home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
OS/2 Shareware BBS: Security
/
Security.zip
/
sec30250.zip
/
README.DOC
next >
Wrap
Text File
|
2001-07-24
|
108KB
|
1,948 lines
=======================
SecureEntry 3.0 Readme Build number : 250
=======================
Contents
1. GENERAL NOTES
2. CURRENT MAIN FUNCTIONS NOW IN BETA TEST PHASE
3. OS/2 FIXPACK LEVELS TESTED
4. UP AND RUNNING - FAST INSTALLATION -
5. IMPORTANT NOTES FOR SERVICING PREVIOUS DRIVERS
6. LIST OF CHANGES, FIXES AND ENHANCEMENTS
1. GENERAL NOTES
================
Welcome to SecureEntry 3.0 !!
***********************************************************************
If you are new to SecureEntry 3.0, please read carefully the
document 'SEINST.INF' (*) contained in this same diskette
before proceeding, and make sure you match the soft/hard Secure
Entry requirements before installing.
In any case, please take a look at the 'product delivery policy'
chapter in the same document, for any doubt on rights and
SeureEntry fixpack delivery policy.
***********************************************************************
(*) You can read it by unpacking it from the first installation diskette
by typing :
A:
UNPACK32 SEINST.IN@ destinationpath
and then :
VIEW destinationpath\SEINST.INF
2. CURRENT MAIN FUNCTIONS NOW IN BETA TEST PHASE
================================================
- Switch list component (build 130) (finished beta)
- Backup domain controller support (build 132) (finished beta)
- Personalized desktop component (build 137) (finished beta)
- Logs file size controller utility (build 137) (finished beta)
- Shortcuts component (build 148) (finished beta)
- Treelock editor (build 149) (finished beta)
- Floppy translator utility (build 156) (finished beta)
- Hooked objects component (build 165) (finished beta)
- EYCAD DD for systemwide
hotkeys and inactivity timeouts (build 181) (finished beta)
- Merlin WarpCenter component (build 182) (finished beta)
- SES emulator, for installing (build 184) (finished beta)
without the real Security
Enabling Services
- UCM dynamic refresh and (build 185) (finished beta)
UCM logging feature
- New EDYPHOTO tools for better (build 191) (finished beta)
support and problem determination
- Support for SMP environments (build 193) (finished beta)
- Coexistance w/other SES clients (build 205) (finished beta)
- RACF emulator (for UCM) (build 205) (finished beta)
- Public applications component (build 205) (finished beta)
- Workspace On Demand (WSOD) support(build 207) (finished beta)
- Support for AURORA (build 225) (finished beta)
(Warp Server for E-Business). (See note underneath for base
OS fix required if treelock is
to be used)
- Processes audit component (build 225) (finished beta)
- UCM under OS/2 environments (build 231) (finished beta)
Remember that this code is supplied as
evaluation code only. To run it in a
production environment, you must first
unlock it as explained in the 'UCM
administrator's guide'.
- Audit files browser (build 238) (finished beta)
- Incremental UCM updates feature (build 241) (finished beta)
- Compressed profiles UCM feature (build 242)
Note that before this function
is activated, all your branches
MUST be at level 242 (minimum)
Note also that you need UCM code
level V4.3 build 54 at the host site
minimum.
- Lotus Notes component (build 243)
Remember that for this component's
editor to work, you need Java1 support
with SWING installed, or Java2.
- Java API (build 248)
- Pasticket generation feature (build 248)
3. OS/2 FIXPACK LEVELS TESTED
=============================
Compatibility relation table to know which OS/2 fixpacks
are supported by each SecureEntry level
--------------------------------------------------------
Min. build
level required
- Warp 3.0 + FP17
- Warp 3.0 + FP22
- Warp 3.0 + FP26 (Build 102)
- Warp 3.0 + FP29 (Build 158)
- Warp 3.0 + FP30 (Build 173)
- Warp 3.0 + FP31 (Build 176)
- Warp 3.0 + FP32 (Build 176)
- Warp 3.0 + FP33 (Build 176)
- Warp 3.0 + FP34 (Build 181)
- Warp 3.0 + FP35 (Build 192)
- Warp 3.0 + FP36 (Build 196)
- Warp 3.0 + FP37 (Build 203)
- Warp 3.0 + FP38 (Build 210) Warning! SES is broken at this levels, so
- Warp 3.0 + FP39 either use the SES emulator or a higher tested
Fixack level, or do one of the following :
- Downlevel the SESDD32.SYS module to that one
from FP37.
- Pick the corrected module SESDD32.SYS from
ftp://service.boulder.ibm.com/ps/products/os2/fixes/v3.0warp
Remember to copy the module into x:\OS2\*
AND x:\OS2\BOOT\* directories.
- Warp 3.0 + FP40 (Build 215) Warning! Read comment (***) about installation
of MERLIN-FP10 and how to avoid SESDD32.SYS
trap. It applies for FP40 also.
- Warp 3.0 + FP41 (Build 225)
- Warp 3.0 + FP42 (Build 231)
- Warp 3.0 + FP43 (Build 238)
- Warp 4.0 (base)
- Warp 4.0 + FP1
- Warp 4.0 + FP3 Note : If you choose to use FP3, you NEED the patched
OS2KRNL located in :
ftp://service.boulder.ibm.com/ps/products/os2/fixes/v4warp/english-us/fp3krnl/
- Warp 4.0 + FP4
- Warp 4.0 + FP5
- Warp 4.0 + FP6 (Build 195)
- Warp 4.0 + FP7 (Build 203)
- Warp 4.0 + FP8 (Build 204)
- Warp 4.0 + FP9 (Build 210) Warning! SES is broken at this level, so
either use the SES emulator or a higher tested
Fixack level, or Downlevel the SESDD32.SYS
module to that one from FP8.
Remember to copy the module into x:\OS2\*
AND x:\OS2\BOOT\* directories.
- Warp 4.0 + FP10 (Build 216) (***)
Note that this level works correctly with
SecureEntry, although you may experience
a trap in SESDD32 when applying this OS/2
FIXPACK on a machine with SecureEntry or
other SES enabled product (whenever the
line BASEDEV=SESDD32.SYS is in your
config.sys at fixpack installation).
To avoid the problem, which can lead to an
unusable system, run the following program
BEFORE fixpack installation :
------------- cut here -------------------------------------------------------------
/*********************************************************************/
/* This program defers updating of sesdd32.sys to the second part */
/* of the fixpack installation by keeping it opened. Only necessary */
/* when applying FP10-WARP4 or FP40-WARP3 on a machine with */
/* an older fixpack and the line : BASEDEV=SESDD32.SYS in config.sys */
/*********************************************************************/
'@Echo off'
parse upper value VALUE("PATH",,"OS2ENVIRONMENT") with ":\OS2\SYSTEM"-1 bootdrive+1
rc=stream(bootdrive':\os2\sesdd32.sys','c','open read')
rc=stream(bootdrive':\os2\boot\sesdd32.sys','c','open read')
say 'You can now install the OS/2 fixpack..........'
say 'Do press a key when the fixpack is installed..'
'pause'
rc=stream(bootdrive':\os2\sesdd32.sys','c','close')
rc=stream(bootdrive':\os2\boot\sesdd32.sys','c','close')
------------- cut here -------------------------------------------------------------
- Warp 4.0 + FP11 (Build 224)
- Warp 4.0 + FP12 (Build 232)
- Warp 4.0 + FP13 (Build 238)
- Warp 4.0 + FP14 (Build 244)
- Warp 4.0 + FP15 (Build 248)
- Warp DD fixpack XR_d001 (Build 219) On top of a supported base
- Warp DD fixpack XR_d002 (Build 245) On top of a supported base
Note : If using this level of the device
driver fixpack, and only if SecureEntry is
installed with real SES (Security
Enabling Services), then you NEED to apply
the SES FIX : sesdd0926.zip and mouse.sys
which can be found in :
ftp://testcase.boulder.ibm.com/ps/fromibm/os2
to avoid traps during machine reboot.
- Warp Server for e-Business Note : Either install without treelock
support, or make sure you have the fixes
required for (PJ26930)
(basically a replacement for OS2KRNL)
- WSeB + FP01 (Build 238) If the SecureEntry path directory resides in
a JFS volume, you will additionally need
JFS0512.ZIP fix applied. This fix can
be obtained from :
IBM internal :
ftp://service.boulder.ibm.com/ps/products/os2/fixes/v4.5warp
IBM external :
ftp://ftp.software.ibm.com/ps/products/os2/fixes/v4.5warp/
- WSeb - FP02 (Build 248)
4. UP AND RUNNING - FAST INSTALLATION -
=======================================
Beware : We seriously recommend you to have a look into the online reference
before proceeding with the installation, as explained above.
WARNING: There have been reports of SecureEntry malfunctions in machines
where Object Desktop and/or XFolder where installed. Due to the
nature of this two products, we can not warrantee compatibility
at this time. Stay tuned...
1) You are using OS/2 WARP 3
a) If you do NOT want to install with the real OS/2 Security Enabling
Services (suggested), goto step b)
If you want to install with the real Security Enabling Services,
make sure you have installed the Security enabling services
SES package. This is contained in a file named SECURITY.BBS
which can be located at
ftp://service.boulder.ibm.com/ps/products/os2/warp.update.kit/warpses
follows an extract from the readme files for fast installation
Unpacking the security.bbs file
-------------------------------
If the security.bbs file is on drive d: as an example, and you wanted
to unpack the files to drive e: to prepare for the installation,
do the following:
1. From a command prompt run:
unpack2 d:\security.bbs e: /c
2. This will create a e:\secpack directory where the
installation program can be started.
3. To begin the installation, type the following commands at an
OS/2 command prompt and press Enter after each:
e:
cd \secpack
Then type the following command and press Enter:
instses
b) Now, and without a reboot needed, install (if not already present),
any OS/2 WARP3 fixpack above level 17.
NOTE :
- If you did install SES in a), then reapply the fixpack even if
that level was already present, to make sure any SES fix is applied
- Suggested fixpack levels are FP26, FP31 or above
Now, Reboot the machine if you installed a fixpack or SES in previous
steps.
2) You are using OS/2 WARP 4 (Merlin) or Warp Server for e-business (Aurora)
a) Do a selective install of the Security enabling services (only if
you plan to install using this feature).
b) Apply (optionally) any OS/2 required fixpack
3) Common procedure
c) Unzip SecureEntry files into a directory of your choice, i.e
d:\sentry by typing :
PKUNZIP Sxxxxxx1.ZIP d:\sentry
PKUNZIP Sxxxxxx2.ZIP d:\sentry
PKUNZIP Sxxxxxx3.ZIP d:\sentry
PKUNZIP Sxxxxxx4.ZIP d:\sentry
PKUNZIP Sxxxxxx5.ZIP d:\sentry
d) Run d:\sentry\install to begin SecureEntry installation
Reboot and you are done... At the logon panel use :
Userid : EDYADMIN Password : PASSWORD in standalone installs
Userid : USERID Password : PASSWORD in LAN installs
Then open SecureEntry folder and start by reading the administrator's
guide.
