Here's an ID and password recovery fishstory:
Recovery for Lotus Notes download file is only 1004 KB in size. Recovery for Lotus Notes was filed under the Backing Up category and was reviewed in softlookup.com and receive 2.8/5 Score. Recovery for Lotus Notes has been tested by our team against viruses, spyware, adware, trojan, backdoors and was found to be 100% clean.
Recovery Toolbox for Lotus Notes. Recovery Toolbox for Lotus Notes efficiently solves the problem of ad hoc data recovery from damaged.NSF database files. The work of the program is based on a convenient recovery wizard that guides the user through the process. Ibm Lotus Domino Server & Lotus Notes Clients 8.5 crack: Recovery-for-lotus-notes 2.5 serial keygen: Lotus Notes All Clients 8.5 serial key gen: Ibm Lotus Organizer 6.1 serial keygen: Lotus Notes 8.5.2 serial keygen: Lotus Smartsuite Millennium 9.8 serial key gen: Systools-lotus-notes-to-outlook 8.0 key generator. New in Recovery for Lotus Notes 2.6: Support of Lotus Notes 7.0 and 8.0 has been added Standard features: Supports IBM Lotus Notes 8.5, 8.0, 7.0 and 6.5 Recovers users' documents Recovers metadata such as Form, Subform, Frameset, Page, View, Folder, Agent, Outline, Shared Field, Shared Action, Database Script, Image, Script Library. Lotus Notes Password Recovery Key is a product developed by Passware.This site is not directly affiliated with Passware.All trademarks, registered trademarks, product names and company names or logos mentioned herein are the property of their respective owners.
Cindy HelpDesk answered the phone andheard a timid voice at the other end. 'Hello Cindy, this isBubba Smith. I lost my ID file.'
'What happened to your IDfile?'
'It's at the bottom of theGulf of Mexico, with my laptop. . . .I was out fishing with mybuddy, Billy JoBob, and I decided to check my e-mail. Then thishuge shark swallowed the bait and started a tremendous fight. Idropped my laptop to grab the pole, and the laptop slipped into thewater.'
'Did you catch theshark?'
Mr. Smith sheepishly said, 'Nope,it got away, but I have a new laptop now. I need a Notes ID andpassword, and I also had an X.509 certificate in my Notes ID file.I don't know how to get a replacement.'
'Let me check. Your ID was lastharvested two weeks ago. How long ago did you import the X.509certificate into your ID file?'
'About four monthsago.'
'Then you should be OK. I'msending your ID to your manager now. Here is the key to unlock yourID-5829692949294a36. Also I'm e-mailing the procedures on howto unlock the ID file to your manager; it takes just a few steps tounlock the ID and enter a new password. Without the number I'vejust given you, no one will be able to unlock your ID file, soguard it just as carefully as your password.'
Mr. Smith sighed with relief.'Thanks, Cindy. You were a great help!'
Great story with a happy ending. Userdrowns laptop, user gets a new laptop, and then user gets ID back.All this without getting wet. This success story was brought to youby the ID and Password Recovery (also called ID Recovery) mechanismthat is built into Lotus Notes R5. This article explains how toimplement ID and Password Recovery for yourorganization.
What ID Recovery does for you
The ID Recovery mechanism is basicallysimple. If an ID has been created with a certifier that hasrecovery information, the ID file contains at least one recoverypassword that is randomly generated and encrypted with anadministrator's public key. The password is unique for eachadministrator and user. For example, administrator Cindy HelpDeskhas a unique recovery password for user Bubba Smith, and thatpassword is stored in Bubba's ID file.
Before ID Recovery, if a user lost thepassword to her ID, the administrator had to either get the ID filefrom an archive or create a new ID file for the user. Both optionsposed problems:
- If the ID was obtainedfrom the archive, the old ID file might not contain recent X.509keys, encryption keys, name changes, or new keys fromrecertification.
- If the administratorcreated a new ID file for the user, even with the same user name asbefore, the user would not be able to read previously encryptedmail or documents.
ID and Password Recovery makes user IDmanagement simpler and better with these new features:
- The ability to 'open'an existing ID Recovery–enabled ID file and assign a newpassword to it.
- The ability for anadministrator to unlock an ID over the phone.
- The ability to harvestIDs from R5 clients and back up the IDs in a secure, centralizeddatabase.
- The ability to enableany ID to support ID Recovery via Notes mail.
- The ability toautomatically archive IDs at the time of new userregistration.
- The ability to managethe recovery information in each ID based on the OU levelcertifier.
