Lotus Domino Administrator 6.5 Help - Creating a security policy settings document

USER AND SERVER CONFIGURATION

Creating a security policy settings document
A Security policy settings document controls the Administration ECL as well as Notes and Internet passwords.

To create Security settings

1. Make sure that you have Editor access to the Domino Directory and one of these roles:

PolicyCreator role to create a settings document
PolicyModifier role to modify a settings document

2. From the Domino Administrator, select the People & Groups tab, and then open the Settings view.

3. Click "Add Settings," and then choose Security.

4. On the Basics tab, complete these fields:

Field Action

Name Enter a name that identifies the users (and, if you are a service provider, the hosted organization) that use these settings.

Description Enter a description of the settings.

5. On the Password Management tab, complete these fields:

Field Action

Allow users to change Internet password over HTTP Choose one:

Yes (default) -- to allow users to use a Web browser to change their Internet passwords.
No

Synchronize Internet password with Notes password Choose one:

No (default)
Yes -- to allow users to use the same password to log in to both Notes and the Internet.
Note The more secure password format is required if you choose to synchronize a user's Internet password with their Notes password.

Check Notes password Choose one:

No (default)
Yes -- to require a password for Notes authentication.

6. In the "Enforce password expiration" field, choose one:

Disabled (default) -- to disable password expiration.
Notes only -- to enable password expiration for only Notes passwords.
Internet only -- to enable password expiration for only Internet passwords.
Notes and Internet -- to enable password expiration for both Notes and Internet passwords.

Note Internet password expiration settings are recognized only by the HTTP protocol. This means that Internet passwords can be used with other Internet protocols (such as LDAP or POP3) indefinitely.

Caution Do not enable password expiration if users use Smartcards to log in to Domino servers.

7. If you enabled password expiration, complete these fields. Otherwise, go on to Step 9:

Field Action

Required change interval Enter the number of days a password can be in effect before it must be changed.

Allowed grace period Enter the number of days users have to change an expired password before being locked out.

Password history (Notes only) Enter the number of expired passwords to store. Storing passwords prevents users from reusing old passwords.

8. Choose one of the following to specify Password Quality Settings for IDs:

Required password quality -- and then choose the quality level required when users create passwords.
Use length instead -- and then enter a number from 0 to 16 to require that users create passwords of a specific length.

9. On the Execution Control List tab, complete these fields:

Field	Action
Admin ECL	The default administration ECL is the default value for this field. Choose one: Edit -- to edit the default administration ECL. New -- to create a new administration ECL. Enter the name of the new ECL and choose options in the Workstation Security: Execution Control List dialog box. The name of the new ECL appears in this field.
Update Mode	Choose one: Refresh -- to update workstation ECLs with changes made to the Administration ECL. If a setting appears in both the administration and workstation ECL, the administration ECL setting overrides the workstation ECL setting. Replace -- to overwrite the workstation ECL with the Administration ECL. This option overwrites all workstation ECL settings.
Update Frequency	Choose one: Once Daily -- to update the workstation ECL when the client authenticates with the home server and either it has been a day since the last ECL update or the administration ECL has changed. When Admin ECL Changes -- to update the workstation ECL when the client authenticates with the home server and the administration ECL has changed since the last update. Never -- to prevent the update of the workstation ECL during authentication.

10. Save the document.

Assigning an existing Admin ECL to a security settings document

It is possible to assign an existing Admin ECL to a security settings document by doing the following:

1. In the Security Settings document, click Execution Control List.

2. Click Edit Settings.

3. Click New, and enter the name of the Admin ECL you want to assign to the Security Settings document. The Admin ECL appears.

4. Click OK.

For more information on Notes and Internet passwords, see the topics Setting up password verification and Name-and-password authentication for Internet clients.

For more information on administration and workstation ECLs, see the topics The execution control list and Default ECL settings.

See also

Creating a policy document

The password quality scale

Glossary

Help on Help

Open Full Help Window

Glossary

Help on Help

Open Full Help Window

Field	Action
Name	Enter a name that identifies the users (and, if you are a service provider, the hosted organization) that use these settings.
Description	Enter a description of the settings.

Field	Action
Allow users to change Internet password over HTTP	Choose one: Yes (default) -- to allow users to use a Web browser to change their Internet passwords. No
Synchronize Internet password with Notes password	Choose one: No (default) Yes -- to allow users to use the same password to log in to both Notes and the Internet. Note The more secure password format is required if you choose to synchronize a user's Internet password with their Notes password.
Check Notes password	Choose one: No (default) Yes -- to require a password for Notes authentication.

Field	Action
Required change interval	Enter the number of days a password can be in effect before it must be changed.
Allowed grace period	Enter the number of days users have to change an expired password before being locked out.
Password history (Notes only)	Enter the number of expired passwords to store. Storing passwords prevents users from reusing old passwords.