5. IMPORTANT NOTES FOR SERVICING PREVIOUS DRIVERS
=================================================
For a full description of changes and fixes, see the list in the final
part of this same file. For specific information on new enhancements, do
not forget to read the online reference WHAT's NEW chapter.
1) If you are using UCM and servicing a machine with build level
previous to 250 you should perform the following steps :
Note1: Since SecureEntry build number 242, the minimum required
DB2 level for the UCM administration workstation is 5.0,
so please verify that you met this requirement before
proceeding.
Note2: if this is the first installation of UCM in this machine,
and not an update to an existing one, then refer to the
SecureEntry administrator's guide : Setting up the User
Centralized Management Workstation.
In the UCM administration workstation
-------------------------------------
a) Rebind the UCM applications. Follow the explanations in point
(6) underneath in order to know how to do it.
b) Run the EDYKWD.CMD to add up the name of the new allowable
components (i.e, warpcenter). This is only necessary if your current
SecureEntry level is less than 209. This program is located in the
SecureEntryPath, INSTALL directory. Remember to add to it the
names for your private components, if any before running it.
c) Run again the INSTSUB process at the UCM administration workstation,
so that the new keywords are added to the subsystem data. This
program is located in the SecureEntryPath, INSTALL directory.
At the host site
----------------
Install the host library and run the appropriate JCL job to add the
new tables and data to the host UCM database.
2) If you are installing on machines with build level previous to 176
and have a NLS (owned translated) version of the EDYERROR.MSG file,
beware that we have moved a couple of messages from position 680
to 880. It is VERY IMPORTANT that you rebuild your message file
with this change done before servicing. Note that it is not our
policy to move messages within this file, but there was no other
option.
3) If you are installing new machines on domains where other machines
have/had build level previous to 176, and were using the institution
dependant floppy encription algorithm, note that we have changed the
default install behavior of it by adding the environment variable
SGM_OVER_MK to config.sys with value 'ALL'. This means that in this
situation you would not be able to read diskettes created in those
older level machines. To overcome this, you have to change this
environment variable value to 'NONE'. You can do it automatically by
creating a CONFIG.ADD file with the line :
SET SGM_OVER_MK=NONE
and placing it in the root directory of the first installation
diskette or image directory.
4) If you are providing service to machines with build level previous
to 152, and using any REXX user exit code, you have to migrate the
EDYCUST.CMD, since the invocation parameter parsinging is now done
differently. To do this, simply obtain a copy of the mentioned file
from the API\SOURCES\EDYCUST directory of the new driver, and place your
user exit code in the appropriate location. Note that the parameter
passing for existing user exits procedures is mantained, so this is
only a matter of cut and paste. After you have done this, either put
this file as part of any installation disk in a EXEC directory, or
manually copy the file to the affected machines.
5) If you are providing service to machines with build level between
107 and 135, and were using 'institution dependant' floppy encription,
read the following :
After all, the previous floppy institution dependant encription
algorithm was not that much 'institution dependant', due to a bug.
We have fixed this. The drawback is that 'new' institution
dependant floppies are NOT compatible with 'old' ones. Because of
this, we have added another option in the 'encription' options for
the floppy restrictions component, named 'enhanced algorithm', which
corresponds to the old 'institution dependant' algorithm. It is
up to you to use the new algorithm (losing the ability to read
old diskettes), or keep on working with the old one. Note that
previous restrictions profiles do NOT need to be changed if
you keep on with the old algorithm.
6) If you are using UCM, and servicing a machine with build level
previous to 114:
We have changed the structure of DB2 packages to allow for more
flexibility when definig UCM database access in a per user basis.
This change is fully docummented in the online reference.
To install this change, first provide service to the machine, and then
you have to drop the old packages. Enter the following lines from a
command line in the UCM administrator machine :
DB2START
DB2 CONNECT TO dbalias USER userid USING password
DB2 DROP PACKAGE ucmsqid.EDYUCMCM
DB2 DROP PACKAGE ucmsqid.EDYUCMGR
DB2 CONNECT RESET
DB2STOP
Then bind the new packages from the SecureEntryPath, INSTALL directory :
DB2START
DB2 CONNECT TO dbalias USER userid USING password
DB2 BIND @EDYUCM.LST QUALIFIER ucmsqid
DB2 CONNECT RESET
DB2STOP
Now the only remaining task is to grant access to the desired users.
Refer to the EDYUCM command documentation to do so.
7) Note that from driver 90 and up, we have changed the group logon
assignement management algorithms to a real robust one. The drawback is
that if you had such logon assignements defined, you will have to
redefine them again. Now this information is stored within the
SecureEntry registry, and used when a new user is added to a group,
to generate the correct access control records. Before, we were trying
to infer the group logon assignements from the access control records of
users belonging to the group, but it had several problems which could
not be solved.
Additionally, if you are using the 'logoff uploads' feature,
i.e your users use either the personal desktop component or the treelock
audit in a per user basis, then you will have to reedit your group
access assignements to the alias 'SGMSHELL', giving them 'RWA'
permissions instead of just 'RW'. This will avoid receiving
'Error 53: OS Error 65 opening file \\servername\SGMSHELL\EDYREGDB.VLB'.
In order to do this automatically, a batch process which does exactly
this to your already defined SecureEntry groups has been added to the
INSTALL directory. Please logon as an administrator and run :
SecureEntryPath\INSTALL\SGMFIX.CMD (ignore errors if any..)
From now on all new SENTRY groups will be created with those permissions.
6. LIST OF CHANGES, FIXES AND ENHANCEMENTS
==========================================
Readout :
F : Major fix
f : Minor fix
B : Major bypass to other product problem
b : Minor bypass to other product problem
e : Minor enhancement
E : Major enhancement
- GA version (Build 72, 2/Oct/96) ----------------------------------------------
E - First code drop fully tested for Lan and standalone environments
- Changes included in 1st fixpack (Build 90, 23/Oct/96) ------------------------
F - Several fixes for UCM, includying
- EDYUCDIS traps
- Connect and disconnect from DB2 now left responsability of the admin utilities
- Improved performance managing DB2
- General porpose UCMADM.CMD added
F - 'Too many opened files' problem fixed
e - Lockup and moving icon now faster
f - Accelerator keys supressed from hidden buttons in EDYSNADM
e - A bit faster profiles activation
e - EDYERASE new utility
e - Added installation tools folder to workbench
f - Fixed wrong message for user account expired and connection denied when
using UCM/Lan Server
E - Added two new pages to EDYSES component allowing for customizing the list
of applications to show at shutdown and logoff, plus a separated
startup icon
f - Synchronized startup and logon panels so that no longer does the
desktop appear between both, plus icons started in the EDYSTART will
now be hidden behind the startup panel.
e - New associations added for default profiles to activate the editors/testers
e - Added RxUcm_GetUser Rexx api to obtain logged on userid data
f - Fixed problem where launchpad object gave 'cannot delete ...' at logoff
if desktop was with setup_default delete=no
e - Docummented the REXX API and better how to add your own components
E - Added Sentry protection against Sentry. I.e, if you logon as a
regular user (no admin), you will not be able to use the SecureEntry
tools. Only from user exits or superuser applications.
f - Fixed problem in the shutdown/logoff in progress dialogs taking quite
long to appear and wasting time.
f - Fixed Shutdown problems for complex environments
e - Added support for eXecute only flag in the treelock component
f - Fixed problem where background bitmap was not showing at lockup or
logon sometimes. This fix could improve strange performance
degradation situations.
e - Added 'Do you want to save changes?' dialog in the interactive
admin tool if you forgot to press the change button.
e - Added signature checkbox in the interactive admin. tool
to be able to put component profiles without touching them
e - Added support for UCM logoff
f - Fixed direct edition problems for desktop restrictions profiles, as
well as in the binary to text and text to binary compilers, specially
visible in NLS versions (Spanish), where desktop folder names are
longer.
f - Fixed error in installation utility which did not notice when you changed
installation environment unless an entry field was changed
f - Treelock audit log management fixed handling of files ending with EOF
(x1A character)
f - Fixed error which caused 'password expired' to be reported before
'invalid password' in standalone environments
f - Fixed error which caused the ses editor not to save properly the
lockup timeout value
f - Fixed error which could cause a hung in logoff/shutdown sometimes
f - Fixed error which could cause abends in administration tools when more
than one opened at the same time
e - Improved UCM logoff procedure so that not changed components are not
uploaded again
e - Improved interactive administration tool so that components edited but
not changed are not uploaded again
E - Added EDYCLINI. A OS2.INI maintenance tool
e - Synchronized lockup and logon panels so that they remain always in front
and with focus. (i.e, minimized CM icons will no longer be seen)
F - Fixed error when working with UCM where regular users (no admins) which
had components to upload at logoff would receive OS error 65 against
EDYREGDB.VLB file. This was because the default access privileges given
to the SGMSHELL directory were 'RW' , where for properly logoff uploads
had to be 'RWA'. See note 5) at the beginning of this document for
applying the fix to this problem.
f - Improved UCM administration performance, plus fixing error that
happened with certain levels of DB2/Host not retrieving UCM data in
proper order, which caused several repeated components to be displayed
through the administration tools.
e - Added the ability to show date and time in the logon and lockup panels,
through the use of the SES behavior configuration
e - Added the ability to select a timeout for the screen saver function
through the use of the SES behavior configuration
e - Changed support for Lan server environments logon assignements to a more
solid one.
e - Added the ability to define alias and home directories without specifying
server names, which will be resolved by the administration tool
at alias/home dir creation time
- Changes included in 2nd Fixpack (Build 100, 27/Nov/96) -----------------------
F - Fixed secure startup, broken in build 90 (no slider/log function)
e - Now when applying home directories, access is given automatically
e - New function : Now password expiration is supported by administration tools
e - Launchpad being edited now appears in foreground and white background
to be easily distinguished from the owners one
e - New edyutil feature to prefill logon params (NEXTLOGON)
e - EDYCLOSE now only kills processes accordingly with running context
f - Fixed bug in admin tools which caused RXUCM dll trap in get operations
f - Fixed launchpad component which was allowing users to drop things
to drawers
f - Fixed guest_logon which was not initializing the launchpad component
e - Added wildcards support for EDYSWL2, plus processing of *all*
matching tasklist entries instead of only the first one
e - Added NLS support for Lan Server agent error messages
f - Fixed treelock component that was trapping if the specified profile
did not end in a 0d0a pair
f - Fixed logon panel that was disappearing in some cases without reason
e - Added extra tolerance for emergency logon when comms were not
starting correctly
f - Fixed logon trap if error received was longer than 256 bytes
e - Added environment variables for setting up the path to the log files
(edyadmin.log and edysla.log)
F - Fixed processing of edystart.cmd not completing in fast machines due
to implicit restrictions of treelock premature activation
F - Fixed bug in administration tools that where losing LAN_DATA previous
properties after an update when working with UCM. i.e, you changed
a user property such as connection valid, then a Lan server property
such as script path and up on returning, connection valid was again
set to its default value (1).
