Thursday, October 6, 2011

8.5.3 Machine Specific Policy...Not in the Docs

This has been asked for by many and kudos to IBM for getting it done.

What is Machine-specific policy settings and what does it mean?

This IBM Technote #1501673 explains it and is THE ONLY place for the information right now.

In prior versions of the Notes Client, and policy control, an administrator could target an individual, but not a specific machine configuration for that individual. For certain settings and customers, this made the enforcement of specific settings problematic, either because a user had multiple machines, or because the configurations and usage were not easily partitioned.
To address this limitation, Lotus has introduced the ability to apply policy settings based on characteristics of the machine. For a given user, different policy settings could be applied on different machines. For example, this would allow the creation of a managed replica on laptops, and only laptops. It can also provide server administrators the ability to determine what policy settings to enforce, based on the specific attributes of the machine on which the Notes Client is running. Some possible attributes may include; version and type of OS, type of machine, basic or standard client, laptop, desktop, etc.

This capability has been implemented by adding a new @Function (@GetMachineInfo), by changing the Policy handling characteristics in the 8.5.3 client, by changing the Public Name and Address Book template's policy settings forms, and by adding formulas for the policy settings.

The code is on the technote as are examples.

Just a great benefit for admins and IT staff.


  1. Wow - that's very cool and powerful.

  2. Thank God, I always wondered why there were server configuration documents but no exact PC/Client configuration documents, you never knew what was out there. The client details in the person document could also do with some improvement to help with asset tracking / recording the environment. It would be good to see if this can be used to allow a backend ID file being used by an API call can be locked down to only be used on the intended machine

  3. I have no insight on the API, I'm an admin, the dev talk goes right past me. I should have paid more attention last week on the call. Sorry.
    Something we have waited for and IBM delivered.