In order to more effectively use Symantec products in the Lotus Domino environment, there are several things a typical Domino administrator will want to consider before and after installation.

This document is divided into the following sections:

• Prior to installation
• Post installation considerations

Prior to installation
Before installing a Symantec product in the Lotus Domino environment, Symantec recommends doing the following in sequence to ensure a smooth installation:

• Select an ID to run the agents Symantec products use.
• Modify the rights of the selected ID, if necessary.
• Place the selected ID on the Execution Control List (ECL) or Administrative ECL.

Select an ID to run the agents Symantec products use
Before installing a Symantec product, choose an account that will run the agents used by Symantec AntiVirus/Filtering or Norton AntiVirus in the Lotus Domino environment.

The account chosen for this task can be either a user ID or a server ID. In either case, the ID needs certain rights for the Symantec product to work completely as expected.

Modify the rights of the selected account, if necessary
The ID selected needs to have the right to run unrestricted LotusScript/Java agents (in Domino 6, unrestricted methods and operations). Use the following steps to grant this right to the selected ID if it does not already have this right.

Lotus Domino 5
Grant the "Run unrestricted LotusScript/Java agents" right to your administrator or server ID.

1. Open the Domino Administration client, and select the Configuration tab.
2. Click All Server Documents under the Server section.
3. Click the correct Server Document, and then click Edit Server.
4. Click the Security tab.
5. Insert the user or server ID that will be used to sign the databases in the "Run unrestricted LotusScript/Java agents" box.
   
   NOTE: An alternative to inserting the account is to insert a group that the ID is a member of, such as Administrators or LocalDomainServers.

Lotus Domino 6
Grant the "Run unrestricted methods and operations" right to your administrator or server ID.

1. Open the Domino Administration client, and select the Configuration tab.
2. Under the Server section, click All Server Documents.
3. Click the correct Server Document, and then click Edit Server.
4. Click the Security tab.
5. Insert the user or server ID that will be used to sign the databases in the "Run unrestricted methods and operations" box.
   
   NOTE: An alternative to inserting the account is to insert a group that the account is a member of, such as Administrators or LocalDomainServers.

Place the selected ID on the Execution Control List (ECL) or Administrative ECL
The ID selected in the first section must also appear on the ECL of the workstation the Symantec product will be administered from. Make sure that this ID has these rights:

• Access to current database
• Access to environment variables
• Access to external code
• Access to external programs
• Ability to read other databases
• Ability to modify other databases
• Ability to export data.

Post installation considerations
After an ID has been given the correct rights on both the server and the workstation, the Symantec product can be installed.

Once the installation is complete, all databases created during Domino server startup should immediately be signed by the ID. Please see the document How to sign Symantec Mail Security for Domino databases for instructions on signing databases. 

The Symantec product may now be used normally. However, it is recommended that, for security reasons, the Access Control List be modified. After installation, the Default access is Manager, and we recommend that access to the Symantec databases be limited.