Notes Domain Security And Control

With the PC Summation functionality, we do not need SMS! It accomplishes two things: Every time the notes client is started an image of the hardware and software of the host pc is created and matched against the existing record in the notes db, if there is a record…if not, one is created. PC summation is accomplished. If there is a record, each hardware and software item is matched to determine if anything has changed. Memory, for example. If the existing image states that the current PC had 256 MB of RAM the last time it entered the domain, and now it only has 128 MB, a flag is raised. If a memory reduction is not listed within our support database for this PC(part of this package), an email is sent to all admins,(role-based), notifying them that PC "X" has undergone an unauthorized hardware change, with the details listed within the memo. PC Security is therefore accomplished as well. For those PC's in the organization that do not have notes, I have already created a VB version of the program and incorporated it into our vbscript logon script that is part of the network user profile….an agent runs on a weekly basis to import any files created within that global network share into the notes database.

Additionally, user profiles are created. I have already written this code as well. It is entirely object oriented, encapsulated into script libraries. Three items require user interaction: Telephone extension, job title, and the selection of the department to which the current user belongs. The portal has several access points where user lookups are located. Only the current user has access to edit their own profiles at a later date. The profile consists of all databases that the user has access to on all servers that have a connection document in the local NAB. This includes the access listing that they have to each database by group, or individually, and any accompanying roles as well. Also retrieved as the profile is constructed is the notes build, any groups that the user belongs to within the domain, the users mail server, and their screen resolution(part of the hardware classes mentioned above). The portal renders a computed frameset within a frameset, optimized for that resolution. The notes build information allows us to maintain a live listing of everyone's current notes configuration via a view categorized upon this value. The user-interactive profile construction only runs once, when the portal is first opened. Any change in title, department or telephone extension can be done via actions within the profile directly by the user. After that, it will run in 90 day cyclical intervals…silently updating user profiles that cross this date threshold and completely re-created the list of access levels to all of the domain databases, and refreshing the notes build information.

Most of this is stored within a single database. Considering the size of some organizations, however, storing the hardware profiles within a separate database should be the approach. The hardware profile database will incur repeated handshakes with the support database when it encounters hardware changes. They should, therefore, reside on the same server. I have templates of what I have this far in terms of all of these databases.