local admin training

CSC Proprietary

Lotus Notes

Local Admin Training

Global Collaborative Computing Services

Computer Sciences Corporation

June 20, 2007

Revised 6/20/2007 CSC Proprietary

For Reference Only


Presentation Purpose

Local Administrator Training Feedback from Participants

Local Admin role Primary/Backup Audit

SBU/Site


For Reference Only


Outline

Introduction: Roles and Processes Server Naming Conventions ADO: Admin Defined Organization DuPont’s Address Book Local Admin Request Database New Groups Group Deletion Notes IDs (Standard) Coordinating Notes Client Installations Generic/Shared/Training IDs Notes Developer IDs Mail In Group Accounts User Deletion Web Users Databases: Quality Assurance and Access Control Basics Database Move to Production Server Database Design Change Database Move to Notes Development Server Database Deletion Requesting Team Database Miscellaneous Requests from Users Helpful Databases and Web Sites


For Reference Only


Service Delivery Model

CSC - AccentureGCCS - CAD - CT (CSC)

EC&C (Accenture)

RegionCAD

EC&C

Developers

LocalAdmin

ServerOperation &

Client Installation

Users

Servers/Workstation

s

Databases


For Reference Only


Service Delivery Model (Cont’d)

GCCS = Global Collaborative Computing Services (formerly M&G--Messaging & Groupware)

Notes operations Requests placed through

Local Admin Request Database Helpdesk

CAD = Collaborative Application Development Notes and Internet Web application development Requests placed through Helpdesk

CT = Collaborative Technologies Notes Implementation Requests placed through Helpdesk

EC&C = Electronic Commerce and Collaboration Notes application development Requests placed through Helpdesk


For Reference Only


Roles & Processes

Administration Local Admin

Request and manage groups Maintain integrity of ADO groups Request new/replacement Notes Ids Distribute new/replacement IDs/passwords (check with current Local

Admin to see how your business handles this) Manage user information Coordinate Notes client installations Request Mail In databases Request group and user (account) deletions Request mail file move (for example, someone moves to a different

region) Request Lotus Notes groups to be used in database access control and

Email distribution lists Request Web User Request database moves and design changes Request team databases Maintain secure access to databases

Development Create documented applications

Operations Install/reconfigure Notes on client’s workstation


For Reference Only


Process to Introduce Notes

Step 1: Groupware Project Contact Collaborative Technologies Establish organized plan for bringing users into Notes Establish initial ADOs and groups Bring 10 to 30 people into Notes (request IDs) Train at least one Local Admin At completion: Group is self sufficient

Step 2: Add more users and applications


For Reference Only


DuPont Notes Service

Dale McCashew is the Corporate Notes Service Owner and arbiter of conflicting needs within the DuPont Group.

Notes ID Forecasts Each Region or SBU has an IS Demand Manager:

Europe and USA forecast IDs by SBU Asia Pacific, Canada, Mexico, and South America forecast IDs by region

The IS Demand Manager is only required to submit a forecast for Lotus Notes IDs if anticipated need exceeds 200:

If a Region or SBU anticipates a need for 200 or less new IDs, no forecast is necessary.

If a Region or SBU anticipates a need for more than 200 new Notes IDs for any single month, a forecast is required.

> At least 3 weeks prior to the month when the IDs are needed, the IS Demand Manager needs to send an email with the estimate for that month to the following group: M&G ID Creators.

> Any changes to this forecast should be addressed to this same group. Notes ID Creation

The maximum number of Lotus Notes IDs CSC can currently create is 35 per workday.


For Reference Only


Server Naming Conventions

Server Names are made up of: Characters 1 to 3 = Location of Server

AR=Argentina, AS=Asturias (Spain), BHG=Bad Homburg (Germany), BZ=Brazil, CDC=Corporate Data Center (US/Canada), CO=Colombia, ESE=Experimental Station (US), EU=Europe, HK=Hong Kong, MEC=Mechelen (Belgium), MX=Mexico, NS=North Sydney (Australia), SG=Singapore, SH=Shanghai (China), SL=Seoul (Korea), TI=Taipei (Taiwan), TK=Tokyo (Japan), VE=Venezuela

Characters 4 to 5 = LN for Lotus Notes Characters 6 to 8 = Server type

D# = Development 02 or other numbers = Application MH# = MailHub M# = Mail

Examples: CDCLND05 = development server MXLN01 = application server located in Mexico CDCLNMH1 = Mail Hub Server located at Corporate Data Center CDCLNM1 = Mail server located in Corporate Data Center (Newark, DE)


For Reference Only


ADO: Admin Defined Organization

All ADOs are created by GCCS Submit request through your helpdesk

An ADO allows groups and person documents to be maintained by specific, authorized persons. Those persons are the Local Admins who are members of the ADO~Admin group.

Every database, person, and group is associated with an ADO Groups and person documents are owned by ADO Placement of database in directory structure is determined by ADO

Only Local Admins are members of ADO groups An individual must attend a Local Admin training session provided by

GCCS before being added to an ADO~Admin group Generic IDs, Mail In accounts, and groups are not permitted in

ADO~Admin groups Only a current Local Admin can add other Local Admins to their

ADO group. Each business decides who its Local Admins will be.

IT IS YOUR RESPONSIBILITY TO CONTACT A LOCAL ADMIN AND ASK TO BE ADDED TO ADO GROUP(S)


For Reference Only


DuPont’s Address Book--Demo

ADO~Admin Group (Admin Defined Organization) “Admin Defined Organization” (ADO) name

Common practice is SBU, organization, & group acronym + Admin Example: IS~GIU~EMS~Admin

Stored in DuPont’s Address Book - “Admin - ADO Groups” view and in “Groups” view

Special ADO~Admin group for each ADO Group Name, Owner, and Administrator fields are not changed

ACL or Email Distribution Group Stored in DuPont’s Address Book - “Groups” view Can only edit groups owned by your ADO(s) Can add nonLocal Admin editors for groups (added to Administrator field)

Select from dropdown list: DuPont’s Address Book


For Reference Only


DuPont’s Address Book--Demo (Cont’d)

Person document Stored in DuPont’s Address Book - “People” View Contains name, personal information (SBU, location, phone numbers...),

and system information Basic section contains shortname, mail file server, mail file name Can only edit persons owned by your ADO(s) Local Admin of existing ADO responsible for changing ADO as

necessary Change ADO by editing Administrator field in Administration section Select new ADO from list (do not type information in), press OK

Local Admin of existing ADO responsible for changing SBU and site codes as necessary (account owner can change site code, but not SBU)

SBU and site codes are provided by DuPont Finance and added to the Lotus Notes environment at their request. Requests for new SBU and site codes should be directed to DuPont Finance.


