Operations for Office Groove Server 2007, Part 2

Operations for Office Groove Server 2007, Part 2

Microsoft Corporation

Published: June 2007

Author: Office IT and Servers User Assistance ()

Editor : Office IT and Servers User Assistance ()

Abstract

This book provides procedures for working with Groove management domains in an environment of onsite servers or Groove Enterprise Services. The main audience for this book is Groove domain administrators.

The content in this book is a copy of selected content in the Office Groove Server Technical Library (http://go.microsoft.com/fwlink/?LinkId=93923) as of the publication date above. For the most current content, see the technical library on the Web.

1

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, email address, logo, person, place or event is intended or should be inferred.

© 2007 Microsoft Corporation. All rights reserved.

Microsoft, Access, Active Directory, Excel, Groove, InfoPath, Internet Explorer, OneNote, Outlook, PowerPoint, SharePoint, SQL Server, Visio, Windows, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

2

Contents

Introduction to Operations for Office Groove Server 2007, Part 2 9

Groove Management Domain Operations 9

I. Managing Groove Domains 10

Viewing and Editing Management Domain Properties 10

Configuring Management Domain Affiliation 12

Changing Reset/Recovery Private Keys and Key Locations 13

Setting Up Cross-Domain Certification 16

PKI Basics 17

Cross-Certifying Management Domains 19

Exchanging Groove Domain Certificates 19

Viewing Cross-Certified Domains 23

Deleting Cross-Certified Domains 23

Migrating Users to Another Domain 24

Before You Begin Migrating Users 24

Automatically Migrating Users to Another Domain 26

Migrating Domain Members 27

Checking Migration Status 29

Reviewing Migration Events 30

Canceling Migration 31

Manually Migrating Users to Another Domain 32

Adding, Editing, and Deleting E-mail Templates 34

Creating Groove Manager E-mail Templates 34

Editing Groove Manager E-mail Templates 36

Deleting Groove Manager E-mail Templates 36

Editing Domain Administrator Roles 37

II. Managing Groove Users 38

Overview of Groove User Management 39

Managing Domain Member Groups 41

Adding Groups to a Domain 42

Viewing Domain Groups 43

Viewing and Editing Group Properties 44

Viewing Group Members 46

Deleting a Group 47

Adding Groove Users to a Domain 48

Adding an Individual Member to a Domain Group 49

Adding Multiple Members from an .XML File 50

Adding Multiple Members from a .CSV File 53

Importing Members from a Directory 55

Working With Imported/Integrated Members 55

Importing Domain Members from a Directory 57

Enabling Groove Account Configuration 60

About Distributing Account Configuration Codes 60

Sending an Account Configuration Code from Groove Manager E-mail 63

Sending an Account Configuration Code Via Personal Distribution 65

Provisioning Managed Groove Users 66

Provisioning Domain Groups 66

Provisioning Domain Members 67

Viewing Domain Members 67

Viewing and Editing Domain Member Information 70

Finding Domain Members 75

Moving Domain Members to Another Group 77

Exporting Domain Members 78

Disabling and Enabling Domain Members 80

Disabling Domain Members 80

Enabling Domain Members 81

Deleting Domain Members 81

Purging Member Relay Queues 83

Creating an LDAP Search String 84

Initiating Client Contact With a Groove Manager 87

III. Managing Groove Identity Policies 87

Overview of Groove Identity Policies 88

Creating Identity Policy Templates 89

Changing Identity Policy Templates 90

Changing Identity Policy Templates for a Group 90

Changing Identity Policy Templates for a Group Member 91

Editing Policy Template Names 92

Cloning Policy Templates 92

Deleting Policy Templates 93

Viewing and Editing Identity Policies 93

Automatically Managing Devices During Account Configuration or Logon 94

Requiring Managed Devices 96

Controlling Identity Publication 96

Backing Up and Restoring User Account Data 97

Backing Up Groove Account Data 98

Restoring Groove Account Data 99

Controlling Login Credential Reset and Data Recovery 101

Login Credential Reset vs. Limited Data Recovery 102

