Admin ECL

hcl-bot · February 13, 2009, 6:27pm

Greetings all,

In our Notes domain, we have a security policy (for all users) with a security setting. Under the ECL, we have the Admin ECL setup with all rights for our designers and the update frequency is set to “When Admin ECL Changes”. According to the help file that is “to update the workstation ECL when the client authenticates with the home server and the administration ECL has changed since the last update.” However, when does the client authenticate with the home server?

Patrick

hcl-bot · February 13, 2009, 10:51pm

Subject: Admin ECL

The client authenticates with the home server when he/she next launch Lotus Notes and open his/her mail db.

Teck Lung

hcl-bot · February 14, 2009, 3:52am

Subject: RE: Admin ECL

Well that’s not good. Our users don’t open their mail databases. We still use Lotus Notes email for workflow, but it’s forwarded automatically to our Exchange server.

Patrick

hcl-bot · February 16, 2009, 9:18am

Subject: RE: Admin ECL

I guess you are using the notes client for something? Domino Apps maybe?

Anyway, the user doesn’t need to open the mail file. They just need to establish a server session. Going to ‘File\Database\Open’, selcting the server and pressing ENTER, is enough to establish a session.

hcl-bot · February 16, 2009, 11:04am

Subject: RE: Admin ECL

Correct, we still use Domino for our numerous database applications.

I think I found the problem though. Our policy is Explicit, but not assigned to each user in their person document. I’m guessing we’ll need to setup an Organization policy. (I’m not our Admin, but he wasn’t able to assist when I first reported this issue (of users not trusting (ECL) our designers)).

Thanks all.

hcl-bot · February 16, 2009, 3:55am

Subject: RE: Admin ECL

patrick,

From the admin client help:

Whenever a Notes client (or Domino server) attempts to communicate with a Domino server for replication, mail routing, or database access, two security procedures use information on the client’s ID to verify that the client is legitimate. Validation, the first procedure, establishes trust of the client’s public key. If validation occurs successfully, authentication, the second procedure, begins. Authentication verifies the identity of the user. Authentication uses the public and private keys of the client and the server in a challenge/response interaction.

hcl-bot · February 16, 2009, 6:37am

Subject: RE: Admin ECL

If you do not use Notes only as Application… why then do you need to push the ECL to Notes clients???