10 critical policies and other tweaks to boost notes performance

© 2012 Wellesley Information Services. All rights reserved.

10 Critical Policies and Other Tweaks to Boost Notes Performance

Andy PedisichTechnotics

2

In This Session ...

• Policies make it easier to administer the users in your domain If you have never used policies, or if you have used them

sparingly this is a great time to start There have been many improvements to deployment Plus you missed some of the problems of early releases

• This session will help bring you up to date by: Doing a quick overview of the basic

configuration concepts Focusing on configuration best practices

and the most powerful tools in thepolicies system

Troubleshooting problems with policies

3

What We’ll Cover …

• Taking a run through types of policy settings documents• Inheriting and enforcing policy settings• Applying policies to users and groups• Nailing down the 10 policies every domain should use• Troubleshooting policies• Wrap-up

There Are Two Important Components of Policies

• The two components of polices are: Policy settings documents

They define the configuration of what you are managing Policy documents

Policy documents control how the policy settings are applied throughout your user population Organizationally to all or part of a certificate hierarchy To individual users explicitly Dynamically to members of a group

They can specify only a single policy settings document per category

4

A Policy Document with Policy Settings Specified

5

6

Components of Policy-Based Management in Lotus Notes

• Policy settings are configurations you want to apply to your users These settings are organized by functionality

For example, all registration settings are in one settings document, while archive settings are in another document

• The types of settings documents have increased since their introduction Five types of settings documents in ND6 Six types in ND7 Nine types in ND8.0.1 Ten types in ND8.5

The Role of the Policy Document

• Policy documents connect the settings documents to users and determine who gets what settings They can follow the organizational hierarchy They can be applied to specific users or groups

So that you can apply settings across organizational boundaries This makes them flexible enough to handle many different

requirements Let’s look at the policy settings documents

7

8

10 Types of Policy Settings Documents

• 1. Registration settings documents Used with the registration process in the Admin client

Predefine all user registration options• 2. Set up settings documents

Occurs once — during Notes client setup Controls the initial Notes 6 client configuration

You probably won’t use these because of changes in the Release 8 policy setting options

• 3. Desktop settings documents Applied by the dynamic configuration process on the client

Controls settings in the user environment

9

10 Types of Policy Settings Documents (cont.)

• 4. Mail settings (new in ND7) Control user mail preferences in the mail profile document in

each user’s mail file• 5. Security settings

Controls client Execution Control Lists (ECLs), password management, and ID Vault settings for the user Password management settings are applied by the dynamic

configuration process on the client Settings for ECLs determine when the ECLs are applied

• 6. Archive settings Settings are applied to the server-based mail database

by the dynamic configuration process Provides for both archiving and document retention

10

10 Types of Policy Settings Documents (cont.)

• 7. Traveler settings (new in 8) Configures mobile devices using Lotus Traveler

• 8. Activities settings (new in 8) Apply only to environments with Lotus Connections server

running Activities• 9. Productivity Tool settings (new in 8)

Controls the availability and behavior of the Symphony Productivity Tools within the Notes environment

• 10. Roaming settings (new in 8.5) Controls roaming configuration for users who keep their

roaming files on a file share

Policy Settings You Will Use Often or Rarely Use at All

11

Policy Setting Use Cases ReasonArchiving Seldom Only if you use Notes archiving

Desktop Frequent Controls hundreds of settings on the clientRegistration Frequent Makes registration a lot easierMail Frequent Controls dozens of mail settingsSecurity Frequent Important for ID vault and password settingsSetup Almost never Most sites skip Setup settings in favor of Desktop settings

Connections Conditional You won’t use these unless Activities/Connections deployed

Lotus Traveler Often Almost every site has deployed or is testing TravelerRoaming Rarely This allows roaming on a file server – a very narrow use

caseSymphony Conditional Only if you’ve deployed Productivity Tools – not a bad idea

An Issue You Might Be Experiencing

• During some upgrades of the Domino directory design, we’ve seen instances where the “newer” Release 8 policy settings document were missing Or there were duplicates listed

