Default device preference and security setting values

The default device settings for users come from the HCL Traveler administration database default device settings document. Users can change their device preference settings from their devices, but only an HCL Traveler administrator can change device security settings. A Domino® policy containing HCL Traveler settings (a HCL Traveler Domino® policy) can be used to override the default device settings for individual users, groups, or organizations.

For the settings listed in the following table, select Lock value on device to prevent modification of the setting from a HCL Traveler client. Any settings without this option are always handled as locked.

Note: Settings in tables 1, 2, and 3 do not apply to devices with applications utilizing the Exchange ActiveSync protocol, such as the native applications included on Apple, BlackBerry 10 and Windows Phone and Tablet devices, unless otherwise noted.
Note: The default settings generally do not apply to HCL Traveler for Microsoft Outlook (HTMO) clients except as noted in Tables 1, 2, and 11. The settings in Table 11 Device Access settings apply, as well as some of the settings from Table 1 Sync settings and Table 2 Filter settings. The HTMO client controls the Sync and Filter settings unless applicable settings are locked in the Default settings. Exceptions to this are settings enforced by the server (Filter Limits (Email, Past Events, Future Events), Max attachment size - administrator (if set to 0) and Table 11 settings.
Table 1. Default Preferences > Sync settings
Setting Description Default value

Synchronize

Specifies the HCL Notes® items that should be synced to the HCL Traveler client.

This setting only applies to Exchange ActiveSync devices when the setting is locked either in the HCL Traveler default settings or a Domino® Policy.

This setting only applies to HTMO client when the setting is locked in the HCL Traveler default settings.

All of the following are selected by default: Email, Calendar, ToDo, Contacts, and Journal.

  • On HCL Verse for Android, if either mail or Calendar are selected, both mail and Calendar both sync.
  • HCL Verse for iOS always syncs Email, Calendar and Contacts.

Schedule

Define peak synchronization schedule and modes of synchronization to use for peak and off-peak hours.

The following options are selected by default:
  • Peak sync type: Always connected
  • Off-peak sync type: Always connected
  • Monday, Tuesday, Wednesday, Thursday, Friday
  • Peak start time: 8:00
  • Peak end time: 17:00

Disable sync when battery low

Select to prevent the HCL Traveler client from making non-user requested connections to the server while the battery is low.

Enabled by default.

Connect when roaming

Select to allow the HCL Traveler client to operate as normal, regardless of whether or not the device is on a roaming network. Otherwise the client will be prevented from making non-user requested connections to the server while the device is roaming.

Disabled by default.

For the settings listed in the following table, select Lock value on device to prevent modification of the setting from a HCL Traveler client. Any settings without this option are always handled as locked.

Table 2. Default Preferences > Filter Settings
Setting Description Default value

Email Body Truncation

Enables email body truncation. Characters beyond the default character value in the email body are truncated from the email body.

This setting only applies to HTMO client when the setting is locked in the HCL Traveler default settings.

Disabled

Maximum email Attachment Size Allowed - Administrator

Deprecated Specify the maximum combined size of all attachments in a document that can be synced to a device. This size is an administrator setting that mobile device users cannot change.
Important: Setting this field to zero disables all email and calendar attachments (including images) for all devices, including iOS Apple Mail client and HTMO clients.
Note: A non-zero value only applies to the deprecated Windows Mobile and Symbian OS based Nokia devices. The HCL Traveler server no longer requires an artificial limit to be placed on attachment size for other devices.
Note: Individual 'Prohibit download of attachments' settings exist under security settings for each device type as an alternative way to disable attachments.

4000 KB

Email Attachments

Enables automatic syncing of email embedded images up to the size configured in setting Email Attachment Size. This setting is not applicable to calendar events.

Email and calendar inline email images automatically sync to HCL Verse Mobile clients. The automatic syncing of email/calendar attachments and calendar embedded images is controlled by the Attachment Download setting configured on HCL Verse Mobile clients. Embedded images and attachments not automatically downloaded can be downloaded on request from the client.

This setting is not applicable to clients that use the Exchange ActiveSync protocol, such as the iOS Apple Mail app.