These powerful features allow anenterprise Domino installation to securely manage ID files whilealso providing better service to users.
How to implement ID and PasswordRecovery
Here are the basic steps forimplementing ID and Password Recovery in your organization:
- Define your security policies andprocedures for ID and password management.
- Create a recovery database to houseeach set of IDs per O or OU. Technically, you can place all of theIDs into the same database. Where OUs reflect actual administrationboundaries, it is better to create one recovery database perOU.
- Create a mail-in database recordfor each ID recovery database.
- Add recovery information to each Oor OU certifier that will be certifying end users.
- Export the recovery information andsend it to all R5 users per O or OU; this is the harvestprocess.
Let's review each of these steps inmore detail.
1. Define security policies andprocedures for ID and password management
First, before creating recoverypolicies and procedures, you need to have a basic,organization-wide security policy. If you need help here, severalbooks and Web sites can help you, including The Internet SecurityGuidebook, ISBN:0122374711;'An IT Security Policy: What Every Hacker Does Not Want You To Havein Place,' (THE VIEW,November/December 2000); and the National Institute of Standardsand Technology (NIST) Internet Security Policy guidebook.Thesematerials can help you create security policies and procedures tosupport your security infrastructure.
Then, in relation to ID Recovery, youneed to define the following:
Recovery For Lotus Notes 2.6 Crack
- The number of recoveryIDs that will be placed into each OU. Currently the maximum valueis 8.
- The minimum number ofadministrator recovery IDs (also called Recovery Authorities)required to unlock a user ID file.
- The naming standard ofthe administrator recovery ID files that will be used to unlock theID files.
Identify the number of RecoveryAuthority IDs to be placed in certifiers
Here are your options. Which you choosedepends on your organization's security policies:
- The most securepractice is to have many recovery ID files, each controlled by adifferent specific administrator, and to require several of them towork together to recover an ID. That way, no one individual actingalone can steal user IDs, but no one individual being unavailablewill prevent recovery of IDs. For example, five top administratorsmight get the recovery ID files, but you could require that two ofthem have to participate in the recovery of any ID. However, thiscan lead to multiple recertifications of user IDs as administratorstaff changes.
- An alternative tomultiple recovery IDs is a single recovery ID protected by multiplepasswords (which can also require two of five passwords). Thedownside of this is that the administrators would have to be at thesame physical location to enter their passwords and unlock the ID,rather than acting independently from different locations connectedby phone.
- You might use eachadministrator's user ID instead of assigned recovery IDs.This should not ordinarily be done because IDs in everyday use aremore susceptible to theft than IDs that are kept separate and onlyused for this specific purpose. Even more so than with theirindividual IDs, owners of recovery IDs should be reminded to nevertell anyone else their password.
- It is not a bestpractice to use shared administrator and/or recovery ID files.Although this is the easiest approach for administrators, it givesconsiderable power to individuals and leaves no audittrail.
Identify the minimum number ofadministrator IDs (Recovery Authorities) required to open an IDfile
The Lotus recommended minimum number isthree. Many organizations follow standard security practice forsensitive IDs and require two. Other organizations have minimalsecurity requirements and only require one, and/or use a sharedrecovery ID.
Identify the naming standard ofthe administrator IDs (Recovery Authorities) that can unlock anID
This can be any person that has a Notespublic key in the address book. The Domino R5 Administration Helpsuggests usingexisting administrator IDs. You could also create specific ID filesfor administrators that would be dedicated to opening ID files. Forexample:Recovery1/Recovery/TheCompany
2. Create a recovery database tohouse each set of IDs
As we mentioned earlier, you can useone database for the whole organization or one per O or OU. Ineither case, you must:
- Create a new databaseon a server.
- Set the ACL as neededto limit access to only authorized administrators.
We recommend that you also:
- Use the mail50.ntftemplate (named StdR50Mail) for the database.
- Place the database onan isolated server, and use the Server Access field in the Serverdocument to limit access to this server.
- Use the Design tab of the Database properties box to deselect the 'Show in 'Open Database' dialog' and 'List in Database Catalog' options:
Figure 1. Database Properties box
3. Create a mail-in database recordfor each recovery database
Every certifier ID has an internal memory location that lists the name of the mail-in database for the recovery of IDs. The administrator can have a single database for all certifiers or one database for each certifier.
To create a mail-in database record foreach recovery database:
- Open your domain's Domino Directorywith the Notes client.
- Go to the Server/Mail-in-Databaseview.
- Click the Add Mail-in Databaseaction button.