• The missing ones prevented you from taking advantage of these new policies

12

The Duplicates Made Policy Documents a Mess

• Duplicates caused duplicate settings to appear in policy documents

13

Caused by Extra Docs in the $PoliciesExt View

• As it turns out these “extra” or “missing” policy settings were caused by duplicate or missing documents in the $PoliciesExt view Access this view using Ctrl-Shit as you click the Go To… menu

option

14

IBM Keeps the Newer Policy Specs $PoliciesExt

• If you have duplicates, remove one of each type of document If you have no Release 8 settings available, copy the four from

the $PoliciesExt view in PUBNAMES.NTF into this view and the policy settings will appear in your menu system I think IBM took this approach so they could dynamically add

more settings rather than hard-code them into the client Sometimes it breaks during the redesign

15

16



17

Building Policy Settings

• Policy settings are configurations that will be applied to users Among other things, this desktop settings document configures

the Notes client to display the sidebar and not hide any of the default sidebar components

There Are Hundreds of Policy Settings

• Policy settings documents hold dozens of configuration settings Some are fields that hold values you must provide Some have drop-down boxes Some are check boxes

18

You Can Control How Each Setting Is Applied

• Configuration settings in policy settings documents can be fine tuned in how they are applied You can decide when to turn on inherit and enforce options

Let’s talk about these settings next We’ll talk about “how to apply this setting” later

19

20

Inherit and/or Enforce the Configuration Settings

• These two checkboxes are the most misunderstood by almost everyone who deploys them It’s critical that you understand them

They change the way policy settings are applied

Let’s Clarify Inheritance vs. Enforce

• Let’s try to cover some basics in policy application to help clarify the inheritance and enforce functions

• Consider the following example organizational structure: /Domlab

Is the root organizational level certifier for the enterprise /EU/Domlab

Is the OU1 certifiers representing Europe /Sales/EU/Domlab

Is the OU2 certifier representing the European Sales division

21

Organization Levels and Policies

• Each level can have their own unique policies and policy settings• Create three different organizational policy documents, each with

its own unique policy settings documents for: */Domlab */EU/Domlab */Sales/EU/Domlab

• This is a very simple structure But if any of the settings are the same for these three levels you

can take advantage of the power of inherit and enforce

22

Looking at Policy Settings Without Inherit or Enforce

• Let’s register Joe User/EU/Domlab The /Domlab organization registration policy settings

documents sets 2GB quota EU/Domlab OU1 registration policy settings document doesn’t

set a quota for mail files Joe User’s mail file will be configured with no quota

23

/Domlab EU/Domlab

How Inherit Affects a Policy Setting

• Inherit means to take the setting from a higher level in the hierarchy, for example: /Domlab user registration policy sets a database quota of 2GB And there is also an EU/Domlab registration policy setting

Which inherits the setting from a parent policy Joe User/EU/Domlab’s mail file will inherit the setting and

will have a 2GB quota

24

EU/Domlab/Domlab

How Enforce Changes How Policies Are Applied

• Enforce does not do what I thought it would do at first glance I first thought it would force someone to have a certain setting

and that they were unable to change it – I was totally wrong Enforce actually means to take the setting from an upper

level and make it the same all the way down the organizational branch

• For example, if the /Domlab policy indicated that passwords had to be a strength of 8, and enforce was turned on: All other OUs below /Domlab would set password strength to

an 8 This would include EU/Domlab and Sales/EU/Domlab

25

26

Summing Up Policy Hierarchy Inheritance and Enforce

• Each setting has inherit and enforce options• Inherit and enforce only have meaning where there are multiple

layers of organizational or dynamic policies Setting with inherit will apply the setting from the level above

But will not apply to the levels below unless enforced Setting with enforce will always be obeyed at all lower levels

• EU/Domlab could be configured to inherit from /Domlab and enforce to all organizations below Settings would be forced on Sales/EU/Domlab

