The Login Administrator's Guide Ronald T. Kneusel version 2.0 September 1994 1. Preface The software described in this manual is designed as an aid to those who monitor and maintain networks of Macintosh computers and assumes a basic knowledge of the Macintosh, such as the ability to open drives and folders, create and name folders, how to open applications and perform mouse operations like clicking and dragging. Please consult the appropriate Macintosh user manual if these tasks are unfamiliar to you. 2. Introduction Login is a system of programs to track the people who use a network of Macintosh computers. It is _not_ a security system! In fact, it is rather easy for even a moderately knowledgable Macintosh user to subvert the system. Login relies on the system administrator to enforce security rules. Login requires a user to enter his or her name in order to use the Macintosh. It is the responsibility of the system administrator to get users to run Login to logout and shutdown the computer when finished. Once a name is entered it is checked against a master user list on the file server, if there is a match the program records the name, computer ID, date, and time and then terminates. If there is no match the program continues asking for a valid name. 2.1. Who Should Use this Program? Login was designed to be used in a small Macintosh lab with a central file server or with a single computer. Specifically, Login was designed for use in elementary through high school computer labs and has been successfully used in labs with more than 800 users. If high security is not required but you want to know who was using which computer and when, then Login is likely to be of use to you. 2.2. Who Should NOT Use this Program? This program is not for people who (a) do not have a central file server but use a LocalTalk network for printer sharing, (b) require high levels of security (though Login has been used successfully with Apple Computer's At Ease program), or (c) have a lab that is for the most part run without an administrator to generate reports and enforce security. 3. System Requirements Login requires the following in order to operate: 1. A network of Macintosh computers with a central file server, or a single Macintosh. 2. Each Macintosh connected to the network must have a local hard drive. 3. Macintosh system software 7.0, or greater. In addition, the individual installing Login must have administrator access to the file server in order to create the Login folder that is required for Login to run. Login was tested with AppleShare 3.0 but should work with earlier versions of AppleShare. 4. Set Up 4.1. Before You Begin Before you begin installing Login make a backup of the Login distribution diskette and work from that. If you are using a single Macintosh that is not connected to a network skip ahead to the section titled _Single Macintosh Set Up_. 4.2. Networked Macintosh Set Up You need to think of a unique name for each computer on which you will install Login. This is the computer ID that will be used to identify each computer used and can be any string of characters that does not contain spaces or colons. Deciding ahead of time on a consistent and expandable system for naming the computers in the network will save time and effort in the long run. Examples might be simply assigning a number to each computer, or grouping the computers by location, identified by a letter and number, e.g. A3 or D8. The ideal naming scheme will be determined by the existing network. There is no practical limit to the number of computers that can be using Login at one time. Please follow the directions below in the order given. The file server must be configured prior to installing Login on the workstation computers. 4.3. File Server Set Up The following needs to be performed on the file server. If you have more than one file server on your network, choose one which can be accessed by all the computers on which you wish to run Login. First, on the file server, open the file server's hard drive and create a folder named Login by choosing New Folder from the Finder's File menu. This folder must be at the root level of the hard drive, not within another folder. A future version of Login might ease this requirement. Run the AppleShare Admin program found in the System Folder of the file server. Enter the appropriate administrator key when asked. The following instructions apply to those using version 3.0.1 of AppleShare Admin. Other versions will be similar. 1. Select 'Access Information...' from the Privileges menu. 2. Using the scroll bar if necessary, select the file server you wish to use from the list on the left and click the Open button. 3. Again, using the scroll bar if necessary, select the Login folder. 4. At the bottom of the window find the check boxes next to the word Everyone. These control the access information for the folder Login. All three of the check boxes must be clicked to give all file server users access to 'see folders', 'see files', and 'make changes'. 5. Save the changes and choose Quit from the File menu to exit the AppleShare Admin program. Now that the file server is prepared you can install the administration programs located on the Login diskette. Create a new folder on the file server named _Login Admin_ (or whatever) and drag the following files from the Login diskette to the newly created folder: 1. Admin -- the Login administration program. 2. Initialize -- initializes the datafiles. 3. Convert and Filter -- used to change text file formats, see the section 'Notes, Tips and Hints'. 4. Encrypt -- for encoding and decoding Login data files. Now, drag the file below from the Login diskette to the Login folder: 1. Names.DAT and Computers.DAT -- initially empty, these files hold the user names and computer names respectively. 2. Preferences.DAT -- holds the information that determines when Login will run. This completes the file server set up. 4.4. Workstation Set Up What follows must be repeated for every computer on which you wish to run Login. The process can be broken down into several steps: 1. Copying the Login and MakeLogin applications from the Login diskette. 2. Configuring the Chooser and locking the AppleShare Prep file. 3. Running the MakeLogin application to create the Login.DAT file that contains the computer ID and file server name. 4. Making an alias of the Login application and copying it to the Startup Folder in the System Folder. 