To create an Offline Security Policy Document, do the following:

1. Open IBM® Domino® Administrator.

2. Click the Configuration tab.

3. Click Offline Services.

4. Click Security.

5. Click New Security Policy.

6. Fill out the following fields in the Basics tab:

Table 1. Basics tab fields

Field	Description
Security domain	Enter the domain that this policy affects. For example, /US/Company or /Company. Make sure to include the leading slash. All users in this domain are subject to the deployment policy you set in this document. The domain specified in this field includes users one level down from the root. For example, Cambridge/Renovations includes users in these two domains: /Security/Cambridge/Renovations /Dev/Cambridge/Renovations
Prompt for ID during download	Before the subscription installs, users are asked to specify where on their computer their user ID is stored. The administrator must provide an ID to the user. This is the default ID deployment policy.
Automatically generate user IDs	Before installation, a certifier ID is generated for the user automatically. The Automatic tab appears when this option is selected. Click this tab and attach the certifier ID to be generated, set the password, and set the ID expiration date. It is recommended that you do not attach the absolute root certifier for your organization (for example, /Renovations). Instead, you should automatically generate a user ID against a subcertifier (for example, /NewUsers/Renovations). You may also want to generate the user ID in a new domain.
Use the Domino Directory for ID lookup	Before installation, the server looks for an existing user ID in the Domino Directory. The Lookup tab appears when this option is selected. Enter the relative path for the Domino Directory that contains the IDs.
Roaming User	Select Override security policy for roaming users to set the Domino server to behave appropriately with "Roaming users" who access the subscription. The server will recognize the user as a Roaming user, ignore the current security policy, and find the user's ID on the user's home server.
ID Management	Select Overwrite existing user IDs to have user's offline ID overwritten with a new ID each time they install a subscription. CAUTION: This setting should not be turned on in an enterprise that uses encrypted subscriptions. Users whose IDs are overwritten will not be able to open an offline subscription encrypted with a key from the previous ID.

Table 2. Automatic tab fields

Field	Description
Certifier ID to use	Attach a certifier ID to this rich text field. The certifier ID must support the Security domain field specified in the Security domain field. For example, if the Security domain is /A/B/C, then any of the following would be acceptable certifiers: /A/B/C /B/C /C The certifier ID file attached here must share the same root certifier as the server's ID for DOLS. If they do not share the same root certifier, the user may receive replication errors about a lack of cross-certifiers.
Password for certifier ID	Enter the password for the certifier ID. The password, which is case-sensitive, must be correct or the user will not be able to install. Make sure you protect stored passwords by appropriately restricting the ACL of this database (doladmin.nsf).
Expiration date to set on created user IDs	Select or enter an expiration date for the ID. For example, 03/31/2014.

Table 3. Lookup tab field

Field	Description
Address book to look up ID files from	Enter the database filename, with relative path, of the directory where your server's user IDs reside. The target database must have standard Domino Directory views and documents, with ID files attached to each person document.

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Feedback on Help or Usability?

Help on Help