Thursday, August 8, 2013

Force the Notes client to refresh policies from the server

One of the best Admin features of the Domino Notes eco system are the Policies. With Domino policies you can control many aspects of the configuration of your notes clients in your environment. You can prevent your users from accidentally change configuration settings to values which will not work in your environment, or you can enforce security settings in the client to match your security policies in your company. So Domino Policies are really very important part of a successful Notes client deployment. If you need information what you can do and how to implement policies properly you can find many good advice in the "Using IBM Lotus Domino 8.5 Policies to Manage Your Clients" from Darren Duke.

But one major annoyance of the implementation of Domino policies is that it is very unpredictable when the notes client will refresh his policies from the server. Especially in test environments you restart your clients often only to see that your changes on Policies are still not pushed to your test client. Or something in your client goes wrong and policies will not be updated anymore. So i have created a small lotus script program to delete the local cache of the policies and refresh all policies from the server which you can put in the click event of a button.


Sub Click(Source As Button)
 Dim s As New NotesSession
 Call s.SetEnvironmentVar("PoliciesLocalViewModTime","",True)
 Forall db In s.AddressBooks
  Call db.open("", "") ' Must open database
  'Refresh Policies View on Server  
  If db.IsPublicAddressBook Then
   Set view=db.getView("($Policies)")
   view.refresh
   Set view=db.getView("($PoliciesExt)")
   If Not view Is Nothing Then
     view.refresh
   End If
  End If
  'Remove all policydocuments on the local client  
  If db.isPrivateAddressBook And db.server="" Then
   Set view=db.getView("($Policies)")
   Set doc=view.getFirstDocument
   view.autoupdate=False
   While Not doc Is Nothing
    Set tempdoc=doc    
    Set doc=view.getNextDocument(doc)
    tempdoc.remove(True)
   Wend
   view.autoupdate=True
   view.refresh
  End If
 End Forall
 'Run Dynamic client configuration to repopulate the local policy view 
 Set s=Nothing 
 result=Shell ("ndyncfg.exe ""1""",1)
End Sub
I have tried this code in our Domino 8.5.3 environment. If you have any problems please leave a comment.

Have a look at my other postings relating policies

8 comments:

  1. Hello Peter, really good information. Thanks for sharing. Just to add that if your client configuration is proper including location document then policy will always get applied to the users properly. But that's not the case always so your script would definitely do the job.

    ReplyDelete
  2. Klasse. Vielen Dank Ralf.
    Ich musste den Code nur wegen einem Problem mit dem Serververzeichniskatalog um eine if Schleife ergänzen:

    If db.IsPublicAddressBook Then
    Set view=db.getView("($Policies)")
    view.refresh
    Set view=db.getView("($PoliciesExt)")
    If Not view Is Nothing Then
    view.refresh
    End If
    End If

    Gruß Klafu

    ReplyDelete
  3. Hallo Klafu!

    Danke für das Lob, werde das noch in den Code einpflegen.

    Grüße

    Ralf

    ReplyDelete
  4. Hi Ralf,

    super Sache. Und von Dir zu genau zu der Zeit gepostet, wo ich sowas gesucht hab' :-) Das Einzige, was bei mir nicht "zieht" ist das neuerliche Setzen der Notes-Shared-Login-Policy. Das will mein Client einfach nicht wieder aktivieren.

    Hast Du da eine Idee, woran das liegen könnte?

    lg
    Hans

    ReplyDelete
  5. Hallo Hans!

    Leider haben wir Shared Login nicht im Einsatz, deshalb fehlt mir etwas die Erfahrung, aber hast du schon einmal eine Richtlinienübersicht am Server erstellt und geschaut, ob die Einstellungen für diesen User in der zusammengestellten Richtlinie enthalten ist?

    ReplyDelete
  6. Hi ralf, danke für deine antwort. lt. policy-übersicht schaut's gut aus. es sehen auch die policy-dox in der lokalen names.nsf gut aus (NSLOn=1). nur der client mag's nicht. wieder mal ein notes-phänomen, das ich nicht verstehe ;-)

    ReplyDelete
  7. Hi Ralf, excellent solution, thanks for sharing

    ReplyDelete

ad