Configuring Policies

In previous versions of Sametime there was a graphical user interface available to configure policies. In Sametime 11 configuring policies is done in the policies.user.xml file, which is located on the Community server in the Domino program directory.

About this task

You can use the policies.user.xml file to restrict or grant access to users depending upon their level of need. For example, the maximum size for a file being transferred is set by default at 1 megabyte to help manage traffic over the servers. However, you might have a group of users who have a business need to transfer larger files. You can set a new policy specific to those users that has a higher maximum.

You need operating system access to the Sametime Community server for this task.

Note: Your Sametime license may be an entitlement from your Domino licenses, which has limits on features. If your license is limited, enabling unentitled features may violate your license agreement. Additionally, disabling some of the features is a required post installation step.

For Sametime 11 required manual settings, see the HCL Sametime 11 Limited Use after installation technote.

About the policies.user.xml file

The file is organized into templates:
  • Instant Messaging default (im.default.policy)
  • Instant Messaging Anonymous (im.anonymous.policy)
  • Audio Video default (av.default.policy)
  • Audio Video Anonymous (av.anonymous.policy)
  • Meetings default (ms.default.policy)
  • Meetings Anonymous (ms.anonymous.policy)

If you open the file using a text or XML editor, you will also notice a template that has been commented with <!- notation. This section is to be used as template to create new policies. When making changes to policies ensure you are in the correct policy template.

Note: Do not use the following special characters in the policy's name or in any one of the values of policy attributes:
  • Ampersand (&)
  • Apostrophe (')
  • Quotation mark (")
  • Greater than character (>)
  • Less than character (<)
  • backslash character (\)
  • Forward slash (/)
  • spaces ( )
Note: You will be making changes to an .XML file. To check the syntax after making changes to the server, you can preview the file using a browser. If there is a problem in the XML formatting it will be easier to identify. If the XML has incorrect syntax, it will result in policy service failure.

Modifying the Default or Anonymous Instant Messaging Policy

  1. Remote to the Sametime Community Server.
  2. Browse to the Domino program directory (typically c:\Program Files\HCL\Domino).
  3. Use a text or xml editor to open the policies.user.xml file.
  4. Locate the correct template:
    • To make changes to the default template, look for the line that begins with:

      <policy id="im.default.policy" weight="1">

    • To make changes to the anonymous template, look for the line that begins with:

      <policy id="im.anonymous.policy" weight="0">

This is the beginning of the policy. From here, the policy is divided into attribute groups:

Table 1. Table - 1
Attribute group name What is inside
imserver.policygroup.chat

Persistent Chat

enableOffline Messages

im.thirdPartyMeetingEnabled = Set to true to enable Sametime 11.6 meetings

im.metingsEnabled = Set to true to enable Sametime 11.6 meetings

im.2019.label = User must set this community as the default server community (IC)

im.2011.label = Allow user to add multiple server communities (IC)

im.2001.label = Allow user to add external users using Sametime gateway communities

im.2002.label = Allow user to save chat transcripts (IC)

im.2004.label = Automatically save chat transcripts (IC)

im.2006.label = Maximum days to save automatically saved chat transcripts (IC)

im.2014.label = Limit contact list size

im.2015.label = Contacts

im.2010.label = Allow mobile client

im.2012.label = Sametime update site URL (IC)

im.3000.label = Allow all Sametime Connect features to be used with integrated clients (IC)

imserver.policygroup.image

im.2008.label = Allow custom emoticons (IC)

im.2009.label = Allow screen capture and images (IC)

im.2020.label = Set maximum image size for custom emoticons, screen captures, and inline images (IC)

im.2021.label = KB

imserver.policygroup.filetransfer

im.1.label = Allow user to transfer files through server (IC)

im.2.label = Maximum individual file transfer size, in Kilobytes, for files sent through the server (IC)

im.3.label = Use exclude file types transfer list, for files sent through the server (IC)

im.4.label = Types to exclude from transfer. Type the three-letter extension of each file type, separated by a comma or semicolon (IC)

im.2005.label = Allow client-to-client file transfer (IC)

im.allowTransferringMutipleFilesAndFolders = allows users to transfer multiple files and folders in a chat

im.allowTransferringFiletoNWayParticipants = allows users to transfer files to all participants in a n-way chat

im.maxNumberUsersToReceiveSingleFileInOneFileTransferSession = set a maximum numbers of users in the n-way chat to receive files during a file transfer.

imserver.policygroup.plugin

im.2013.label = Allow user to install plug-ins (IC)

im.2022.label = Sametime optional plug-in site URLs. Type the URLs separated by a comma or semicolon (IC)

imserver.policygroup.mobile

im.mobile.allowLocationReporting.label = Allow location reporting

im.mobile.disableUntrustedSsl.label = Disable untrusted SSL

im.mobile.disablePasswordSave.label = Disable password save

im.mobile.AllowSendFiles - Allows the mobile to send files if file transfer policy is also enabled

im.mobile.AllowReceiveFiles - Allows the mobile to receive files if file transfer policy is also enabled (means files received over chat will be stored in Files app for iOS and on the synonymous thing for Android. If you don't want files outside the app, turn this off and all we have to do is not advertise the capability and no one can send to you.)

im.mobile.restrictClipboard - Clipboard will be cleared when you go to the background.

im.mobile.allowShareChatImages - Means that images sent to a user in a chat can be shared outside the container. To photos, Files, other apps, etc.

im.mobile.allowSendImages - Allows the mobile to send photos if im.2009 (Allow screen capture and images) policy is also enabled.

im.mobile.mamPolicySignature - Enables an administrator to require that mobile devices running HCL Sametime be managed.

