Denying Notes users access to all servers in a domain
To deny Notes users access to all servers in a domain, lock out their user IDs and enable password checking. When locked-out users try to access the server, Domino tries to verify the passwords they enter by comparing them against those stored in Person documents. Domino denies the users access because their IDs are locked out.
Restricting administrator access
You can specify various access levels for different types of administrators in your organization. For example, you may want to give only a few people 'system administrator' access, while all of the administrators on your team are designated as database administrators.
Comparing public key values
The signatures on user and server certificates exchanged during authentication are always checked. You can enable an additional level of verification for public keys, by having the value of the key passed in the certificates checked against the value of the key listed in the HCL Domino Directory. It is possible for users to authenticate with a server, but have a mismatch between the value of the public keys in their certificates and what is listed for them in the Domino Directory.
Setting up anonymous server access for Notes users and Domino servers
When a server is set up for anonymous access, Notes users and Domino servers do not need a valid certificate to access the server, since the server does not validate or authenticate them. Use anonymous access to allow users and servers outside your organization to access a server without first obtaining a certificate for the organization. You can also set up anonymous access for Internet/intranet users.
Controlling access to a specific server port
Use a port access list to allow or deny HCL Notes user and HCL Domino server access to a specific network port. If you use a port access list and a server access list, users and servers must be listed on both to gain access to the server.
Controlling creation of databases, replicas, and templates
To manage available disk space, control which users and servers are allowed to create databases and replicas on a server. If your system uses multiple Domino Directories, HCL Domino searches only the first Domino Directory specified in the Names setting in the NOTES.INI file.
Controlling the use of headline monitors
Notes users can set up their headlines to search server databases automatically for items of interest. You can control which users can or cannot access this server for headlines. This task applies toHCL Notes users only.
Controlling access to a pass-through server or pass-through destination
A pass-through server allows users and servers to use a pass-through connection to connect to another server. The server to which users connect is called a pass-through destination. You can control which users and servers can access a pass-through server and pass-through destination.
Controlling agents and XPages that run on a server
You can control the types of agents and XPages that users can run on a server. The fields in this section are organized hierarchically with regard to privileges. For example, Sign or run unrestricted methods and operations has the highest level of privilege and Run Simple and Formula agents has the lowest. A user or group name in one list automatically receives the rights of the lists beneath. Therefore a name has to be entered in only one list, which then gives that user the highest rights.
Controlling Web browser access to files
You can use File Protection documents and Web realms to control Internet/intranet access to files on the servers.
Restricting access to a server's data directory
By default, any Notes user who can access a server can access the server's entire data directory. You can restrict Notes user access to a server's data directory or a subdirectory of the data directory by defining an access list, or ACL file, for it. ACL files are an option for protecting server directories, and contain the names of users authorized to access those directories.
Physically securing the Domino server
Physically securing servers and databases is just as important as preventing unauthorized user and server access. Therefore, locate all Domino servers in a ventilated, secure area, such as a locked room. If servers are not secure, unauthorized users might circumvent security features -- for example, ACL settings -- access applications on the server, use the operating system to copy or delete files, and physically damage the server hardware itself.