f - Fixed trap in LS agent if homedir was blank for a given user
e - EDYSNADM added option 'show warnings', also stripped the
input fields that began/ended with blanks when working with UCM
f - Fixed date formatting to follow country specs in logon/unlock panels
f - Fixed 'could not set attributes' error if multiple logons at the same
time
- Changes included in 3rd Fixpack (Build 107, 24/Dec/96) -----------------------
e - Now force a consolidation to UCM if user was half defined in host
e - Changed error reporting in Lan server when resource not ready (now more
understandable)
e - NextUnlock new EDYUTIL functionality, plus added unlock user exits
f - Fixed timing dependant trap after installation/service in some instances
f - Treelock implicit restrictions were not allowing SecureEntry traces
to be started by regular users
f - Fixed desktop resrictions that were wrongly applied to non desktop
objects also if the NOWHERE directory was wrongly configured
e - Added desktop restrictions new environment variables to allow for
special handling of non-desktop objects and for spooler jobs
f - Fixed launchpad error induced in previous fix (SELP object could not
be created if it contained 0 drawer objects)
B - Fixed error not being able to start with OS/2 Fixpack 26. Now this is
the recommended OS/2 fixpack!.
e - Date/Time in the logon/unlock dialogs now follows the WorkPlace settings.
f - Reordered the pmshell loading so that the second PMSHELL is loaded
sooner (as with previous to 90 fixpacks), for performance reasons.
f - Fixed protection of unlock/logon/screensaver windows against background
tasks popping up their own windows.
e - Accelerated the screen saver icon speed x4, so that more visible effects
can be achieved
f - Fixed error where new components could not be added if the last
component definition line did not end in CRLF.
f - Fixed error where workplace shell was not starting in some instances
after logon
f - Fixed error where unlock was using the old password if it was
changed
f - Fixed accelerator keys in users and groups interactive administration
program
E - Added floppy 'institution dependant' encription mode
F - Fixed dialogs appearing behind logon/unlock sometimes
e - Reduced fileckering of moving icon in screen saver
E - Leave the background bitmap in logoff/shutdown from logon or unlock
panels so that the desktop behind can not be seen.
F - Fixed problem of icons wrongly appearing if 'save desktop settings' was
not checked in the desktop settings popup menu, due to reentrancy in
the objects style setting procedure.
f - Fixed error happening when reading EDYSES.INI that had been modified.
e - Added new options for managing desktop and folders object positions.
f - Fixed error where a CPU intensive task was stopping or delaying too
much the unlock/logon/logoff procedures. (i.e, DOS BOX tasks).
f - Fixed error where NLS messages were not displaying correctly at
logoff/shutdown from the unlock/logon panels
- Changes included in 4th Fixpack (Build 111, 24/Jan/97) -----------------------
E - Improved REXX user exits processing performance dramatically
e - Added user exits for shutdown and logoff from unlock dialog
e - Added support for global variables within REXX user exit command
e - Took out restriction of userids beginning with non numeric character
f - Fixed screen saver not sending first key correctly to underlying dialog
e - Added EDYE3270 command to control CM/2 emulator sessions
f - Fixed RC=4610 problem with edyswl2
e - Added SGM_INI_LOGPATH for placing the EDYLKINI.LOG file
e - Improved EDYSRV consolidation process
e - Added shadows of old (pre-installation) launchpad and SENTRY.SIG
objects into the Workbench service folder
e - Filter leading and trailing spaces at logon time for USERID
f - Fixed EDYWINE (Windows behavior editor). Several minor problems
e - Improved the online docummentation. Added UCM online reference
e - Improved security for handling of logoff and shutdown from
unlock panels. Now SecureEntry does its job to close 'inquiring
applications'.
f - Fixed error where launchpad editor was not prompting for save changes
if an object had been deleted from the editing launchpad
e - Improved a bit more the 'smoothing' of the moving bitmaps within the
screen saver
f - Fixed hole during protected startup in which ctrl-esc was functional
f - Fixed EDYSESE (SES editor). Several minor problems plus a trap during save
e - Added shadows within the service folder for several configuration files
e - Added 'C' API components for custom development
e - Changed behavior of User exit after logon. Now this user exit is called
even within a GUEST logon, plus receives the signed on user ID as a
parameter. Note that call convention compatibility is NOT broken with
existing user exit code.
e - Added edyutil SIGNAL function for event posting to user exits environment
F - Fixed background bitmap not closing in guest logons. This error was
introduced at abot driver build level 100
e - Added Max. Unlock attempts capability in the SES behavior
e - Added ability to leave confirmation-type dialogs with ESC
f - Fixed sentences remarked with a beginning ':' not recognized when
migrating the startup.cmd file
b - Attempt force password if Lan_server_fail error at signon to bypass
lan requester error in some cases returning 'Invalid access' instead
of 'Password too recently used'.
e - Added environment variable SGM_WPS_BEEP
f - Fixed user exit before inminent logoff was done AFTER killing living
processes. Now it is done BEFORE the kill operation. This gives the
possibility of terminating in an orderly way the user applications
through this user exit.
f - Fixed the desktop refresh init logic that could cause the assigned
desktop profile not to be refreshed correctly after the first logon
in the workstation
f - Fixed WP code for a strange error which caused the user launchpad
not to appear if one of the referenced objects had been deleted
- Changes included in 5th Fixpack (Build 119, 26/Feb/97) -----------------------
f - Fixed SES editor giving invalid call to routine when saving a profile with
certain bitmap fields just blanked out.
b - Implemented a workaround for Lan server returning invalid access in some
cases instead of invalid password.
e - Improved robustness of UCM now requesting for consolidation in even more
cases where integrity of information is jeopardized.
E - Improved logon performance for UCM based environments a lot, just by
not forcing a netbios add name every time we want to talk to EDYSRV.
To further improve it, users are encouraged to tune the NETBIOSTIMEOUT
and NETBIOSRETRIES of their PROTOCOL.INI in accordance to their network
necessities.
f - Fixed treelock which was overwriting unowned memory when using too short
profile files. (19 bytes or less)
f - Fixed installation checking for required FixPack level was always
allowing install.
e - Changed EDYSES activation so that you can dynamically now fully test this
profiles without the need to logoff/logon.
f - Fixed edystart was looking for EDYSTART.CMD in drive C: even if the
boot drive was D:
f - Fixed Nextunlock parameters that were not being cleared at logoff
e - Added new environment variable SGM_ALLOW_CAD and corresponding documentation
E - Changed UCM binding structure and added commands to improve granularity
for granting UCM administration access
f - Fixed EDYFLOPP.INI assigned to nouser by default not having the menu
associations properly set
- - Stripped from this readme file any reference to beta versions
e - Changed secure startup so that workstation startup dialog is not shown
if there is no edystart.cmd (more logical behavior)
e - Changed logon dialog logic so that minimum password length is checked
AFTER user exit before logon only if returned continue normal logon flow.
This allows for providing a guest user exit without the requirement to
have a password entered.
f - Unlock dialog was not being properly hidden if the validation password
was inhibited through EDYUTIL NEXTUNLOCK.
e - Improved logoff session processes termination by killing the detached
processes AFTER the foreground ones. Seems like saving some traps
when terminating ill behaved applications.
F - Changed screen saver not to process the moving icon if was configured
as not active in the SES profile. This fixes some performance problems
if large bitmaps were configured as moving icon.
e - Word proof passed to .INF doc
F - Fixed logon trap for standalone configurations using RACF validation
F - Fixed Lan Server agent not creating printer access control block correctly.
I.e, we were trying to create access control blocks for \PRINTER\*, where
it has to be \PRINT\*.
f - Fixed EDYSWL2 not treating wildcards as other modules ('*' is 0 or more chars
and was assuming 1 or more chars). Also now pattern matching is case
insensitive.
f - Fixed save desktop positions for folders were not saving view properties
f - Fixed Lan Server agent. Could not clear a logon assignment through the
administration tools.
F - Fixed windows behavior DLL for giving traps in certain conditions. i.e,
- When an empty profile was left in the NOUSER directory
- When a certain profile was in the NOUSER directory
- Also fixed an error which could cause unpredictable disfunctions
in PM code
- Made comparations case insensitive so i.e, *os/2 window* matches an OS/2 Window
- Streamlined the code and data required
F - Fixed Workplace objects handling :
- Sometimes scrollbars of opened windows did not behave correctly
- Trying to manage peer services objects could lead to a trap
- Improved shadows managing in some cases
e - Added confirmation dialog in resource assignement window of the
interactive administration tool if data had been changed and
attempting to leave the window.
f - Preventive fix for a possible error in EDYSLA due to accessing an
already free'd pointer.
f - Fixed EDYBGINI was giving trap when invoked without parameters
e - Improved launchpad code for gaining in activation performance
e - Improved security profiles activation done all now in multithread
to gain some performance in signon/signoff
f - Fixed EDYLNREF.EXE which was returning rc=1 even if successful. Now
returns 0.
f - Fixed windows behavior editor :
- Abending if attempting to save over a read-only profile
- Not visualizing menu strings containing blanks
f - Fixed trap in RXUCM when updating some user data against a UCM database.
E - Added possibility of filtering by process title within the 'processes to
show' list in the SES behavior profile, enclosing the title in double
quotes.
Added also the 'double click' feature within the logoff current processes
list in order to see the process names of the processes to be killed.
f - Fixed launchpad handling of net printer objects which were treated by
object ID when the lan requester does not assign an object ID to
client machines.
e - Added some customization tools under new folder in workbench
e - Added documentation about service.cmd parameters and batch support
for this command, for automated processing.
E - Changed desktop restrictions profile editor :
- Deals now with three state checkboxes which better accomodate to real
meaning of the switches, i.e 'leave style like that',
'force yes' and 'force no' status.
- Now you can double click on any element of the list to edit its
restrictions
- The list of restricted objects is now updated dynamically, so
no more need for the 'REFRESH' button
- New 'create shadow' page to choose under which circunstances a
shadow of the object being edited can be created
- Allow direct editing of default restrictions
- Allow direct editing of printjobs restrictions
- Allow direct editing of non-desktop objects default restrictions
e - Added online help for several workbench folders
e - Workstation startup window title added to EDYERROR.TXT for NLS translation
e - Added association with desktop restrictions editor for new desktop
restrictions profiles
E - Enabled installation process for NLS
e - Added documentation for inhibiting Alt-F1 sequence in the online ref.
