Anyway, the idea here is to in no way require a user to know anything except their Notes password when they run Notes for the first time on a PC. This information is available in a few places on the web, but it none of the sources I found like Mat Newman's post had everything in one place. Basically they should never see this or the subsequent screens after it:
For this to work I'm assuming that:
1) Your %USERNAME% Windows environmental variable resolves to your Domino short name (or some other name that Domino can map). For example if your Domino name is "Samantha Fox", your Domino shortname is "sfox" and your logon user name for Windows is "sfox" (that is what %USERNAME% is). And yes, I did get to mention Samantha Fox in a blog post.....
2) You are using a shared user Notes installation.
3) You are using ID Vault on your Domino servers and your users can download said ID files.
4) You have someway to execute batch files that have elevated rights (ie, admin rights to the PC) on the PC.
OK, so to provide an exceptional user experience we need a four files. First we need a custom Notes.ini file. I actually have two, one for Notes 8 and another for 9 mainly due to IBM not being able to keep the same install path for longer than I wear a pair of underwear. The third file is a custom setup.txt file used by the notes.ini's. All these files are stored on a file share and will make their way down to the PC or laptop via a batch file, CopyLotusNotesFile.bat that is ran when any user logs on the PC (the fourth file, and the one that I use in DC):
All of these files reside on a file share on a server (in this case the share is \\server1\install\DesktopCentralCommonApps\). Here is the meat of each file:
NotesProgram=c:\Program Files (x86)\IBM\Lotus\Notes\
NotesProgram=c:\Program Files (x86)\IBM\Notes\
IF EXIST %ALLUSERSPROFILE%\IBM\Notes\Data\notes.ini GOTO R9
ECHO R9 file does not exist
IF EXIST %ALLUSERSPROFILE%\Lotus\Notes\Data\notes.ini GOTO R8
XCOPY \\server1\install\DesktopCentralCommonApps\notes8.ini %ALLUSERSPROFILE%\Lotus\Notes\Data\notes.ini /Y /V
XCOPY \\server1\install\DesktopCentralCommonApps\notes9.ini %ALLUSERSPROFILE%\IBM\Notes\Data\notes.ini /Y /V
OK, so now we have the files the way this works is pretty simple.
1) The CopyLotusNotesFile.bat runs on the local machine and copies the correct version of the notes.ini file to the correct local "all users" directory
2) When the user runs Notes for the first time, Notes copies this new notes.ini file to the users local Notes data folder.
3) The new notes.ini file hits the ConfigFile= line the then reads the assigned settings from the setup.txt file into the Notes executable, filling on the client configuration parameters on the fly.
4) If Notes can hit the server listed in the setup.txt file (using Domino.Name and Domino.Address), Notes then downloads the ID file for the %USERNAME% user and prompts the user for the Notes ID password.
5) The user enters the password and Notes is fully configured and working.
There are some issues here (and that's why I use DC)....one being needing admin rights to change the notes.ini files so if you don't have anything that can do this then you may some hacking to do with logon scripts.
Another point worth making is that this does not affect a user that already has a profile on a given PC and has already configured Notes. It is only ran when a user runs Notes for the first time (or when the user data folder is deleted).
Anyway, DesktopCentral has deployment templates for tons of software, but not Notes. They do have a "How to" for Notes on their website, but I thought I'd post mine here as (a) it does it a bit better and (b) you almost always want to chain a Fix Pack after the install.
I'm assuming you know your way around DesktopCentral (DC) here....
First Notes, in this case 8.5.3:
The command is
\\SERVER1\install\DesktopCentralCommonApps\lotus_notes853_win_en.exe -s -a /s /v"SETMULTIUSER=1 ALLUSERS=1 PRELOADNOTES=1 /qn"
Where \\SERVER1\install\DesktopCentralCommonApps\ is your UNC path to the Notes file. I'm also doing the pre-loader that was new in 8.5.2 too.
Then I add 8.5.3 Fix Pack x (in this case 5):
The command is
\\SERVER1\install\DesktopCentralCommonApps\lotus_notes853FP5_win.exe -s -a /s /v"/qn"
Once I have both my software deployment packages added, I then create a configuration to assign to either a PC, user or group, just make sure that the FP is after the Notes install:
Voila, There you have it. This makes installing Notes on new PC's (and all the other software you see in that list) very. very easy.
FWIW I also use DC to push out a custom notes.ini file so any new users logging on are only prompted for their Notes password, not all that other crap like server, protocol and their name. At some point I need to blog that......