- Fill in the Domain, Server, andFilename fields with the correct domain, server, and database name.It's a good idea to make the database name similar to the OU nameso that it's easier to remember.
Figure 2. Mail-in Database document
- Save and close thedocument.
4. Add recovery information to eachOU certifier
Every certifier ID can hold recoveryinformation. This recovery information is 'stamped' into each newuser ID when that ID is created using an R5 Administrator client.This recovery information can also be exported and imported intoR4-based IDs that are on R5 clients.
For each OU certifier:
- From the Administrator client,select the server where you have registered the recoveryIDs.
- Make sure your Location document inyour address book is also set to this server in the Home/mailserver field of the Servers tab.
- Go to the Configuration tab for theserver, and click Certification under Tools. Then click EditRecovery Information:
Figure 3. Certification tools
- In the Choose Certifier ID dialogbox that appears, enter the name of the certifier ID file in theFile name field. Then click Open.
Figure 4. Choose Cert ID dialog box
- Enter the certifier's password whenprompted. The Edit Master Recovery Authority List dialog boxappears:
Figure 5. Edit Master Recovery Authority List dialog box
- Enter the minimum number ofadministrator IDs (Recovery Authorities) required to open an IDfile in the 'How many Recovery Authorities do you require' textbox.
- Click the Address button to specifythe name of the mail-in database that you created.
- Click the Add button to add thenames of those who will be acting as Recovery Authorities. Thisopens a name and address dialog box where you select names to addto the list. (You may first have to select the directory where theRecovery Authority names are registered.)
At this point, the Recovery Authorityinformation is complete and will take affect for all new users. Forexisting users, you will need to export the information and send itto them. This step is covered in the next section.
Here's an example of what a completedEdit Master Recovery Authority List dialog box lookslike:
Figure 6. Completed Edit Master Recovery Authority List dialog box
In this case, only one RecoveryAuthority is required, so either Mike Jones, TIm Speed, or TomSmith will be able to recover (unlock) an ID file. The name of themail-in database is Dallas IDPR. All new and harvested IDs will besent to this mail-in database for the OU/Dallas/TheCompany.
You repeat this process of addingrecovery information for each OU in your organization. All newusers will have recovery information in their IDs and their IDswill be automatically mailed to the recovery database. The examplebelow shows how the recovery database looks after registering twonew users:
Figure 7. Recovery database entries
These messages look like any normalmail message, but they house a backup copy of the user'sNotes ID file. Here is what the message looks like:
Figure 8. Message with ID file
5. Export recovery information andsend it to all current R5 users
Now your new users are protected, butany existing R5 users and R4.x users you have migrated to R5clients and servers still do not have recovery information in theirIDs. What do you do to fix this? You can export the recoveryinformation from the certifiers and send it to the users. You needto repeat the following steps for each group of users certifiedwith a specific certifier:
- Tell the users why it is importantfor them to accept the recovery information.
- Export the recovery information andsend it to the users certified with that OU.
- The users accept the recoveryinformation into their ID files.
- The users accept the option to sendthe ID with the new recovery information to the recoverydatabase.
Note that this export can happen at anytime, but if you are dealing with any type of migration, you willsave yourself headaches if you finish the migration before youexport the recovery information and send it to the users. The sameis true if you are in the process of moving users from one O or OUlevel certifier to another one.
Now let's go through the process withone user. Suppose Billy JoBob was an R4 user that recently upgradedto an R5 client.
Tell users about IDRecovery
This is the most important step you cantake, because until users accept the recovery information and mailback their IDs, their IDs will not be protected. Use whatevernotification methods you normally use, but send the message severaltimes. Explain how important it is. You might even include a buttonfor them to acknowledge the message.
Export the recoveryinformation
Next, you export the recoveryinformation and send it to the users. Remember that you have to dothis for each certifier used to register users:
- From the Administrator client,select the server where you have registered the IDs.
- Go to the Configuration tab for theserver, and click Certification under Tools. Then click EditRecovery Information. You will be prompted for the certifier thatyou want to edit. Suppose you know that Billy JoBob was registeredwith the OU called Dallas/TheCompany. After you select thecertifier for that OU and enter the password, you will see the EditMaster Recovery Authority List dialog box.
- Click the Export button in thedialog box.
- Enter the password for the OU andclick OK. The Mail ID File Recovery Information dialog boxappears:
Figure 9. Mail ID File Recovery Information dialog box
- In the To and CC fields, enter theuser name or group name of those who should receive the recoveryinformation. You can use the Address button to select the usernames and/or group names from the Domino Directory.
- Click the Send button.
In this example, we have selected BillyJoBob. Once we click the Send button, the message will be deliveredto Billy JoBob's mail file. Here's how it looks in Billy'smail file. Notice that the instructions are in the Subject line ofthe message.
Figure 10. Notification in the user's mail file
The user accepts the recoveryinformation
Next, Billy opens the message andfollows the directions in the Subject line, choosing Actions -Accept Recovery Information:
Figure 11. Choosing Actions - Accept Recovery Information
The user sends the ID with therecovery information to the recovery database
Once Billy has chosen the AcceptRecovery Information option, the Backup ID File dialog box appears,prompting Billy to send his ID to the recoverydatabase:
Figure 12. Backup ID File dialog box
The new recovery information is placedinto users ID files once they have accepted it, even if they cancelthe dialog box to e-mail a backup copy to the recovery database.But let's review the impact of several different scenarios, basedon Billy's actions.
If Billy decides not to bother withanother 'boring administration message' and doesn't open themessage and accept recovery information-in other words, doesabsolutely nothing-there will be no way to recover his IDfile. You will probably need to issue a new ID file to Billy, evenif he still has the ID file and has only forgotten the password.This will take time, and Billy will not be happy. If Billy has anyencrypted messages or other data, those are permanently lost, andhe will be even less happy.
By the way, if Billy is ever undersuspicion of illegal activity, your audit department will not bepleased when you tell them that you cannot read his encryptedmessages. Of course, an intelligent criminal won't send youthe ID file with the private key that she uses for clandestineactivity, but at least if you have the ID file in the recoverydatabase, the audit department will know you did everythingpossible.
If Billy opens the message and choosesActions - Accept Recovery Information but then cancels out of theBackup ID dialog box, the ID will be recoverable, but a currentcopy of the ID file will not be in the recovery database. Thismeans that the following information will not be available:
- Currentcertificates
- Secret keys
- X.509certificates
- Recoverypasswords
Recovery For Lotus Notes 2.6 Crack Download
In other words, Billy and you are inalmost the same predicament as if he hadn't done anything atall. The only advantage is that someone could possibly make a copyof the ID file on Billy's workstation and send it to you andthen you could recover it-not an option when the ID file isat the bottom of the Gulf of Mexico.
The moral is that you should nevershortcut the first step-telling users about ID Recovery. It'simportant to impress the importance of ID Recovery on your usersand to make sure they follow through. In fact, it's much better foryou-and for everyone else-if you keep track of whichusers have sent in their recoverable IDs and harass the othersuntil they do too.
Also, if people in your organizationuse S/MIME or other X.509 certificates, it is a good idea to repeatthe recovery process every few months to keep this informationup-to-date. Otherwise, normal recertification will take care ofkeeping the stored user IDs current.
How to recover an ID
So far, we've discussed setting up IDRecovery and showed you that once the recovery was enabled, itwould place the recovery data in new user IDs. We also showed youhow to harvest and enable IDs that were created before ID Recoverywas implemented. Now we can turn our attention to how you actuallyrecover an ID.
Before ID Recovery, it didn'tmatter whether the user had lost the ID file or had only forgottenthe password-in either case, if you had a backup of the IDfile with a known password, you could send it to the user, eitherby sneaker net or by sending the file to the user's localadministrator or manager. Otherwise, you would have to give theuser a totally new ID file.
With ID Recovery in place, the processof recovering from a forgotten password is different than fromrecovering from a lost ID. When the user has only forgotten thepassword, the whole recovery process can take place over the phone,which means that if the administration team is available, the usercan be back in business in minutes. If the ID file is at the bottomof the Gulf of Mexico, the physical ID file has to be delivered tothe user, but at least all the certificates and private keys arecurrent.
Lotus Recovery House
The basic process has foursteps:
- You copy the ID file from therecovery database.
- You (or whoever is authorized inthe certifier file as a Recovery Authority) recovers the ID byusing the Administrator client to find your recovery password forthat ID. This process is repeated with different administrators whoare Recovery Authorities until the minimum number of recoverypasswords has been obtained.
- You give the recovery passwords tothe user.
- You or the user enters the recoverypasswords, unlocking the ID file and making it fullyfunctional.
Here are the steps indetail.
1. Copy the ID file from therecovery database
This step is simple. You:
- Open the recoverydatabase.
- Open the last message from theuser.
- Right-click the attachment andchoose Detach. You should detach the attachment to a localdrive.