F - Fixed unlock panel. If two times <Enter> key was pressed quick (or mouse
double-click over the OK button) after typing an invalid password, the
unlock dialog was disappearing.
e - Added SGM_PM_WAIT_B4_KILL environment variable for better control of
logoff behavior
e - Added EDYKILL.NOT configuration file for providing a workaround to
shutdown problems caused by system daemons which trap when killed.
- Changes included in 6th Fixpack (Build 128, 04/Apr/97) -----------------------
f - Fixed strange characters appearing after title in secure startup
F - Fixed EDYSWL2 breaked loop processing in previous fixpack, and
output listing tabbing
F - Fixed boot protection not working correctly for more than one physical
drive
B - Workaround in desktop restrictions for dedlock problem reported to warp
which caused WPS to hang at initialization some times.
e - Took out cmlib programs from EDYKILL.NOT, so that comms manager programs
will end at shutdown without prompting.
f - Added missing support and include files for development kit
e - Fixed <default> identification in desktop restrictions case insensitive
E - Added support in EDYWIN component for restricting windows behavior in a
per process basis
f - Fixed EDYSES editor that was abending in some instances when closing
an edition session
f - Changed installation OS/2 version check algorithm that was not working for
some NLS versions of OS/2 (i.e, italian Warp server)
F - Fixed EDYSRV that was not behaving correctly when multiple logon attempts
were done at the same time from different clients.
e - Changed session management dialogs so that now non system modal windows
appearing asynchronously will never be seen over the unlock or logon
dialogs. i.e, a 'float on top' launchpad is kept behind the unlock
dialog.
f - Fixed edylkini.log was not correctly put on boot drive's root, but was fixed
to c: drive, root directory.
b - Avoided traps at shutdown by comms manager caused by killing REMMAIN.EXE.
Note that this is a bypass solution, and the real error is in CM/2 trapping
if DosKill is used.
f - Fixed startup for a 'hole' that existed in overloaded machines between
startup dialog and logon dialog, where the desktop could be seen.
e - Better management of 'always mantain sort order' and 'save desktop
positions', which could cause trouble to WPS before.
e - Now always select the first visible desktop object after a desktop
restrictions profile apply.
f - Fixed EDYSRV that could some times be unloaded without apparent reason
after a while (days) working.
f - Fixed message handling by LMPs and agents, that where appending <CRLF>
pairs to the error messages, thus making it difficult to redirect.
f - Added messages in edyerror.txt so that now all user messages are there
(message ranges 930-937)
e - Changed logoff icons to others than those from Lan Server
e - Changed install procedure so that now you can distribute :
EDYERROR.MSG (by copying it in a:\EXEC)
Any file to the boot drive (by copying it in a:\BOOT) (no in use files)
Any file to any drive (by copying it in a:\x$) (no in use files)
You can also from now on distribute your .VLB file in a NOUSER directory
f - Fixed floppy restrictions component that could intermitently not
correctly set the profile restriction value.
i.e, in IBMPC 750 using IBMINT13.I13
b - Avoid completely the possible hungs when shutting down without previously
closing treelock log or audit files.
f - Fixed bug when detecting WARP 4 in the desktop restrictions editor which
prevented the restriction of menu entries such as 'OPEN PARENT'
e - Changed virtual keys association in EDYSNADM to lowercase for usability
reasons.
f - Fixed EDYWIN editor that was not noticing when <MODIFY> was being used
as a cause for prompting about saving current file at exit time.
- Changes included in 7th Fixpack (Build 136, 30/Apr/97) -----------------------
F - Fixed EDYSRV for RACF installations, that was slowly eating all of the
shared arena addressing space after several 100's of signons processed
f - Fixed small memory leaks in the password validation client programs.
E - Added the switch list component.
f - Fixed EDYSLA leaving one running thread after every logon/lockup, which
could potentially eat up machine resources very slowly
b - Bypassed SES problem which in some instances was messing up with EDYSLA
file handles, by adding a delay of 5 seconds at startup. This problem
has been detected only with Merlin and FP1.
b - Fixed problem in very fast machines which could cause shutdown not to
complete due to not processing PSSDEMON wake up event.
f - Fixed problem where CDROM drive was accessed when activating a treelock
profile to determine whether the log file resided in a HPFS or FAT
drive, causing a popup window to appear unless AUTOFAIL was set to YES
within config.sys.
e - Changed the low level ret. code for floppy restricted accesses, to
IOERR_UNIT_NOT_READY instead of IOERR_UNIT_NOT_ALLOCATED, which seems
to be better accepted by some applications.
b - Fixed lauchpad appearing with white background in some cases when not
in edition mode
f - Fixed launchpad to refresh action buttons restrictions after playing with
settings (were all being incorrectly enabled).
F - Made EDYBGBMP and EDYLKINI more robust and resistant to crashes depending on :
- Incorrect bitmap files
- Video driver clipping problems
b - Fixed a potential trap when applying transparent color to moving bitmap
e - Eliminated security hole at logoff where the NOUSER restrictions were
active for a while. Now the background bitmap is activated before the
'Logoff in progress' indicator, and before NOUSER profiles are reset.
f - Fixed installation process that was not updating the components database
when applying service
e - Made more robust the closing of running applications during logoff
e - Now during uninstal and when deregistering classes, more meaningful
information is displayed.
F - Fixed handling of original objects styles at uninstal time
E - Added backup domain controler support for Lan Server environments
e - Modified the .MAK procedures for the API components that were requiring
a -all parameter to do a full remake. This is now no longer necessary
f - Avoid the frame painting at startup before the backgorund bitmap is
on. (aesthetic change).
e - Changed the administration subsystem so that access to SGMSHELL alias
is also granted after a Sentry group update (not only add) operation.
f - No longer the administration subsystem returns a warning after erasing
a group without logon assignments.
e - Changed title of logon popup windows to reflect its nature, i.e error or
information.
e - Changed the logoff / shutdown killing algorithm to a more robust one
F - Fixed institution dependant floppy encription and added enhanced
encription algorithm
- Changes included in 8th fixpack (Build 147, 10/Jun/97) -----------------------
e - Handling of viopopups and OS/2 trap windows does no longer leave the
machine in an unstable state. Also this windows do prevent automatic
lockup from appearing from now on
E - New component for personal restrictions (fully functional). Note that as
part of it there is the new 'pseudofolder' 'startup' in nouser.
E - New utility to control logs file size
f - Several fixes to EDYWIN (windows behavior component) re. different
b - initial window states, and a restricted window for move and size
that was not clickable through its desktop icon.
e - Lan Server agent. Now this module does apply access permissions to
existing subdirectories when creating a home directory.
e - To avoid having a 4th diskette, now the administrator's guide is in
packed format in the first diskette.
e - Added the ability to automatically popup the screen saver without
automatic lockup if the SES profile is configured that way.
e - Allow for SERVICE process to run with a non administrator user logged
on or nobody as long as started from a superuser context process and
invoked in batch mode.
e - Take note in logon of PMSHELL owned windows, and do not attempt to close
them at logoff, since they are considered superuser context ones.
B - Bypass logoff problem when running under OS/2 WARP 3 FP 28 or
superior. Reported to OS/2 lab.
f - Associations for new components (Window list) were not created correctly
in NLS versions (spanish), since the old EDYERROR.MSG was being used at
that time.
e - Make default profiles to have default open action pointing to the editor
e - Windows behavior component menu handling enhanced. You can now
deactivate also desktop system menu entries and works ok with
more applications since enhanced the 'ownership' finding algorithm.
f - Windows behavior editor corrected as was not saving properly a profile
after editing a menu entry or erasing the last one.
B - Bypass pmshell error at ctrl-alt-del handling that was keeping
a wrong state for the ctrl and alt keys, causing the machine to look
like in a semi-hanged state.
e - Reorganized the questions and answers chapter within the online document
e - Added new environment variable sgm_edylk_show to be able to force
the boot dialog (edystart) to run hidden.
e - Allow to call edyutil to logoff or shutdown from within the logon,
unlock and screen saver panels
F - EDYSESNO.DLL was sending WM_CLOSE to wrong window handle and not allowing
window painting if the window handle for SES lockup panel was reused
by PMSHELL. This error could cause the following sympthoms :
- Unexpected application closes
- Severe performance degradation if comms were affected
- Folders that do not open at first double click
- Command windows that open and seem 'hunged' without its frame painted
Note that this errors were very rare for a given work session.
e - added batch and shutdown parameters to uninstal utility
e - Added [binaryprofile] parameter for EDYCLASS
e - Added new return code to selected user exits to be able to do shutdown or
logoff
e - Added switch list utilities new commands to do operations with the
referred windows (maximize, restore, minimize, hide, activate, deactivate,
close)
e - Added installation possibility of adding your own config.sys settings
through the config.add file, plus two installation hooks for more
complex processing
- - Separated evaluation vs production copy packages
e - Delayed destroying the background bitmap at logon for avoiding the need to
define a nouser profile. Note that you can still get the same behavior
as before by defining the SGM_WPS_FASTLOAD=TRUE
b - Bypassed os/2 error where redetermine media with unformatted disk in
drive caused disk handle to be invalidated. This caused diskette drive
unusable after activating floppy restrictions profile if an unformatted
diskette was inserted
e - added a small dialog reading 'setting up environment' in the last part
of the logon process
f - The window list component was stripping trailing chars from multiline
switch list entries if entries to show or entries to hide was specified.
f - Setting environment variable TRUSTEDPATH to NO was making SecureEntry
non operational
e - Added SGM_WIN_EXPLICITMENUS environment variable
- Changes included in 9th fixpack (Build 158, 30/Jul/97) -----------------------
e - Specifying TEST in the SGM_SL_LOGMODE environment variable does even
more information logging than before
e - Now all security profiles are refreshed when an asministrator logs off,
making it easier to change and test NOUSER default profiles and play
with the workbench tools without altering the machine state for the
following user
f - EDYWINR was not returning with rc=0 when the default profile was
activated and not present. Only affected the traces look.
e - Enhanced EDYKILL.NOT functionality by allowing for :
- Specifying processes to remain active at logoff time
- Specifying 'orderly close' commands for given executable files. This
allows now, for instance, to restart Lan Server or comms manager within
user context without problems.
f - EDYSLA.LOG was logging some messages without the corresponding CRLF.
e - Added SGM_BACK_BITMAP environment variable
e - Unified desktop code runtime so that it uses a common library which
uses less disk space and loads faster
E - Added the shortcuts component
e - Added the 'aspect' feature within the SES component, allowing for
specifying the desired unlock dialog look, plus minor fixes for the
logic behvior of this dialog
f - Fix objects that were becoming templates when fast editing them after
obtaining the copy in the personal desktop, shadows and desktop
restrictions components
f - Some times a 'beep' was produced when activating desktop restrictions
indicating a trap that was really caused by an unexistent object. Beeps
removed since no real trap
f - SES restrictions editor copyright page was not showing properly in
low resolution displays
e - Added support for environment variables SGM_SS_IF_NO_AUTOLOCKUP and
SGM_SS_WHEN_LOCKUP for specific lockup/screen saver behavior
e - Changed treelock so that processes are scanned sequentially and
wildcard matching is done based on the matching longest key. This
provides for a predictable behavior under all cases so that at least
wildcard support in process names can be docummented.
f - Fix to minor error that caused inactivity timeout thread not to be
terminated after refreshing a new SES security profile causing unexpected
lockup events being launched when playing with the SES component
e - Now the list of processes to show at logoff/shutdown time takes into
account the switch list status (visible or not) for unspecified
non matching processes. Net result is that if you have an invisible
process in the switch list, it will not be shown at logoff/shutdown
e - Some additional work done in the workbench aestehics, specially
background bitmap and treelock component icons. Note that already
created treelock profiles will still mantain their old icons.