4.4.1. Copying the applications from the Login diskette On the hard drive of the workstation create a folder named Login. Copy the applications Login and MakeLogin from the distribution diskette to the new Login folder by dragging them into the Login folder on the hard drive. 4.4.2. Configuring the Chooser and locking the AppleShare Prep file From the Apple menu select the Chooser. Click on the AppleShare icon and select the file server on which you just installed the administration software. Click the OK button. Select Guest login and click OK. Click the check box next to the name of the file server which has the administration software to set the Macintosh to login on startup. Click OK and exit the Chooser. Open the Preferences folder located in the System Folder of the computer's hard drive. Find the file named AppleShare Prep and click once on it. Select Get Info from the Finder's File menu and click the check box labeled locked. This locks the guest login setup ensuring that the Macintosh will login to the file server on startup. 4.4.3. Running the MakeLogin application The MakeLogin application is used to create the Login.DAT file that contains the ID for the computer as well as the name of the file server to use. Run the application by double-clicking the icon. When asked, enter the name chosen for the computer (short names work best) and enter the name of the file server as it appears under the icon on the desktop. Once the file Login.DAT has been created the MakeLogin application may be deleted to conserve hard disk space. Should the name you selected for this computer be in use already the MakeLogin program will alert you and ask you to run it again and use a different name if you wish. There are times, especially after a crash, when you will run MakeLogin again on a computer that is already registered with the Login system, in which case you will likely want to use the same name as before. 4.4.4. Making an alias of the Login application To run Login on startup you must put an alias of the actual application in the Startup Folder. Select the Login application and choose Make Alias from the Finder's File menu. Move this alias file into the Startup Folder in the System Folder and remove the `alias' extension to the name. This will make Login run on startup. It is the job of the system administrator to get users to restart their computers when they are finished. 4.5. Creating Login's data files Each time it was run the MakeLogin application added the name of the workstation computer to the empty Computers.DAT file that was copied into the administration folder on the file server. This list will be used by the Initialize application to create the particular data files where Login will store the information about who is using the computers and when. Open the administration folder on the file server and double-click the Initialize application to run the program. 4.6. Using the Initialize Application The Initialize application will allow you to select from three options: (1) initialize the datafiles, (2) clear the Names.DAT file, or (3) clear the Computers.DAT file. If this is the first time setting up the Login system the program will prompt you to locate the Login folder on the file server to create the Path.DAT file that is used by the Admin program. Then select the 'Initialize Data Files' option to create a data file for each computer. Use this program to clear the data files when they become too large or to clear the computer and user names. Use option 4 to reset the Path.DAT file should you need to move the Login folder after it is up and running. 5. Single Macintosh Set Up This section is for single Macintosh users, networked users may skip this section. To run Login on a single Macintosh follow the directions below: 1. Create a folder named Login on the hard drive and copy the following files to it: Login, MakeLogin, Admin, Initialize, Names.DAT, Computer.DAT and Preferences.DAT. 2. Double-click on the MakeLogin application. Enter any name for the computer and enter the name of the computer's hard drive as the name of the file server. 3. Make an alias of the Login application and place it in the Startup Folder located in the System Folder. This will run Login on startup. 4. Double-click on the Initialize application and select option 1 to create the data file after following the directions for creating the Path.DAT file. This is the file that stores all the information gathered by the Login program. Login is now set to run on a single Macintosh. 6. The Admin Program The Admin program is used to monitor the users of the network and to generate reports showing who has been using the network. Each of the menus and menu items are described below. The File and Edit menus are self-explanatory. Note, all Login data files, including the Names.DAT file, are encoded to prevent users from easily altering the data. Use the Encrypt application to encode and decode these files. This is particularly useful if you are using a method other than the Admin program to create the Names.DAT file. 6.1. The 'Reports' Menu 6.1.1. Lookup Name To search for a particular user use this option. 'Lookup Name' searches all the data files for the string entered. This is a substring search so entering `smith' will show all users with `smith' in their name. This option only prints to the screen. 6.1.2. Lookup by Computer 'Lookup by Computer' asks for a computer ID and displays all users of that computer. This option only prints to the screen. 6.1.3. Report by Date To create a report by date use this option. Use the TAB key to move from field to field and enter the month, day, and year (the current year is listed by default) for the starting and ending dates. Use numbers to represent the months, i.e. October is 10, etc. By default the output is sent to the screen, click the `disk file' box to send it to a disk file as well. If no boxes are clicked the output will be sent to the screen. This is an inclusive search and shows all matches for all computers. Clicking the mouse in the window will pause the display of names. Click it again to resume. 6.1.4. Report by Time Use this option to create reports based on a specified number of hours and minutes before the present time. You can enter any value for the hours or minutes fields, i.e. 0 hours and 90 minutes is the same as 1 hour and 30 minutes. The `Send to' boxes work as above. This report is useful for showing all the users for specific span of time, like a single classroom period. Use the mouse as above to start and stop the listing. 