Selecting a Login Credential Reset Policy 103

Resetting Groove Login Credentials 104

Before You Begin a Password Reset 105

Automatic Reset of Groove Login Credentials 105

Manual Reset of Groove Login Credentials 106

Client Login Credential Reset 108

Customizing Reset Instructions 109

Setting Up Data Recovery on Managed User Devices 109

Managing User Interaction with Unknown Identities 113

Verified or Certified vs. Unknown Groove Identities 113

Setting Up a User Verification Policy 115

Setting a Groove Version Requirement 116

Specifying Enterprise PKI Certificates 117

Setting Time Limit on Valid PKI Certificates 118

Blocking Files of Specific Types 119

Groove Domain Member Policies 119

Groove Security Policies 123

IV. Managing Groove Device Policies 126

Overview of Device Policies 127

Registering User Devices with the Groove Manager 128

Overview of Device Registration 129

Registering Devices in a Management Domain 130

Stopping Device Management 131

Creating Device Policy Templates 132

Changing Device Policy Templates 132

Changing Device Policy Templates for a Group 133

Changing Device Policy Templates for a Group Member 133

Administering Device Templates 134

Viewing and Editing Device Policies 135

Preventing Multiple Accounts on a Managed Device 136

Preventing Account Import 136

Requiring Managed Domain Devices for Managed Domain Members 137

Setting Groove Login Password Policies 138

Setting Smart Card Login Policies 138

Controlling Messenger Integration 139

Controlling Groove Directory Searches 140

Locking Out Accounts 141

Setting Strong Private Key Protection 142

Controlling Direct Access to Remote Web Services 142

Controlling Groove Tool Usage on Managed Devices 143

Restricting Tool Usage 143

Tool Usage Recovery After Restriction is Removed 144

Limiting Groove Bandwidth Usage for Devices 145

Overview of Groove Bandwidth Policy 145

Setting Groove Bandwidth Limit 146

Enabling Groove Client Auditing 147

Groove Account Policies 149

Groove Client Policies 150

Groove Device Security Policies 156

Groove Audit Policies 163

V. Managing Groove Relay Servers 165

Overview of Relay Server Provisioning 165

Adding a Relay Server to the Groove Manager 166

Adding a Relay Server Set to a Domain 168

Adding Relay Servers to a Set 169

Editing Relay Server Set Names 170

Viewing Domain Relay Servers 171

Viewing Relay Servers in a Set 172

Changing Relay Server Sets 173

Changing Relay Server Sets for a Group 173

Changing Relay Server Sets for a Group Member 174

Reordering Relay Servers in a Set 174

Deleting Relay Servers from a Domain 175

Deleting Relay Servers from a Set 176

Deleting Relay Server Sets 176

Editing Relay Server Properties 177

Locking out and Re-enabling an Onsite Relay Server 179

VI. Viewing Groove Domain Reports 179

Viewing Groove Manager Reports 179

Filtering Groove Manager Reports 180

Exporting Groove Manager Reports 182

Groove Manager Domain Reports 183

Audit Log Report 183

Audit Log Report Fields 183

Audit Log Filtering Fields 184

Member Activity Report 185

Member Activity Report Fields 185

Member Activity Filtering Fields 187

Groove Usage - Member Report 191

Groove Usage - Member Report Fields 191

Groove Usage - Member Filtering Fields 192

Groove Usage - Tool Report 194

Groove Usage - Tool Report Fields 194

Groove Usage - Tool Filtering Fields 195

Groove Usage - Workspace Report 196

Groove Usage - Workspace Report Fields 196

Groove Usage - Workspace Filtering Fields 198

Detailed Reports 200

Sample Groove Manager Report Filters 201

Show Audit Log for User During Past Week 202

Show Audit Log for Administrator in Date Range 202

Show Most-Used Tools 202

Show Members Whose Accounts Have Never Been Backed Up 203

Show Members Who Used Groove Since Last Backup Date 203

Show Members With Managed Accounts On Multiple Devices 203

VII. For Groove 3.0e or Earlier - Password Reset and Data Recovery 204

Controlling Login Credential Reset and Data Recovery (Groove 3.0e or Earlier) 204

Resetting Groove Login Credentials for Managed Devices (Groove 3.0e or Earlier) 205

Administering Centralized Reset of Login Credentials (Groove 3.0e or Earlier) 206