E - Added the treelock profiles editor
e - Added EDYUCBND cmd for binding the UCM api.
f - Minor performance fix. Treelock was taking too long to truncate
very big audit files
f - Accelerator keys were treated with uppercase characters in the window
list editor
f - Some times (very rarely), the background bitmap could not be opened
bacause its handle got inherited open by a process started within
edystart.cmd.
f - Support for unattended service could fail while creating the workbench
objects if a restrictive trelock profile was in place
e - Added LMP user exits for better control of logon process
E - Added EDYTFLOP and TRANDISK for translating of ciphered diskettes from
one format to another.
f - EDYCLINI was not working correctly when in deferred mode. This was a
regression introduced at build level 120
e - Now SecureEntry creates and updates a syslevel.sen file so that OS/2
'sees' and reports this product through the syslevel command.
f - EDYBGBMP.EXE very rare trap with OS/2 FP 30. Fix attempt
- Added SGM_WPS_SKIP_PREPOPULATE environment variable to :
e - Speed up boot times
b - Allow to bypass deadlock situations in workplace (Already
reported to OS/2 development as PJ4200)
e - Treelock logging does now report full processes and whether an open
access was for read or read/write to facilitate profiling
e - Added new icons in installation tools folder for install and deinstall of
the software boot protection feature
b - Bypass SES error while initializing which could in very rare circumstances
cause a machine hung, by adding a 2 second wait at startup
b - Bypassed some errors with shadows management in new levels of SOM when
working with the personal desktop component. i.e, deleting shadows in
the personal autostart folder was taking 10 seconds per shadow. This
happened apparently after WARP 3.0 FP 30.
f - Fixed personal desktop component was opening twice the autostart folder
contents after boot.
e - Added logic to personal restrictions desktop for performance so that
a profile is not refreshed when the same profile was already active
f - Avoided risk of Workplace windows not being closed at logoff if a
startup application was being closed and its handle reused by PM during
user session.
f - Fix personal folders not being created in some cases if they were of old
format (generated through the old desktop restrictions workbench)
- Changes included in 10th fixpack (Build 173, 16/Oct/97) ----------------------
b - Attempt to bypass possible BIOS errors in int 13 when running boot
protection by changing our own boot record. This is only defensive
coding.
f - Fixed hung when more than 23-25 processes had to be killed at logoff
or shutdown
e - Added desktop restrictions component support for restricting
the new Merlin menu items.
e - Added folder propagate restrictions capabilities within desktop
restrictions component
b - Bypass for yet another deadlock at machine startup between SOM and WPS.
e - Optimized trace code for speed and recompiled with newer support
libraries.
e - Added EDYRWMBR utility to save/restore the disks master boot records
e - Changed default setup so that the traces server will not be forced
unload at logoff time (EDYTRCS.EXE) if started under user context
e - Changed default setup so that the netbios server will not be forced
unload at logoff time (EDYSRV.EXE) if started under user context
b - Bypassed strange error where WPS was not honoring a SecureEntry
restriction to make an object invisible at object creation time
E - Added templates support to treelock editor and direct editing of the
log file from it, being able to do semi-automated profiles creation
f - post installation/service hooks were not being called correctly
e - Changed bootstrap loader code in boot protection so that now the
BIOS ret. code will be displayed if it fails to boot up
e - Reviewed and rewritten all of treelock online documentation
f - Fixed minor problem where the longname of some sentry directories could
be changed accidentally
e - Added SAF2GEN utility for easier usage of the integrity check tool
E - Changed treelock so now never restrictions are applied for superuser
context running processes.
f - Fixed the trace server that was hanging at load time if the current
trace file was found corrupted
e - Added trace option to treelock editor to optionally log super user
processes accesses
b - Bypass potential problem with asyncronous processes by never inhibiting
new process creation with SES. This could cause NDM or DCAF to fail
unexpectedly (never seen, just a guess), but also could provocate a hang
due to SES overwriting PDTA when subject handle was requested.
f - Fixed error introduced in build 158 which caused some NLV modules not to
be translated : The desktop workbench messages, the protected startup
and the launchpad ones.
f - A popup was being incorrectly displayed at treelock profile activation time
if there was a music CD inserted in a CD ROM drive.
f - When in Lan Server environment, and if using fast machines, depending on
EDYSTART processing timing, it could happen that any logon attempt
returned 'not enough privilege' only in server machines (where EDYSRV is
running).
f - When stopping a command line administration utility through Ctrl-C, chances
where that the admin subsystem could be left in an unstable state, giving
later OS system errors at logoff.
e - Added the EDYDUMP administration utility
e - Added online doc WHAT's NEW section
e - Added the supersignal user exit, to be able to launch processes running
under super user context
E - Added the Hooked objects component, that allows for profiling foders with
passwords through the included one time password utilities.
f - The LISTGRP programming sample has been modified to be generic, i.e
not as before where it was only for UCM machines.
e - Added EDYFLOW API, so that you can incorporate event launching in your
programs
b - Tuned even more the bypass for WPS deadlock when looking for associated
icons, with an 18 seconds timeout. This means that no longer will the
machine be hunged forever when, for instance, translating a text to
binary desktop restrictions profile, dragging a profile out of the
GUI admin tool and into a workbench, or creating a text file inside the
folder where the default system editor program is located.
e - Fully document in the online reference manual the 'C' administration API
E - Added the one time password generator and verifier programs for the
hooked objects component, with several multi purpose parameters
f - Treelock editor was failing to get into test mode if the temp environment
variable pointed to a FAT drive directory
- Changes included in 11th fixpack (Build 191, 05/Mar/98) ----------------------
f - Several very low impact and esthetic fixes
- Icon for Binary to Text translator was not correct
- SERVICE procedure was abending if SecureEntry not installed, instead of
displaying an error message.
- EDYKILL.NOT now parses tabs and blanks better.
- EDYOTPG date/time entry field is easier for user interaction now.
- EDYKWD.CMD sample cmd to register new keywords to UCM was missing the
hooked objects component.
e - Added the UserPassword validation API functional now and from user
programs.
e - Now the hotkeys server can be loaded and unloaded at will without being
killed at logoff time
f - Fixed regression problem where a SES Behavior component would not honor
the 'list of processes to show' after a second logon.
e - Added SGM_LS_IFLOGGED environment variable to control the already logged
behavior at Lan Server logon time.
e - Improved algorithm for killing VDMs, so that sessions are not given
focus unless strictly necessary.
e - Added SGM_OVER_MK environment variable to control floppy encription
algorithm seed generation.
e - Improved multidomain logon feature so that :
- Server names are queried dynamically, so that it is no longer required
to have institution name 'SER' in the sharing domains.
- No longer required to specify all domains in the IBMLAN.INI OTHDOMAINS
stanza.
e - Hooked program objects now get their hooks called even if indirectly
invoked through drag and drop or a data file association.
e - Brought up the 32 chars limitation on ObjectIds to restrict to 97 chars.
e - Added the complete errors and messages list with description to the
online reference.
f - When working with Merlin and Smartcenter, no longer will the smarcenter
appear over the logon/unlock bitmaps
e - New EDYUTIL command : REBOOT, and added REBOOT parameter for TOSHTDWN and
FRSHTDWN EDYUTIL commands. Note that forcing a shutdown with reboot option
grants a reipl before 5 minutes (default), even if shutdown hungs
the the machine.
f - EDYSRV could trap when an error happened and the returned error message
was too long.
f - Fix Lan Server agent was giving error when reading resource-group links
because /n char was being appended by API.
e - New SGM_DISABLE_SYSTEM_KEYS environment variable to disable systemwide
hot keys.
f - Optimizations made by the compiler in EDYOBJ.DLL were causing errors in
the exception processing logic, with unpredicatable effects, even during
normal operative (with soft exceptions).
e - Now install.exe will dynamically unpack the help file to hard disk if
no one is found already unpacked. It will use the env. variable TEMP/TMP
to find a location for it.
E - Allow for profiling/hooking of systemwide keys through EDYSES profiles.
Also new SGM_DISABLE_SYSTEM_KEYS and SGM_HOOK_SYSTEM_KEYS env. variables.
e - Allow trapdump and dumps to be generated even if boot protection is
installed. (just remove trapdump and/or set SGM_DISABLE_SYSTEM_KEYS to
disable Ctrl-Alt-NumLockNumlock if you feel this feature is a security
potential risk).
f - EDYSRV did not work properly if detached under user context (gave
no user logged errors at logoff/logon times)
e - Allow for assignment of dynamic profiles to groups by assigning them to
the users at logoff time. Basically, this means that you can assign an
audit log/personal desktop profile to a secureentry group, and all of
its users will inherit this profile as user assigned when they logon/logoff
the next time
e - Improved dramatically the save/load profile performance for the EDYSES and
EDYWIN profile editors
f - Very unlikely hung at boot time fixed
b - Bypass UPM error that was reutning x12 to indicate user already logged in
another workstation when it should be xFB16 (Caused general LMP error to
be displayed, rc EDY0099 instead of EDY0116).
e - Allow for customizing the desktop background through EDYSES profile.
f - Fixed trap given by SES Editor if killed at logoff/shutdown
e - Changed handling of Ctrl-Alt-Del. Now done through EDYCAD device driver.
This can be changed to old behavior by setting environment variable
SET SGM_SES_CAD=YES. The advantage of this change is that we now correctly
distinguish between CAD and Ctrl-Alt-NumlockNumlock
e - Support for LANs with netbios over tcp/ip protocol.
e - When using UCM, now emergency logons are also allowed if the UCM subsytem
failed, but RACF subsystem worked. (typical case when the lan resources
are not correctly updated using EDYUCDIS).
B - Bypass incompatibility problem between SOM1 and SOM2, which made some
programs not to work correctly when SecureEntry was installed. Namely,
TCPDIAL (IGN dialer) v 1.69 and Lotus Freelance graphics 96 for OS/2
e - Added EDYWPSTA diagnosys tool for dumping SecureEntry threads status
e - Changing handling of inactivity timeouts detection. This is now done
through EDYCAD device driver. This can be changed back to old behavior
by setting the new environment variable SET SGM_SES_INACTIVITY=YES.
