Windows LiveWindows Live
 
 
Barking Mad's profileBarking Mad, you have to...BlogListsGuestbookMore Tools Help

Blog
    September 10

    Welcome Back

    I spent a year using Outlook and have now come back to Notes7.

    So what happens?  They Botched my username, I requested a name change and they complied, but it partially failed. Some Encrypted documents now blow the client up, I find I am not an owner of my mailbox after the name change.  Wonderful.  It took me a full half hour to work out what and where to put it back as the nice "Changes" in N6 and up block you from doing this if you are not already the mailbox ownwer.

    Just an indication of how far away I have stepped from the old Notes/Domino scene.

    Then I find they have attempt to lock the client down with profiles.  Not in my lifetime!  "Welcome back" is the whisper in the back of my mind as I fix the mailfile myself, unlock the client, add designer and administrator and deliver my own templates.

    Oh did I fail to mention that they have locked down my laptop with domain control and disk encryption so I can't unlock it and can't install anything like a refresh Notes client?

    Then I set up a discussion database for my own document store to get the zillion attachments out of my mailfile and create a local to local replication agent in the bookmarks database (about the best use for that heap of junk).

    Every time I see the message "Your client settings have been updated", I shut down and trash the changes just made by the central server.  This is pathetic and irritating to put it mildly.  OK I hear the rousing chorus of cries "but your'e not supposed to do that you're supposed to work within the paramaters they set you".  Well maybe, but then they aren't paying me to waste my time on their locked down "do nothing" setup, they're paying me to deliver a project.

    Help is at hand though, the whole company >100k users is going Outlook and Sharepoint.

    Then in a discussion with a previous customer, for whom we had done a spectacularly successful ND6 updgrade, I hear that they are going Outlook and Sharepoint.

    "Welcome back" goes the whisper in the back of my mind; "Not for long" goes the whisper in the front of my mind.
    3:27 PM | Add a comment | Permalink | Blog it | Domino
    July 20

    When to hate a "feature" and when to love a "bug"

    Way back when Ah were a nipper (as the saying goes), trying to synchronise Domino clusters using Lotusscript was a nightmare.  You needed to deploy "universal replicas" which were modified with the correct information before detaching.  You had to have a source agent and a destination agent because Lotusscript could not create replicas on other servers.
     
    Now all that is by the by, but a wonderful new feature post 4.x has been a boon to me over the years.  Why?  Well when you are locked out of that server and you "really" need to get in, what do you do?  I'll tell you.
     
    Create a universal replica (an uninialised 4.x replica with your name in the ACL as manager and also with the server you need to get into as manager) ensuring that it is ns4 and ODS20.  In the database title, insert the replica id of the domino directory followed by a pipe symbol | and then *
     
    Back up the ACL of your current Directory If you can.  Best way is to another database, add yourself to the ACL .  If you can't, then take a physical file system copy of the database outside of the Domino directory, Local on your machine would be good, but not in the replica path.
     
    Place this replica on the requisite domino server from the file system.  Bounce the box.  Then when it comes back up, on the server console replicate the server with itself Only for names.nsf.
     
    Now, D6 (and possibly 5), has a nice "feature".  When you do this kind of replication, it replaces the ACL on the primary directory with the one on the uninitialised.  You are now a manager of the directory and consistent ACL is off.  You can then modify the security groups with your name.  If you have a backup of the ACL modified to give you acces, then paste it back, otherwise place the physical file system copy of the original directory back on the server with another name (names2.nsf perhaps) and log off.  Log on again and create a new temp database in temp\temp.nsf.  Delete the database.  You can now see the file system copy you placed in the directory as the dbdirectory has been refreshed.
     
    If you had to replace the old Domino Directory, you now have manager acces to the old directory through the security groups.  Use the Domino Administrator ACL Copy feature to replace the ACL on the Original directory ( the one updated by the replicator) with the original.
     
    Voila, you are in business.
     
    OK so if they fix the replicator what are we going to do now?  Well, the reason we have an NS4 stub is because it will replicate all that good stuff to the new database in 4.x format.  We then file system copy the database to our workstation and use the 4.6 client with the disable consistent ACL setting enabled.  Don't open the database (it won't work and you'll break it trying), but just modify the ACL with your name.
     
    File copy the database back to the server, fix it up, then replicate the server with itself again for names.nsf.  You are in as manager and can modify the ACL and security groups.
     
    Why do I blog this when I am a fairly srong supporter of Domino?  Well it's time system designers started thinking about encryption and Extended ACL.  Which will defeat this kind of attack.  The security is there, but if it is not used, then expect me to get it......
     
    Given that many sites don't correctly fix the ECL or the database settings to defeat internal attacks, how could I expect them to keep me out?
    10:32 AM | Add a comment | Permalink | Blog it | Domino