I was doing a review for a client and noticed something new about lotus notes 6.x. If you go into the address book, highlight a user, click on the Details button, and go to the Administration tab, it provides the
- Computer Name
- OS version
of the user. Check out the graphic.

Makes it real easy to find a user's main computer on which Notes is installed.

Also makes it much easier to determine whether a user in on the network or not. You can ping them and see what subnet they're on or where they're VPN'd in, etc., assuming you know the different subnets at your business.

Also makes it easier to do scans and pen testing of specific individuals, like your CIO.

Hi

Work a long time with Lotus Notes and never saw these .
But its intresting how many machines have accessed my E - Mail Account !
I will go on an find the people and ask them what they wan't on my Account. Becuase Only Workers from my sector ( Administrators ) can have access to make me Calendar entries.

THX

There's also an add-on to Notes called Wolcott. It provides even more info when it queries the machine and allows SMS-like pushes of software to PCs. Great, now the Notes folks will be pushing crap out too. I'll have to find out how to block it like I did SMS.

Getting back to the first subject, how much of a risk do you see this info disclosure? I doubt the average user is going to notice it, but those who do are going to make use of it. I talked to the local Notes admin about locking that tab, but he said you'd have to make some substantial changes to the address book and she didn't want to do that.

Anyone know anything more about this?