Note: Device security settings are set by an administrator only and define the security policy for devices and what action to take when a device is not compliant with the policy.
The IBM Notes
Traveler administration database contains a default device settings document that initializes with the IBM Notes
Traveler built-in defaults for device preferences and device security settings
. Device preferences control how and what data is synced with devices, and security settings define the security policy for devices.
Traveler releases before 8.5.1 require an administrator to use IBM Domino
policies to modify the IBM Notes
Traveler default preferences and to define security settings. IBM Notes
Traveler 8.5.1 or later administrators should modify the default device settings document to change the default settings and use Domino
policies only when there is a need to override these defaults for particular users or groups. If settings and security policies are defined for a user in both a Domino
policy and in the IBM Notes
Traveler default settings document, the Domino
policy settings are used.
policies provide additional flexibility and functionality but are more difficult to use than the default device settings document in some environments. The advantagee of using Domino
policies is the ability to assign different device preferences and security settings by user, group, or organization. The default settings document does include a mechanism to include or exclude users, groups, and organizations, but it is much more limited than Domino
policies. Users to which the default settings document does not apply receive the IBM Notes
Traveler built-in defaults if they do not have a Domino
policy. These hard-coded defaults are the same as the default settings document. With Domino
policies, you can define different settings for every user. The limited include/exclude support of the default settings document allows you to have two sets of defaults: those defined in the default settings document, and the built-in IBM Notes
policies are more difficult to manage in the following environments:
Note: IBM Notes
- Multiple Domino domain environments – When a Domino policy applies to users in different Domino domains, you must create and maintain the policy in each Domino domain. The IBM Notes Traveler default settings document only needs to be defined on the IBM Notes Traveler server. It does not need to be replicated to the various user mail files. As a result the single default settings document can apply to all IBM Notes Traveler users syncing through that IBM Notes Traveler server regardless of the Domino domain of the user.
- Mixed Domino server levels – The Domino administration server on which a Domino policy for IBM Notes Traveler users is created must be at least a Domino 8.0.1 server. Use the server level of the Domino IBM Notes Traveler server or higher. A Domino 8.0.1 or later server with the directory template level of the IBM Notes Traveler server or higher could be used instead. Domino policies must get replicated from the administration server to the mail servers of the users to which the policies apply. The adminp task then pushes the policy settings to the mail files of the users. Domino 8.0.1 is the first server level with adminp task support for IBM Notes Traveler policy settings. IBM Notes Traveler can support policies on Domino servers before 8.0.1 but their directory template should be upgraded to use the Domino 8.0.1 directory template level or later. Using the IBM Notes Traveler default settings support allows you to avoid the preceding server level and directory template level requirements if your Domino environment contains prior server levels that you do not want to upgrade.
Traveler defined device "Security" settings apply to Exchange ActiveSync devices. However, the device preference settings (filter settings and device settings) do not apply to Exchange ActiveSync devices unless noted in the setting description.
Default device preference settings for "Sync", "Filter", and "Device" are pushed to a device only when the device initially registers and do not apply to devices that are already registered. However, the default device "Security" settings are pushed to a device when the device initially registers and whenever a default "Security" setting is changed by an administrator. In addition, this behavior only occurs if the above settings do not have 'Lock Value on Device' enabled. If 'Lock Value on Device' is set, then the value of the settings is always pushed to the device and the user can not override it.
The use of multiple device settings documents is not supported. If you need security settings that differ from user to user, you must use Domino
policies instead of the device settings document. This is because IBM Notes
Traveler caches the settings from the document at startup and only reads updates from that document. If you try to use multiple settings documents, IBM Notes
Traveler uses only the first document it finds. This may or may not be the same document used on the previous startup.
Nokia security settings apply only to Nokia security-enabled devices. They do not apply to Nokia N-series devices. You may need to install the Nokia security enablement library on the device to enable it for security. This library can be obtained from this site
. From the site, scroll down to the IBM Notes
Traveler section and select the Specifications
Modifying default device preferences and security settings
Use these steps to modify the default device preferences, which control how and what data is synced with devices. You can also use the steps to modify default "Security" settings, which define the security policy for devices.
To modify default device preferences and security settings, perform the following procedure:
Parent topic: Assigning preferences and security settings to devices
- Open the IBM Notes Traveler administration application. Refer to Using the administration application for more information.
- Open the Device Settings view.
- Click Edit Settings.
- Click the Preferences tab.
- Click one or more sub-tabs, and modify the wanted settings. For information about the settings, see Default device preference and security setting values.
- Click the Assignment tab.
- Modify the include/exclude user lists only if you want to limit the users to which the default settings apply. Leave these lists blank so that the defaults apply to all users.
The primary purpose of the include/exclude list is to allow administrators to exclude a limited number of users from the device settings. Any users excluded use the device settings built into the IBM Notes Traveler server itself. These built-in settings are the same as the initial default device settings, which are all set to off. Adding any entries (names, groups, or organizations) to the exclude list excludes those users from the default device settings. Adding any entries to the include list means that the default device settings apply only to the users in the list, and all others are excluded. The exclude list takes precedence if any users are in both lists.
- Select Save and Close.
Default device preference and security setting values
The default device settings for users come from the IBM Notes
Traveler administration database default device settings document. Users can change their device preference settings from their devices, but only an IBM Notes
Traveler administrator can change device security settings. A Domino
policy containing IBM Notes
Traveler settings (a IBM Notes
policy) can be used to override the default device settings for individual users, groups, or organizations.