The advantages of the new method are better accuracy and less resources.
E - New OS/2 WARP 4 (Merlin) WarpCenter component.
e - Improved repackaging algorithm performance for the reagistry database.
e - EDYWIN now applies menu string restrictions to all existing windows
as soon as a profile is activated. No need to restart apps.
f - Restricting some times the last items of system menus did not work
depending on the menu and application usage.
e - Now the graphic admin. tool does ask you for password verification at
user password change time.
[186]
e - EDYCLINI now fixes several more OS2*.INI file corruption cases. Also
you can specify now the name of the files to deal with.
f - EDYCLINI could trap while analyzing some *.INI files.
f - Fixed an error which could cause PMSHELL to trap and be unloaded, or hung
the machine, Specially in the first boot after install or service apply.
E - New Security Enabling Services emulator. You can now install without
the real SES thing!. Only the superuser signal user exit will have a
different behavior, as explained in the online doc.
[187]
e - Improved the process kill algorithm, so now even if a process does
loop while processing the exitlist, you will be able to logoff and,
at shutdown time, the machine will allow you to press Ctrl-Alt-Del and
avoid the automatic chkdsk. Also if enough time passes (5 minutes or as
specified through the new environment variable SGM_WAIT_B4_FLUSH),
disk buffers will be flushed.
E - UCM refresh online and UCM logging facility.
f - UCMADM.CMD can now call all of the REXX admin. tools without returning
'rexx chaining attempt' error
[188]
f - ScreenSaver program could enter into a loop if a key was pressed while
the screen saver was popping up, specially on slow machines.
f - The registry could leave the security profile database opened, making it
impossible to logoff/logon again since receiving 'edyregdb.vlb file is
locked', under heavy load circumstances.
f - Fix several cases of switch list entries without the associated icons.
[189]
b - Bypass lan server system errors by retrying logon in the Lan Server LMP.
b - Bypass PM hang condition when killing notes in reverse order.
[190]
f - Fix switch list component was not able to hide entries in some cases, when
the switch list entry did change dynamically.
[191]
f - Detect when rexx macrospace unloaded to reload edycust.cmd
f - VLIB was closing unowned handles under strange circumstances in EDYSLA
environment. Could cause several malfunctions
E - New EDYPHOTO utilities to create/view a service configuration image file
- Changes included in 12th fixpack (Build 203, 16/Jul/98) ----------------------
[192]
f - Fixed memory overwrite in launchpad when contained missing objects
f - Fixed smartcenter component was hanging when trays contained no objects
e - New EDYQRYBR UCM utility to see all of the branch levels
f - Fix EDYCAD.SYS for FP35 and OS/2 SMP support (did not hook CAD and
Standalone Dump keys)
f - Fixed EDYSTART object could not be invoked in no-SES installations
depending on timing
e - Minor enhancements in treelock editor
f - Administrator GUI tool several minor fixes
[193]
f - When installed without SES, initial startup processes were having
incorrectly applied the treelock profiles as if they were not
superuser context processes
f - Minor editor fixes when working with objects list profiles (i.e edystart
object).
e - Now even the SES emulator knows how to kill processes without processing
its exception handling code.
E - Support for OS/2 SMP machines beta start.
[194]
f - Install program could not open help when ran from a floppy (really when
the install.exe directory was a root directory).
E - Added support for UCM in 'other networks' and 'standalone' environments,
by making EDYSRV filter off Lan Server specific updates.
f - Treelock editor had problems running when in test mode of a closed profile
which did not allow itself to access CMD.EXE or other basic OS programs.
e - Added support for 800x600 resolution in the install program. (some
texts did not fit in the dialog).
e - Allow now to restrict completely the objects popup menu from the desktop
restrictions component.
f - Fixed problem in the desktop restrictions editor that could cause a hang
after a while working with it.
f - Fixed. Desktop restrictions were not being applied to dynamic folder objects.
b - Bypass deadlock problem in workplace shell when making copies of a binary
profile into the same folder where the editor resides, by making it
a shadow object of the real thing.
[195]
b - Bypass compatibility problem between floppy restrictions component and
xdfloppy filter. (kernel INT3 was produced). The bypass is to load EDYFLPY.FLT
at the end of config.sys. This is done ONLY on new installs. If you find
this problem in an old installation, move the sentence to the end.
f - Potential bug where two administration tools could enter into a loop if
both were updating the registry at the same time, while waiting for the
file to be freed.
f - At shutdown, superuser processes were not being sent WM_SAVEAPPLICATION
nor WM_QUIT, regardless of the WAIT_B4_KILL environment variable. This
could cause a trap with some applications (i.e multimedia CDROM player)
e - Now the SecureEntry component warpcenter component can be totally
deactivated just by setting SGM_EDYSC_DISABLE=YES in config.sys
e - SecureEntry Smartcenter component does now display correct texts in
bubble helps
e - When working in Merlin, also the folder menu bars are restricted through
the desktop restrictions
[196]
f - Fix for edycad.sys was incorrectly generating a lockup event some times
when lan software did synchronize time backwards.
e - bubble help was slowing down Merlin Warpcenter
f - EDYPHOTO was dealing with extended attributes incorrectly
e - UPDATEDB supports stdout redirection now
e - Several minor changes to online documentation (English)
e - Support for new selectable action when configuring max unlock attempts
through SES
f - Traces could not be restarted in WARP4 (Merlin) if PMSHELL was unloaded
f - Minor fixes to the installation package
* Uninstal now erases all files not resident within the SGMSHELL directory
(i.e, edylkini.log, edysla.log, edyflpy.flt, edydd32.sys)
* Install does the same with the uncompressed online reference file
* InstalB now checks for 9.7 Mb disk space
f - Machine failed to boot if a harderror OS/2 window is active while
SecureEntry is initialized
e - Three new user exits :
UserExitAfterProfilesDeactivation
UserExitBeforeProfilesActivation
UserExitAfterUnsuccessfulUnlock
[197]
E - Now the spanish version has the complete translated online reference guide
f - New selectable action for max. unlock attempts was failing in no SES
environments
[198]
e - New environment variable SGM_NETBIOS_ADAPTER_NUM for specifying the logical
adapter where netbios is installed for EDYSRV/EDYCLI communications. Defaults
to using adapter 0
e - Now program group objects are handled and can have desktop restrictions
fully applied
e - Added support for restricting the 'logoff network now' popup menu entry through
the desktop restrictions component
f - If an emergency logon was issued changing the password, where this is not
allowed, the password was correctly not changed, but the lockup function was
requesting for the *new* password, although ignored at logon
E - Now the screen saver function works over dialogs presented through the
allowed user exits. Note the new SGM_SS_USEREXIT environment variable
for mantaining previous behavior.
f - If PMSHELL was killed in Merlin with an active warpcenter, two non operational
views of the warp center could appear subsequently
e - Optimized dramatically (4:1) the performance of the SecureEntry registry
with many users/profiles defined
[199]
f - Memory leak in REXX administration API could make all REXX based admin.
tools fail when working with very big datasets (i.e 2500+ users) in
standalone installations.
e - Added protection in the GUI admin. tool for not allowing changes in
an already existant resource type or server name.
f - The 'photo taker' was not getting correctly the fixpack level.
f - When using a user written logon or unlock dialog and choosing shutdown
not forced, cancelling shutdown did not return to the user dialog, but
to the default one.
E - Translated UCM administration guide in spanish version.
e - EDYCLINI now has new parameters to diagnose system ini files and dump/process
in batch an objects definitions file
f - Fixed small memory leak in error conditions in the UCM LMP
e - Now when using UCM the first online refresh error per branch is pushed to
the host so that it appears in the UCM log
f - Restrict print job objects did not work for high fixpack levels
[200]
f - Fix for administration when netbios over tcpip is the used protocol
e - EDYWINI now supports a new inifile parameter
E - New logon and unlock dialog samples w/source code
f - Garbage could be added to the end of user defined component files when
uploading them through UCM or direct editing them from the admin. tool.
This happened only with component files which had more than one extended
attribute
e - New distribution of the dialog controls in the floppy restrictions editor
f - Printer restrictions could not be applied over printer objects already
subclassed by peer services or Lan Server
e - Now you can enable all restriction buttons when editing restrictions for
an object which may 'lie' about its capabilities, through an added button
b - The printer view page of the settings notebook can not be restricted.
Although it still can not be restricted because of a OS/2 base error,
SecureEntry will at least disable all controls of the page
e - EDYDUMP now allows to dump the UCM 'BRANCH' keyword also
[201]
e - Changed the diskette restrictions editor to have a more intuitive interface
f - When using UCM, in some cases EDYSRV access to to administration APIs was
failing when no user was logged in the server machine
e - New environment variable SGM_ADM_PRIV to filter off some administration
tasks issued from certain machines
f - Treelock profiles were being opened in R/W mode, cuasing problems if
activating a profile that was residing in a CDROM
f - Could not detect merlin (OS2 4.x) in some NLS systems, not creating then
the WARPCENTER component at install time
[202]
f - EDYDEFS was failing when updating user-group relationships if the user did
not belong to any group
e - New /M parameters for EDYOTPG and EDYOTPV so that these can now be used in
user exits during flow status changes (logon, unlock..)
b - SES emulator : better handling of events can now recover if launching
background bitmap executable fails
e - UCM : Now does cascade the changes to change tables, making it even more
difficult to end up having to use the recovery facility
f - EDYSLA was failing when parsing environment vars with parameters, i.e
usershell
[203]
f - When using superuser context administration an internal error was
generated if the first call was done before logon and it was an add or
update component one
e - New /D:directory parameter in EDYPHOTO command
e - New EDYWFWPS command available for startup processing to wait for
WorkPLace Shell initialization
f - When using user written logon or unlock dialogs, message boxes did
not appear when an error was found (i.e password invalid)
f - WarpCenter initialization could make the startup dialog to disppear.
Although the effect was only aesthetic, and everything ran correctly,
it was quite 'ugly'. Also removed the square surrounding the
startup bitmap in the same dialog.
f - EDYWIN.DLL could cause traps in overloaded systems when accessing
the shared segment and windows restrictions were active
e - Added UCM logs to the logs file truncation utility default profile
- Changes included in 13th fixpack (Build 219, 23/Mar/99) ----------------------
[204]
E - New UCM recovery tool : EDYRVUCM
b - UserExitBeforeProfilesActivation is given now earlier, and does not
require for WPS to be loaded.
f - Logon panel was enabling the new password and verification fields in some
cases without the proper check button pressed.
f - SGM_ADM_PRIV environment variable handling was failing if the hex string
contained the character 'B'.
f - EDYPHOTO.CMD could wrongly parse PSTAT output.
f - Some SecureEntry smartcenter trace points coded incorrectly could cause traps
under exceptional conditions.
b - Bypass logoff hang caused by SOMDD.EXE not being killable (added to EDYKILL.NOT).
b - Bypass lotus 1-2-3 for WARP 4 trapping if a windows behavior profile is
in use. (reported to Lotus and caused by incorrect subclassing of
the title bar).
e - Handle standard accelerator keys also when restricting system menus. I.e,
disabling 'close' in a window does also disable Alt-F4 if assigned to close.