27

The Power of Inherit and Enforce

• Inheritance and enforcement of policies can be used to push enterprise standards through your entire organization This can have a major affect on your domain because important

settings such as password strength can be set consistently with very little effort using policies

• But if your Domino domain certification levels are flat, with just one level like /MyCompany, then forget about inherit and enforce You can’t use them

There is no mechanism to inherit from or enforce downward through the hierarchy if you don’t have a hierarchy

28



Types of Policy Documents

• There are several important types of policy documents• Organizational policy

Follows the certifier structure such as Sales/EU/Domlab• Explicit policy can be applied to:

Individual person documents People in groups

Not directly to groups, but to the people in groups Groups

An explicit policy that is applied to a group is known as a dynamic policy The assignment of explicit policies requires a bit more

explanation

29

30

Once Again, Organizational Policies

• Let’s look at a very simple organization structure to see the power of organizational policies Register users consistently in

the EU/Domlab level by creating an organizational policy */EU/Domlab And include a registration

policy settings document Those registration settings

will be used automatically But they can be changed

at registration time

How About Desktop, Security, and Archiving Settings?

• With all the policy settings documents to the right, settings are applied to all the members of the hierarchy And if you move a user to a different

hierarchy, these policy settings are re-set according to the policies setting document of the new hierarchy The new policy settings become

effective the first time users authenticate with their home server

31

32

Explicit Policies

• An explicit policy applies to a collection of users that cross organizational boundaries Before Release 8, explicit policies could be assigned only to

individuals in their person documents

Assigning Policies to Groups Was Limited

• It was possible to assign explicit policies to groups But all that happened was that the “current” members of the

group had the policy assigned in their person document If new members were added to the group, the policy was not

applied to them• This major shortcoming was corrected in Release 8

You can now apply policies to groups, and when the group changes, the policies are re-applied to the new members

33

Using the Policy Assignment Tool for Explicit Policies

• As a general rule with 8.5, using the policy assignment tool to assign an explicit policy to selected users or a group would not be the optimal way to do it If you try to assign policies that way, Notes will display this

screen reminding you of new functionality in Release 8.5 Be sure to read this very carefully

34

Moving to the Next Step in Assigning Explicit Policies

• If you continue to try to assign an explicit policy in Release 8, you are asked whether you want to assign it the old way Which means iterating through the list of names (or the

selected names) and changing person documents Or the newer way of changing the policy documents

themselves

35

Creating a Dynamic Policy

• Release 8 policy documents can be directly assigned to multiple users and groups You can even use an auto-populated group

We’ll talk about those special groups in a moment

36

37

New in Release 8.5 — Dynamic Policies

• Dynamic policies are created as explicit policies But rather than being assigned to a person, they are assigned

to a group in the Domino Directory Since group membership changes over time and is flexible,

the dynamic policy that a user is assigned can potentially change day by day This feature is new with ND8.5, but will work as long as

your servers are 8.5 or higher and your clients are 8.0.1 or higher

38

Applying Dynamic Policies

• As mentioned, if your servers are 8.5 and your clients are 8.0.1 or higher, then you can take advantage of group-based dynamic polices In many organizations these will take the place of explicit

policies and may even take the place of organizational policies You may use these with the new auto-populated group

feature in 8.5 that will generate groups based on home servers automatically But you can actually use them with any group

Auto-Populated Groups

• Auto-populated groups are new in Notes and can be used with policies So far the auto-population is strictly based on the members

having a particular home server Perhaps this will be expanded in a future release

39

Working with Auto-Populated Groups

• Auto-populated groups can be used anywhere you’d use a group You can nest them in other groups Use them on ACLs Use them as a mailing list

• Members are added and maintained by the Domino server’s update task The default update interval is 30 minutes

You can modify it in the Domino directory profile

40

Selecting User Home Mail Server Has Helpful Options

• Specify the home server designated as mail server for the users You can specifically include additional users by entering them

manually And you can exclude members manually as well

Changes to the “Members” field are automatically performed by the Domino update task