6.1.5 Preferences There are two possible formats that Admin can use to write reports to disk. The default format is a plain text file that includes header information. Use this option to select a spreadsheet format that has no header information and uses tab characters between fields. This makes it easy to paste the report into a spreadsheet. 6.2. The Utilities Menu 6.2.1. List Users Lists all the users in the 'Names.DAT' file. Use the mouse to pause. 6.2.2. Add Users Allows for the addition of individual users to the 'Names.DAT' file. For large groups of users see the section 'Notes, Tips and Hints' on other ways to set up the 'Names.DAT' file. 6.2.3. Remove Users Use this to remove a specific user from the 'Names.DAT' file, if found. 6.2.4. Login Settings Login Settings determines when the Login program will run. When a workstation computer is started the Login program reads the settings file and decides, based on the information read, whether to run or not. The settings dialog asks for several things: whether to run on Saturdays and Sundays, whether to stop after a certain time each day, and whether there is a range of dates on which Login will not run. These are provided as way to make Login more flexible so it can fit into as many different lab situations as possible. The defaults are `YES' to running on Saturdays and Sundays and zero to all other options. Use a zero to indicate that a particular option should not be used. Enter months as numbers and either `YES' or `NO', or `AM' or `PM' where appropriate. For example, the high school lab where Login was initially tested was used by outside groups on the weekends, in the evenings, and during vacations. By telling Login not to run after the end of the school day, on the weekends, and during vacations it was not necessary to force the outside lab users to deal with the system. 7. Notes, Tips and Hints 7.1. Alternate Methods for creating 'Names.DAT' If there are a large number of users it can be quite troublesome to enter all the names individually via the Admin program. Here are possible alternatives to using Admin to create the Names.DAT file. Names.DAT is a simple text file and can be edited with TeachText. Use TeachText to enter the names, _one name per line (press return at the end of the line) and in UPPERCASE only_. Login maps all input to uppercase so the names file must contain uppercase as well. This file must be encoded by the Encrypt program and named Names.DAT. Alternatively, you can get the file Names.DAT from another computer system and use it. Many school districts have a central computer system which should be capable of creating a file of user names in uppercase with one per line. Getting a file from one of these systems and putting in on the Macintosh can save a great deal of time. Often, the system that generates the file uses a text file format that is different from the one used on the Macintosh. If the text file is from one of those systems it will need to be converted with the Convert application included. Simply select the conversion to be performed and open the file. As the user must enter at least what is in the Names.DAT file to login it is important that multiple spaces be removed. If there are multiple spaces between say the first and last name use the Filter application to make multiple spaces into a single space. It also strips leading and trailing spaces. This method of creating Names.DAT has it's advantages but it requires a higher level of familiarity with the Macintosh than is needed to use the rest of the system. Again, the file must be encoded by the Encrypt application. 7.2. Tips on Selecting User Names When someone signs into the Login program the system scans the file Names.DAT for string that is contained in the string the user entered. This means that the string SMITH contained in the file Names.DAT will cause a match if the user entered JANE SMITH. It will also match JOHN SMITH and MICHAEL NESMITH. If this sort of flexibility is acceptable use SMITH in Names.DAT. If less flexibility is desired use the first and last name of each user. This also avoids ambiguity. Alternatively, it is entirely possible to use a student number or social security number in place of a name. 7.3. What Does the `*' After a Name Mean? The Login application screens the input searching for a select set of swear words and informs the user that they should wash their mouth out with soap if any are found. If the user then signs in after entering a swear word the name if flagged with an asterisk. This was added primarily to let teachers know which of their students are goofing off. 7.4. Why Do This and What Might Come? Login was written because I got tired of having students sign in on a sheet of paper. It made it difficult to track who was using what as they often failed to fill in the form properly. This is why I created Login. Future versions of Login will, depending on people using and paying for this system, allow the possibility of adding passwords as well as a user name. 8. Shareware Notice This program is being distributed as shareware. Fees in U.S. funds are as follows: 1. $10.00 for each computer up to $50.00 maximum. If you plan on using Login on more than five computers the fee is $50.00 for a single lab. 2. $75.00 for a single building site license with no limit on the number of labs or computers. 3. If you wish to use Login district wide or in more than one building contact me and we can come to an agreement as to what will constitute an appropriate fee. Please pay the fee for this program. This program is geared towards institutions and in general institutions can afford to pay the small fee required to use this program. Anyone who registers will be entitled to free updates, please give mail or e-mail (Internet or provide the gateway information) addresses. 9. Disclaimer and Address The software carries no warranty, either expressed or implied, about it's suitability to any purpose and the author assumes no responsibility for any loss or damage, of any kind, incurred through the correct or incorrect use of this software. This software and manual is copyright©1994, Ronald T. Kneusel. All rights reserved. Neither the software, nor this manual, may be copied, in whole or part, by any means, without the expressed, written approval of the author. This software is shareware and must be distributed in whole with this manual. This software may be included in collections of shareware provided the author is informed that it will be distributed in that manner. Send bug reports and/or comments to: Ronald T. Kneusel 8725 West Burdick Avenue Milwaukee, WI 53227 USA TEL: (414) 545-7557 or September 15, 1994