Last week, we wanted to roll out a new security policy containing an administrative ECL to all of our users. My tests indicated that we would have to sign the policy and the corresponding settings document with one of our server's id-files, because the only entry allowed to modify the local ECL was something like "*/SRV/ORG". We didn't want to bother out 1000+ users with unnecessary warning messages.
I thought the best way to achieve this would be to create a local replica of our Domino Directory, locally switch to the server's id in order to edit the documents, and finally replicate the changes back to the server replica. However, this procedure seemed quite error-prone, so I thought about using the good ol' signEZ by Ytria. I asked their support how I could achieve this, since the tool is normally only used for signing design-documents. Fortunately, they had a solution and told me to use a nice little addon, which is somewhat hidden at first sight. You'll find it within the EZ-Suite Installation Database, if you look at the following menu: "Actions -> Toolbar Extras -> Add signEZ "Sign Selected Note" button".
Unfortunately, this only did half the trick. When I used that signEZ function to sign the policy and the corresponding settings document with one of our server's id-file, i found that the ECL itself was still signed by myself. I had a look at the security settings document with scanEZ, but it seems that the ECL is not saved within the security settings document. Now I'm waiting for Ytria's development team to find out what's going on.