Book Preview: Least Privilege Security for Windows 7, Vista and XP

Least Privilege Security is the practice of assigning users and programs the minimum permissions required to complete a given task. Implementing this principle in different versions of Microsoft Windows requires careful planning and a good understanding of Windows security. While there are benefits in implementing Least Privilege Security on the desktop, there are many technical challenges that you will face when restricting privileges.

In our company, we are about to plan the rollout for Windows 7, so this book sounds interesting to me. Packt Publishing has promised to send me a copy of this book in return for a review. I’m looking forward to receiving it.

To get a first impression of the content and it’s quality, here is a link to Chapter No. 3 – Solving Least privilege Problems with the Application Compatibility Toolkit .

Happy reading!

By the way, have you heard about “Packt’s Business-to-Business campaign” ? If not, follow this link for further information …

How to transfer working sets in Domino Designer to a different machine

Found this information in the IBM Lotus Knowledgebase ( Technote #1438255 )

The working sets information is kept in a file called workingsets.xml in the following location in your Notes installation folder:

Notes\Data\workspace\.metadata\.plugins\org.eclipse.ui.workbench

Copy this file to the new Domino Designer client in the same location while Domino Designer is not running. When you next start up Domino Designer the working sets will be available and matching the previous client.

Sametime 8.5 frustration

I have done a some 15 sametime installations over the past few month. Most of them to prepare a session for the upcoming AdminCamp in Gelsenkirchen later this year. All installation are on Linux.

I have also setup a productive environment for our company which runs fine except a few issues.

During the past 2 weeks our community server ( the only component taht is still running on Windows ) constantly crashes every few hours. It does not really crash but it seems that all of the ST* services are stopped at once and then restart. The services all show a status of “started” after such a “crash” but noone is able to connect to the community server. The only way to get it to work again is to restart the whole server.

There are no clues in the log and nobody is able to explain his very strange behaviour.

I tried to uninstall Sametime 8.5 embedded from my 8.5.1 FP3 client using setup.exe /v”EMBEDDED_UNINSTALL=true”
After I restarted the client sametime 8.5 embedded was still in place. The only way to uninstall Sametime 8.5 and revert back to embedded Sametime 8.0.2 was to completly uninstall Lotus Notes and install the client after restart.

I have posted this in the Lotus Sametime Forum but no answer. OK there is an answer but not confirmed in any way from IBM side.

No problem if it is a bug. But then pls. confirm.

Am I the only one who gets
org.apache.commons.httpclient.HttpMethodBase getResponseBody
WARNUNG: Going to buffer response body of large or unknown size. Using getResponseBodyAsStream instead is recommended.

warning messages on the community server console on Linux. I don’t think so. Also posted this in the Sametime Forum. No answer so far.

No problem if this is not a relevant issue. But then pls. at least give a short feedback.

The next one is with group authentication and assign policies to group when using LDAP. Good to know that there is a hotfix available.
Why is this one not posted on fixcentral?

And another strange thing about this issue is that the problem does not occur on one of two identically installed machines.

No explaination, no hint where to look into to find a clue.

Another question that I asked in the Sametime Forum is about re-installing a (registered) community server.

No answer so far. The only hint comes from another admin / user / customer. And to be honest. If uninstalling the whole installation including all other components the community server is registered with is the (only) solution , then there must be something wrong with the concept.

There are many more issues I ran into like grayed out icons in the IC ( although the option is checked in the policy ), and “community must be defined as Standard Community” ( although the option is unchecked in the policy ) where I cannot find any hint on how to solve neither in the Knowledge Base nor in the Samtime WiKi or Forum.

At least a short (official) response to my posts would have been great; just to know that someone who is responsible for the product cares about it.

At the moment I am a little bit frustrated. Shall I call a consultant? Oh, wait better a whole buch of consultants, because “one consultant is no consultant”. What will I tell my boss the next time he asks me if we can start to rollout Sametime in the organization? “Great product, but … “.

I know that it is all my fault that I ran into the problems. And maybe my biggest fault is that I am not a native english speaker and not able to describe my problems with Sametime in a way a first level supporter in Babudistanki / Pamplonistan can understand.