Firefox started the year at 17.0.1 and will most likely end it at 27.
Chrome started the year at 25 and will most likely end it at 32.
IE started the year at….well, no one really cares.
BlackBerry started the year with a not too bright future and will end the year with yet another CEO who will fix absolutely everything. I’m looking forward to seeing unicorns too.
IBM entered the year hoping that 2013 was actually 2015 so they could stop the insane executive led bloodletting. It will most likely continue to fire people left, right and center until 2016. It will then realize that the 2015 plan was seriously flawed and create a new, fool proof plan where it continues to decimate the workforce, its reputation and its support arm in the new, completely-not-at-all-different 2017 plan.
The first IBM Connect conference came and went. People will always call it Lotusphere. As they will always call it Lotus Notes. A lot of people said it was their last. I’m sure for a lot it is.
It is true. I did sing karaoke at Kimonos. Topless. To my knowledge I am the only “performer” to have done this. This year I may have to twerk. I’m sure it will be a sold out show.
Quickr is alive. But it’s kind of dead. But it is alive. CCM (the replacement), while not dead, is pretty much useless by all accounts, which makes it pretty much dead. Or at least a Dodo. Proving that healthcare.gov is not the only donkey release and that even one of the biggest tech companies in the world doesn’t understand testing either. There will be Office 2013 and Notes 9 support coming to Quickr though. Honest. *wink, wink, nudge, nudge*…..oh look a hamster on a wheel, let's go look at that, there's nothing to see here……
This year I’ve often been told Connections is the next big thing. There were also people who insisted the world was flat. Saying it don’t make it so.
I now have an iPhone 5 and 5s. If you installed iOS7 on a bog standard iPhone 4 you have my commiserations. Not that Apple did this to force you to upgrade….not at all. Apple would never do anything like that.
I also have an iPad mini and an iPad 3. The mini wins every time. Not that I’m an Apple fanboy or anything like that. No. Not at all. But I also have a Macbook Air……
This Week in Lotus ended with 112 episodes under our belt. Look around and see how many other “Lotus” related podcasts there are now. To my knowledge there is just one. This is not indicative of the brand vibrancy. Not at all.
There were 22 blog posts this year. My ranting and somewhat useful post count is still waning but at least it has an all new, all singing and dancing UI. And I didn’t even have to move it Wordpress.
A new Sametime release happened. And it looks like customers are actually interested in this product again. I’ve had more customer conversations about Sametime in the last year that I’ve had in the last decade. Zero for Connections this year.
As of the time of writing, IBM has not released any new Champion lists. I can only surmise from that inaction that the only submissions they received were for me. Or for Stuart McIntyre.
I was mightily disappointed to find out that Kenexa was in no way used to hire strippers or prostitutes. I guess “talent management” means different things to different people. For the record I don't have Cinemax.
Disney bought Star Wars. I'm still not sure about this.
Technology that made 2013…..Ubiquiti, ManageEngine, iPhone 5, PXE and the Lenovo X1 Carbon.
If I was to do this again, I'd most likely get Serdar's template themed the way I want it, then copy all my blog posts and comments to the new NSF. I didn't do that and it borked comments for while.
Since yesterdays post, there has been some obvious "Why didn't IBM do this?" conversations. Honestly I don't know why. They should have. A long time ago. The underlying blog code (by Steve Castledine) is still, even today, an epic example of Domino coding. But since it's original release as the DominoBlog template in R7 it has languished at the hands of IBM (ahem, like the Domino Web Admin Client?). Until now, and yet again a community member shows what can be done if you have the desire (which obviously IBM didn't). Also, no XPages were harmed in this facelift, proving that you can modernize anything in Domino as is.
Here is the old look:
There are a few issues I'm still trying to work through.....for example in FireFox you don't see the correct Glyphicons at the top. In Chrome and IE you do, but other than that it seems great:
Another great side effect of Serdar using Bootstrap is that the blog looks gorgeous on a mobile device. Here is an iPhone screenshot:
I got my theme from bootswatch.com who have 10+ free Bootstrap themes available.
Well, it looks like my 3+ year procrastination has finally paid off. You see Serdar Basegmez has done a brilliant job of integrating Bootstrap into DominoBlog. I requested he send me the code via the comments on that post (although admittedly he didn't seem to take my proposal of marriage all that seriously) which he did. And very quickly at that.
About 3 to 4 hours of tinkering later I now have this very blog using his customize DominoBlog and BootStrap in a test NSF. I then went and sourced an open source (free) BootStrap Theme and plugged it in. Voila, DominoBlog that not only looks great and is easy to customize but also looks right on mobile devices.