To disable synchronization of email and calendar attachments including images to devices, you can enable the Prohibit download of attachments setting by device type under Default Preferences > Security Settings. Alternatively you can set Maximum email Attachment Size Allowed - Administrator to 0.

Enabled

Email Attachment Size

Automatically download email embedded images smaller than this size when Email Attachments is enabled.

500 KB

Email Date Filter

Enables filtering email by the number of days specified.

This setting only applies to HTMO client when the setting is locked in the HCL Traveler default settings.

Enabled and 5 days

Filter Limit

Administrative setting that enforces a maximum mail filter window for users that either disable the mail filter or select a value greater than this limit from their HCL Traveler client. This setting applies to Exchange ActiveSync devices and HTMO clients.

Unlimited

High Importance Only

Select High Importance Only to synchronize only high importance emails. This setting only applies to HTMO client when the setting is locked in the HCL Traveler default settings.

Disabled

Calendar Date Filter Past Events

Enables filtering of past calendar events by the length of time specified.

This setting only applies to HTMO client when the setting is locked in the HCL Traveler default settings.

Enabled and 1 week

Filter Limit

Administrative setting that enforces a maximum past event filter window for users that either disable the past event filter or select a value greater than this limit from their HCL Traveler client. This setting applies to Exchange ActiveSync devices and HTMO clients.

Unlimited

Calendar Date Filter Future Events

Enables filtering of future calendar events by the length of time specified.

This setting only applies to HTMO client when the setting is locked in the HCL Traveler default settings.

Enabled and 3 months

Filter Limit

Administrative setting that enforces a maximum future event filter window for users that either disable the past event filter or select a value greater than this limit from their HCL Traveler client. This setting applies to Exchange ActiveSync devices and HTMO clients.

Unlimited

Journal Date Filter

Enables filtering of journal dates by the length of time specified. Note that no supported clients sync journal entries.

Enabled and 1 week

Filter Limit

Administrative setting that enforces a maximum journal filter window for users that either disable the journal filter or select a value greater than this limit from their HCL Traveler client.

Unlimited

ToDo Status

Enables display of only to do items with a status of incomplete

Enabled

Once a device has registered with the server and has received settings from the device profile, the device preferences cannot be changed by an administrator unless the settings are locked either in the default device preferences or a HCL Traveler policy. If the administrator changes the value of a locked setting, then this change is synced to the mobile device immediately. A mobile device user cannot change setting values from the device for settings that are locked by a policy. Unlike device preferences, any security setting changes made by the administrator are synced to the mobile device.

For the settings listed in the following table, select Lock value on device to prevent modification of the setting from a HCL Traveler client. Any settings without this option are always handled as locked.

Table 3. Default Preferences > Device Settings
Setting Description Default value

Device logging

Turns device client logging on or off.

Off

Device Log File Size Maximum

Sets the maximum log file size.

2000 KB

Always bcc myself

For Android based devices, select to automatically add responder's mail address to the bcc list.

Disabled

Table 4. Default Preferences > Security Settings > Android
Setting Description Default value

Require device password

Enables the requirement that devices have screen lock passwords. This option must be selected to use any of these sub-settings: Require alphanumeric value, Minimum password length, Auto lock period (maximum), Wrong passwords before wiping

The Violation Action you select for this option applies to all sub-settings (except for Wrong passwords before wiping device - if you enable Wrong passwords before wiping device, then the violation action for Require device password must be Enforce).

The default violation action is Report.

Disabled

Password type (OS 10+ only) Sets the password type Android 10 and later versions from the following options:
  • Low
  • Medium
  • High
Low password type allows:
  • Pattern
  • PIN with repeating (4444) or ordered (1234, 4321, 2468) sequences
Medium password type allows:
  • PIN with no repeating or ordered sequences, length at least 4
  • alphabetic, length at least 4
  • alphanumeric, length at least 4
High password type allows:
  • PIN with no repeating or ordered sequences, length at least 8
  • alphabetic, length at least 6
  • alphanumeric, length at least 6
Disabled

Password type (Pre-OS 10 only)

Sets the password type from the following options:
  • Unrestricted
  • Numeric
  • Alphabetic
  • Alphanumeric
  • Complex (OS 3+ only)
Note: HCL Traveler lists the order of password types (top-to-bottom) as weakest to strongest. Unrestricted is the weakest, and allows any type of password, including fingerprint and pattern. Note that if you select Unrestricted as the Password type, then the Password length setting is no longer applicable.

