Lotus Administrator

20 pts.
Domino Server
Lotus Domino Server 5.x
Lotus Notes
Lotus r5 Domino Server
I work for a mom & pop business and the IT manager left and now I'm suddenly responsible for an old Lotus r5 Domino server. I do not have ACL access to 95% of NSF files in directory. He erased himself from all ACLs, so I cannot even ask him for password and log on as him to give myself access to anything. Now, I have the certifier ID and password. I can get into the Administrator panel. But on some NSF files, I get a message saying I'm not authorized to get in, and on others, when I click to manage ACL, it just doesn't do anything. I kind of need to be able to add/deny users. I can't seem to find a generic administrator.ID file. Is there a way to create a new administrator.ID file since I have the certifier ID/password? Thanks

Answer Wiki

Thanks. We'll let you know when a new response is added.

You can create a generic ID, certainly. But that ID will still need to have access to the various databases. You can start the process by launching the Notes client on the server machine (after taking the server down) — if you’re using a Windows box, launch the nlnotes.exe app. You will then have effectively unrestricted (Manager) access to all databases on the server and can change ACLs at will.

I wouldn’t suggest using any single user, even your “admin” id, directly in the ACL — at least not by itself. Instead, create an admin Group in the public address book and add that group to the ACLs.

Unfortunately, there is no tool in R5 to allow you to play with ACLs en masse when running the local Notes client (nlnotes). If you were on Domino 6 or higher, all you’d need to do is modify the Domino Directory to give yourself sufficient access to the directory, then grant yourself Full Access Administration privileges on the server, then you could use the modify ACLs tool in Administrator to fix ’em all at one shot.

Discuss This Question: 5  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Labnuke99
    You poor guy! I wonder if your organization should consider going after this previous employee under some kind of disgruntled employee lawsuit. There is a lot of case law out there to support this. Try this Google search to support the issue: http://www.google.com/search?hl=en&q=disgruntled+employee+sabotage&btnG=Search This is going to cost the organization time and money to recover from his actions. You may need to open a support case with IBM to regain access to these files.
    32,960 pointsBadges:
  • JMackey
    Oh I honestly think it was more a case of he had no idea what he was doing. He was a decent fellow and probably thought he was doing us a security favor.
    20 pointsBadges:
  • LTLevy
    Another way to go is to check out the Sandbox on www.notes.net. I just did a search on ACL Here is one agent that might help you: http://www-10.lotus.com/ldd/sandbox.nsf/ecc552f1ab6e46e4852568a90055c4cd/f51807e42918e33e00256c090044738f?OpenDocument&Highlight=0,acl
    25 pointsBadges:
  • ClarkKent1
    If you can't get the agent to work that LTLevy pointed out, there is a slow and painful manual process that I had to use on a server due to a careless change while we were using R5. I think you may be able to have a Notes client access most of the files that you currently do not have enough access to. IBM frowns on installing the client on a server but we've done it dozens of time on R5 servers will little effect. Though you must make sure that it installs into its own directory. If you don't want to install the client on the server (completely understandable) you would probably be able to map a network drive to it and access it from another machine that has the client. For it to work at a bare minimum you will need to have the server off. It also won't work on encrypted databases unless you use the id that encrypted it. In this case that would be the server id. If you really need access to an encrypted database, you can switch to a server id and then make your changes. I don't envy you for your efforts but I'm pretty sure you can get to the data that you need with some effort.
    25 pointsBadges:
  • Brooklynegg
    What about this? Create an admin group in the NAB. Add yourself to the group. Edit the Server document and add the admin group with whatever rights you want it to have. Get a copy of the server.id, if you don't already have it. Create a LotusScript agent that adds a the admin group to all databases on the server and gives it Manager access. Switch ID to use the server.id. Sign the agent with the server.id. Schedule it to run on the server. (make sure the agent does not have any UI objects, which would block it from running on the server). Does anyone know why something like this wouldn't work? It assumes that you have access to the server ID. Sounds like the old admin (aka "Kind-hearted Saboteur") didn't delete that ID before leaving, as the server continues to run.
    3,845 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: