Configuring Policies

In previous versions of Sametime there was a graphical user interface available to configure policies. In Sametime 11 configuring policies is done in the policies.user.xml file, which is located on the Community server in the Domino program directory.

About this task

You can use the policies.user.xml file to restrict or grant access to users depending upon their level of need. For example, the maximum size for a file being transferred is set by default at 1 megabyte to help manage traffic over the servers. However, you might have a group of users who have a business need to transfer larger files. You can set a new policy specific to those users that has a higher maximum.

You need operating system access to the Sametime Community server for this task.

Note: Your Sametime license may be an entitlement from your Domino licenses, which has limits on features. If your license is limited, enabling unentitled features may violate your license agreement. Additionally, disabling some of the features is a required post installation step.

For Sametime 11 required manual settings, see the HCL Sametime 11 Limited Use after installation technote.

About the policies.user.xml file

The file is organized into templates:

Instant Messaging default (im.default.policy)
Instant Messaging Anonymous (im.anonymous.policy)
Audio Video default (av.default.policy)
Audio Video Anonymous (av.anonymous.policy)
Meetings default (ms.default.policy)
Meetings Anonymous (ms.anonymous.policy)

If you open the file using a text or XML editor, you will also notice a template that has been commented with <!- notation. This section is to be used as template to create new policies. When making changes to policies ensure you are in the correct policy template.

Note: Do not use the following special characters in the policy's name or in any one of the values of policy attributes:

Ampersand (&)
Apostrophe (')
Quotation mark (")
Greater than character (>)
Less than character (<)
backslash character (\)
Forward slash (/)
spaces ( )

Note: You will be making changes to an .XML file. To check the syntax after making changes to the server, you can preview the file using a browser. If there is a problem in the XML formatting it will be easier to identify. If the XML has incorrect syntax, it will result in policy service failure.

Modifying the Default or Anonymous Instant Messaging Policy

Remote to the Sametime Community Server.
Browse to the Domino program directory (typically c:\Program Files\HCL\Domino).
Use a text or xml editor to open the policies.user.xml file.
Locate the correct template:
- To make changes to the default template, look for the line that begins with:
  <policy id="im.default.policy" weight="1">
- To make changes to the anonymous template, look for the line that begins with:
  <policy id="im.anonymous.policy" weight="0">

This is the beginning of the policy. From here, the policy is divided into attribute groups:

Table 1. **Table - 1**
Attribute group name	What is inside
imserver.policygroup.chat	Persistent Chat enableOffline Messages im.thirdPartyMeetingEnabled = Set to true to enable Sametime 11.6 meetings im.metingsEnabled = Set to true to enable Sametime 11.6 meetings im.2019.label = User must set this community as the default server community (IC) im.2011.label = Allow user to add multiple server communities (IC) im.2001.label = Allow user to add external users using Sametime gateway communities im.2002.label = Allow user to save chat transcripts (IC) im.2004.label = Automatically save chat transcripts (IC) im.2006.label = Maximum days to save automatically saved chat transcripts (IC) im.2014.label = Limit contact list size im.2015.label = Contacts im.2010.label = Allow mobile client im.2012.label = Sametime update site URL (IC) im.3000.label = Allow all Sametime Connect features to be used with integrated clients (IC)
imserver.policygroup.image	im.2008.label = Allow custom emoticons (IC) im.2009.label = Allow screen capture and images (IC) im.2020.label = Set maximum image size for custom emoticons, screen captures, and inline images (IC) im.2021.label = KB
imserver.policygroup.filetransfer	im.1.label = Allow user to transfer files through server (IC) im.2.label = Maximum individual file transfer size, in Kilobytes, for files sent through the server (IC) im.3.label = Use exclude file types transfer list, for files sent through the server (IC) im.4.label = Types to exclude from transfer. Type the three-letter extension of each file type, separated by a comma or semicolon (IC) im.2005.label = Allow client-to-client file transfer (IC) im.allowTransferringMutipleFilesAndFolders = allows users to transfer multiple files and folders in a chat im.allowTransferringFiletoNWayParticipants = allows users to transfer files to all participants in a n-way chat im.maxNumberUsersToReceiveSingleFileInOneFileTransferSession = set a maximum numbers of users in the n-way chat to receive files during a file transfer.
imserver.policygroup.plugin	im.2013.label = Allow user to install plug-ins (IC) im.2022.label = Sametime optional plug-in site URLs. Type the URLs separated by a comma or semicolon (IC)
imserver.policygroup.mobile	im.mobile.allowLocationReporting.label = Allow location reporting im.mobile.disableUntrustedSsl.label = Disable untrusted SSL im.mobile.disablePasswordSave.label = Disable password save im.mobile.AllowSendFiles - Allows the mobile to send files if file transfer policy is also enabled im.mobile.AllowReceiveFiles - Allows the mobile to receive files if file transfer policy is also enabled (means files received over chat will be stored in Files app for iOS and on the synonymous thing for Android. If you don't want files outside the app, turn this off and all we have to do is not advertise the capability and no one can send to you.) im.mobile.restrictClipboard - Clipboard will be cleared when you go to the background. im.mobile.allowShareChatImages - Means that images sent to a user in a chat can be shared outside the container. To photos, Files, other apps, etc. im.mobile.allowSendImages - Allows the mobile to send photos if im.2009 (Allow screen capture and images) policy is also enabled. im.mobile.mamPolicySignature - Enables an administrator to require that mobile devices running HCL Sametime be managed.