Disabled

Minimum password length

Smallest number of password characters allowed. Range is 4-64.

4

Auto lock period (maximum)

Number of minutes before device automatically locks when it is not being used. Range is 1-60 minutes.

30 minutes

Password expiration period (OS 3+ only)

Number of days after which the device password must be changed. Range is 0-730 days.

0 days

Password history count (OS 3+ only)

The number of unique passwords required before reuse of a password is allowed. Range is 0-50.

0

Wrong passwords before wiping device

Enables device to hard reset itself after the selected number of consecutive failed device password login attempts occur.

Disabled and 7 incorrect password attempts

Prohibit unencrypted devices (OS 3+ only)

Select to only allow devices that are encrypted to sync with the HCL Traveler server.

Disabled

Require application password

Select to require users to enter their HCL Verse password to access their HCL Verse client application and its data. This option must be selected to use any of these subsettings: Wrong passwords before wiping application data, Auto lock period|default.
Note: When using authentication systems that do not require a password to be entered for HCL Verse, such as Certificate Based Authentication, SAML2, or TOTP, the Require application password feature cannot be enforced and is not supported by the HCL Verse Android application.

Disabled

Wrong passwords before wiping application data Enables the device application to wipe the HCL Verse client application configuration and data after the selected number of consecutive failed application password attempts occur. Disabled and 7 incorrect password attempts
Auto lock period (maximum) Number of minutes after which the HCL Verse application automatically locks when not in use. Range is 1-60 minutes 30 minutes

Disable local password storage

Selecting this option will prevent the HCL Traveler password from being saved in application storage. Enabling this option will require the user to enter their HCL Traveler password whenever the HCL Traveler application service restarts, including at phone startup. HCL Traveler will not synchronize data until the password is entered.
Note: When using authentication systems that do not require a password to be entered for HCL Verse, such as Certificate Based Authentication or SAML2, the Disable local password storage feature cannot be enforced and is not supported by the HCL Verse Android application.

Disabled

Prohibit copy to clipboard

Select to disable the ability to copy HCL Traveler data to the device clipboard.

Disabled

Prohibit export of attachments to file system

Select to disable the ability to export attachments from HCL Traveler mail to the device's file system.

Disabled

Prohibit camera (OS 4+ only)

Select to disable any cameras on the device. This policy is only available on Android 9.0 devices and below.

Disabled

Require external mail domain validation

Enables a warning message requiring users to confirm that external mail addresses are correct when mail composed on the device is addressed to a user in a domain that is not included in the "Internal mail domains" list.

Disabled

Prohibit export of calendar to OS

Determines whether HCL Traveler can share its calendar information with the device OS.

Enabled

Prohibit export of contacts to OS

Determines whether HCL Traveler can share its contacts with the device OS.

Disabled

Prohibit devices incapable of security enablement

Prevents all devices which do not have the required security features from syncing with the HCL Traveler server. If set to disabled, all devices, with and without security features, can sync data.

HCL Traveler uses the Device Administrator feature added in Android 2.2. In order to enable this feature, the end user must agree to enable the device administrator on the device.

Android devices on which the end user has not enabled the device administrator profile for HCL Verse mobile client will not be allowed.

Disabled

Prohibit download of attachments

When enabled, devices will not be able to email and calendar attachments including images attachments from all HCL Verse Mobile applications when they sync with the HCL Traveler server.

Disabled

Allow only approved applications to access attachments

Selecting this option enforces that attachments synced to the device can only be viewed by applications that are defined in the Approved Application list.

Disabled

Prohibit use of untrusted certificates

When enabled, devices using untrusted certificates will not be able to sync with HCL Traveler.

Disabled

Require Mobile Application Management

When enabled, the HCL Verse for Android client must be managed by a Mobile Application Management (MAM) provider to be able to sync with the HCL Traveler Server.

Disabled

Note: For Apple device security settings, the only possible Violation Action is Enforce.
Note: As of November 2020, Google has removed several Device Admin APIs required to support the above Device Security settings on Android 10 and above devices. Please see this KB article for more details on the limitations.
Table 5. Default Preferences > Security Settings > Apple > Apple Mail
Setting Description Default value

Require device password

Enables requirement that devices have screen lock passwords. This option must be selected to use any of these sub-settings: Prohibit ascending, descending and repeating sequences, Require alphanumeric value, Minimum password length, Minimum number of complex characters, Auto lock period (maximum), Password expiration period, Password history, Wrong passwords before wiping device, Prohibit unencrypted devices.

The Violation Action of Enforce applies to all sub-settings for this field.

Disabled

Prohibit ascending, descending and repeating sequences

Prohibits the use of ascending, descending and repeating sequences. A sequence is considered 3 or more consecutive numbers or characters.

Disabled

Require alphanumeric value

When enabled, both alphabetic characters and numbers are required in the password.

Disabled

Minimum password length

Smallest number of password characters allowed. Range is 4-16.

4

Minimum number of complex characters

Smallest number of non-alphanumeric characters required. Range is 0-4 characters.

0

Allow only approved applications and built-in viewers to access attachments

Selecting this option enforces that attachments synced to the device can only be viewed by built-in viewers using HCL Traveler Companion or the HCL Traveler To Do application. Additional mobile applications are allowed to open attachments synced by HCL Traveler only if they are defined in the Approved Application list.

Disabled

Auto lock period (maximum)

Number of minutes before device automatically locks when it is not being used. Range is 1-60 minutes.

30 minutes

Password expiration period

Number of days after which the device password must be changed. Range is 0-730 days.

90 days

Password history

The number of unique passwords required before reuse of a password is allowed. Range is 0-50.

0

Wrong passwords before wiping device

Enables device to hard reset itself after the selected number of consecutive failed device password login attempts occur.

Disabled and 7 incorrect password attempts

Prohibit unencrypted devices

When enabled, only devices that support onboard data encryption are allowed to sync with the HCL Traveler server.

Disabled

Prohibit camera

Disables the camera on the device.

Disabled

Prohibit devices incapable of security enablement

Prohibit devices incapable of security enablement.

Prevents all devices which do not have the required security features from syncing with the HCL Traveler server. If set to "disabled", all devices, with and without security features, can sync data. However, as many of the security features as possible will still be enforced on every device.

The security features that a device includes depends on the version of the Exchange ActiveSync protocol that the device has implemented. Supported Apple iOS devices support all the settings available through HCL Traveler.

A device is considered "unsecured" if any of the security features it does not include are enabled in the security policy.

Disabled

Prohibit download of attachments

When enabled, devices will not be able to download email and calendar attachments including images from HCL Traveler applications when they sync with the HCL Traveler server.
Note: Enabling for Apple Mail will also prohibit download of attachments for HTMO clients.

Disabled

Note: For HCL Verse for iOS device security settings, the only possible Violation Action is Enforce and it cannot be changed.
Table 6. Default Preferences > Security Settings > Apple > HCL Verse
Setting Description Default value

Require application password

Enables the requirement to have an application password. This option must be selected to use any of these sub-settings except for:  Prohibit export of contacts to OS, Prohibit copy to clipboard, Prohibit export of attachments to file system and Prohibit download of attachments.

The Violation Action of Enforce applies to all sub-settings for this field.

Disabled

Password type

Sets the password type from the following options:
  • Numeric
  • Alphabetic
  • Alphanumeric
  • Complex
  • Server

Disabled

Minimum letters

Smallest number of alphabetic characters allowed. Range is 0-64. (For Complex password type only)

0

Minimum non-letters

Smallest number of non-alphabetic characters allowed. Range is 0-64. (For Complex password type only)

0

Minimum uppercase

Smallest number of uppercase characters allowed. Range is 0-64. (For Complex password type only)

0

Minimum lowercase

Smallest number of lowercase characters allowed. Range is 0-64. (For Complex password type only)

0

Minimum numeric

Smallest number of numeric characters allowed. Range is 0-64. (For Complex password type only)

0

Minimum symbols

Smallest number of symbol characters allowed. Range is 0-64. (For Complex password type only)

0

Minimum password length

Smallest number of password characters allowed. Range is 4-64.