Give me a day or two and my blog too will be all sexy and modern (like yours truly, but with sexy and modern). In the mean time here a screen shot of the blog-to-come:
Serdar has done a phenomenal job. Every bit a Champion.
IBM Domino Web Administrator (webadmin.nsf) has multiple cross-site scripting vulnerabilities of low CVSS score. These vulnerabilities do not exist in the Domino Administrator client. To prevent the potential for these attacks, migrate away from Domino Web Administrator. Instead use the Domino Administrator client or the mitigations listed below.
Domino Web Administrator is being deprecated. No new functions will be added and IBM Support will not escalate issues reported. Customers are advised to use the fully functional Domino Administrator client.
There are so many levels of "WTF" in that post that it is difficult to pick a place to start this rant......The way in which this "announcement" percolated out? The IBM promise of "mobile first"? The fact that even IBM have made the web their defacto standard for admin tools (see websphere)? So many mistakes, so little time.
Now, there is a "fix" in that post:
Access Domino Web Administrator from a browser session which is used only for this purpose. Do not use this session to visit web sites other than the server being administered. Do not use other web applications during this session; for instance, do not read email.
And I guess we could all do that (and maybe even should). But the fact that IBM have declared they are deprecating webadmin.nsf is yet another example of IBM only fixing shit they see as a problem. This is ludicrous. Oh, to live in IBM's pink unicorn world where there are rainbows, mermaids and everyone uses IBM Connections. But the fact is (aside from IBM's Connections dream being a bit of a disaster) that webadmin.nsf is one of the most useful tools you have (provided it is secure of course).
Don't have access to your admin client? Need to register a new user? As long as you have the CA process enabled you can. Need to restart a task on the server? You can. Now there is a boat load of Java applets in there too which I despise more than US Senator Ted Cruz, but still it worked. After a fashion. Kind of. Almost.
But instead of not only fixing the XSS issues, or even more preferable, rewriting the application in Xpages (showing us the power of that technology), and maybe giving us mobile access too (You know, "Mobile First")? IBM give us deprecation.
While I am on about IBM and Java applets.....ah, bollocks, that's most likely a different post....but still, applets? Really? Very early '90's.
Anyway, IBM, show *some* leadership here, rewrite webadmin.nsf using Xpages and give us mobile access too. Turn this turd into a gold bar. Come on, you know you can.
However, Traveler is not the only thing to patch. You also need to look at recent Domino IF's (intermediate fixes) and FP's (fix packs). As an example, yesterday Traveler 184.108.40.206 IF2 was released. This provided fixes to the *actual* Traveler application that resides on a Domino server. But there are also Traveler related fixes in Domino 9.0 IF's as well, so be sure to check both when ever you do a patch or upgrade.
Here is an actual SPR fixed in Domino 9.0 IF4 for Traveler that needed to be addressed in the Domino server as opposed to Traveler itself:
For me it's something else that I think of when someone mentions Bruce.....it's the early morning and you log-on to your computer, Skype starts up. Instantly (like he's been sat there all night stalking you) there is a Skype call from Bruce. "Now what's he trying to drag me into?", you think. Against your better judgement you click 'answer'. Before you know it Bruce and Gayle are belting out at the top of their voices "Happy Birthday to youuuuuuuuu!!!!!!". You seem to recall that this day, may indeed, be you birthday and a big, beaming grin comes to you face.
For that memory, and for all you have done for everyone #ThanksBruce.
- Never, ever replicate the full Domino Directory to a users PC. I have seen this implemented for a variety of purposes, although most likely it is to allow type ahead. There is a functionality in Domino called the condensed directory that will allow you replicate only the fields required needed for type ahead and other items (like office phone, cell phone, etc). You can also use a policy to replicate this down to clients.
- To stop old replicas of the Domino Directory sending old changes back to your replica, enable Purge Interval Replication Interval (PIRC) on the server Domino Directory.
- To stop design changes happening to the Domino Directory (they magically coming from older servers, just when you don't want them), enable "Refresh design on admin server only" in the design properties of the Domino Directory.
- Fully document any design changes you make to the Domino Directory as you really, really should upgrade the design of DomDir with every upgrade. Skipping design upgrade changes on the Domino Directory can lead to missing policy setting types, missing server document tabs and other really, really irritating stuff.
- Always have anonymous access set to "No Access". Yes. I see this tons.
I'm sure there are more, but that should be a good starting point to get you on the way. And do not send full replicas of the Domino Directory down to client machines.