I realize that this is a big topic (knowing what I do about Domino) but is there any way to limit “help desk” personnel (of which we now have one) from having full blown access via the administrator client? I do not have the ability to write Domino applications so I am limited to setting security etc.
I would like them to be able to do the following:
register a new user
reset passwords
check the outgoing mail boxes for dead mail etc
Are there roles that can be assigned to a user (or user group) that limits what they can do?
If this is not easily do-able, I don’t want them to know the certifier ID password. Is there a way I can create a “sub” certifier (with its own password) that they have access to that they could use to register people?
Subject: How to limit Help Desk personnel to certain admin functions
Hi Chad,
Thanks for the links. Have read through once already. I am not new to Domino but can’t say I understand a lot about certificates etc (other than they authenticate the identity of something).
Could you provide me a “high level” overview of what I need to do? Here is what I understand so far (? marks mean I am guessing):
I would start up a CA task on the server; this would issue new certificates based upon the server’s current certifier (?)
somehow the registration process would be changed so that when a help desk or admin person started to register someone, instead of having to pick and type in a password for the certifier.id file on the server, it somehow sends a request to the CA task to issue a certificate (?)
the CA task then sends back a certificate that is merged into the user’s new ID file (?)
Other questions: does the CA process need to somehow register or get a certificate itself form some pubic CA or since it uses the servers certifier.id it is trusted as a CA?
Thanks. I will re-read the docs and maybe try to find others but thought a high level overview would help me at this stage.