41

Update Task Fills in the Details on Members

• The update task completes the adding of group members You cannot modify the

group members But you really don’t want

to, because this auto-populated group is going to be controlled by the user’s home server entry

42

Members are automatically added based on mail server

assignment

Auto-Populated Groups Automatically Create Subgroups

• When an auto-populated group becomes too large (beyond the 32KB limit for a text field), subgroups are automatically created to hold all of the members of the group These are also auto-populated

• The subgroup names have the following format: auto-populated group name>-AP<#####>

###### would be a number preceded by zeros• If the auto-populated group name is USMailMembers, the first

subgroup for that group would be called USMailMembers-AP00001

This would be nested into the original USMailMembers group

43

Dynamic Policies Are Another Kind of Explicit Policy

• When creating a policy document, selecting an organizational policy hides the tab for the policy assignment and precedence Selecting an explicit policy lets you access the policy

assignment configuration tabs Use these dynamic policies in place of assigning an explicit

policy to individual users where appropriate It will eliminate the granular process of keeping track of

users who have been assigned an explicit policy

44

Dynamic Precedence Is Key

• In a few moments we’re going to talk about how effective policy is calculated

• The precedence of dynamic policies will affect how they are applied to a user Which dynamic policy will “win” and be applied if there are

several that are configured for the same person?

45

The Importance of Precedence

• Which dynamic policy will “win” and be applied if there are several that are configured for the same person? Answer: If there are two dynamic policies with different options

for the same setting, the user will receive the setting of the policy with the highest precedence A policy with a precedence of 1 beats a policy with a

precedence of 2 or 3

46

Let’s Put It into Perspective

• Here’s an exact quote from the Release 8.5.1 Administrator’s help that will help you understand the nature of dynamic policies The lower the precedence number, the higher the precedence,

and the higher the precedence number, the lower the precedence

For example, a precedence of one (1) indicates the highest precedence, and a precedence of two (2) or any other number greater than one (1) indicates a lower precedence

• And here’s the kicker: By default, when a new dynamic policy is created the policy is

assigned to the end of the existing precedence order Confused? Don’t be. It’s easy to change precedence!

47

Change Precedence in the Notes Administrator Client

• Use this procedure to manually set policy precedence: From the Domino Administrator, click People and Groups

Policies Dynamic Policies Select the policy for which you are increasing or decreasing

precedence Click the Increase Precedence or Decrease Precedence buttons

accordingly Repeat for any other policy precedence changes you need to

make

48

49



50

What Kind of Policies Should I Use?

• Since users can have many settings documents apply to them because of multiple levels of hierarchical policies, explicit policies and dynamic policies, simplicity of design is critical

• Tailor your policies’ use to your environment If your organizational structure matches your functional needs,

then use organizational policies If you are using ND8.5 and can take advantage of dynamic

policies, then use them Lastly, if you have users with specific needs that don’t fall into

the above categories then use explicit policies

51

Simplicity in Policy Strategy

• In a perfect world you could use a single Organizational Policy applied to your ORG level; all policy settings documents apply to everyone in your Org The more layers of policies you add, the more complex your

administration becomes and the more likely you are to have unintended consequences

A Safe, Low-Risk Methodology When Implementing Policies

• When introducing policies, think in three stages Proof of concept

Introduce the settings using an explicit policy on just a few Make sure you can back out of any policy

Piloting the policy Expand the policy to affect a group Then expand the group to 50 to 100 users Make sure you get plenty of feedback on the effects from a

number of participants Full policy implementation

While it depends on the policy, this generally involves a change to an organizational policy and affects large numbers

52

53

#1 – Registration Settings

• Registration settings are probably the first and easiest set you should implement They are in action only during the process of registration They standardize your new user creation process

The registration process is dramatically sped up because almost every field is pre-populated with the correct values for the user

They have no impact on existing users

54

Correct Settings Are Magically Applied

• Organizational level policy’s registration settings are automatically in effect But you can also select a default explicit policy

55

Simplified User Registration

• With policies, administrators can predefine all user registration options Password quality Internet address format Mail file creation/template/server Certificate expiration And more!

