Blocking SameTime Access

An interesting question came up while I was teaching the Lotus Sametime 3 Admin course at the start of the week. One of the students in the class inquired as to if you can stop a user from using the Connect Client to chat.

Take a large company that has a Lotus Domino infrastructure. They decide to install a SameTime server within the existing infrastructure and thus all the users will be entitled to access the SameTime server with their username and internet password. The company then deploys the Connect client to all their users and now users can chat to each other. After a while it is decided that certain users should not be able to use the client to chat. How do you remove their chat rights. Removing or changing their internet password is no good because they need it for other things.

Anybody got any ideas?

Tagged with:
Posted in Uncategorized
4 comments on “Blocking SameTime Access
  1. Carlos says:

    Very crude but here we go..- setup the NAB on the Sametime server so that replication is one way ( in only )- create an agent that runs on new/modified docs. It does a lookup to a list somewhere of banned Sametime users and clears the Internet password field in their person docNo password = No Sametime


  2. Paul Mooney says:

    Hi Dec

    The way I have dealt with this in the past is using the Home SameTime server field in the person document. In many environments, this is used to specify a home sametime server (which will contain the private information in vpuser.nsf file). Many sites leave this field blank, and replicate the vpuser.nsf across all sametime servers (so users can log onto a local server and get private details).

    I have found that if you place a non-existant servername in the SameTime server field on the person document (e.g. “*”) the user cannot log on. This is because SameTime tries to re-direct the user to the server specified that does not exist.

    In a large organisation, I would specifiy this scenario.
    You are going to rollout Lotus Sametime.
    Place an “*” in every person document (home sametime server field).
    Modify the stcenter.nsf database so that a workflow based request system is needed before access to the download is given. i.e, the user requests access to the sametime service but this must be approved by the line manager/license payer. When approved, the user is sent a link to the download and the “*” is removed from the person document.

    I have implemented this is a site and it works well

    Personally I find this to be a good solution, but we could do with a better one from Lotus.


  3. why not use no-access-groups nested etc. and put them on the server doc on the sametimeserver. should work.


  4. Paul Mooney says:

    It doesnt – Sametime doesnt read the sever security fields



Comments are closed.

%d bloggers like this: