Default device preference and security setting values
The default device settings for users come from the HCL Traveler administration database default device settings document. Users can change their device preference settings from their devices, but only an HCL Traveler administrator can change device security settings. A Domino® policy containing HCL Traveler settings (a HCL Traveler Domino® policy) can be used to override the default device settings for individual users, groups, or organizations.
For the settings listed in the following table, select Lock value on device to prevent modification of the setting from a HCL Traveler client. Any settings without this option are always handled as locked.
Setting | Description | Default value |
---|---|---|
Synchronize |
Specifies the HCL Notes® items that should be synced to the HCL Traveler client. This setting only applies to Exchange ActiveSync devices when the setting is locked either in the HCL Traveler default settings or a Domino® Policy. This setting only applies to HTMO client when the setting is locked in the HCL Traveler default settings. |
All of the following are selected by default: Email, Calendar, ToDo, Contacts, and Journal.
|
Schedule |
Define peak synchronization schedule and modes of synchronization to use for peak and off-peak hours. |
The following options are selected by default:
|
Disable sync when battery low |
Select to prevent the HCL Traveler client from making non-user requested connections to the server while the battery is low. |
Enabled by default. |
Connect when roaming |
Select to allow the HCL Traveler client to operate as normal, regardless of whether or not the device is on a roaming network. Otherwise the client will be prevented from making non-user requested connections to the server while the device is roaming. |
Disabled by default. |
For the settings listed in the following table, select Lock value on device to prevent modification of the setting from a HCL Traveler client. Any settings without this option are always handled as locked.
Setting | Description | Default value |
---|---|---|
Email Body Truncation |
Enables email body truncation. Characters beyond the default character value in the email body are truncated from the email body. This setting only applies to HTMO client when the setting is locked in the HCL Traveler default settings. |
Disabled |
Maximum email Attachment Size Allowed - Administrator |
Deprecated Specify the maximum combined size of all attachments in a document that can be
synced to a device. This size is an administrator setting that mobile device users cannot
change. Important: Setting this field to zero disables
all email and calendar attachments (including images) for all devices, including iOS Apple
Mail client and HTMO clients. Note: A non-zero value only applies to the deprecated
Windows Mobile and Symbian OS based Nokia devices. The HCL Traveler server no longer
requires an artificial limit to be placed on attachment size for other devices.
Note: Individual 'Prohibit download of attachments' settings exist under security
settings for each device type as an alternative way to disable attachments. |
4000 KB |
Email Attachments |
Enables automatic syncing of email embedded images up to the size configured in setting Email Attachment Size. This setting is not applicable to calendar events. Email and calendar inline email images automatically sync to HCL Verse Mobile clients. The automatic syncing of email/calendar attachments and calendar embedded images is controlled by the Attachment Download setting configured on HCL Verse Mobile clients. Embedded images and attachments not automatically downloaded can be downloaded on request from the client. This setting is not applicable to clients that use the Exchange ActiveSync protocol, such as the iOS Apple Mail app. To disable synchronization of email and calendar attachments including images to devices, you can enable the Prohibit download of attachments setting by device type under . Alternatively you can set Maximum email Attachment Size Allowed - Administrator to 0. |
Enabled |
Email Attachment Size |
Automatically download email embedded images smaller than this size when Email Attachments is enabled. |
500 KB |
Email Date Filter |
Enables filtering email by the number of days specified. This setting only applies to HTMO client when the setting is locked in the HCL Traveler default settings. |
Enabled and 5 days |
Filter Limit |
Administrative setting that enforces a maximum mail filter window for users that either disable the mail filter or select a value greater than this limit from their HCL Traveler client. This setting applies to Exchange ActiveSync devices and HTMO clients. |
Unlimited |
High Importance Only |
Select High Importance Only to synchronize only high importance emails. This setting only applies to HTMO client when the setting is locked in the HCL Traveler default settings. |
Disabled |
Calendar Date Filter Past Events |
Enables filtering of past calendar events by the length of time specified. This setting only applies to HTMO client when the setting is locked in the HCL Traveler default settings. |
Enabled and 1 week |
Filter Limit |
Administrative setting that enforces a maximum past event filter window for users that either disable the past event filter or select a value greater than this limit from their HCL Traveler client. This setting applies to Exchange ActiveSync devices and HTMO clients. |
Unlimited |
Calendar Date Filter Future Events |
Enables filtering of future calendar events by the length of time specified. This setting only applies to HTMO client when the setting is locked in the HCL Traveler default settings. |
Enabled and 3 months |
Filter Limit |
Administrative setting that enforces a maximum future event filter window for users that either disable the past event filter or select a value greater than this limit from their HCL Traveler client. This setting applies to Exchange ActiveSync devices and HTMO clients. |
Unlimited |
Journal Date Filter |
Enables filtering of journal dates by the length of time specified. Note that no supported clients sync journal entries. |
Enabled and 1 week |
Filter Limit |
Administrative setting that enforces a maximum journal filter window for users that either disable the journal filter or select a value greater than this limit from their HCL Traveler client. |
Unlimited |
ToDo Status |
Enables display of only to do items with a status of incomplete |
Enabled |
Once a device has registered with the server and has received settings from the device profile, the device preferences cannot be changed by an administrator unless the settings are locked either in the default device preferences or a HCL Traveler policy. If the administrator changes the value of a locked setting, then this change is synced to the mobile device immediately. A mobile device user cannot change setting values from the device for settings that are locked by a policy. Unlike device preferences, any security setting changes made by the administrator are synced to the mobile device.
For the settings listed in the following table, select Lock value on device to prevent modification of the setting from a HCL Traveler client. Any settings without this option are always handled as locked.
Setting | Description | Default value |
---|---|---|
Device logging |
Turns device client logging on or off. |
Off |
Device Log File Size Maximum |
Sets the maximum log file size. |
2000 KB |
Always bcc myself |
For Android based devices, select to automatically add responder's mail address to the bcc list. |
Disabled |
Setting | Description | Default value |
---|---|---|
Require device password |
Enables the requirement that devices have screen lock passwords. This option must be selected to use any of these sub-settings: Require alphanumeric value, Minimum password length, Auto lock period (maximum), Wrong passwords before wiping The Violation Action you select for this option applies to all sub-settings (except for Wrong passwords before wiping device - if you enable Wrong passwords before wiping device, then the violation action for Require device password must be Enforce). The default violation action is Report. |
Disabled |
Password type (OS 10+ only) | Sets the password type Android 10 and later versions from the following
options:
Low password type allows:
Medium password type allows:
High password type allows:
|
Disabled |
Password type (Pre-OS 10 only) |
Sets the password type from the following options:
Note: HCL Traveler lists the order of password types (top-to-bottom) as weakest to strongest.
Unrestricted is the weakest, and allows any type of password, including
fingerprint and pattern. Note that if you select Unrestricted as the
Password type, then the Password length setting is no
longer applicable. |
Disabled |
Minimum password length |
Smallest number of password characters allowed. Range is 4-64. |
4 |
Auto lock period (maximum) |
Number of minutes before device automatically locks when it is not being used. Range is 1-60 minutes. |
30 minutes |
Password expiration period (OS 3+ only) |
Number of days after which the device password must be changed. Range is 0-730 days. |
0 days |
Password history count (OS 3+ only) |
The number of unique passwords required before reuse of a password is allowed. Range is 0-50. |
0 |
Wrong passwords before wiping device |
Enables device to hard reset itself after the selected number of consecutive failed device password login attempts occur. |
Disabled and 7 incorrect password attempts |
Prohibit unencrypted devices (OS 3+ only) |
Select to only allow devices that are encrypted to sync with the HCL Traveler server. |
Disabled |
Require application password |
Select to require users to enter their HCL Verse password to access their HCL Verse client
application and its data. This option must be selected to use any of these subsettings:
Wrong passwords before wiping application data, Auto lock period|default. Note: When using
authentication systems that do not require a password to be entered for HCL Verse, such as
Certificate Based Authentication, SAML2, or TOTP, the Require application
password feature cannot be enforced and is not supported by the HCL Verse
Android application. |
Disabled |
Wrong passwords before wiping application data | Enables the device application to wipe the HCL Verse client application configuration and data after the selected number of consecutive failed application password attempts occur. | Disabled and 7 incorrect password attempts |
Auto lock period (maximum) | Number of minutes after which the HCL Verse application automatically locks when not in use. Range is 1-60 minutes | 30 minutes |
Disable local password storage |
Selecting this option will prevent the HCL Traveler password from being saved in application
storage. Enabling this option will require the user to enter their HCL Traveler password
whenever the HCL Traveler application service restarts, including at phone startup. HCL
Traveler will not synchronize data until the password is entered. Note: When using
authentication systems that do not require a password to be entered for HCL Verse, such as
Certificate Based Authentication or SAML2, the Disable local password storage
feature cannot be enforced and is not supported by the HCL Verse Android
application. |
Disabled |
Prohibit copy to clipboard |
Select to disable the ability to copy HCL Traveler data to the device clipboard. |
Disabled |
Prohibit export of attachments to file system |
Select to disable the ability to export attachments from HCL Traveler mail to the device's file system. |
Disabled |
Prohibit camera (OS 4+ only) |
Select to disable any cameras on the device. This policy is only available on Android 9.0 devices and below. |
Disabled |
Require external mail domain validation |
Enables a warning message requiring users to confirm that external mail addresses are correct when mail composed on the device is addressed to a user in a domain that is not included in the "Internal mail domains" list. |
Disabled |
Prohibit export of calendar to OS |
Determines whether HCL Traveler can share its calendar information with the device OS. |
Enabled |
Prohibit export of contacts to OS |
Determines whether HCL Traveler can share its contacts with the device OS. |
Disabled |
Prohibit devices incapable of security enablement |
Prevents all devices which do not have the required security features from syncing with the HCL Traveler server. If set to disabled, all devices, with and without security features, can sync data. HCL Traveler uses the Device Administrator feature added in Android 2.2. In order to enable this feature, the end user must agree to enable the device administrator on the device. Android devices on which the end user has not enabled the device administrator profile for HCL Verse mobile client will not be allowed. |
Disabled |
Prohibit download of attachments |
When enabled, devices will not be able to email and calendar attachments including images attachments from all HCL Verse Mobile applications when they sync with the HCL Traveler server. |
Disabled |
Allow only approved applications to access attachments |
Selecting this option enforces that attachments synced to the device can only be viewed by applications that are defined in the Approved Application list. |
Disabled |
Prohibit use of untrusted certificates |
When enabled, devices using untrusted certificates will not be able to sync with HCL Traveler. |
Disabled |
Require Mobile Application Management |
When enabled, the HCL Verse for Android client must be managed by a Mobile Application Management (MAM) provider to be able to sync with the HCL Traveler Server. |
Disabled |
Setting | Description | Default value |
---|---|---|
Require device password |
Enables requirement that devices have screen lock passwords. This option must be selected to use any of these sub-settings: Prohibit ascending, descending and repeating sequences, Require alphanumeric value, Minimum password length, Minimum number of complex characters, Auto lock period (maximum), Password expiration period, Password history, Wrong passwords before wiping device, Prohibit unencrypted devices. The Violation Action of Enforce applies to all sub-settings for this field. |
Disabled |
Prohibit ascending, descending and repeating sequences |
Prohibits the use of ascending, descending and repeating sequences. A sequence is considered 3 or more consecutive numbers or characters. |
Disabled |
Require alphanumeric value |
When enabled, both alphabetic characters and numbers are required in the password. |
Disabled |
Minimum password length |
Smallest number of password characters allowed. Range is 4-16. |
4 |
Minimum number of complex characters |
Smallest number of non-alphanumeric characters required. Range is 0-4 characters. |
0 |
Allow only approved applications and built-in viewers to access attachments |
Selecting this option enforces that attachments synced to the device can only be viewed by built-in viewers using HCL Traveler Companion or the HCL Traveler To Do application. Additional mobile applications are allowed to open attachments synced by HCL Traveler only if they are defined in the Approved Application list. |
Disabled |
Auto lock period (maximum) |
Number of minutes before device automatically locks when it is not being used. Range is 1-60 minutes. |
30 minutes |
Password expiration period |
Number of days after which the device password must be changed. Range is 0-730 days. |
90 days |
Password history |
The number of unique passwords required before reuse of a password is allowed. Range is 0-50. |
0 |
Wrong passwords before wiping device |
Enables device to hard reset itself after the selected number of consecutive failed device password login attempts occur. |
Disabled and 7 incorrect password attempts |
Prohibit unencrypted devices |
When enabled, only devices that support onboard data encryption are allowed to sync with the HCL Traveler server. |
Disabled |
Prohibit camera |
Disables the camera on the device. |
Disabled |
Prohibit devices incapable of security enablement |
Prohibit devices incapable of security enablement. Prevents all devices which do not have the required security features from syncing with the HCL Traveler server. If set to "disabled", all devices, with and without security features, can sync data. However, as many of the security features as possible will still be enforced on every device. The security features that a device includes depends on the version of the Exchange ActiveSync protocol that the device has implemented. Supported Apple iOS devices support all the settings available through HCL Traveler. A device is considered "unsecured" if any of the security features it does not include are enabled in the security policy. |
Disabled |
Prohibit download of attachments |
When enabled, devices will not be able to download email and calendar attachments including
images from HCL Traveler applications when they sync with the HCL Traveler
server.
Note: Enabling for Apple Mail will also prohibit download of attachments for HTMO
clients. |
Disabled |
Setting | Description | Default value |
---|---|---|
Require application password |
Enables the requirement to have an application password. This option must be selected to use any of these sub-settings except for: Prohibit export of contacts to OS, Prohibit copy to clipboard, Prohibit export of attachments to file system and Prohibit download of attachments. The Violation Action of Enforce applies to all sub-settings for this field. |
Disabled |
Password type |
Sets the password type from the following options:
|
Disabled |
Minimum letters |
Smallest number of alphabetic characters allowed. Range is 0-64. (For Complex password type only) |
0 |
Minimum non-letters |
Smallest number of non-alphabetic characters allowed. Range is 0-64. (For Complex password type only) |
0 |
Minimum uppercase |
Smallest number of uppercase characters allowed. Range is 0-64. (For Complex password type only) |
0 |
Minimum lowercase |
Smallest number of lowercase characters allowed. Range is 0-64. (For Complex password type only) |
0 |
Minimum numeric |
Smallest number of numeric characters allowed. Range is 0-64. (For Complex password type only) |
0 |
Minimum symbols |
Smallest number of symbol characters allowed. Range is 0-64. (For Complex password type only) |
0 |
Minimum password length |
Smallest number of password characters allowed. Range is 4-64. |
4 |
Auto lock period (maximum) |
Number of minutes before device automatically locks when it is not being used. Range is 1-60 minutes. |
30 minutes |
Password expiration period |
Number of days after which the device password must be changed. Range is 0-730 days. |
0 days |
Password history count |
The number of unique passwords required before reuse of a password is allowed. Range is 0-50. |
0 |
Wrong passwords before wiping application data |
Enables device application to wipe the HCL Verse application configuration and data after the selected number of consecutive failed application password login attempts occur. |
Disabled and 7 incorrect password attempts |
Prohibit ascending, descending, and repeating sequences |
Select to prohibit the use of ascending, descending, and repeating sequences |
Disabled |
Allow Touch ID |
When enabled, and if the iOS device supports fingerprint recognition, users can unlock the HCL Verse application using Touch ID without having to enter their HCL Verse application password. |
Disabled |
Prohibit export of contacts to OS |
Determines whether HCL Verse application can share its contacts with the device OS. |
Disabled |
Prohibit copy to clipboard |
Select to disable the ability to copy HCL Verse application data to the device clipboard. |
Disabled |
Prohibit export of attachments |
Select to disable the ability to export attachments from HCL Verse application. |
Disabled |
Prohibit download of attachments |
When enabled, devices will not be able to download email and calendar attachments including images from the HCL Verse application when they sync with the HCL Traveler server. |
Disabled |
Require Mobile Application Management |
When enabled, devices must be managed by a Mobile Application Management (MAM) provider to be able to sync mail with the HCL Traveler Server. Enforcement requires HCL Verse for iOS 12.0.7 or later. |
Disabled |
Setting | Description | Default value |
---|---|---|
Require device password |
Enables the requirement that devices have screen lock passwords. This option must be selected to use any of these sub-settings: Prohibit ascending, descending and repeating sequences, Require alphanumeric value, Minimum number of complex characters, Minimum password length, Auto lock period (maximum), Password expiration period, Password history count, Wrong passwords before wiping device, Prohibit unencrypted devices and Prohibit download of attachments. The Violation Action of Enforce applies to all sub-settings for this field. |
Disabled |
Prohibit ascending, descending and repeating sequences |
Prohibits the use of ascending, descending and repeating sequences. A sequence is considered 3 or more consecutive numbers or characters. |
Disabled |
Require alphanumeric value |
When enabled, both alphabetic characters and numbers are required in the password. |
Disabled |
Minimum number of complex characters |
Specifies the required level of complexity of the device password. For the default value of 2, a password with both upper case and lower case alphabetical characters would be sufficient, as would a password with lower case alphabetical characters and numbers. For password enforcement with a combination of upper case alphabetical characters, lower case alphabetical characters, numbers and non-alpha numeric characters the required value should be set to 4. Range is 1-4. |
2 |
Minimum password length |
Smallest number of password characters allowed. Range is 4-16. |
4 |
Auto lock period (maximum) |
The number of minutes before device automatically locks when it is not being used. Range is 1-60 minutes. |
30 minutes |
Password expiration period |
The number of days after which the device password must be changed. Range is 0-730 days. |
90 days |
Password history |
The number of unique passwords required before reuse of a password is allowed. Range is 0-50. |
0 |
Wrong passwords before wiping device |