To enable or disable a feature, locate the feature’s current-value and change to either 0 for disabled, or 1 for enabled.

For example, to disable “User must set this community as the default server community”, locate the feature ‘s label (im.2019) then change the XML syntax from current-value=”0”

<p:policy-attribute id="im.2019" type="boolean" current-value="0" default-value="0" master-attribute-link="null" possible-value-labels="null" possible-values="null" label="im.2019.label" description="im.2019.desc" visible="true"/>

Change to current-value=”1”

<p:policy-attribute id="im.2019" type="boolean" current-value="1" default-value="0" master-attribute-link="null" possible-value-labels="null" possible-values="null" label="im.2019.label" description="im.2019.desc" visible="true"/>

Modifying the Default or Anonymous Meetings Policy

Note: These settings are used in environments that include a Sametime 9.x Meeting Server. The Sametime 11.6 Meeting Server policy is in the Instant Messaging Policy. See table 1.

Remote to the Sametime Community Server.
Browse to the Domino program directory (typically c:\Program Files\HCL\Domino).
Use a text or xml editor to open the policies.user.xml file.
Locate the correct template:
- To make changes to the default template, look for the line that begins with:
  <policy id="ms.default.policy" weight="1">
- To make changes to the anonymous template, look for the line that begins with:
  <policy id="ms.anonymous.policy" weight="0">

This is the beginning of the policy. From here, the policy is divided into attribute groups:

Table 2. **Table - 2**
Attribute group name	What is inside
ms.policygroup.1.label	ms.9.label=Maximum persistent meeting rooms this user can own ms.15.label=Allow user to create instant (non-persistent) meeting rooms ms.17.label=Automatically connect to meeting server when logging into Sametime Connect (IC) ms.14.label=Allow searching for meeting rooms ms.13.label=Allow searching for hidden meeting rooms ms.16.label=Show "Scheduled Meetings" view (IC) ms.11.label=Allow meetings to be recorded (IC) ms.12.label=Allow meeting room content to be downloaded ms.1.label=Meeting room group chats ms.21.label=Allow meeting room polls ms.22.label=Allow annotations of uploaded content ms.25.label=Require meeting rooms to have a password ms.26.label=Allow guest access to meeting rooms
ms.policygroup.2.label	ms.7.label=Maximum file upload size, in Megabytes ms.8.label=Maximum total size of library, in Megabytes ms.23.label=Allow this user to add files from a content repository
ms.policygroup.3.label	ms.2.label=Allow screen sharing ms.3.label=Allow user to control another user's shared screen (IC) ms.18.label=Allow peer-to-peer application sharing (IC) ms.19.label=Enforce bandwidth limits ms.20.label=Maximum bandwidth size, in Kilobytes per second

To enable or disable a feature, locate the feature’s current-value and change to either 0 for disabled, or 1 for enabled. Some of these policy attributes have values other than 0 or 1, please check the Meetings Policy IDs document.

For example, to enable meeting recording, change the syntax of the ms.11.label current-value from 1 to 0.

<p:policy-attribute id="ms.11" visible="true" description="" label="ms.11.label" possible-values="" possible-value-labels="" master-attribute-link="" default-value="1" current-value="0" type="boolean"/>

Modifying the Default or Anonymous Audio Video Policy

Note: These settings apply to the Sametime 9.x Media Services. The Sametime 11.6 Meeting Server policy is in the Instant Messaging Policy. See table 1.

Remote to the Sametime Community Server.
Browse to the Domino program directory (typically c:\Program Files\HCL\Domino).
Use a text or xml editor to open the policies.user.xml file.
Locate the correct template:
- To make changes to the default template, look for the line that begins with:
  <policy id="av.default.policy" weight="1">
- To make changes to the anonymous template, look for the line that begins with:
  <policy id="av.anonymous.policy" weight="0">

This is the beginning of the policy. From here, the policy is divided into attribute groups:

Table 3. **Table - 3**
Attribute group name	What is inside
avserver.policygroup	av.allowAccessToTPartyFromCListAndIM.label = Allow access to third-party service provider capabilities from contact lists, instant messages, and meetings av.allowChangesToPrefNumbers.label = Allow changes to preferred numbers av.avCapAvailableThroughSMS.label = Voice and video capabilities available through the Sametime Media Server av.allowWebClient.label = Allow Audio/Video use in the web browser av.allowMultipointCalls.label = Allow access to internal service provider for audio and video conferences av.enableSVC.label = Enable Scalable Video Codec Support av.enableClientEncryption.label = Enable encryption for client av.videoResolution.label = Video resolution av.customVideoResolution.label = Custom video resolution av.lineRate.label=Client line rate (kbps) av.ConferenceTemplateList
sut.policyGroup	sut.2024.label = Allow changes to the permanent call routing rule sut.2025.label = Allow use of "Offline" status in call routing rules
sutlite.policyGroup	av.allowSIPTrunking
av.mobilePolicy	av.allowMobileClient av.allowmobileWifiOnly av.mobileLineRate av.mobileAllowCallHistory
av.ConferenceDefaultTemplate	av.isGroupEnabled av.ConferenceTemplateName_Default av.allowCascadedConference av.conferenceMode_Default av.conferenceModeExperience_default av.ConferenceLineRate_Default av.ConferenceEncryption av.videoQuality_Default