For Reference Only


Local Admin Request Database

Add icon to your desktop File Database Open

Server Name: CDCLN77/DuPont Path: IS\System\Admin Database Name: Local Admin Requests

Must be in a IS~System~Admin~Local~# group before you are able to add the icon

Must be a member in at least one ADO~Admin group before you can perform any of the functions in this database

Normal Turnaround Time 2 workdays approximately for all functions except Request Team

Database 3 or 4 workdays approximately for Request Team Database


For Reference Only


Groups Overview

Why use groups? Database access management (ACL’s)

All members must be from DuPont’s Address Book Distribution lists for Email

Members can be from ECD JustMail and other non Notes Address Book as well as DuPont’s Address Book

Groups are global: Can be used by any user worldwide within DuPont Notes domain

There are thousands of Notes groups ADO structure developed to help find specific group

Manage your groups wisely NonADO~Admin groups should contain at least three people Limit membership size to 300 people

Group limited to 64K (about 250 to 300 names) Groups can be nested to 6 levels deep (there are currently approximately 60,000 users

and 38,000 groups) Delete if obsolete


For Reference Only


Groups Overview (Cont’d)

Think through the groups and group names in your ADO as a team

Groups are not renamed. To change your group’s name, you have to request a new group with the new name. After it is created, you can copy and paste the members’ names from the old group to the new. And, finally, you need to request the deletion of the old group.

Make request using Local Admin Requests database Local Admin receives email verification when group is added to

DuPont’s Address Book Group member names should be added to the group by the Local

Admin or designated editor after the group is created


For Reference Only


Groups Overview (Cont’d)

GROUP NAMEExample: IS~GIU~EMS~LN Support

2 Parts: IS~GIU~EMS = ADO (cannot be removed)

LN Support = Short descriptive name (20 character limit)

Short descriptive name is what Local Admin defines: Most meaningful part of name Carefully choose the short descriptive name (easy to remember; easy to

type; easy to find) Other examples:

Admin Assistants HRIS Leadership ERDC First Aid VC96


For Reference Only


New Group--Demo

Click “New Group” in Navigator pane Select ADO

you will only see ADO groups that you are a member of Group Used for: Leave Notes as default Enter short descriptive name

spaces and some special characters allowed (see Group Naming in Notes Central database)

> Using a period in name is discouraged> A space can cause a problem with internet addressing

Enter description or purpose not part of group name; used to make entry descriptive

Select appropriate group type multipurpose, mail only, or ACL only

Add members after group is created (more efficient for everyone!) Add editor if desired Use button “Click here to see name as it will appear in DuPont’s Address

Book” to preview submission Click “Submit Request” on action bar


For Reference Only


Delete Group--Demo

Request the deletion of group when it is no longer needed for email distribution and/or database access control

Click “Delete Group” on action bar Select Group’s ADO Select “Group to be deleted” from DuPont’s Address Book Comments – Not required. Enter any special instructions or information

(e.g., who requested or approved the deletion), but not a specific date to delete.

Click “Submit Delete Request” on action bar Resulting Actions:

Group document is deleted from DuPont’s Address Book within 2 workdays If the Group name is nested in other any other groups in DuPont’s Address

Book, it will be deleted from those groups.> Note: The automated process may not remove the group name from an application

database Access Control List. This may need to be done manually by the database manager.

Local Admin is notified via email when group has been deleted Use caution when deleting ADO~Admin groups

Be sure the ADO~Admin group is not used before it is deleted> Person Doc Owner> Group Doc Owner> Member of a database ACL


For Reference Only


Notes ID Overview

DuPont issues two types of Notes IDs: Standard—used for mail accounts and database access Developer—used for database development

An ID is an important file that contains: User name Certifier(s) Private and Public keys Password

User must have ID file on PC Copy of original ID file is maintained in GCCS archive User should maintain copy of ID file in safe place Passwords expire every 90 days. Changes such as new password, rename, and recertification occur only on

the copy of the ID the user has used to access the Notes server ID is to be used by ID owner only


For Reference Only


Notes ID Overview (Cont’d)

Each Notes ID requires a license. Licenses are determined by the software installed on the user’s workstation.

When an account is created, the ID is created as a standard Notes license with the understanding that only the Notes 7 Client is installed on user’s workstation.

A user who needs to do Notes development should get the Notes Designer Client also installed on his/her workstation.

Notes Designer Client requires a separate license If a user needs to do Notes development work and already has a license

(i.e., Developer ID) but needs to install the designer client, he/she will need to contact Dale McCashew, ITSU, for the software.


For Reference Only


Notes ID Overview (Cont’d)

Local Admin receives request for a new ID Verifies that user does not have a DuPont Notes ID

check DuPont’s Address Book for name Determines which ADO should own the person document

Make request through Local Admin Requests database Choose “Request New ID” After it is created, the ID is mailed to the Local Admin who submitted

the request Local Admin gives ID to user Local Admin coordinates installation Local Admin informs client of Janitor/Records Mgmt


For Reference Only


Request New ID (Standard)--Demo

FIRST STEP: Check to see if user’s name appears in DuPont’s Address Book.

If it does, ask the user whether it is her/her account: If it is the same user, TRANSFER THE ACCOUNT:

Request an ADO~Admin group change from the current Local Admin if necessary (call Local Admin or send email). You cannot make any of the changes below until your ADO~Admin group manages the account.

Request a mail move if necessary (contact helpdesk) You or the user can request the ID and password (contact helpdesk) You MUST update SBU if not done before the account is transferred. You MUST update Internet Domain if applicable to your SBU You or the user MUST update the site information The user should also update other information (such as address or

telephone number)

If it is not the same user, REQUEST A NEW ID: Return to Local Admin Request database to request the new ID

Note: If you are transferring a user to another ADO~Admin group, please notify that group (send email to entire group or call one of the local admins in the group).


For Reference Only


Request New ID (Standard)--Demo (Cont’d)

Click the Request New ID button in the Local Admin Requests database

Select appropriate ADO for new user (dropdown list) You will only see ADOs that you are a member of

Enter name “First Name & Initial,” and “Last Name” fields Use Proper case Avoid special characters (can use the hyphen, underscore, and

apostrophe on keyboard) Use two part first/middle name Be sure name is spelled correctly Follow DuPont’s naming standards Be sure name is unique (cannot have two users with the same name)

myAccess ID Soon to be required – can leave it blank now. Press the Help button next

to the field for more information.


For Reference Only



PERSON NAME EXAMPLES

First Name Last NameJon R ManchesterBettina Laraine Adams-MelvinBenjamin F du_PontR David RhodesJohn A O'Brien_JrRoger D van_der_WeeleHorace Red Smith_IIIMichael Smith_PhD

Avoid using single name or initials in First Name field:John JonesJ J Jones_Jr.

Do not request names as follows:Horace (Red) Smith_IiiDr. Michael Smith [Belle Works]

Note: Do not predict what a new person’s internet address will be. It’s possible there is already a person listed in the ECD with the same name who has another type of email account. If so, a Uniqueness Qualifier ( - 1 ) will be added to the new account.


For Reference Only



Policies for Person Names Each name must be unique

Exact full name cannot already exist in DuPont’s Address Book Michael R Smith/AE/DuPont and Michael R Smith/EUR/DuPont have the

same full name; one would have to modify name) First Name & Middle Initial Field

Contains first name and middle initial or middle name. Use client’s formal business name whenever possible.

Do not use a period or comma. May use a hyphen (-) and an apostrophe (') on keyboard, but no other special characters.

Do not include prefix: Dr, Mr, Mrs, Ms... Avoid using initials only.

Last Name Field Do not use a space; replace with underscore (_) so computer can parse. Do not use a period or comma. May use a hyphen (-) and an apostrophe

(') on keyboard, but no other special characters. Suffix, if there is one, should be appended to the last name with an

underscore. Use proper case (with exceptions; i.e., van_der_Weele).


For Reference Only



Mail Servers: ARLNM# = Argentina, SA BZLNM# = Brazil, SA CDCLNM# = U.S. and Canada COLNM# = Colombia, SA EULNM# = Europe HKLNM# = Hong Kong MXLNM# = Mexico City, MX NSLNM# = North Sidney, Australia SGLNM# = Singapore SHLNM# = Shanghai, China SLLNM# = Seoul, Korea TILNM# = Taipei, Taiwan TKLNM# = Tokyo, Japan VELNM# = Venezuela, SA


For Reference Only



*Site: (except CSC DE) select Site Code from Corporate Table *SBU: (except LNS) select SBU Code from Corporate Table Company Name: If user is a DuPont employee, must be “DuPont”. All others

must use their Contracting, Joint Venture, Third Party, or Subsidiary Firm Name (if CSC employee, Company name is CSC).

Company Name field has 8 character limit If the user is a DuPont Contractor, Joint Venture, or Third Party employee, an

approved DISO form 2E must be submitted by the DISO Coordinator to NotesidELISForms. DISO form must be received before ID can be created.

CSC and Accenture are exceptions when the IDs are requested by CSC and Accenture (SBU codes will be LNS and AT, respectively). If the IDs are requested by a DuPont business, a DuPont SBU code should be used, and a DISO form is required.

The company name helps to determine if a person requires a DISO form. If the company name is DuPont or DPE (formerly DDE), the person is classified as a DuPont person and does not require a DISO form. If the company name is anything other than DuPont or DPE, that person is deemed a contractor and a DISO form is required (see exception for CSC and Accenture).

Web site to DISO form 2E: http://www2.lvs.dupont.com/DISO/form2e.html When myAccess ID has been fully implemented, the DISO 2E form will no

longer be required.

*Refer to “Every user must have valid Company Name, Organization, Site & SBU Info” in Notes Central.


For Reference Only



Notes Client License: Lotus Notes (this is the default) If someone wants a developers license, you will need to pick Request New

Developer List in ECD? (“Yes” is default) Web Account: If required, a web account can be requested as well as the

Lotus Notes account. (“No” is default) Comment field: If the user is a contractor, please enter the name of the

sponsor in the comments field and include the sponsor’s SBU or function, e.g., Dale McCashew/DuPont – ITSU.

Validate “Single Name” (bottom of screen) Double check spelling of name!! Click “Submit Request” on action bar You can check the status of your ID request by clicking on the Status

Inquiry button

Note: Local Admins should not forward their mail. We cannot issue IDs created from thetool to any mail that is forwarded. The ID and password will not forward properly to otheremail systems.


For Reference Only


Coordinate Client Installation

Save Notes ID file to appropriate storage media and give to user Can be a secure network drive/flash drive or other storage media

Send user password and “Notes ID Handling Instructions” Instructions are in Help - Using this Database - Notes ID Handling Instructions in

“Local Admin Requests” database Coordinate the Notes Installation

Install software for user Provide instructions for user to install Have user call support center for installation Provide guidance on reconfiguring existing installation (change user’s personal

address book) Inform user of Records Manager/Janitor Encourage user to keep a copy of the original Notes ID locked up for future

use (in case user forgets the password or the PC experiences a hard drive crash). For security, ID and password should be stored in separate places.

Encourage user to keep Person document in DuPont’s Address Book up to date


For Reference Only


Coordinate Client Installation (Cont’d)

Records Manager/Janitor When you request new email accounts in the DuPont domain, we

ask that you develop a process within your organization to communicate the Lotus Records Manager/Janitor training information and documentation to new DuPont employees and contractors. We have had several calls from contractors who were not aware of records management or how the Lotus Records Manager/Janitor works on an individual's email account.

Link to LRM/Janitor documents: http://crim.dupont.com/web.asp?page=615

Link to Corporate Records & Information Program Guide: http://crim.dupont.com/web.asp?page=751


For Reference Only


Generic/Shared/Training IDs

Generic/Shared/Training IDs are allowed to some extent in the DuPont Notes environment.