2. Find the recovery passwords forthe ID
This step is also straightforward:
- From the Administrator client,select the server where you have registered the IDs.
- Go to the Configuration tab for theserver, and click Certification under Tools. Then click ExtractRecovery Password. You will be prompted for your password and forthe ID that you want to recover.
- Enter your password and then selectthe ID that you want to recover. If your ID is authorized torecover the ID that you selected-that is, you are listed as aRecovery Authority for that ID-you will see the followinginformation:
Figure 13. Recovery information
If your name was not on the recovery list of the certifier for thatID, you see an error message indicating that you are not authorizedto recover that ID file. - Different administrators shouldrepeat the process until you have the necessary number of recoverypasswords to recover the ID. For example, three recoveryauthorities must extract their recovery password for the ID if theID Recovery process was set up to require at least three RecoveryAuthorities. For best security, the user should deal with eachRecovery Authority separately so that only the user has therecovery passwords needed to unlock the ID (and no one intermediaryever has them).
3. Give the recovery information tothe user
At this point, you have essentially two choices: You can read the recovery passwords to the user over the phone or you can recover the ID yourself, assign an easier password, and send the ID and password to the user's administrator or manager. Some users have so much trouble entering a 16-character random string that they actually prefer to wait and get the ID file itself with an easier password, or your organization may expect local administrators to do the recovery for the user.
4. You or the user enter therecovery passwords and recover the ID file
Actual recovery of the ID file canoccur under either scenario, with either you recovering the IDyourself or the user recovering the ID with the recoveryinformation you give them.
If you, as an administrator, are goingto recover the ID file for the user, you can follow thesesteps:
- From the Notes client, select File- Tools - User ID - Recover ID. The Choose User ID to Recoverdialog box appears:
Figure 14. Choose ID File to Recover dialog box
- Select the ID file you want torecover and click Open. The Enter Passwords dialog box appears. Itlists the administrators with Recovery Authority status who canrecover the selected ID. It also displays the minimum number ofRecovery Authorities needed to recover the ID.
Figure 15. Enter Passwords dialog box
In this example, one recovery password is needed to unlock the ID,and three administrators are authorized as Recovery Authorities forthis ID. - Enter the 16-character recoverypassword for one of the Recovery Authorities listed. The requirednumber of passwords can be entered in any order. Click Enter aftertyping each one. A message confirms whether the password was valid.The dialog box displays how many more passwords are needed. Onceyou have entered the appropriate number of recovery passwords, theSet Password dialog box appears.
- Enter a new password for the userand click OK. The Set Password verification dialog box appears. Asalways, you have to enter the password again to make sure therewere no typographical errors.
- Enter the password again and clickOK. The ID file is now fully recovered and functional. You can sendthe ID file to the user along with their new password, usually viathe user's manager.
If, on the other hand, the user isgoing to recover her own ID file, the File - Tools - User ID -Recover ID won't work, because she can't use her Notesclient without knowing the password to the ID file. The solution issimple, but not necessarily obvious. To recover an ID file when youcan't get into the Notes client:
- Start Notes.
- At the Enter Password dialog box,click Cancel. (If you enter the wrong password and click OK, yousee the Wrong Password message. Click OK at that message to returnto the Enter Password dialog box and then clickCancel.)
- When the Enter Password dialog boxreappears, click Cancel again. The Choose User ID to Switch Todialog box appears:
Figure 16. Choose User ID to Switch To dialog box
- At the Choose User ID to Switch Todialog box, click Cancel. This opens the Choose ID File to Recoverdialog box:
Figure 17. Choose ID File to Recover dialog box
- Select the ID file to recover andclick Open. The Enter Password dialog box appears with the list ofRecovery Authorities. From this point on, the process is the sameas that followed by an administrator recovering a user'sID.
- In the Enter Password dialog box,enter the 16-character recovery ID of one of the RecoveryAuthorities and click Enter. Repeat this until you have entered theappropriate number of recovery passwords, at which point, the SetPassword dialog box appears.
- Enter a new password, click OK, andthen enter the new password again as verification. Then clickOK.
Whether you have recovered the user'sID, reset her password, and sent her the ID file or she has donethe recovery herself, if she is running Windows NT or Windows 2000and the Domino synchronization code, there is one more step totake. The user will be prompted to synchronize the Windows andNotes passwords, either right after she finishes setting therecovered ID's new password or when she first uses the recoveredID.
Figure 18. Synchronize password message
The user should follow the directionsin the message to synchronize the passwords.