive.) If all the offices have locks, this method makes Notes ID files even more secure.
- Diskette -- For computing environments with high security requirements, this is my preferred method. People keep their Notes ID file on a diskette, which they keep with them at all times. If the only other location for ID files is the Recovery database, this scheme is extremely secure. To be very strict, you can write a security policy that makes each person responsible for all use of his or her ID. If someone else does something wrong with an ID, it is the owner's fault for not protecting the ID. (Of course, this policy would have to be communicated clearly and enforced fairly.) And even with IDs on diskettes, high-quality unique passwords are still a requirement.
Chuck Connell is president of CHC-3 Consulting, which helps organizations with all aspects of Domino and Notes. CHC-3 allows companies to outsource their Domino administration needs via DominoAdministration.com and runs the popular security site DominoSecurity.org.