Local Admin must provide appropriate approval information in the Comments field of the Request for New ID

Must include Owner’s name Statement: “{Owner} has been notified of the DISO/Lotus requirements” ID Owner must maintain appropriate licensing/security for the ID

See DISO Policy for Information Security Policy - Identification & Authentication - Shared Lotus Notes IDs Chart

http://www2.lvs.dupont.com/DISO/2_tech_ln.html Naming caution: If the account will be listed in the ECD, limit the

characters in the Name fields as follows due to a limitation in the X.400 (internet address):

First Name & Initial: 16 Characters Last Name: 24 Characters


For Reference Only


Notes Developer IDs Overview

In order to secure our Lotus Notes environment and to register and track all Lotus Notes developers in the DuPont domain, DuPont has implemented a solution that requires all Notes developers to have two Lotus Notes IDs.

A standard Notes ID for users who are NOT Lotus Notes Application Developers, e.g, Fred Jones/AE/DuPont

A Developer ID for those people who have a standard Notes ID but who will be doing Notes development.

Given this, it is possible for one person to have two ID's, a "Standard ID" and a "Developer ID".

In order for any user to have a "Developer ID", the user MUST already have a Standard ID.


For Reference Only


Request New Developer--Demo

Before you can request a Notes Developer ID, a request must be submitted in the Developer Tracking Database

Developer Tracking Database is on CDCLN77\IS\BC\DevTrkDB.nsf Click on Load New User. Click on down arrow next to Account

and choose name from DuPont address book. If the user is a contractor, you must go to the comments line and add the user’s sponsor.

Click on Load Info. Save this (Save and Exit), then open the name you just saved and click on Submit for Approval. This information will be sent to approver. Once that approval is given, the approver should notify you.

After you receive the approval notification, you can submit the Notes Developer ID request through the Local Admin tool.


For Reference Only


Request New Developer–Demo (Cont’d)

REQUEST NOTES DEVELOPER ID Click on Request New Developer. This opens up the request for a

"Developer" ID for an existing user. The "First Name" of the new Developer ID will consist of the user's common name e.g. "Linda W Morris". The last name will always be "Developer". Thus, the full developer name would be:

Linda W Morris Developer/AE/DEV/DuPont. Click on button next to First Name & Initial. You will need to select

user’s name from DuPont’s Address Book. (Notice that the Last Name field is Developer).

You may pick any available mail server in your region. Select the user’s SBU and site from the dropdown lists. Note that nonDuPont users will be identified by adding a “Contractor”

organizational unit to their name. Remaining fields are the same as for Request New ID. In order for any user to have a "Developer ID", the user MUST already

have a Standard ID.


For Reference Only


Request New Developer–Demo (Cont’d)

The examples below show the naming structure for the US (AE) region; however, the same naming rules apply for all regions.Scenario ID NameDuPont employee who is NOT a Joe B Smith/AE/DuPont

Developer (has one ID only)

DuPont employee who has a new Joe B Smith/AE/DuPont

developer ID along with his normal ID Joe B Smith Developer/AE/DEV/DuPont

(has two ID’s)

Contractor who has a new developer ID Joe Smith/Contractor/AE/DuPont

along with his normal ID (has two ID’s) Joe Smith Developer/Contractor/AE/DEV/DuPont

If the user is a “Contractor” (the company name is not DuPont), please type in the name of the sponsor in the Comments field and include the sponsor’s SBU or function, e.g. Dale McCashew/DuPont–ITSU.


For Reference Only


Mail In Group Account Overview

Create Mail In database instead of generic ID whenever possible No ID is created; no license to purchase Names can be revised, just like a generic ID or person

Before you create a Mail In database on a mail server, you should create a group to use for the access to the Mail In account if you don’t have an appropriate group. This group will have Editor access.

Group must be “Multipurpose” or “Database Access Only” Every person listed in the group you add to the ACL of the database can access it using

their personal Notes ID (they must have a DuPont Notes ID). Can list in ECD whether the Mail In database is on a mail server or application server.

However, it should only be listed in the ECD if there is a compelling business reason to do so.

The default for List in ECD is “No” Mail In databases on mail servers will be standard mail files with standard ACLs.

Server name and file name in person doc will show exact location of Mail In database Mail In databases on application servers will be placed in the SBU or ADO structured

directories (not in the mail directory). If not listed in the ECD, the server name and file name in the person doc will show the exact

location of the Mail In database If listed in the ECD, the server name in the person doc will be a mail server. Mail will then be

forwarded to the Mail In database in the Application domain. After a Mail In database has been created, the ECD Listing designation can be changed, if

necessary. The Owner on the Administrators tab or the any member of the ADO~Admin group should open a PQR with the Helpdesk to add or remove “List in ECD”.


For Reference Only


Mail In Group Account--Demo

Requirement for mail-in group accounts on mail servers: If one does not already exist, submit a request for a new group that will be placed in the ACL with editor access. The group should exist before you request the mail-in group account.

Request form is similar format as ID Request: Name

First Name: Naming standards not as strict; can omit First Name Last Name: Must have entry in Last Name field.

Note: If listing in ECD, remember character limitations:First Name & Initial = 16 charactersLast Name = 24 characters

Server for database: Select appropriate server If a new mail database is to be created, select an appropriate mail server If using an existing application database and the account IS to be listed in the ECD, select an appropriate mail server If using an existing application database and the account IS NOT to be listed in the ECD, select the application server

the database is on> Note: If the mail server selected is not available, the new database will be created on a different mail server in

the same region. Work (same as ID Request)

DuPont Site: Required for billing Location Text: Optional SBU: Required for billing Organization: Optional Company: Required

There is an 8 character limit ECD Other Phone


For Reference Only


Mail In Group Account—Demo (Cont’d)

Notes Mail Create New Mail Database: Designate whether you want a new mail database

created or whether you are using an existing database Select Yes if a new mail file is to be created (not using an existing file) Select Yes if using an existing application database and the account IS to be listed in

the ECD. Select No if using an existing application database and the account IS NOT to be

listed in the ECD. If No: If you select “No”, you will need to provide the path on the application

server and the name of the file (e.g., helpdesk\notesupp.nsf). Do not enter the server name – it is already selected in the Name section.

