My preferred method for doing this is to add the person to the Deny Access group defined in the Domino security settings and then to blank out the internet password field on their person document.
To reactivate access, remove their name from the Deny Access group and enter a value in the internet password field.
Flxtony’s approach is good, so long as you are aware that they will still get mail. You may also want to drop them from mail groups, especially the “all employees” group so that they don’t return to bake sale notices. Also visit any application workflow.
You can delete their password on the person documents, but it is not required. On the Server document, the Ports Tab, then the Internet Ports tab, then the Web tab. There are fields for each type of service labeled “Enforce server access settings”, if set to “Yes” then it enforces the Deny Access list security settings for that server.
Mike Kinder (SlikTool)