Enables a device to hard reset itself after the selected number of consecutive failed device password login attempts occur. |
Disabled and 7 incorrect password attempts |
Prohibit unencrypted devices |
When enabled, only devices that support on-board data encryption are allowed to sync with the HCL Traveler server. |
Disabled |
Prohibit download of attachments |
When enabled, devices will not be able to download email and calendar attachments including images from HCL Traveler applications when they sync with the HCL Traveler server. |
Disabled |
Setting | Description | Default value |
---|---|---|
Require device password |
Enables the requirement that devices have screen lock passwords. This option must be selected to use any of these sub-settings: Prohibit ascending, descending and repeating sequences, Require alphanumeric value, Minimum number of complex characters, Minimum password length, Auto lock period (maximum), Password expiration period, Password history count, Wrong passwords before wiping device, Prohibit unencrypted devices and Prohibit download of attachments. The Violation Action of Enforce applies to all sub-settings for this field. |
Disabled |
Prohibit ascending, descending and repeating sequences |
Prohibits the use of ascending, descending and repeating sequences. A sequence is considered 3 or more consecutive numbers or characters. |
Disabled |
Require alphanumeric value |
When enabled, both alphabetic characters and numbers are required in the password. |
Disabled |
Minimum number of complex characters |
Smallest number of non-alphanumeric characters required. Range is 1-4 characters. |
2 |
Minimum password length |
Smallest number of password characters allowed. Range is 4-16. |
4 |
Auto lock period (maximum) |
The number of minutes before device automatically locks when it is not being used. Range is 1-60 minutes. |
30 minutes |
Password expiration period |
The number of days after which the device password must be changed. Range is 0-730 days. |
90 days |
Password history |
The number of unique passwords required before reuse of a password is allowed. Range is 0-50. |
0 |
Wrong passwords before wiping device |
Enables a device to hard reset itself after the selected number of consecutive failed device password login attempts occur. |
Disabled and 7 incorrect password attempts |
Prohibit unencrypted devices |
When enabled, only devices that support on-board data encryption are allowed to sync with the HCL Traveler server. |
Disabled |
Prohibit download of attachments |
When enabled, devices will not be able to download email and calendar attachments including images from HCL Traveler applications when they sync with the HCL Traveler server. |
Disabled |
Setting | Description |
---|---|
Report |
If the setting is not compliant, the violation is reported to Domino® Domain Monitor (DDM) on the HCL Traveler server. The mobile device user is notified on the HCL Traveler status screen with a security lock icon and a message. |
Disable Synchronization |
If the setting is not compliant, the violation is reported to the HCL Traveler server and any further syncing with the server is disabled. Syncing can be re-enabled only by fixing the security policy violation. |
Enforce |
The HCL Traveler client forces the setting on the device to match the setting in the security policy. For settings such as the device password, the mobile device user is prompted to enter a password for the device. If at any time the settings are detected to be non-compliant, the violation is reported to DDM on the server and syncing is disabled on the mobile device until the violation is corrected. |
Setting | Description | Default value |
---|---|---|
Include users |
The names of users or groups to which the default device preference settings apply. |
Blank, which means all users. To specify all members of a branch of a hierarchical name tree, use an asterisk (*) followed by a forward slash and certifier name, for example, */Sales/Acme. |
Exclude users |
The names of users or groups to which the default device preference settings do not apply. |
Blank, which means no users. Use an asterisk (*) to indicate all users. To specify all members of a branch of a hierarchical name tree, use an asterisk followed by a forward slash and certifier name, for example, */Sales/Acme. |
Setting | Description | Default value |
---|---|---|
Require approval for device access |
Selecting this setting will make all new devices able to register, but not sync data with HCL Traveler. The device will be in a locked state until approved by the Administrator. |
Deselected |
Number of devices to allow per user before approval is required |
This setting allows the Administrator to
auto approve a given number of devices per user. The number refers
to registered devices per user and is not time sensitive. For example
if set to |
1 |
Optional: Addresses to notify when approval action is pending |
This allows an Administrator to be notified
when an approval action is required. The notification would include
the User ID, Device ID, Device Type, and date of registration. The
notification list can include users, groups and Mail-In DBs. The registering
user will always receive a notification when a device registers and
requires approval. The e-mail copy sent to the administrator includes
a link to |
Blank, which means no addresses |