List Person in ECD: Designate whether you want the mail-in account listed in the ECD or not

Select Yes only if you have selected a mail server AND you have a compelling business reason to list it.

Group to be placed in ACL with Editor Access: If creating a new mail database, select the group to be placed in the ACL with editor access (editor access is highest available).

Comment Field: Always enter Owner’s name and phone number If using an existing application database and the account IS to be listed in the ECD,

enter “Forward mail to database <path\filename> on <server>”. Example: Forward mail to database IS\System\admintest.nsf on CDCLN47 – owner is John Q Public/AE/DuPont, phone is 302-777-7777.

Validate Single First Name & Initial if appropriate Submit Request


For Reference Only


Delete User--Demo

Use the Delete User function to delete a person’s ID, a generic/shared/training ID, a developer ID, or a Mail In account.

Request the deletion of account if it is no longer needed for email/database access (see DISO Standard: System Access – Termination & Transfer – Terminated Users)

Click “Delete User” on action bar can select up to 50 names in one request)

Select “User to be deleted” from DuPont’s Address Book Comments: “Other Mail” or “Left Company” or other special instructions:

May request supervisor access to the mail file for two weeks Do not request deletion for a future date. Deletion will be done when request

is received. Click “Submit Delete Request” on action bar


For Reference Only


Delete User--Demo (Cont’d)

Resulting Actions: Name is immediately added to TERMINATIONS group

User cannot access mail or databases Name is removed from all ACLs of databases they currently access

within 2 workdays Person document is deleted from DuPont’s Address Book within 2

workdays ID file is deleted from Archive within 2 workdays Mail file is deleted within 5 workdays (unless access requested for

Supervisor; then file is deleted from the server in two weeks) If needed for longer than 2 weeks, the supervisor can make a local copy of

the mail file, as long as DISO rules about retention are not breached Local Admin is notified via email when user has been deleted

To restore a user’s account that was accidentally deleted, contact your helpdesk within 14 days of the deletion date.

Mail files can only be restored for up to 14 days from backup tapes

Remember: Do not delete account if user has moved from one SBU/site to another.Transfer the account.


For Reference Only


Web User Accounts Overview

Application servers in the Notes domain are "Web" enabled so that developers can write applications which allow users to access them from the Web using a browser.

Existing and new Notes users will not be given automatic Web access. Web access will be granted only when they are required.

NonAnonymous Web users will be "registered" as part of the Web request process.

Registration of a Web user requires a valid email address which will be used by the Web password process.


For Reference Only


Web User Accounts Overview (Cont’d)

The DISO required documentation rules apply as follows: Scenario 1: If the person already has a CURRENT /DuPont ID and

wants to be added to the Web.... Lotus Notes Local Admin will make the request (the DISO2E form is

NOT required for contractors or noncontractors) Scenario 2: If the person doesn't have a CURRENT ID and wants

BOTH an ID and Web access.... Lotus Notes Local Admin can make the request for a new ID and a web

account at the same time (the DISO2E form is required for contractors) Scenario 3: If the person only wants a /DuPont ID....

Lotus Notes Local Admin will make the request for a new ID (the DISO2E form is required for contractors)

IF they later want Web access, the Lotus Notes Admin must request it (the DISO2E form is NOT required for either contractors or noncontractors)

Scenario 4: If the person doesn't have a CURRENT ID and only wants access to the WEB....

Lotus Notes Local Admin will make the request for Web Access (the DISO2E form is required for contractors and noncontractors).


For Reference Only


Web User Accounts Overview (Cont’d)

The Request Web User function will allow you to request that a user be registered for Web access.

You will be able to choose existing Notes users from any one of the five DuPont Lotus Notes Address Books:

DuPontDuPont LegalDPTSolaePioneer

You will also be able to choose people from the ECD—Justmail, Other nonNotes Address Book.

You may request as many as 250 people names (no groups) at one time. You will be able to sort your request list and calculate the number of users

being requested. You will be able to view the directory of current Web users from the main

navigator panel. Click the “Web User Inquiry” button and interrogate a list of current Web users.


For Reference Only


Request Web User--Demo

Click the Request Web User button in the Local Admin Request database.

ADO: Select the ADO under which the request is to be made. User(s): Select as many as 250 people (no groups or Mail In accounts)

Select the appropriate Address book Select the required user(s) Select the 2nd Address book (if required) and the users from that book. Continue selections until maximum of 250 people have been selected.

If you have a list of names in Address book format (e.g., listed one per line as in a Notes group), you can paste these names directly into the “User(s)” field. (Note: names in invalid format will be weeded out.)

Send me email confirmation…: The default is “Yes”, which means you will receive an Email when each account is created (250 Emails if you submitted a request with 250 names). If you select “No”, you will not receive a confirmation Email when any of the accounts are created.

Comments: Enter comments as you wish. Be brief, as these will appear in the comments field on the person document created when the person is registered as a Web user.


For Reference Only


Request Web User–Demo (Cont’d)

Other buttons on the form (optional functions): Current Web User(s): Shows a list of users with Web accounts. Calculate: Calculate the number of names in the “User(s)” field and updates the count at the

top of the form. Sort: Sorts the content of the “User(s)” field in ascending order. Check if input User exists: Checks the contents of the “User(s) field against the current list

of Web users and tells you who already has an account. You can then manually remove existing Web accounts from the “User(s) field before submitting the request.

Weed Out: Checks the contents of the “User(s) field and automatically weeds out the following names:

Entries that have “Mail In” in the name Entries that already have a Web account Any other invalid names

Submit Request button. The submit button does the following: Checks the contents of the “User(s) field and automatically performs the “weed out”

function. Sends request for Web account(s). Submission Confirmation: Immediately generates an email to the Local Admin showing

which accounts were submitted and which were not. A brief explanation is included for any accounts that were not submitted (e.g., Sherry A Burbidge/Contractor/AE/DuPont – Already Submitted).


For Reference Only


Request Web User–Demo (Cont’d)

Three things may happen in the registration process: If you selected “Yes” to receive email confirmation when each

account is created, you will receive an Email when each user is actually put into the registration Address Book.