• In theory, you could register a user without checking the “Advanced” box!

56

Mail Settings

• Mail settings were introduced in ND7• The mail settings document allows you to control the values in a

user’s mail preferences/calendar profile document Virtually every value in the preferences document is

configurable This is extremely valuable in lowering support costs, since

there are many support calls from people about the configuration choices in their calendar profile

57

Mail Settings Update Process

• Mail settings use a different update process than setup and desktop settings, since they are acting on the mail file that resides on the server

• Mail settings are updated via AdminP Every 12 hours AdminP evaluates person documents and policy

documents to see if it needs to process the policies and update users’ calendar profiles

You can trigger an update with the “Tell AdminP Process MailPolicy” console command

• Be aware that once you implement the mail settings document it will apply to ND6 mail files as long as your servers are at least R7 This may be a very good thing, or it may have the unintended

consequence of modifying your un-upgraded users’ calendar profiles

58

Critical Settings in Mail Policy Settings Documents

• The majority of settings in the mail settings form indicate preferences, but the following have significant impact on support calls and administration: #2 – Allow Users to Change Mailfile Ownership

Don’t allow this, it only leads to trouble #3 – Displaying Calendar Entries in Mail Views

It’s important to set corporate standards here, though you aren’t required tolock these down

These settings always cause confusion for users when they are changed

59

Critical Settings in Mail Settings

• #4 – Default Reservation Settings for choosing Site Resolves an issue that most users, including myself, hate —

when an organization has many sites Be aware that this setting is only effective if your organizational

hierarchy or explicit policies match up with your resource reservation design

60

Critical Settings in Mail Settings (cont.)

• #5 – Message Disclaimer Not to be ungrateful, but IT’S ABOUT TIME! Since the disclaimer is defined within a policy, you can apply

different disclaimers to different populations within your organization

61

#6 – Mail Disclaimer – Client or Server?

• To reduce the burden on your servers, enable the client for adding disclaimers This will also allow for the addition of disclaimers to

Secure/MIME (S/MIME) and encrypted messages The server will attempt to add the disclaimer to encrypted

messages, but this tends to result in corrupted signatures and encryption

If the client isn’t enabled to add the disclaimer, the server will take care of it

#7 – Message Recall

• If you’ve made the decision not to roll out message recall, it’s important to remove the button from the sent folder that says “recall message” The alternative is to field a lot of help desk calls about why

you’re not using this feature

62

Saying No to Message Recall

• This valuable mail policy setting will actually remove the button from the sent view Of course, you can also craft your policies so that only certain

users are permitted to recall messages

63

64

Desktop and Setup Settings Documents

• The Desktop and Setup settings are what control the behavior of the desktop once you hand it to the user Prior to ND8, the setup settings were used to set default values

at setup time for the client ND8 changes the way settings are applied so that the setup

settings document is no longer required (once all your clients are ND8)

• By ND8, virtually every single setting and preference on the client is configurable from the desktop settings document These documents are the most important and also the most

time consuming to configure since they control so much

65

#8 – Mail Template Information During an Upgrade

• This area of the form is sometimes called “Seamless Upgrade”

• It controls the automatic upgrade of mail templates — and it works great!

• When a workstation is upgraded or if the setup variables in the ini file are reset, the workstation evaluates the settings in this area

66

Mail Template Information

• The seamless upgrade triggers a convert on the server so that the client/network isn’t bogged down with the task The convert will specify the template that is referenced in the

table for the specific release that the user is on The user cannot enter Notes until the convert is complete Even if the release of the client matches the template indicated,

the convert will still run But it won’t have any work to do, so it will complete quickly!

67

Mail Template Information (cont.)

