Hi,
We have a site admin who knows about the nlnotes.exe aspect of Domino and can log onto the server. We don’t want to prevent server access but do want to stop nlnotes.exe from their use.
Is there anyway we can stop them as they are circumventing the correct admin route and could be doing anything on there?
Thanks
Jase
Subject: Preventing Server nlnotes.exe from use
You could delete the nlnotes.exe file from the box, as it is no longer ever necessary on a server. (It was used for setting up until R6 introduced the InstallShield installer.) However, if this admin copied the file back on from a client install of the same version, he’d be back in business. At that point, if you audited the box and found the file, and then felt comfortable with the premise that only this one individual could possibly have committed such a blatant violation of stated policy, you could then get him fired. Lovely prospect.
Another option would be to set the “Enforce a consistent ACL” option on all databases you’re concerned with his accessing improperly. Using the server ID through a Notes client to access a database with this setting checked will result in one of the following behaviors:
a) If the server’s ACL entry has a User Type of “Unspecified,” the user will gain access at whatever level the server has been granted.
b) If the server’s ACL entry has a User Type of “Server,” the user will get No Access to the database.
c) If the server’s ACL entry has a User Type of “Server group,” the user will get the -Default- level of access to that database.
I would suggest enabling this option in the ACLs of at most critical system dbs like the NAB, admin4, etc. I would be very wary of turning this on in the ACL of any db that a user replicates locally, including mailfiles, as this can cause problems in legitimate local replicas that are more hassle than they’re worth, especially in the case of large mailfiles on remote laptops.
Subject: Preventing Server nlnotes.exe from use
Remove the .exe or move it to a secure folder.
Subject: RE: Preventing Server nlnotes.exe from use
Yeah, I’d thought about that but would need to remember I’d done it incase I needed it. Ideally I’d like a big message saying “What do you think your up to” come up on the screen when they ran it.
As long as moving/renaming it has no affect on Domino I think thats going to be the option.
Cheers
Jase
Subject: RE: Preventing Server nlnotes.exe from use
To have some fun, you can write your own vb executable (call it nlnotes.exe) and have it throw a messagebox at the user stating “What do you think your up to - don’t adminster the server this way!”. Then move off your real nlnotes.exe to your secure folder.
Subject: Preventing Server nlnotes.exe from use
You can remove the nlnotes.exe from the Domino directory. This will not interfere with the operation of the server.
Nlnotes.exe is not supported for use with the Domino Server version 6.x, 7.x or 8.x, as it can cause some unexpected behaviors on the server