To enable or disable a feature, locate the feature’s current-value and change to either 0 for disabled, or 1 for enabled.

For example, to disable “User must set this community as the default server community”, locate the feature ‘s label (im.2019) then change the XML syntax from current-value=”0”

<p:policy-attribute id="im.2019" type="boolean" current-value="0" default-value="0" master-attribute-link="null" possible-value-labels="null" possible-values="null" label="im.2019.label" description="im.2019.desc" visible="true"/>

Change to current-value=”1”

<p:policy-attribute id="im.2019" type="boolean" current-value="1" default-value="0" master-attribute-link="null" possible-value-labels="null" possible-values="null" label="im.2019.label" description="im.2019.desc" visible="true"/>

Modifying the Default or Anonymous Meetings Policy

Note: These settings are used in environments that include a Sametime 9.x Meeting Server. The Sametime 11.6 Meeting Server policy is in the Instant Messaging Policy. See table 1.
  1. Remote to the Sametime Community Server.
  2. Browse to the Domino program directory (typically c:\Program Files\HCL\Domino).
  3. Use a text or xml editor to open the policies.user.xml file.
  4. Locate the correct template:
    • To make changes to the default template, look for the line that begins with:

      <policy id="ms.default.policy" weight="1">

    • To make changes to the anonymous template, look for the line that begins with:

      <policy id="ms.anonymous.policy" weight="0">

This is the beginning of the policy. From here, the policy is divided into attribute groups:

Table 2. Table - 2
Attribute group name What is inside
ms.policygroup.1.label

ms.9.label=Maximum persistent meeting rooms this user can own

ms.15.label=Allow user to create instant (non-persistent) meeting rooms

ms.17.label=Automatically connect to meeting server when logging into Sametime Connect (IC)

ms.14.label=Allow searching for meeting rooms

ms.13.label=Allow searching for hidden meeting rooms

ms.16.label=Show "Scheduled Meetings" view (IC)

ms.11.label=Allow meetings to be recorded (IC)

ms.12.label=Allow meeting room content to be downloaded

ms.1.label=Meeting room group chats

ms.21.label=Allow meeting room polls

ms.22.label=Allow annotations of uploaded content

ms.25.label=Require meeting rooms to have a password

ms.26.label=Allow guest access to meeting rooms

ms.policygroup.2.label

ms.7.label=Maximum file upload size, in Megabytes

ms.8.label=Maximum total size of library, in Megabytes

ms.23.label=Allow this user to add files from a content repository

ms.policygroup.3.label

ms.2.label=Allow screen sharing

ms.3.label=Allow user to control another user's shared screen (IC)

ms.18.label=Allow peer-to-peer application sharing (IC)

ms.19.label=Enforce bandwidth limits

ms.20.label=Maximum bandwidth size, in Kilobytes per second

To enable or disable a feature, locate the feature’s current-value and change to either 0 for disabled, or 1 for enabled. Some of these policy attributes have values other than 0 or 1, please check the Meetings Policy IDs document.

For example, to enable meeting recording, change the syntax of the ms.11.label current-value from 1 to 0.

<p:policy-attribute id="ms.11" visible="true" description="" label="ms.11.label" possible-values="" possible-value-labels="" master-attribute-link="" default-value="1" current-value="0" type="boolean"/>

Modifying the Default or Anonymous Audio Video Policy

Note: These settings apply to the Sametime 9.x Media Services. The Sametime 11.6 Meeting Server policy is in the Instant Messaging Policy. See table 1.
  1. Remote to the Sametime Community Server.
  2. Browse to the Domino program directory (typically c:\Program Files\HCL\Domino).
  3. Use a text or xml editor to open the policies.user.xml file.
  4. Locate the correct template:
    • To make changes to the default template, look for the line that begins with:

      <policy id="av.default.policy" weight="1">

    • To make changes to the anonymous template, look for the line that begins with:

      <policy id="av.anonymous.policy" weight="0">

This is the beginning of the policy. From here, the policy is divided into attribute groups:

Table 3. Table - 3
Attribute group name What is inside
avserver.policygroup

av.allowAccessToTPartyFromCListAndIM.label = Allow access to third-party service provider capabilities from contact lists, instant messages, and meetings

av.allowChangesToPrefNumbers.label = Allow changes to preferred numbers

av.avCapAvailableThroughSMS.label = Voice and video capabilities available through the Sametime Media Server

av.allowWebClient.label = Allow Audio/Video use in the web browser

av.allowMultipointCalls.label = Allow access to internal service provider for audio and video conferences

av.enableSVC.label = Enable Scalable Video Codec Support

av.enableClientEncryption.label = Enable encryption for client

av.videoResolution.label = Video resolution

av.customVideoResolution.label = Custom video resolution

av.lineRate.label=Client line rate (kbps)

av.ConferenceTemplateList

sut.policyGroup

sut.2024.label = Allow changes to the permanent call routing rule

sut.2025.label = Allow use of "Offline" status in call routing rules

sutlite.policyGroup

av.allowSIPTrunking

av.mobilePolicy

av.allowMobileClient

av.allowmobileWifiOnly

av.mobileLineRate

av.mobileAllowCallHistory

av.ConferenceDefaultTemplate

av.isGroupEnabled

av.ConferenceTemplateName_Default

av.allowCascadedConference

av.conferenceMode_Default

av.conferenceModeExperience_default

av.ConferenceLineRate_Default

av.ConferenceEncryption

av.videoQuality_Default

To enable or disable a feature, locate the feature’s current-value and change to either 0 for disabled, or 1 for enabled. Some of these policy attributes have values other than 0 or 1, please check the Media services (audio and video) policy IDs.