• Of course you want to upgrade the design of custom folders

• And never prompt users for anything if you can help it

• You may want to set up a mail-in database to be notified about mail upgrade status

68

Critical Settings for Diagnostic Collection Options

• #9 – Make sure to enable the Diagnostic Collections setting, regardless of your release

• To avoid confusing users, set the following to “No”: “Prompt user to send diagnostic report” “Prompt user for comments”

• Thanks to a new analysis task in ND7 this is my favorite feature in the upgrade

69

Critical Settings for Diagnostic Collection Options (cont.)

• You must set up a mail-in database to collect the reports Use the Lotus Notes/Domino Fault Reports template

• The default max size for diagnostic files is 10MB, though these reports are seldom over 1MB Be aware that if 1% of your users crash every day and you have

10,000 users, this database could get 100MB of reports/day That adds up fast!

• Once you have the data then the fun comes in with doing analysis and troubleshooting

70

Security Settings

• Security settings are an area where there is tremendous benefit in standardizing You have audit requirements that say how everyone should

be set Without policies it is very difficult to validate and control

users’ security settings Policies make this part easy!

71

Security Settings (cont.)

• These key types of security settings controlled by policy Password Management

Notes ID and HTTP Password Key Management and Rollover Execution Control Lists (ECLs) ID Vault (ND8.5) Windows Shared Login (ND8.5)

72

#10 – Security Settings – Password Management• From here you can control:

Detailed password quality Types and number of

special characters, etc. Server password checking

Can override settings in the person document and eliminate the ability to use the “lock out” setting in the person doc

ID file encryption to comply with FIPS (8.0.1) Federal Information Processing

Standards Password expiration Sync of Internet and Notes passwords Internet password lockout

#11 – Force Network Compression

• Unlike encryption, which only needs to be set on the server, network compression needs setting on the client And it’s a good idea to lock it down

You’re the admin, you get to say what happens

73

#12 – Hide the Things You Don’t Use

• If you don’t support it, don’t show it to the users It’s your choice if you want to lock it down

74

#13 – Contact Configuration

• Synchronize contacts via the replicator Everyone should do this

Recent contacts need to follow your support and help desk preferences

75

#14 – Encrypt Locally

• Please! Just set initial value.

76

77



78

Dynamic Client Configuration

• Before we get into specific troubleshooting situations we need to go over the way the client applies the policies

• Client-side task that runs whenever the client authenticates with their home server Task name is Ndyncfg.exe

Looks for changes to client configuration based on a hash of key information in the policy documents And in ND8.5 it also takes group membership into account

• Can be disabled with ini parameter — though why you would want to do this on any machine other than your own I’m not sure DisableDynConfigClient=1

79

Dynamic Client Configuration (cont.)

• How policies are applied The process for determining when updates are pushed to the

client changes across releases But you can generally assume that any time the policy is

changed on the server it will be pushed to the client • A big change that occurred in 8.0.1 is that effective policies are

now calculated on the server rather than on the client Policy information is stored in documents available through the

$policies view in local address book Form does not exist to support viewing the documents

80


• The information is stored in the Personal Address book for the user in the $policies view Good to delete them all if you’re having issues

81


• You can force dynamic client configuration to run by launching the executable directly This doesn’t seem to do anything in earlier versions of 6.5.x,

but in more recent versions it will actually update settings The Notes client must be up and running for this to work

• Open a system prompt and move to where the executables are installed on the workstation Execute the command NDYNCFG.EXE

It is not case sensitive and the EXE extension is optional

82

Troubleshooting Policies

• The tools you will use to troubleshoot policies include: Policy Synopsis tool Admin Client Policy Viewer tool ($Policy) view in user’s names.nsf Local INI debug parameters

83

PROBLEM: No Settings Are Applied Whatsoever

• To troubleshoot an individual workstation, confirm that the local names.nsf is using the correct ND6/7/8 design Since this functionality has been enhanced in each release if

names.nsf has an old design it will be broken• Open the local names.nsf and then open the hidden $Policies view

There should be a copy of all the settings and policy documents that apply to the user

If the view is empty, then the NDYNCFG.EXE is either not running, broken or is being blocked

84

PROBLEM: No Settings Are Applied Whatsoever (cont.)