Client Reset of User Login Credentials (Groove 3.0e or Earlier) 208

Customizing Reset Instructions for Managed Devices (Groove 3.0e or Earlier) 209

Setting Up Data Recovery on Managed Devices (Groove 3.0e or Earlier) 210

Data Recovery Fundamentals (Groove 3.1 or Earlier) 210

Recovering User Data (using the Data Recovery Tool, Groove 3.1 or Earlierl) 212

VIII. For Groove 3.1 or Earlier - Setting Component Policies 215

Component Policy Basics (Groove 3.1 or Earlier) 215

Customizing Component Installation Policies (Groove 3.1 or Earlier) 217

Deleting Component Installation Policies (Groove 3.1 or Earlier) 223

Managing Groove Platform Upgrades (Groove 3.1 or Earlier) 224

Prevent Platform Upgrade (Groove 3.1 or Earlier) 224

Allow Platform Upgrade To Current Version (Groove 3.1 or Earlier) 227

Allow Platform Upgrade To Interim Version (Groove 3.1 or Earlier) 228

Allow Platform Upgrade But No New Tools (Groove 3.1 or Earlier) 230

Groove Component Versions (from 2.0a to 3.1) 231

IX. For Groove 3.1 or Earlier - Managing Groove Product Licenses 235

Overview of License Provisioning (Groove 3.1 or Earlier) 236

Adding Groove Licenses to a Domain (Groove 3.1 or Earlier) 237

Adding a License Set to a Domain (Groove 3.1 or Earlier) 238

Adding Groove Domain Licenses to a Set (Groove 3.1 or Earlier) 239

Editing License Set Names (Groove 3.1 or Earlier) 240

Viewing Domain Licenses (Groove 3.1 or Earlier) 240

Viewing Licenses in a Set (Groove 3.1 or Earlier) 241

Viewing License Information (Groove 3.1 or Earlier) 242

Changing License Sets (Groove 3.1 or Earlier) 242

Changing License Sets for a Group (Groove 3.1 or Earlier) 243

Changing License Sets for a Group Member (Groove 3.1 or Earlier) 244

Deleting Licenses from a Domain (Groove 3.1 or Earlier) 244

Deleting Licenses from a Set (Groove 3.1 or Earlier) 245

Deleting License Sets (Groove 3.1 or Earlier) 246

Distributing Licenses to Unmanaged Users (Groove 3.1 or Earlier) 247

Viewing Licenses for Unmanaged Users (Groove 3.1 or Earlier) 248

Revoking Licenses from Unmanaged Users (Groove 3.1 or Earlier) 249

Adding More Seats to a License Package (Groove 3.1 or Earlier) 250

Using the Enterprise License Pack (Groove 3.1 or Earlier) 251

8

Introduction to Operations for Office Groove Server 2007, Part 2

Groove management domain administrators, utilizing a Groove management interface hosted by onsite servers or Groove Enterprise Services, are responsible for overseeing Groove user and device activity and disseminating the required Groove usage and security policies to domain members. Domain administrators can find procedures for these and related tasks in the Management Domain section of this book.

Groove Management Domain Operations

The section provides information for Groove management domain administrators, working from onsite Groove Servers or from hosted Groove Enterprise Services. Click one of the links in this section, depending on your information needs.

In this section:

Managing Groove Domains

Managing Groove Users

Managing Groove Identity Policies

Managing Groove Device Policies

Managing Groove Relay Servers

Viewing Groove Domain Reports

For Groove 3.0e or Earlier - Password Reset and Data Recovery

For Groove 3.1 or Earlier - Setting Component Policies

For Groove 3.1 or Earlier - Managing Groove Product Licenses

I. Managing Groove Domains

Management domains are organizational units defined in the Groove Manager. The following sections provide information about the ongoing administration of Groove management domains defined on the Groove Manager.

In this section:

Viewing and Editing Management Domain Properties

Configuring Management Domain Affiliation

Changing Reset/Recovery Private Keys and Key Locations

Setting Up Cross-Domain Certification

Migrating Users to Another Domain

Adding, Editing, and Deleting E-mail Templates

Editing Domain Administrator Roles

Viewing and Editing Management Domain Properties

Your Groove Manager server administrator creates management domains. You, or anyone with a server or domain administrator role in an RBAC-supported environment, as described in Editing Domain Administrator Roles, can view domain information and edit a domain’s configurable properties.

To edit management domain properties:

1. Go to the Groove Manager administrative Web site and select your management domain in the navigation pane.
2. Click Domain Properties in the toolbar. The Domain Settings page appears.
3. From the Domain Settings page, edit the fields shown in the following table as necessary, then click OK.
Domain Settings Fields
/ Descriptions
/
Domain Name / Specifies the name of the domain. The Groove Manager supplies an initial domain name, which you can edit as needed.
Contact E-mail / Specifies the e-mail address of the contact administrator for the domain.
Description / Specifies an optional description of the domain.
Certificate Authority (CA) name / Information only. Appears if the Groove PKI option is selected.
Displays the CA name assigned to the domain by the server administrator during domain creation, if Groove PKI is the chosen identity authentication system.
When displaying a member’s domain affiliation, show: / Determines the level of information displayed in domain members’ Groove contact information, as follows:
· Domain only - Display’s each managed user’s name, followed by the management domain of which the user is a member.
· Domain and group - Displays each managed user name, followed by the management domain/group/subgroup... of which the user is a member.
For more information about setting up domain affiliation, see Configuring Management Domain Affiliation.
Default: Domain only
Support license management for Groove Virtual Office clients version 3.1 and earlier / Enables administrative interface features that allow you to manage licenses of management domain members who are running Groove version 3.1 or earlier.
See For Groove 3.1 or Earlier - Managing Groove Product Licenses for more information about this property.
Number of days that members can be inactive before being removed from the domain’s contact directory / The number of days that members can be inactive before being removed from the domain’s contact directory. A member is considered inactive when not logged into Groove.
Default: 15
Number of days that devices can be inactive before being removed from domain / The number of days of Groove device inactivity after which the Groove Manager removes domain member devices from device lists. A device is considered inactive when not running Groove. If a domain member logs back into Groove on a removed device, the device is re-instated in the domain upon contact with the Groove Manager.
Entering a value of ‘0’ specifies that devices will not be removed from device lists after any period of inactivity.
Default: 90
4. To change login credential reset (or data recovery) settings, click the Password Settings tab and edit the fields described in Changing Reset/Recovery Private Keys and Key Locations, then click Apply to apply settings without saving, and OK to save.
5. To cross-certify another domain, click the Cross Domain Certification tab and edit the fields described in the Cross Domain Certification Fields (available for Groove PKI only) table as necessary, then click Apply to apply settings without saving, and OK to save.
6. To set up automated domain migration, click the Advanced Settings tab and edit the field described in Automatically Migrating Users to Another Domain as necessary, then click Apply to apply settings without saving, and OK to save.

See Also: