I can’t believe IT departments allow Lotus Notes on their networks

I’m having problems installing new software in my CrossOver Office Windows (non-)emulator, so I’m trying to get a VMWare Windows virtual machine working. A coworker gave me an image that’s working for him, and suggested that I just use that.

First thing I did was delete his personal account and create a new one for me. Then I copied over my .id file from ./.cxoffice/dotwine/fake_windows/data/notes/data/[foo].id to the appropriate place on the virtual machine. And when I fire up Notes, it says has my id in the drop down, and I can log in with my current password. But when I click the “Mail” item, it shows me my cow orker’s mail box. Just in case you missed that, let me spell it out for you – I used my password and accessed his email.

I mentioned that to our sysadmin guy (who takes care of the local Unix servers, and helps us work around the stupidity of corporate IT who are responsible for the Windows boxes). He said yes, you can put your Notes ID file on a thumb drive, take it to any Windows box in the company, log in with your password and read the email of the person who owns that box. Is it just me, or that just about the stupidest thing you’ve ever heard? Now, I don’t know if that’s a deficiency of Notes, or a deficiency of corporate IT, and I don’t particularly care. I’m just boggled.

But accepting that bogglement for the moment, does anybody know how to make Notes forget about the person who used to read Notes on this box and now doesn’t even have an account on the box, and allow me to read mine? The sysadmin says the only way is to remove Notes and reinstall it, but when I try that I get a Notes that doesn’t ask for any password and complains that the mail file wasn’t found when I start it.

4 thoughts on “I can’t believe IT departments allow Lotus Notes on their networks”

  1. I’ve actually seen that behavior. I never actually had to use Notes, but I had to write code once to send email through it.

    And, no, I don’t know how to fix it. It’s been years.

  2. That sounds like a misconfiguration in the environment.

    Your ID file identifies you to the server. That’s (nearly) all. Your password unlocks the ID file just like a PGP keyThe desktop (desktop.dsk and variants) and the NAB (names.nsf) identify what mailbox you want to access. The desktop provides the icon, the NAB identifies where to check for new mail. The server _should_ refuse (using ACLs) unauthorised access. It sounds like the ACLs for the mailboxes in question are set to allow any authorised access, rather than specific named access.

    You have to be careful with notes ACLs, especially if you want to allow replication (so the servers also have to be given permission to the NSF files). It’d be very easy for the unaware admin to set permissions too weak.

    At least that’s how it worked when I used to admin it… 9 years ago. Fortunately haven’t had to do much Notes admin work for a while; it’s what made me decide to leave that job!

  3. That is not the stupidest thing I have ever heard – there is an abundance of stupid in the world – but it is extremely stupid.

    And no doubt if you pointed it out to someone official who deals with the Notes/Does environment you will probably be accused of hacking the system to boot.

  4. Don’t get me started… You may recall my rants about Outlook when my company switched over? Well IT here admitted that Outlook (and more specifically the Scalix server backend) was sucking, and replaced it with… Novell Groupwise. I never thought I’d hear myself say this, but I wish I was on Outlook now.

Comments are closed.