Lotus Nut

A little known ECL setting for Domino is "<ECLOwner>". Adding this in as an entry to the ECL will allow you to control exactly what the workstation user can do with code signed as himself and running on the workstation. More information can be found here. Recently I have seen where -Default- has allowed all of the methods (please, do NOT have your ECL configured this way!!!) and when it was previously removed in testing the users were prompted to add ECL entries for themselves when opening folders (or doing other such things). The solution is to grant <ECLOwner> the proper rights first and then to begin the process of revoking rights for -Default- and "No Signature".

And if you haven't looked in a while, please go review your ECL (carefully, don't just go revoking people and make sure the account you use has access to modify the ECL within the ECL so that you don't have users receiving those prompts!)