If you never had the described issues, great for you. But if you have seen at least one of the problems and have a solution or workaround, pls. share your knowledge. Any help is appreciated.

(Another) Startup script for Sametime 8.5 on Linux

If you are running Sametime 8.5 either on Windows or on Linux you need to create some script to start all components automatically on server startup. Michael Urspringer has already done this for Windows and Enio Basso contributed a script for Linux.

In addition, Sasa Brkic recently posted a script to start the DB2 server on Linux.

I have also written such a script earlier this year that has some additional options.

You can either start stop or restart the whole Sametime 8.5 server or only selected components. And you can get the status of for example the meeting server by typing

./sametime status meeting

at the shell console.

Download: sametime

Paul the Octopus – Outlook vs. Lotus Notes

CIAO (E26) now integrates with Domino Designer

I have recently upgraded my Teamstudio Tools to version E26. As of this version, Teamstudio CIAO! now integrates with the Designer and you can check-out / check-in design elements directly from within the Domino Designer.

Right-click on a design element will show Teamstudio CIAO! options in the context menue.

Traveler unlimited

With iOS4, Apple allows more than one Echange account on the iPhone. Therefore you can now have more than one IBM Lotus Notes Traveler account on your device.

Mikkel Heisterberg already wrote about this yesterday. I configured my iPhone 3GS after apgrading to iOS4 to sync mails from the Domino server in my company and from my server at home.

It works like a treat, although the power consumption increased. You can view mails, calendar and contacts from both accounts mixed together in one view or you can switch between the accounts to show only mails from one account at a time. Same for the calendar.

You also have access to addressbooks on both servers.

But you will only be able to read encrypted mails in one of your accounts, because Traveler Companion only supports one configuration.

Maybe IBM will enhance this in the future when multiple IBM Lotus Traveler accounts are used by more and more customers and will become a supported configuration .

BLUG meeting and a DAOS problem

Yesterday another meeting of the Belgium BELUX Lotus User Group (BLUG) took place in the IBM Forum in Brussels. It wasn’t a full day event, but I decided to drive the 220 km to the meeting.

There were two one hour sessions on the agenda. Joel Demay presented the new features that are coming with Lotus Notes and Domino 8.5.2 and Roland Driesen talked about document management.

Again, the meeting was well organized with welcome coffee and a free bar. Theo had about 70 registrations. I’m not sure if all of them attended. But it is very impressive to see that so many people are interested in getting together for such a short meeting.

I was introduced to one customer as “the DAOS specialist”, which I’m not … He told me about an issue he had when activating DAOS on Domino for AIX.

When you enable DAOS by typing load convert -c -daos on mail\db.nsf for the very first time, no subdirectories are created in the DAOS repository and as a result, no files are transported to the repository. You have to manually create a subdir in the DAOS repository ( 0001 ) first.

After this, DAOS works as expected and new subdirs are created automatically.

OpenNTF : Domino Team MailBox

After a period of silence, a new version of the Domino TeamMailBox has been released a few days ago on OpenNTF . Ben Rose (jaffacake.net) is the new project chef. He enhanced the “old” template with some new options.

Future plans are to create a template for Notes 8.x.

I have translated the V7 template into German. Other languages are still missing for the V7 release.

So download the original template, open it in designer, translate all the strings to your language and send the results to Ben. Any help in translating, finding and fixing bugs and adding new features and options is much appreciated.

Configure Teamstudio Undo to maintain *.nsf files

By default Teamstudio Undo only monitors changes in template files (*.ntf). If you open an application (*.nsf) with Undo, you see the following on your display

To maintain Notes application in the same way like templates, open the teamstudio.ini file in your notes data directory, locate the IncludeFiles= entry in the [Undo] section and append *.nsf separeted by a comma to the existing entry. ( IncludeFiles=*.ntf,*.nsf )

You need to restart the client for the changes to take effect.

Teamstudio and Ytria together in perfect harmony

I am using the tools from Ytria for a couple of years now and they helped me to solve issues with document data, agents, bulk update of view properties and so on.