• If there are no policy documents displayed in the view, open the user’s LOG.NSF and confirm that NDYNCFG.EXE is running You will see entries that look like:

85

PROBLEM: No Settings Are Applied Whatsoever (cont.)

• If Dynamic Config is running here are some things to check: The problem is often a personal firewall that is blocking the

executable If a user has the wrong public key in their person document it

will prevent policies from being downloaded Check to make sure that the user’s location documents are

configured correctly, especially their home mail server• Some options to try if ndyncfg isn’t running are:

Try stripping the ini and setting up the workstation again If Dynamic Config still fails to run, uninstall/reinstall Notes (this

almost always resolves the problem)

PROBLEM: Policies Seem to Be Incorrectly Applied

• There are two tools in the Domino Administrator that are helpful in establishing what the effective policies for a user are: The policies interface on the configuration tab of the

Administrator client Gives a nice GUI for assessing effective policies

There are situations where this doesn’t present accurate information (TN: 1386245)

Policy synopsis on the People & Groups tab Much more detailed information on how policies are derived

Not a great graphic user interface (GUI) Some other situations where this doesn’t present accurate

information (TN: 1386250)

86

87

PROBLEM: Policies Seem to Be Incorrectly Applied (cont.)

• The tool in the config tab is very effective in determining the derived settings for an individual Policy synopsis

• Use this tool first to see if your expectations are correct or if the settings themselves are incorrect Select Policies-By Hierarchy Select Specific User (then pick the user) Select Effective Policy

• You can now see what the derived policy should be for the user This will help determine if there is a problem with the

workstation or with the settings themselves

88

Troubleshooting Additional Tools

• You can also enable debug parameters in your Notes client NOTES.INI that may give you insights on what the problem is These should only be used for troubleshooting:

Debug_policy=2 Debug_Dynconfig=1 Debug_ClientRecord=1

• Use these with Debug_console=1 to get a glimpse into a console that displays the inner workings of Notes

• Use these with Debug_outfile=(filename) to capture all the debugging into a file to be examined later

Rich Output from Debug Parameters

• Using the debug options will provide a wealth of information as the client sifts through the policy data Use this only when in an extremely difficult situation and must

have more data And try not to complain about how much data is produced

89

90



91

Additional Resources

• Administrator Help• Timothy Speed and Terry Fouchey, “Creating Mail policies in

Lotus Notes/Domino 7” (developerWorks, April 2006). www-128.ibm.com/developerworks/lotus/library/domino7-mail-

policy• Using a Desktop Policy to set notes.ini and Location parameters

IBM technote 1196837 www-1.ibm.com/support/docview.wss?rs=463&uid=swg

21196837• Domino Wiki (A number of awesome articles on policies)

www-10.lotus.com/ldd/dominowiki.nsf

92

7 Key Points to Take Home

• The “enforce” option in a policy settings document controls how settings are pushed down through the hierarchy and does not necessarily “force” the user to have a setting that can’t be changed

• Auto-populating groups is a great way to automatically include everyone from specific mail servers in a group

• Dynamic policies link a policy to a group and are the preferred explicit policy type in R8.x

• When introducing new policies, always put through proof of concept with an explicit policy before turning it on domain-wide

93

7 Key Points to Take Home (cont.)

• The “set initial value” setting eliminates the need for setup policies in Release 8.5.x — but make sure all servers are on that same release

• Be sure to use seamless upgrade to automatically upgrade a mail file to the template of the newly upgraded release

• Start collecting client crash diagnostic reports today, but it’s not necessary or even helpful to prompt the user for comments

94

Your Turn!

How to contact me:Andy Pedisich

[email protected]

10 critical policies and other tweaks to boost notes performance

Documents

policy settings specified4

policy settings documentsthey

clientcontrols settings

settings documentsoccurs

usersthese settings

mail settings new

id vault settings

lotus notespolicy settings