The user will receive an Email telling them they have been registered.

The Email will include the user name to be entered when they are challenged for authentication.

The user will be sent a second Email with critical logon information: The second Email contains the browser/logon password It will tell them that they will be forced to change that initial password

on first access It will also tell them to contact their local helpdesk if they have any

questions.

Note: Web password resets will be done without Local Administratorinvolvement. The web user should call the Helpdesk to reset lockouts.


For Reference Only


Moving DBs & Quality Assurance Basics

Local Admin gets database from user or developer The recommended way is to first move new database to the test environment on

CDCLND05 test server. From there it can go on to the Staging Server CDCLND07. When it is ready to go production, you will need to tell us whether it will be self managed or change managed.

You should do the following before a database is moved to any server (test, staging, or production server):

Local Admin performs quality assurance checks (these are mandatory):

Verify that About and Using Documents exist Verify that database complies with DuPont’s DISO Standards Verify that database has a sponsor to pay for server space Verify that the data owner/application developer have completed their

tasks as designated on the Move Database request form.


For Reference Only


Moving DBs & Quality Assurance Basics (Cont’d)

Database Quality Assurance Checklist About and Using Documents completed (Sponsor must be listed) Application usability: look at application Security: Review Access Control List (ACL)

Default Access is No Access (otherwise follow instructions in the DISO Standard)

Groups are used instead of individual names where possible (no more than 4 individual names allowed)

Terminations listed as Person Group with No Access IS~System~Admin~Global listed as Person Group with Manager Access ACL management group listed (change managed servers) Anonymous: No Access (otherwise follow instructions in the DISO

Standard) Check guidelines in DISO Standards

Templates: Using and About Documents Documents must be complete and relevant Must include purpose of application, target audience, owner, who to

contact, how to use...


For Reference Only



Access Control Basics Notes security has many parts Key part is the Access Control List (ACL) Each database in Notes has its own ACL The ACL is used to control the access level people or servers have

to the database Each user or server may either be listed individually or as part of

a group


For Reference Only



Maintaining Access Control List of Databases Changed Managed Databases

Owners/developers must have a special group created and then must place it in the database ACL before they ask you to request the move. The highest level of access this group can be assigned in the ACL is "Editor". The membership list of this group should contain the names of those people designated to "manage" the ACL. The name of the group should end in "ACLMGR”. For example "EP~EU~~Megaline ACLMGR".

ACLMGR must be in all caps ACL Manager Tool

A database has been created called “ACL Management” for designated ACL managers. You should inform anyone designated to manage the ACL of a database that they should access ACL Management to submit their ACL change requests. There is adequate "online" help within ACL Management. Press the “Help on how to use this database” button for detailed instructions.

Location of database:Server = CDCLNS02/DuPontPath = is\system\ACLMan\ACLMan.nsf


For Reference Only



ACL User Types Examples of user types:

Default = Unspecified LocalDomain Servers = Server Group ADO Group name = Person Group John Q Public/EUR/DuPont = Person


For Reference Only



Access Levels1. No Access: Denies access to database

2. Depositor: Allows users to compose or paste new documents into the database; however, they will not be allowed to access their documents or other documents.

3. Reader: Allows users to read existing documents only. Users will not be able to create new documents nor edit existing ones.

4. Author: Allows users to edit documents for which they are listed as owners. The ability to create or delete documents can be optionally given or taken away using the check boxes at the bottom of the ACL dialog box. A user can be added as an owner of a document by another user. Even if they did not create the document, they will be able to edit it.


For Reference Only



Access Levels (Cont’d)5. Editor: Allows users to create new documents and edit existing

ones regardless of whether they are listed as owners or not. The ability to delete documents can be optionally given or taken away using the check box at the bottom of the ACL dialog box.

1. The highest level of access allowed in production on mail servers and change managed application servers is now “Editor” (not “Manager”). An “ACL management” database will allow designated Custodians to manage ACLs without the need to have “Manager” access in the database itself.

6. Designer: Gives users all the privileges of an Editor as well as allowing them to change the design of the database (Forms, Views, etc.) (Only allowed on self managed application servers)

7. Manager: Gives users all the privileges of a Designer as well as allowing them to change the administrative options of the database (ACL, Replication, etc.) (Only allowed on self managed application servers)


For Reference Only



People Definitions and Responsibilities Sponsor: The business person who has championed the database and authorizes payment for the

database support. Billing information (SBU and Site) is derived from the sponsor’s person doc in the NAB The sponsor must be a DuPont employee

Owner: The person who is accountable for ensuring the asset/database and its content complies with all published standards. The same person can fulfill the roles of "Sponsor" and "Owner" if that is appropriate.

The owner must read the DISO standards (located on the DISO Web Site) and verify that the database meets DISO standards

The owner must verify that the risk classification is correct The owner must verify that the database does not contain Sarbanes Oxley sensitive

information. The owner must approve a database move or team database request before any action can be

taken on the request. Custodian: The person or persons (can have more than one) to whom the “Owner” may delegate

responsibility for the day to day management of the database (e.g., maintaining the database ACL and granting access to the database). Database owners may elect to fill this role themselves.

Developer: This is the person we will contact for technical information (if required). The developer must verify that the Access Control List (ACL) meets DISO standards The developer must verify that the “About” document of the database meets required format

and content The developer must verify that the “Using” document of the database meets required format

and content.


For Reference Only


Move Database--Demo

Click “Move Database” in Navigator pane. ADO: Select from list of ADO groups that you are a member of Management Type: Self Managed or Change Managed (this will determine the server

that it will be put on) Move type: Since only new moves to production can be done with this form the "Move

type" field is no longer editable and defaults to "New Database" Database Name: Descriptive name – 40-character limit Database Icon Name: Exact name to be displayed on database icon – 20-character limit. Database: Attach database or paste database link here. To server: The main server that the database should reside on Directory on To Server: The directory into which the database should be placed on the

server. Must be based on SBU or ADO. If you do not specify the directory, the database will be put in the root directory.

Additional Servers: Dropdown list of additional servers that the database can be placed on.

Special instructions: Servers not included in the dropdown list can be added in the Special Instructions field (e.g., the external server if the database needs to be replicated to another domain).


For Reference Only


Move Database—Demo (Cont’d)

People Responsible: Select the appropriate Sponsor, Owner and Custodian(s) from the dropdown lists.

Owner Accountability: Owner Approval—DISO: Default is YES Owner Approval—Risk:

Select DISO risk from dropdown list Select YES or NO for Sarbanes Oxley sensitivity

Owner Approval—Comments: Optional field Developer contact: Select from dropdown list. This is the person to contact if there

are technical questions. Developer contact phone: List DUCOM number and external number Submit Request for Owner Approval: When the request is submitted, a note is

sent to the database owner requesting approval. Once the owner approves the request, the request is sent to CSC for implementation. If the owner denies approval, the owner and Local Administrator must discuss what must be done to achieve owner approval. The Local Admin and the developer also receive a copy of the approval request. (Note: If the Local Admin who submits the request is the owner, no further approval is required.)


For Reference Only


Move Database–Demo (Cont’d)

Owner’s Options in Owner Approvals database: "Approve" Button - The request document is emailed to CSC who will begin the move. An

email is also generated automatically from the Owner to the Local Administrator and developer telling them that the request has been approved. Note the timing for the database move begins, as it does now, when CSC receives the approved email request.

"Deny" Button - An email is generated automatically from the Owner to the Local Administrator and developer telling them that the request has been denied. The request is terminated. If the database still needs to be moved to production, the Owner and Local Administrator or developer must discuss what needs to be fixed/changed and the Local Administrator must submit a new request in the Local Admin Request database.

"Close" Button - If the owner opens the linked document and decides he or she wants time to think about how to respond, the owner can close the link and address the request for approval at a later time. In this case, the owner must retain the email containing the link in order to be able to reopen the request form.

Your options before the owner approves the request: Change the name of the database owner

click the drop-down menu and select the new Owner from the NAB click the "Send email to New Owner" button. This will send an email to the new Owner requesting

approval. Add or change information (other than the owner) you originally entered on the request

make your changes click on the "Save and Close" button

Send a reminder to the database owner requesting approval click the "Send Reminder email to Owner".

If you access the form and decide not to make changes click on the "Cancel" button


For Reference Only


Request Database Design Change--Demo

Use this function to request design changes to databases in the Production and Staging environments.

ADO: Select from your list of ADO~Admin groups Management Type: Change Managed or Self Change Managed Move Type: Design Change. You must type in a short description of the

change (max 100 characters). Break/Fix: Default is “No”. Database: Attach database or paste database link. To Server: Select server from dropdown list. Directory on to Server: Enter directory Special Instructions: Use this field to communicate any special

requirements/steps for implementing the design change. Developer Contact: Person we should contact for technical information.

Select from DuPont’s Address Book. Developer Phone Number: Developer’s DUCOM and external

numbers.


For Reference Only


Move Database Notes Develop--Demo

Click Move Database Notes Develop button ADO: Select from your list of ADO~Admin groups Database: Attach database or paste database link To Server: Select development server from dropdown list Directory on To Server: Enter directory in SBU or ADO format (e.g.,

AUTO\IS\COAT Estimated time to complete development: 90 Days

A reminder email will be sent to you near the end of the 90 days. You may request a 30, 45, 60, or 90 day extension at that time if not the database is not ready to be moved into production.

Calculated development completion date: Automatic 90 day calculation.

Sponsor: Select sponsor from dropdown list Owner: Select owner from dropdown list Custodian: Select custodian(s) from dropdown list


For Reference Only


Move Database Notes Develop–Demo (Cont’d)

Developer Contact: Select from dropdown list.

Key Users: Access to the Notes development server is normally restricted to developers only. However, each developer may specify a maximum of five "Key Users" per database to help in the development of their database(s) on the development server. It is the developer’s responsibility to ensure this number is not exceeded. Users can be removed from the list at any time by sending an email to “Database Moves/Mail In/DuPont” account, specifying which users are to be removed. This number will be validated after you request each move for a particular developer. If more than five Key Users are found, the developer will be contacted and asked to reduce the number.

Select up to five Key Users from the dropdown box Leave field blank if no “Key Users” are required. If names are selected for this field, the following message will be displayed:

You have selected Key User(s) needing access to the development server(s). The maximum is 5 in total at any one time. This will be validated when your request is processed and if exceeded will slow the move of this database. Continue?

Developer contact phone: DUCOM and external numbers Submit Request


For Reference Only


Delete Database from Production--Demo

Click Delete Database from Production You should use this function when you want a database removed from a

production server. ADO: Select the appropriate ADO~Admin Group Database Name: Select the database title from the dropdown list Server(s): Select the server(s) you wish the database deleted from

The option to ask for “ALL replicas” to be deleted has been removed. You now have to specify exactly which servers you want the database deleted from.

The other fields in the form will automatically populate, depending on the database title you select.

Submit Request: Once you hit the submit button, three events happen in the background:

Request is sent to CSC Copy of request is sent to your mail file for your records Details about the deletion is sent to the database Owner


For Reference Only


Request Team Database--Demo

Requirement for all Team Databases: If one does not already exist, submit a request for a group that will manage the ACL (group name must end in “ACLMGR”). The group should exist before you request the Team Database.

Click the Request Team Database button ADO: Select the appropriate ADO~Admin group Going to: Select the server group

Other: Change Managed Servers South Amer/AUTO: Self Managed Servers

Management Type: Change Managed or Self Managed, depending on which “Going to” selection you made

Template name: DuPont Team Database Master To Server: Select server from dropdown list (your choices depend on which “Going

to” selection you made) Database title: Recommended number of characters is 20 or less so the title will fit

neatly on database icon This title will go directly into the Application DB Registry If this is to be a Mail In database, this title also becomes the name of the Mail In account

listing in DuPont’s Address Book.