Today I received the license keys for the Teamstudio tools. I have Lotus Notes 8.5.2 CD5 BETA installed and despite a installer warning that the installed Notes version is not (yet) supported, the tools installed without any issue and now live in perfect harmony with Ytria‘s EZ-Suite.

I am not yet familiar with all the features of the tools but have some time over the weekend to learn how to use and get the most out of them.

I also talked to a Teamstudio sales representative and they offered me a referral contract. No problem with that, but I do not want to earn zillions of Euros talking and writing about the tools.

I would like to give something back to our wonderful community instead:

If you place an order for any of the Teamstudio tools and refer to “eknori” or “Ulrich Krause” you will get a 10% discount.

This offer is valid until the end of july.

Index of recommended Fix Packs and fixes for Lotus Notes, Domino and iNotes

A comprehensive index of recommended Fix Packs and additional fixes for supported versions and maintenance releases of IBM Lotus Notes, Domino and iNotes.

Domino Mobile Admin ( for Blackberry )

Found an email today in my inbox from a Notes fellow from Turkey, Ferhat Bulut:

I am working for a commercial application which will run on Blackberry and will be integrated with Lotus Domino. You can easily manage some operations on your –company’s- domino servers from your blackberry device wherever you are. …

If you are looking for such an application, you will find more information on this website.

[Guest Blog] Why is IBM doing such an easy job for Microsoft?

Here is another guest blog entry from Matthias:

Problems with Sametime embedded clients and their compatibility against each other running a sametime 8.5 Server.

IBM did a great marketing job to get existing notes 6 or notes 7 customers to Notes 8.5 (new features like DAOS, id vault and so on)
Lotus Notes 8.5 comes with the 8.0.1 Sametime client embedded. Everything works just fine. Doesn’t matter if you have ST751 or ST801 client. You can video call or just call, chat etc.
Now you upgrade your sametime infrastructur from ST751 or St80x to ST85 and you want to use the new meeting rooms and the new audio and video codecs.

Everything great so far.

Now the first big issue where it seems that domino development does not collaborate with sametime development:

It is not possible to upgrade the embedded ST801 clients to ST85 cos some guys decided to switch the eclipse framework between Notes 8.5 and Notes 8.5.1

Assume you have around 2500 clients running Notes 8.5.0 FP1 with embedded ST801 and you have a new Sametime 8.5 Server.

Second big issue.

How can you achieve that the 2500 clients can use the new functionality of meeting rooms and codecs when you cannot upgrade from embedded ST801 to ST85??
Well, 8.5.0 Client is not that old that I want to migrate now every machine again to 8.5.1 just to use the embedded ST85 client and can have the meeting rooms and the other functionality.

Fortunately we are migrating at the end of the year to Windows 7. We decided to use Lotus Notes 8.5.1 clients and upgrade the embedded ST802 to St85.
And exactly here starts the next problem:

A Notes 851 client with embedded ST85 cannot video or audio call a Notes 850 client with embedded ST801. The funny thing is that there comes the error message that the other user has no audio or video tools. If the ST801 clients starts the call then the error comes up that the ST85 user declined the call.

So there is not compatibility between those clients for video and audio call and no clear error messages why it does not work.

Now IBM please tell the customers

Why the development teams do not talk to each other and are doing such annoying stuff
How to avoid different versions between a Windows7 or Lotus Notes 851 rollout between the users and that the functionality of a ST85 can be used.

Now I have the choice between not using the functionality and leave all 851 clients on ST802 with win7 and start a second rollout after the big win7 rollout or tell the users that sometimes it will not work cos someone is running ST801 and the other one is running already ST85.
Do you think that the users will accept this or even understand this???

As a customer, I have to say that this is very, very annoying and it makes it very easy to switch to Microsoft. If it is better there doesn’t play a big role in that case, it is just a political decission that it might be better there.