E - Added user exits and privilege checking support to the interactive
administration tool.
E - Added new component for Lan Server installs : Public applications component
[205]
E - Added support for coexistance with other SES applications (using the SES emulator
and new environment variable SGM_HIDE_WAIT_DLGS)
E - Added the RACF emulator, to do user and password validations at the host
without using RACF.
f - Fixed small memory leaks in the Lan Server administration agent.
[206]
e - Now personal desktop profiles do are not uploaded to UCM at logoff time
if they have not changed during the ending session
[207]
[208]
f - The interactive admin. tool was leaving temporary files unerased in the
TEMP directory
E - WSOD 1.0 support
f - The logs file size controller was obtaining the boot drive incorrectly
[209]
e - New SGM_FORCE_LUALIAS environment variable
e - New SGM_HOOK_CANN_KEY environment variable
e - New SGM_ROAM_LOGPATH environment variable
f - Problem when forcing a logoff twice from the same application after first
attempt cancelled (second attempt was ignored)
f - WSOD refresh was not working correctly for non-administrator users
E - WSOD 2.0 support
e - Improved WSOD support online documentation and RACF emulator
f - Several very minor fixes :
- Potential SecureEntry kernel trap after an error with associated message
bigger than 256
- WSOD enabler could leave garbage in a machine class config.sys file if
lines cotained two ';' in a row after disabling it
- EDYFREE could accept innvalid parameters
[210]
f - Fixed EDYCLI/EDYSRV compatibility with previous versions of the same
modules
e - Year 2000 formal test passed. Note that this is only a verification that
SecureEntry/2 is and has always been year 2000 ready, as long as all
underlying software is also year 2000 ready.
f - The interactive administrator tool was having problems when displaying a
group without LAN_DATA (skipping first component)
[211]
f - WSOD workstations folder refresh was not clearing the folder contents
before refreshing.
f - RACF emulator was not encrypting passwords correctly.
f - Installation would fail if source directory contained '.' (dots).
f - Sentry was not killing at shutdown time processes remaining from previous
user sessions.
e - Improved kill function in edyswl2 (as in regular SecureEntry shutdown), and
new killtree command.
[212]
e - Improved lockup/unlock performance which were having a fixed MAXWAIT delay.
f - Fixed WSOD support was returning EDY114 error at logon when working with s
UCM and RACF
e - Increased max. group id. length to 9 full chars
f - Installation was not always finding the RPL support directory
f - Sample LMP trace routines were not working
e - Added some comments in EDYFILT.C and code to prevent traps if some input
parameters are NULL
[213]
f - Trace sample routines were not working for the provided sample LMP
e - Support for group ids up to 9 characters long (were 8 before)
[214]
e - UCM does now no longer consolidate users if only security profiles for
its owning group have changed (performance improvement)
e - New SGM_SS_ALLOW_IP and SGM_SS_ALLOW_IU environment variables
f - The SES Behavior tester could fail to set certain bitmaps as desktop
background
e - Changed / improved all default bitmaps for SecureEntry
e - We now dynamically look for EDYCUST.DLL ONLY in SecureEntrypath\DLL directory.
This avoids unnecessary delays if network drives are present in LIBPATH
[215]
e - Do not show/query for certain video driver daemons at shutdown (SYSINIT)
e - Ignore UCM ADD operations into Lan Server for reserved groups (GUESTS,USERS,
ADMINS). This allows for defining such groups under the central repository
without causing troubles at UCM-refresh time.
E - Completed WSOD support for remaining components as well as allow creation
of the SecureEntry Workbench in WSOD client machines.
e - Optimize UCM logon performance when using the RACF emulator. Note that
even if being compatible with previous UCM code, this change will only
activate if UCM code version 4.2 or above is installed in central site.
e - Improved WSOD clients detection algorythm.
f - Improved robustness of the SES emulator DLL. It could remain unloadable
if an exception arrived while processing InitTerm.
e - Ignore errors in edyutil if an event has already been posted. I.e, if
launching 2 events in a row the second will be ignored instead of returning
an error message.
e - New environment variable SGM_USER_DLGS to increase robustness of user added
logon/unlock dialogs (and other user related dialogs to appear at logon/unlock).
[216]
e - Better focus stealing algorithms in the logon/unlock dialogs, to prevent
more seamlessly other system modal windows from appearing
f - Fix regression : EDYUTIL was not accepting parameters with imbedded blank
characters.
f - Do not spend unnecessary time refreshing bitmaps in screen saver carroussel
if only one bitmap is defined (no need to cycle through it)
f - Unlikely errors interpreting screen saver timeouts in the EDYSES profile
(making it 1/10 the desired value or less)
f - SmartCenter performance degradation caused by shadows being left in
<WP_NOWHERE> after Ctrl-Alt-Del
f - Screen Saver was popping up in some cases over a hard error message
b - Bypass potential problem of not making an object visible in some cases when
it should be. (Only seen with SecureEntry workbench)
e - Gain 5-7 seconds in first logon when working with UCM by adding the network
name at boot time instead of at signon time
[217]
f - Regression : Edyswl2 was returning RC=303 at KILL command (process not found)
when it should have been 0. Problem occoured in builds [211..216]
f - Avoid switch list opening when activating a shortcut that is related to
an object associated with the system editor.
f - 'Save positions' menu entry was not showing for administrators in high
Merlin FP levels. (FP7?..FP10).
e - Support for new environment variable SGM_WPS_IGNORE_ADMIN and associated
EDYWPADM.CMD command to override it.
f - Windows were flashing when EDYLKBLK was being used.
f - Focus was being stolen some times during protected startup by alien applications.
f - SecureEntry logoff problem if logged on userid was the same as GUESTNAME in
config.sys.
b - Bypass WPS problem when attempting to setup desktop background with a
non existant bitmap file specified through current EDYSES.INI.
e - Support for new environment variable SGM_HIDE_EXIT_AFTER_LOGON.
f - Warpcenter migration for new installations was not working (regression).
f - Warpcenter editor was failing to open settings notebook when VTD was installed.
f - Roaming desktops tester was not working from within WSOD clients.
[218]
b - Bypass UCM not able to set up a user with the same logon assignment defined
twice, as a user and in the group.
b - SES.LOG was being created in the \NOUSER directory indicating an error
opening DOSKRNL too early. This had no further effects.
f - Do not allow adds or updates of users to reserved Lan Server groups through
the interactive admin. tool.
f - Treelock editor was abending if OBJREXX installed instead of classic REXX.
f - Defer service of UPDATEDB since uses EDYSESEM (was causing problems when
migrating from builds <200 to builds >210).
e - Better detection of 'zombie' processes at logoff/shutdown and do not
show them in the list of processes to kill. Also configure list of processes
to show by identifying DOS processes as SYSINIT or VDM.
e - Allow personal folders to contain invisible object shadows (the user
must configure this feature to get this behavior).
e - New environment variables to ease UCM installation : SGM_UCM_DBDFT and
SGM_FORCE_MODE.
[219]
f - After deinstalling SecureEntry, WarpCenter shadows where left unerasable.
f - WarpCenter was trapping if contained a reference for a non-existing object
f - Multiple copies of the original launchpad object were being created in
the SecureEntry installation tools folder.
e - Control added for SNTOBJ.TRP through edylogsfs.
e - Several performance enhancements :
- EDYLKINI.EXE is no longer loaded if EDYSTART.CMD not present
- Some widely used SecureEntry DLLs have been converted to subsystem,
saving space and run time.
f - Under WSOD environments, wait is made until the roaming desktop is created
in order to grant references to some of its objects by other security
components are found. Also force a logoff event if PMSHELL unloaded,
emulating native WSOD behavior.
e - Improved termination protocol for personal communications. Note that you
need to manually copy EDYKILL.NOT to the NOUSER directory from the EXEC
one if a previous SecureEntry build is present.
e - Added 'exclusion list' parameters to EDYERASE.CMD.
f - EDYERASE.CMD was failing under UCM if there were users not belonging
to any branch. Now you can use the /Ignore parameter to overcome this.
e - Process SGM_USER_DLGS environment variable also during protected startup and
default logon/unlock dialogs.
- Changes included in 14th fixpack (Build 240, 14/Apr/00) ----------------------
[220]
f - Clarify the error message at logon time about password expired when
attempting to change password in emergency logon situation.
e - NOTLOGGED and NOCHECK parameters in EDYERASE.
f - Fix very unlikely trap e caused by treelock during boot. (Only seen in Aurora betas)
e - Uploadable components discarded at logoff time if during user session
the administrator has assigned new ones (administered ones take preference).
f - Problem with WSOD public applications when applying a security profile:
The /IBMLAN/DCDB/APPS/XX directory was not being propagated to
/IBMLAN/DCDB/USERS/YY/XX when assigning wsod app 2.0 xx to user yy
E - UCM multi-trans support to dramatically enhance host transaction performance
at signon peak hours (read UCM administrators guide).
e - Support paging with the users and groups interactive administrator tool
when using UCM, to ease managing of very large groups of users.
E - Preliminary WARP Server for e-Business support (no treelock supported
yet) - in beta test.
e - Readme file translated to spanish in the NLS 034 version.
e - Batch installs : Abort installation without querying users for diskette
if a file is found missing.
[221]
e - Installation now can also successfully migrate REXX startup.cmd files.
f - Config.add processing during install could fail to process some entries.
e - Installation process now provides a 'Yes to All' new button during file
update process.
E - New NSC logon procedure to optionally substitute RACF logon procedure.
f - EDYKWD.CMD could in some instances leave duplicated keywords in defined
in the UCM dictionary (had no ill-effects anyways).
e - Better recovery procedures for EDYSRV. Now it can recover itself from
lan card unexpected resets.
e - New SGM_UCM_CORPORATE_NAME environment variable in order to allow limited
UCM administration to several UCM databases.