For Reference Only


Request Team Database–Demo (Cont’d)

Database Path: Directory/Filename where application is to be created The first level directory must be based on SBU or ADO Must include the database file name, including the “.nsf”

Additional Server(s): Select additional server(s) for replicas from dropdown list. Enter nothing in this field unless you were instructed otherwise

Special instructions/comments/test results: Add special instructions or servers that do not appear in dropdown list

Team databases can be placed on self managed servers, but they will be locked down just as if they were on a change managed server

Enter nothing in this field unless you were instructed otherwise Sponsor: Select from dropdown list. Owner: Select from dropdown list. Custodian: Select from dropdown list. DISO risk classification: Select from dropdown list.

Get classification from owner You will not be able to submit the move request without it

Sarbanes Oxley sensitivity: Must select “Yes” or “No”. Get information from owner


For Reference Only



Team Database Information Mail In Functionality?: Click the “Create Mail In account for Team database” button if you want

Mail In functionality. Skip this field if Mail In functionality is not needed Name: Automatically enters database title List in ECD: “Yes” or “No”

The default for List in ECD is “No” Select “Yes” only if you have a compelling business reason to do so.

SBU: Select the SBU responsible for the account (usually the Sponsor’s SBU) Site: Select the site responsible for the account (usually the Sponsor’s site) Internet Domain Name: Default is Dupont.com (may or may not have other choices) Company Name: DuPont (cannot be changed)

Database type: Document Library or Meeting Mgmt (with Document - Discussion) Document Library provides repository functionality only Meeting Mgmt (with Document - Discussion) provides:

Document Library Meeting agendas, minutes Action item tracking Discussion capability

Select group that will manage the ACL: Group name must end in “ACLMGR” Use the dropdown list to select the ACLMGR group that will manage the ACL For this team database

If you do not have an ACLMGR group already established, you will have to request the creation of this group before submitted the request for a Team database. Use the “Request Group” button in the Local Admin Request database.

ACLMGR must be in all caps


For Reference Only



Select access groups: Use the dropdown list to select all the groups that will access this team database

You can select groups by clicking in the margin next to the group name. A check mark will appear indicating that you have selected the group.

Select access levels for selected groups: Use the dropdown list to select all access levels for all groups that will access this team database

You will see a list of all the groups you selected in the previous field in combination with all the access level choices

For each group, highlight all access levels that the requester selected for each group (click on the selection to highlight it)

Some groups may require more than one role (e.g., “create keywords” and “view all private docs”). Others will require only one role.

Submit Request: If you selected “Mail In Functionality, you have actually submitted two requests: One to create the team database and one to create a Mail In account using that database

Like the “Move Database” request, this request requires approval by the owner. Notification is sent to the owner to approve the request in the Owner Approvals database. You will also receive a copy of that notification.

You will receive notification when the team database has been created. At this point, it is a functional team database without Mail In capabilities

You will receive a second notification when the Mail In account has been created


For Reference Only



More information about using a Team Database is available at the following website: http://www4.lvs.dupont.com/nd6/teamtemp.html

More on Database Access: Access to a team database will be implemented via groups only. No individuals

names will be listed in the ACL. The groups accessing this database must be set up in the DuPont Address Book in advance.

Access Level: Edit all documents: Cannot read or edit docs marked private. Multiple groups can

be listed. Edit own documents only: Recommended access for team members. Author

access (can read but not edit docs created by another person – cannot read or edit docs marked private). Multiple groups can be listed.

Read only access: Can read all docs except those marked private. Multiple groups can be listed.

Change the ACL: Limit to 1-2 who will ensure that the database owner authorizes all additions to the ACL. Limit to a single group with a name that ends with ACLMGR (required group).

Edit keywords: Limit to 1-2 who will manage the organization of the db content. Limit to a single group (required group). Edit all docs including private: Limit to 1-2 who will manage turnover of authors of docs marked private. This is necessary in the event that a team member who has created private docs leaves the team. Limit to a single group (required group).


For Reference Only


Miscellaneous Requests

All Problems, Questions, or Requests that cannot be submitted through the Local Admin Request database must be submitted through your helpdesk. A partial list is included below:

Replacement IDs (for forgotten passwords, lost IDs) User Name Changes (renames) Certificate Recertification

If account owner is moving from DuPont status to contractor status, an approved DISO form is required.

Mail Move Requests (allow 7 workdays) Access or application problems Restore accounts that were accidentally deleted (must request within 14

days of deletion Local Admin Training

Local Admin training for Asia Pacific is conducted by Jupri Ahmad. Local Admin training for Europe is conducted by Frank Bittorf and

Arvind Gurkha. Local Admin training for the United States, Canada, Mexico and South

America is conducted by Ashok Mehta. Internet Domain Changes: The internet domain must be changed by a

Local Admin before changing ADO and SBU.


For Reference Only


Helpful Databases and Web Sites

ACL Manager Tool: Server:CDCLNS02 – Path:IS\System\ACLMan\ACLMan.nsf Developer Tracking Database: Server:CDCLN77 – Path:IS\BC\DevTrkDB.nsf Local Admin Request Database: Server:CDCLN77 – Path:IS\System\Admin/X500.nsf Local Admin Team Database: Server:CDCLN38 – Path:IS\LocAdm.nsf

This database is used as a tool to: Communicate any changes or additions that the local admins need to be aware of (this will include all

current Newsletters). Provide instructions which are broken down in categories to help you perform your Local

Administrator duties. Allows you to ask questions. You will see an Inbox that has been provided so that you are able to

communicate with the Lotus Notes group if you need a better understanding of a procedure to perform your Local Administrator duties.

FAQs Notes Central web site: http://www4.lvs.dupont.com/nd6/ Corporate Records & Information Program Guide web site:

http://crim.dupont.com/web.asp?page=751 DISO Form 2E web site: http://www2.lvs.dupont.com/DISO/form2e.html DISO Information Security Policy – Identification & Authentication – Shared Lotus

Notes Ids Chart web site: http://www2.lvs.dupont.com/diso/2_tech_ln.html LRM/Janitor Documents web site: http://crim.dupont.com/web.asp?page=615 Corporate Records & Information Program Guide web site:

http://crim.dupont.com/web.asp?page=751 Team Database information web site: http://www4.lvs.dupont.com/nd6/teamtemp.html

local admin training

Documents

helpdesk t ecc

helpdesk t ct

local admin training

current local admin

self sufficient t step

lotus notes groups

databases request group

database access control