4

Auto lock period (maximum)

Number of minutes before device automatically locks when it is not being used. Range is 1-60 minutes.

30 minutes

Password expiration period

Number of days after which the device password must be changed. Range is 0-730 days.

0 days

Password history count

The number of unique passwords required before reuse of a password is allowed. Range is 0-50.

0

Wrong passwords before wiping application data

Enables device application to wipe the HCL Verse application configuration and data after the selected number of consecutive failed application password login attempts occur.

Disabled and 7 incorrect password attempts

Prohibit ascending, descending, and repeating sequences

Select to prohibit the use of  ascending, descending, and repeating sequences

Disabled

Allow Touch ID

When enabled, and if the iOS device supports fingerprint recognition, users can unlock the HCL Verse application using Touch ID without having to enter their HCL Verse application password.

Disabled

Prohibit export of contacts to OS

Determines whether HCL Verse application can share its contacts with the device OS.

Disabled

Prohibit copy to clipboard

Select to disable the ability to copy HCL Verse application data to the device clipboard.

Disabled

Prohibit export of attachments

Select to disable the ability to export attachments from HCL Verse application.

Disabled

Prohibit download of attachments

When enabled, devices will not be able to download email and calendar attachments including images from the HCL Verse application when they sync with the HCL Traveler server.

Disabled

Require Mobile Application Management

When enabled, devices must be managed by a Mobile Application Management (MAM) provider to be able to sync mail with the HCL Traveler Server. Enforcement requires HCL Verse for iOS 12.0.7 or later.

Disabled

Note: For Windows Phone device security settings, the only possible Violation Action is Enforce. Settings defined here may also apply to Windows RT and Tablet devices. See Known limitations and restrictions section of the user documentation for more details about security policies with these devices.
Table 7. Default Preferences > Security Settings > Windows Phone
Setting Description Default value

Require device password

Enables the requirement that devices have screen lock passwords. This option must be selected to use any of these sub-settings: Prohibit ascending, descending and repeating sequences, Require alphanumeric value, Minimum number of complex characters, Minimum password length, Auto lock period (maximum), Password expiration period, Password history count, Wrong passwords before wiping device, Prohibit unencrypted devices and Prohibit download of attachments.

The Violation Action of Enforce applies to all sub-settings for this field.

Disabled

Prohibit ascending, descending and repeating sequences

Prohibits the use of ascending, descending and repeating sequences. A sequence is considered 3 or more consecutive numbers or characters.

Disabled

Require alphanumeric value

When enabled, both alphabetic characters and numbers are required in the password.

Disabled

Minimum number of complex characters

Specifies the required level of complexity of the device password. For the default value of 2, a password with both upper case and lower case alphabetical characters would be sufficient, as would a password with lower case alphabetical characters and numbers. For password enforcement with a combination of upper case alphabetical characters, lower case alphabetical characters, numbers and non-alpha numeric characters the required value should be set to 4. Range is 1-4.

2

Minimum password length

Smallest number of password characters allowed. Range is 4-16.

4

Auto lock period (maximum)

The number of minutes before device automatically locks when it is not being used. Range is 1-60 minutes.

30 minutes

Password expiration period

The number of days after which the device password must be changed. Range is 0-730 days.

90 days

Password history

The number of unique passwords required before reuse of a password is allowed. Range is 0-50.

0

Wrong passwords before wiping device

Enables a device to hard reset itself after the selected number of consecutive failed device password login attempts occur.

Disabled and 7 incorrect password attempts

Prohibit unencrypted devices

When enabled, only devices that support on-board data encryption are allowed to sync with the HCL Traveler server.

Disabled

Prohibit download of attachments

When enabled, devices will not be able to download email and calendar attachments including images from HCL Traveler applications when they sync with the HCL Traveler server.