- - Changed evaluation code expiry period to 6 months (it was 3 months previously)
[222]
f - Standalone Dump Facility was trapping if attempting to obtain a machine
dump after a system error caused at INTERRUPT TIME
e - Allowed UCM administrator dialogs to run properly at 640x480 resolution
f - Regression caused at build 219 : floppy restrictions were trapping
when setting institution dependant encryption algorythm.
e - Treelock support for Warp Server for e-Business. Note you need the OS/2
fixes for PJ26442 and PJ26455.
e - Warp Server for e-Business : fixed installs over JFS partitions returning
'could not create SecureEntry DB', and SDF (standalone dump facility) hooks
not being called.
e - Improved install log to trace out problems when creating SecureEntry database,
and defensively added more file handles in CREADB.EXE
[223]
e - Added new environment variable SGM_SHUTDOWN_AT_LOGON_PANEL
f - Fixed EDYCHINI was failing to register WPS classes if name was a substring
of an already registered class name (quite unlikely).
e - Added new RC_INVALID_PASSWORD to user exits before unlock and before logon.
f - Fixed regression which caused sample logon/unlock panels to show twice the
'invalid password' or 'not authorized' messages.
e - Fixed once and for all the TRAPDUMP problems with SecureEntry boot protection
and Merlin FP7+. See description of EDYPDUMP.CMD in online ref.
[225]
F - Fixed support for other SES clients when using Tivoli gateway ISS
- Workstation did not start if there was an EDYSTART.CMD in the machine and
the ISS was not already installed (could display the desktop).
- Workstation failed to start after installing with the ISS installed
(could not display the desktop).
- SecureEntry uninstal procedure failed to leave the machine in a
working state if the ISS was still installed (trap at boot).
- Workstation did not start if fast processor and ISS Tivoli installed
E - Processes audit component
[226]
f - Launchpad workbench could some times not get its default icon set during installation
e - Uninstall procedure will remove the workbench even if contains readonly files now
e - Improved service detection for EDYKILL.NOT and EDYLOGS.STR. Now this files
will be automatically serviced by SecureEntry as long as the user has not
modified them.
[227]
f - Regression introduced in build 218 did disable in some incorrect instances
the delete and edit buttons from the main administration tool.
e - Improved service routine to be more smart detecting unchanged files in order
to avoid unnecesary user interactions (i.e do full compare of files data before
assuming a file to be different than the one to be serviced.
[228]
e - Re-spell checked the online reference manual
f - Possible trap in UCM API when querying object keywords which does not return any
f - Editing desktop restrictions was improperly showing folder restrictions checkboxes
e - New elapsed time calculation algorithm for processes audit component and minor
fixes
[229]
f - Under WSOD, could return EDY0114 (not enough privilege) instead of
EDY0115 (security failed) in some cases at signon.
[230]
e - New detach button in the edyphdsp program (photo displayer)
e - New test option for security profiles directly from the interactive
administration tool.
e - New SGM_SNA_TIMEOUT environment variable for UCM
e - New UserExitBeforeReboot
f - WSOD enabler could loop in some instances refreshing the workstations list
[231]
f - WSOD enabler error writing config.sys while enabling/disabling a user created
machine class
E - New auditable processes dumper tool (EDYEXEDM)
E - New UCM support for OS/2. Yes, now a OS/2 machine can be used to administer
small SecureEntry enterprises!. Note that this solution is supplied as
evaluation code. To activate it for production, read the UCM installation guide.
b - Processes auditor was showing negative elapsed times in some cases
b - SmartCenter component was not honoring popup menu orders after deleting an
object in edition mode.
f - The new detach function in EDYPHDSP (photo displayer) was not working properly
when attempting to detach a file to a root directory and few other cases.
[232]
e - Added ID support in personal desktop profiles so that folders memory can
ba automatically erased at logon (EDYMISC->OS2INIVERSION->AnyValue)
e - Device Drivers fixpack 1 compatibility (were not detecting mouse movement
for inactivity timeout detection with new MOUSE.SYS)
[233]
e - Performance enhancements in registry file manager (VLIB) most noticeable
with very big registry files.
e - Refresh tutorial at EDYCRWRK time
e - Performance enhanced for very big registry file accesses
[234]
e - Added processes UCMP02 and UCMP03 for OS/2 environments
f - Traps in repeated viewobj calls to UCM due to uninitialized keydatas. Error
reproduced by issuing a repeated view of a given group keywords
f - Internal error 57,10 in VLIB.DLL caused by adding components with >32K EAs,
even if the error was displayed later on
e - New environment variable SGM_SGMSHELL_GROUP to overcome the max 64 SecureEntry
groups limitation
e - Support for devices in treelock device driver.
f - Lan rc 2123 when asking for user logon assignments working with public
applications component.
[235]
e - EDYWINI enhancements for easing recreation of OS2.INI file
- Can be run at boot time
- Accepts several DLLs in single invocation
e - Changed install default to purpose SES emulator, to ease installation
for SecureEntry newcomers.
e - EDYEXLOG (for UCM) accepts new parameter /S to sort output by timestamp
f - Photo viewer was not correctly detecting FP's >= 12
e - Enhancements to ease up maintenance and problem determination :
- New message to detect (and attempt to correct) SYS_DLLs not registered
- New message to indicate when logon process is waiting for WPS to come up
- More robust shutdown process trying to avoid a potential problem
when shutdown ends OK but the final shutdown dialog can not be shown.
E - Support for password scrambling when accessing RACF. (EDYURACF.DLL) for
cases where hardware encryption is not available for SNA comms. Note that
password scrambling was already ALWAYS done when using RACF emulator.
[236]
e - New 'rowsprocessed' parameter in EDYEXLOG UCM utility
e - EDYDUMP. Now when using 'NOFILES' parameter, no component list is shown
at all, so that output can be used by EDYDEFS without change.
e - Allow automatically forcing password at logon even if Lan Server returns
'Password too recent' after RACF has already validated it.
b - Making a call to see all files of JFS or removable media (dir a:\) and
one of these hidden by treelock profile, system looks like hunged...
e - Optimize performance of logon changing password when UCM and RACF emulator
are being used.
e - Support for n-tilde (ñ) and Ç characters in userids and passwords
[237]
f - Photo viewer was not correctly detecting FP's >= 42 for WARP 3 and Aurora builds
f - Do not expire password for default user after installing if UCM is selected
and configuration type is standalone or other networks. This is done so that
you can at least logon regardless if comms manager is correctly configured or
not, since change password is not allowed by default in emergency logons.
f - Detected and corrected some cases where the personal desktop profiles were
changed unnecessarily, causing profiles upload when this could be avoided.
[238]
f - Dynamic refresh of branch data may return timeouts that are not if
data packets are too big
b - Removed treelock bypass for WSeB. Note that you need from now on, if working
with WSeB an OS/2 kernel with PJ26930 fix applied
b - Bypass netbios error found in some levels of MPTS which caused error 0x15 (net name
not found) at logon time, forcing then emergency logons when using UCM
f - Background lockup and logon bitmaps where not correctly being protected against
popup windows if screensaver timeout is 0 and using plugin dialogs (user written)
E - New audit files browser utility
[239]
f - Fixed minor nits with installation panel, added accelerator keys also
E - Major rewrite of UCM documentation. Now docummented also installation with
EDYURACF enabled
f - Users and Groups management was not presenting default branch to the
administrator when adding a new user and using UCM
e - Added CM/2 configuration samples
f - Fixes to the audit files browser (was looping if no events were found to
present)
[240]
e - Defensive programming fix against logon panel losing focus by a PM bug seen
during beta testing of Merlin FP13 and later fixed in FP13 GA
e - Now shipping the default high res SecureEntry logo bitmap that will show
for machines configured with more than 256 colors
e - Documentation added about EDYSRV logon policy override parameter
f - SecureEntry was not correctly recognizing FP13 and Aurora FP1 converged
kernels, and thus was not issuing forced app kill calls at logoff. Note
this call is only used if a given app can not be killed/closed with
the standard calls (WM_CLOSE - DosKillProcess).
f - Fixed problem where icon positions could be incorrectly changed after
every boot/logon by a small amount in memory folders or the desktop if
the container workspace had been increased over the window size, as when
a smartcenter is created with mini-icons.
- Changes included in current level --------------------------------------------
[241]
E - Incremental branch update feature for UCM
e - Logon retry limit support for UCM
e - UCM passwords autoexpire feature
f - UCM Rows leak fixed when updating profiles
f - UCM Support for some spanish nls characters Ñ (n-tilde) and Ç.
e - UCM new subkeyword value &KEEP& for the PASSWORD keyword.
e - UCM Minor performance improvements for LAN_DATA management
e - UCM Improved logoff timestamps exchange algorithm to avoid unnecessary
refresh of user data in the following signon
[242]
f - Minor documentation changes/corrections
e - Added missing icons for workbench editors
f - UCM was not correctly uploading and downloading security profiles bigger
than 64K (was returning subsystem 'UC' not available)
f - Fixed support for Aurora FP1 and Merlin FP13 in EDYPHOTO (was not
correctly recognizing these new levels)
E - Compressed profiles support for UCM. You can activate it through the
interactive users and groups administration tool. Beware however, that
this function is still in beta at this level, and you MUST have all your
machines at this level (242) before activating this feature.
e - Note that from now on, DB2 5.0 or superior is required for UCM.
[243]
Internal build. No changes
[244]
e - New UCMEXPML UCM process to exploit the UCM Log statistics
f - Very unlikely trap fix for FTCOMP.DLL (happened if storing some huge
component profiles (600K+) into the registry)
E - New Lotus Notes Component
[245]
f - Fix some problems with UNICODE strings handling (x>128)
f - Correctly set icons for saved profiles under Lotus Notes editor
e - Improved Notes component help
f - EDYDEFS error deleting users from a UCM DB (said unknown user)
f - When using RACF emulator, 'U' character for passwords was not correctly
being handled, thus no passwords including such character could be defined
f - Potential concurrency problem when having simultaneously opened 2
UCM administration tasks
[246]
f - Notes component: was not correctly associating WP class to newly created
profiles, causing icon not to display properly
f - Hang when activating a Lotus Notes profile for second time within the
same session
f - Fix Lotus Notes API returning RC=3 at deactivation time if profile dissappeared
e - Allow blanks while editing a Lotus notes profile name
f - Strange VLIB.LOG file being created within the workbench when editing a text
profile
[247]
e - Final version of EDYSRV added, after successfully passing all tests for
lately added functionality
f - Correctly manage extmgr_addins env. var for Lotus notes component, was not being
properly handled if already existing in the system and correctly resetting it
when a resident notes.ini file is being used.
e - EDYPHOTO now manages correctly the notes component security profiles
[248]
f - Lan Server agent was trapping when deleting groups with many assigned resources
E - SecureEntry Java APIs
E - Passticket generation for RACF
[249]
f - Pssticket API was not setting properly the GMT timezone
e - Improved passticket documentation
[250]
f - Fixed initialization problem in UCM agent
e - Support mixed branches enhancements in edysrv and edycc. Important migrate
servers first!!
f - EDYSNADM (Users and Groups admin. tool) was failing with Object Rexx
e - UCM common code with SecureEntry windows
e - UCM now accepts variable length customer files
e - New UCMULOAD utility, to dump user info into a customer file
e - Minor internal enhancements for coexistance with windows code
e - EDYGETFN can now display opened files by a specific process
