Machine-specific policy settings

Technote (troubleshooting)


Problem

The 8.5.1 Administrator Help database that was included with release 8.5.3 does not include this information on, so this technote is the repository for this information for 8.5.3.

Resolving the problem

In prior versions of the Notes Client, and policy control, an administrator could target an individual, but not a specific machine configuration for that individual. For certain settings and customers, this made the enforcement of specific settings problematic, either because a user had multiple machines, or because the configurations and usage were not easily partitioned.
To address this limitation, Lotus has introduced the ability to apply policy settings based on characteristics of the machine. For a given user, different policy settings could be applied on different machines. For example, this would allow the creation of a managed replica on laptops, and only laptops. It can also provide server administrators the ability to determine what policy settings to enforce, based on the specific attributes of the machine on which the Notes Client is running. Some possible attributes may include; version and type of OS, type of machine, basic or standard client, laptop, desktop, etc.

This capability has been implemented by adding a new @Function (@GetMachineInfo), by changing the Policy handling characteristics in the 8.5.3 client, by changing the Public Name and Address Book template's policy settings forms, and by adding formulas for the policy settings.

New @Function to support Machine Specific Policy Settings - @GetMachineInfo()

New Function:

@GetMachineInfo

Syntax:

@GetMachineInfo( [Keyword]; "Needed for some Keywords string" )

Keywords:

IsLaptop boolean return True if machine is a laptop, otherwise false

IsDesktop boolean return True if machine is NOT a laptop, otherwise false

IsSingleLogOn boolean return True if machine has Notes client installed with "single sign on", otherwise false

IsMultiUser boolean return True if machine has Notes client installed as Multi-User, otherwise false

HasDesigner boolean return True if machine has Designer client installed, otherwise false

HasAdmin boolean return True if machine has Admin client installed, otherwise false

IsStandard boolean return True if machine is running Standard Notes client, otherwise false

MachineName string return Name of the machine
boolean return True if MachineName string after keyword matches this machine's MachineName, otherwise false

Memory number return Total amount of memory (RAM)

DiskSpace number return Amount of free disk space
Note: With this keyword, you can add a second parameter for the drive to scan for free space. If this parameter is not passed
to the function, free space for the first (logical) drive - for example, drive C on Windows system - is displayed.
Example: @GetMachineInfo([DiskSpace];"d:")

EnvVariable string return Requires string of the variable name in Notes.ini to read, and returns the value of that ini variable or "" (null string) if not found

SysEnvVariable string return Requires string of the variable name in system environment to read, and returns the value of that variable or "" (null string) if not
found

IP string/list return String representation of the IP address(es) in the form XXX.XXX.XXX.XXX , otherwise "" (null string) if not available
boolean return True if pattern IP string after keyword matches this machine's IP address, otherwise false

MAC string/list return String representation of the MAC address(es) in the form XX:XX:XX:XX:XX:XX , otherwise "" (null string) if not available
boolean return True if MAC string after keyword matches this machine's MAC address, otherwise false

Information for creating policy setting formulas
Be sure all formulas have the correct syntax and can be compiled. Be sure values generated are correct in the context of the policy setting it is evaluated to. If the policy setting is text, then the formula should evaluate to a textual value. If the evaluation of the formula results in a type other than that of the setting, a mismatch error will be logged in the client's log and the setting will contain the default value, not the formula evaluated value. Use multiple conditions (if necessary) to ensure the formula is targeted at the correct machines/clients, and applied for the correct environment, and machine characteristics.

The following are examples of how the formulas can be entered for the available settings. For the 8.5.3 client, these settings will be defaulted to the selected value for that setting, any formula provided will be evaluated and the result will overwrite or add the setting to the policy when it is read by the client. Clients older than the 8.5.3 version, will receive the selected default setting, and the formula will not be evaluated and the variable settings will not overwrite the defaults.

Local Mail File and Managed Replica

The values are "1", "3", "7" and "8" and the results of the formula must be textual and one of these values.
"1" Create local replica
"3" Create managed replica
"7" Create managed replica or convert local replica to managed replica
"8" Delete local replica or managed replica
"0" Don't create local replica or managed replica (FYI: Someone needs to update the MMR doc to include this value too.)

See Notes documentation for information on Managed Replicas and their supporting policy settings.
Using the @UnAvailable as a formula result will make the setting not available.




Default Encryption for replicas

Must evaluate to a textual "1" to encrypt local files or "0" to not encrypt




Notes.ini settings

Must be textual, and in a list form for multiple entries.

In the case of a formula the settings will logically override all INIs defaulted and add new or different ones

The default could be: a=1 Formula for one condition could be a=5 another condition default else default else ....
b=2 b=6 b=6 default
c=3 c=7 default c=7
In addition d=5 as defaulted ... default default ,,,
e=5 f=value

A simple example, shown below, using defaults and a formula,
If a laptop computer, change the default INIs and add b1 and c1, else replaces b, and c only and add a1, b2, c3

a=1
b=1
c=1

@if (@GetMachineInfo([IsLaptop]); @Explode("a=10 b=20 c=3 b1=50 c1=70");@Explode("a1=10 b2=20 c3=30 b=50 c=70"))

Locations settings
These can add, modify, and/or replace settings, the same way notes.ini settings are handled.
Must be textual, and in a list form for multiple entries.

Example:
@if (@GetMachineInfo([IsLaptop]);@Explode("TestLaptop1=1*TestLaptop2=2, Enforce*TestLaptop3=3: SetOnce*TestLaptop4=4, Enforce: SetOnce";"*");@Explode("TestDesktop1=1*TestDesktop2=2, Enforce*TestDesktop3=3: SetOnce*TestDesktop4=4, Enforce: SetOnce";"*"))

Managed settings
These can add, modify, and/or replace settings, the same way notes.ini settings are handled.
Must be textual, and in a list form for multiple entries.

Example:
@if (@GetMachineInfo([IsLaptop]);@Explode("Item1=Value1; com.ibm.notes.branding*Item2=Value2; com.ibm.notes.branding, Enforce";"*");@Explode("Item1=10; com.ibm.notes.branding*Item2=20; com.ibm.notes.branding, Enforce";"*"))






Smart Upgrade

Must be textual, and evaluate to a version registered for Smart upgrade.
The @UnAvailable will make this setting not available, in this case for a desktop machine.





Notes Shared Login
Formula must evaluate to a textual "1" to turn on Notes Shared Login or "0" to disable it.


Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM Domino
Administration

Software version:

8.5.3

Operating system(s):

AIX, Linux, Windows, i5/OS

Reference #:

1501673

Modified date:

2013-01-30

Translate my page

Machine Translation

Content navigation