SECURING


Collecting information for a new administration ECL
Before you can create an Admin ECL to distribute, identify the individual people and/or organizations that you can trust to create and sign active content.

Before you begin

Identify a few users who use a broad range of typical IBM® Notes® applications, then ask them to complete these steps.

Procedure

1. Remove all entries from the workstation ECL except the following:


2. Make a list of the entries you remove so that if those entries were, in fact, not needed, they can later be added with No access in the administration ECL.

3. Make the following changes to the When signed by and Allow fields for the remaining entries in the ECL:


4. For a designated time period (a week should be sufficient), when the Execution Security Alert dialog box appears, click Trust signer, with the following exceptions: Results

The resulting ECLs for these users should contain more signers than the ECL originally contained, unless your organization has managed the signing process up front and only uses objects signed by a small number of known trustworthy signers.

After the designated time period is complete, the administrator should combine the signatures in the users' ECLs to create an updated administration ECL.

The workstation ECL log

About this task

The Notes client logs ECL-related operations in the Client log (LOG.NSF) in Miscellaneous Events. This includes:


It is possible to write an agent to run on Notes clients and parse the ECL logging data to provide administrators with specific information on how users are managing their workstation ECLs, as well as current information about applications or other code that should be added to Admin ECLs.

Related concepts
Administration ECLs