Disabled

Note: For BlackBerry device security settings, the only possible Violation Action is Enforce.
Table 8. Default Preferences > Security Settings > BlackBerry
Setting Description Default value

Require device password

Enables the requirement that devices have screen lock passwords. This option must be selected to use any of these sub-settings: Prohibit ascending, descending and repeating sequences, Require alphanumeric value, Minimum number of complex characters, Minimum password length, Auto lock period (maximum), Password expiration period, Password history count, Wrong passwords before wiping device, Prohibit unencrypted devices and Prohibit download of attachments.

The Violation Action of Enforce applies to all sub-settings for this field.

Disabled

Prohibit ascending, descending and repeating sequences

Prohibits the use of ascending, descending and repeating sequences. A sequence is considered 3 or more consecutive numbers or characters.

Disabled

Require alphanumeric value

When enabled, both alphabetic characters and numbers are required in the password.

Disabled

Minimum number of complex characters

Smallest number of non-alphanumeric characters required. Range is 1-4 characters.

2

Minimum password length

Smallest number of password characters allowed. Range is 4-16.

4

Auto lock period (maximum)

The number of minutes before device automatically locks when it is not being used. Range is 1-60 minutes.

30 minutes

Password expiration period

The number of days after which the device password must be changed. Range is 0-730 days.

90 days

Password history

The number of unique passwords required before reuse of a password is allowed. Range is 0-50.

0

Wrong passwords before wiping device

Enables a device to hard reset itself after the selected number of consecutive failed device password login attempts occur.

Disabled and 7 incorrect password attempts

Prohibit unencrypted devices

When enabled, only devices that support on-board data encryption are allowed to sync with the HCL Traveler server.

Disabled

Prohibit download of attachments

When enabled, devices will not be able to download email and calendar attachments including images from HCL Traveler applications when they sync with the HCL Traveler server.

Disabled

Note: Several of these settings have a violation action that must be configured. The violation action executes on the device if the local device security setting does not match the security policy. The default violation action is Report.
Table 9. Violation action settings
Setting Description

Report

If the setting is not compliant, the violation is reported to Domino® Domain Monitor (DDM) on the HCL Traveler server. The mobile device user is notified on the HCL Traveler status screen with a security lock icon and a message.

Disable Synchronization

If the setting is not compliant, the violation is reported to the HCL Traveler server and any further syncing with the server is disabled. Syncing can be re-enabled only by fixing the security policy violation.

Enforce

The HCL Traveler client forces the setting on the device to match the setting in the security policy. For settings such as the device password, the mobile device user is prompted to enter a password for the device. If at any time the settings are detected to be non-compliant, the violation is reported to DDM on the server and syncing is disabled on the mobile device until the violation is corrected.

Table 10. Default Assignment settings
Setting Description Default value

Include users

The names of users or groups to which the default device preference settings apply.

Blank, which means all users.

To specify all members of a branch of a hierarchical name tree, use an asterisk (*) followed by a forward slash and certifier name, for example, */Sales/Acme.

Exclude users

The names of users or groups to which the default device preference settings do not apply.

Blank, which means no users.

Use an asterisk (*) to indicate all users. To specify all members of a branch of a hierarchical name tree, use an asterisk followed by a forward slash and certifier name, for example, */Sales/Acme.

Table 11. Default Preferences > Device Access
Setting Description Default value

Require approval for device access

Selecting this setting will make all new devices able to register, but not sync data with HCL Traveler. The device will be in a locked state until approved by the Administrator.

Deselected

Number of devices to allow per user before approval is required

This setting allows the Administrator to auto approve a given number of devices per user. The number refers to registered devices per user and is not time sensitive. For example if set to 1, the first device to register for a user will not require approval, but any new devices will. Completely deleting a device from the database and security record removes it from being considered in this calculation.

1

Optional: Addresses to notify when approval action is pending

This allows an Administrator to be notified when an approval action is required. The notification would include the User ID, Device ID, Device Type, and date of registration. The notification list can include users, groups and Mail-In DBs. The registering user will always receive a notification when a device registers and requires approval. The e-mail copy sent to the administrator includes a link to LotusTraveler.nsf.

Blank, which means no addresses