Blog

Blog Search

Search this site

Advertisements

Everything Else

Sponsor

Wood Watch Review

Google Custom Searches

Custom Blogger Search
Custom Sametime Search
Custom XPages Search

Subscribe

Subscribe via RSS

Recent Tweets

Hosting by

You are here: Home › Blog

Well I fully tested the FullAdmin notes.ini setting from yesterday


Tags :


It works wonderfully well.  Here are the steps I took to test it and verify it truly locked you out of the system when setting it.

  • I tested on a Domino 6.5.1 server on a blank database that I quickly created.  I removed myself entirely from the ACL, tried to get in and verified I was denied.  I then used the admin client and enabled Full Access Administration (from yesterdays posting) and I was able to manage and get into the database.  I then turned off Full Access Administration again and moved to the next step.
  • I logged into a remote live console and tried to use a Set Config command and it generated an error right away
> set config SECURE_DISABLE_FULLADMIN=1
This system variable cannot be set via the server console. You must edit NOTES.INI to set this variable.
  • So that was cool that you can't enable or disable it that way.  Next step was to do it through a web browser and use the Edit the notes.ini feature.
02/20/2004 08:41:17 PM  Agent message: 02/20/2004 08:41:17 PM  Webadmin: Chris Miller remotely viewed file ':\Lotus\Domino\notes.ini'                                                                                                    
02/20/2004 08:41:34 PM  Agent message: 02/20/2004 08:41:34 PM  Webadmin: Chris Miller remotely edited file ':\Lotus\Domino\notes.ini'                                                                                                    
02/20/2004 08:41:34 PM  Agent message: 02/20/2004 08:41:34 PM  Webadmin: Chris Miller remotely viewed file ':\Lotus\Domino\notes.ini'
  • This of course works well, so then I restarted the server.  My concern was that you could come back and edit the notes.ini file again through the browser and change it back.
  • But no such luck!!  When you come back into webadmin.nsf the options to editthe notes.ini from the webadmin.nsf database are gone.  The only way to reset it is physical access to the machine to set the variable to '0' or remove that line entirely.

So very cool on the security and access front.  I had meant to fully test it even though I have implemented and used it per the documentation.  But now I feel great about using it and controlling it.  They have some guidelines and suggestions in the technote I referenced yesterday about account naming for use of this function.  I don't agree with all of those, but they are there at least.