Your turn IBM Wink

Issues installing Lotus Sametime 8.5 on SLES 10 SP3

When trying to install Lotus Sametime 8.5 on Suse Linux Enterprise 10 SP3, the installer returns the following error message:

======
IBM Lotus Sametime Server 8.5
Some required RPM’s wasn’t found at this system.
Please install the current version of the following RPMs before starting the installation:
compat-libstdc++-5
======

I found this technote which desribes exact the same behaviour for Sametime 8.0.2. The solution also works for Sametime 8.5

Nutzung des Lotus Domino Servers auf Amazon EC2

Am Mittwoch, den 9. Juni 2010 findet eine Einführung zum Zugriff und zur Nutzung des IBM Lotus Domino Servers auf dem Amazon EC2 Web Service statt. Über das Server-Image erhalten Sie von IBM einen kostenlosen Softwarezugriff auf eine Lotus Domino Serverlizenz, die zur Entwicklung von E-Mail-, Kalender-, Infrastruktur- und Collaboration-Anwendungen.* IBM Lotus Produkt- und Technikexperten erläutern dies in einem Webcast.

How to collect the debug data

Lotus Support Engineers hosted an Open Mic conference call on May 13, 2010 to discuss “How to collect the debug data once for good. What matters? How to interpret the logs?”. This document contains questions and answers and the slide presentation from the call.

Teamstudio Unplugged

Today, Matthew Fyleman from Teamstudio did an one hour presentation on Teamstudio Unplugged. If you are a Notes developer and want to build an application using XPages that will then map directly onto the Blackberry device as a native BB application without having to write a single line of java e.g. , then Teamstudio Unplugged is the tool for you.

Even a developer with only basic XPages skills will be able to build such an application. Another advantage is that the application replicates the data from the server to the device and your users are able to create new documents and edit existing documents even when not connected to the server and replicate the changes to the server once the connection is re-established.

A version for the iPhone will also be available soon. Although Teamstudio Unplugged is a very “young” product, it gives you an impression of what will be able in future releases.

If you want to know more about Teamstudio Unplugged, get in contact with Matthew. Or try it on your own and download a free copy ( not limited in functionallity! ) for a single user here. You don’t have a Blackberry device at hand? Download a simulator here.

Kleine Anfrage … im Bundestag zu dem Problem des Abmahnmissbrauchs im Online-Handel

Das Internet ist transparent und bietet deshalb eine große Angriffsfläche für Abmahnungen jeder Art.
Mittlerweile gibt es eine weit verbreitete Abmahnpraxis, wobei massenhaft Anschreiben an Online-Händler oder auch Private (im Bereich des Urhebergesetzes) versendet werden, um unter anderem hohe Abmahnkosten geltend zu machen. …

Die Zusammenfassung ist hier zu finden, die ausführliche Anfrage hier.

[Review]: Microsoft Silverlight 4 Business Application Development: Beginner’s Guide

Microsoft Silverlight is a programmable web browser plug-in that enables features including animation, vector graphics, and audio-video playback – features that characterize Rich Internet Applications. Silverlight makes possible the development of RIA applications in familiar .NET languages such as C# and VB.NET.

The book ( by Cameron Albert and Frank LaVigne ) is written for dot NET developer who want to build business applications with Silverlight.

No experience of programming Silverlight is required. Basic understanding of Visual Studio, C#, dot Net development, XML, and Web development concepts (HTTP, Services) is required.

What you will learn from this book

Learn the basic tools and skills needed to get started in Silverlight 4 business application development.
Discover how to enhance your Silverlight business applications with rich data such as sound and video.
Know when and how to customize your data in Silverlight using important data controls.
Understand how your Silverlight business applications can connect to various Data Sources.
Deliver your Silverlight business application in a variety of forms.

The book has 490 pages and consists of 10 chapters. Each chapter has a “Time for action … “ section. I totally agree to the motto: “Less theory, more results”, because all examples are explained step by step and easy to follow.

A whole bunch of source code is available. One issue here: the link to the download ( on page 4) does not work and will lead you to the home page of the publisher. This should not happen; Packt should review it’s QA process!

Another annoyance is the quality of the screenshots; 50% are of very poor print quality. Perhaps not a problem for those of you with eagle eyes, but I had my problems recognizing the details. White letters on a black background are not the best choice.

My fazit: I recommend this book, despite the issues mentioned. You can order your copy here.

UPDATE: here is the correct download link http://www.packtpub.com/sites/default/files/9768_Code.zip

eknori.de

the weird world of eknori