Tech Arsenal 1

home *** CD-ROM | disk | FTP | other *** search

/ Tech Arsenal 1 / Tech Arsenal (Arsenal Computer).ISO / tek-05 / lwatch.zip / SETUP.HLP < prev

Wrap

Text File | 1991-01-15 | 24KB | 413 lines

Sorry, no help is available at this point Please refer to printed documentation. Careful Do you want to save any changes you may have made to the user list or file access groups? If you want to save the changes you made press Y at the prompt. If you do not want to save your changes press N at the prompt. If you do not want to exit the program press the Esc key. Select File Security. Select the security levels that will be given the access in the 'Allowed' column for this file or device. Use the up and down arrows to move the cursor to each line in the security level menu. On each line press either Y or N. Select File Access. Select the type of access allowed for this file or device. Press either N, R or A. If N is selected, users with a matching security level will be denied access to this file or device. If R is selected, users with a matching security level will be given only read access to this file or device. If A is selected, users with a matching security level will be given read and write access to this file or device. In the LAN Watch system a user needs write access to rename or delete a file. Read access is required to run a program. Select Access to Report. Select the types of file accesses that you want recorded in the system log \ZZLOG\STATION.NN. Press either N, R, W or A. If N is selected, no information about this file or device will be written to the system logs. If R is selected, only reads of this file will be recorded in the system log. If W is selected, only writes and deletes of this file will be recorded in the system log. If A is selected, all accesses made of this file will be recorded in the system logs. Is this a new file? Press Y if this is a new file or device name that you want to add to the list. If you press Y the new name will be inserted in the list. Enter access group name. Enter a new name for this access group and then press the Enter key. If you do not want to change the name of this access group press the Enter key. Select an access group to define. Press a number from 1 to 7 to select the access group you wish to define. Enter a security level name. Enter a new name for this security level and then press the Enter key. If you do not wish to change the name of this security level press the Enter key or the Esc key. Select a security level to name. Press a number from 1 to 7 to select the security level you wish to name. Select an access group for user. Press a number from 1 to 7 to select a file access group for this user. Select a security level or levels for this user. Use the up and down arrows to move the cursor to each line in the security level menu. Press Y or N at each line in the security level menu to select the desired security levels. There is no implied hierarchy in the security levels. A user may be given any combination of the seven security levels. Enter an initial password for user. Enter an initial password for this user. Later, when the user logs in he will be able to change his password by running the Password program. There is one special password used in the LAN Watch system. If you enter a single asterisk '*' as the password, then the Logon program will allow either an asterisk or no password when logging on. If a user's password is set to '*', he can press the Enter key without entering a password when logging on. Is this a new user? If you want to add this name as a new user press the Y key. If this is not a new name press the N key and the program will move to the closest match in the current list of users. Edit or Add users. A user must have his name and password added to the Setup program's user list before he is able to log on to the system. Type the new user's name and press the Enter key. A user name may be a maximum of 18 characters long. When the user logs on, he has the option of adding a semicolon and job name to his user name. For example, if user ED logs on as ED;JOB 1 his time on will be added to the time for JOB 1. Job names do not have to be defined. After entering the user's name you will be prompted to enter the user's initial password. Type the user's password and press the Enter key. The user's password may be up to 12 characters long. Later, when the user has logged on to the system he may change his password by running the Password program. Once the password has been entered you will be prompted to enter the user's security levels. Press Y or N at each line in the security level menu to select the desired security levels. There is no implied hierarchy in the security levels. A user may be given any combination of the seven security levels. After selecting the user's security levels you will be prompted to select the file access group to which the user is assigned. Press a number from 1 to 7 to select the desired file access group. A user may be assigned to only one file access group. The user list is automatically sorted in name order. As the user list grows you may search for a particular user by typing in his name and then pressing the Enter key. To change an entry in the user list, move the cursor over the desired user name and press the Enter key. You will then be prompted to change the assigned security levels and file access group. To delete a user from the list, move the cursor over the name you wish to delete and press the Del key. You can print the user list by pressing the F9 function key. Setup Options There are five options in the Setup program. Press 1 to add a new user or edit an existing user. Press 2 to give names to the seven security levels. Press 3 to define or edit the file access groups. Press 4 to select the printer port, screen colors and time format. Press 5 to exit the Setup program. Select a printer port. Press a number from 1 to 6 to select the printer port that will be used when printing. Select text screen colors. Press: W for white letters on a black background. B for white letters on a blue background. G for green letters on a black background. C for white letters on a cyan background. Select help screen colors. Press: W for white letters on a black background. B for white letters on a blue background. G for green letters on a black background. C for white letters on a cyan background. Select help display speed. On older PCs you can significantly speed up the help display by setting this option to F. Select time format. Press M for a 24 hour format, e.g. 16:00 Press S for a 12 hour am/pm format, e.g. 4:00pm Select date format. Press 1 for MM/DD/YY Press 2 for DD/MM/YY Press 3 for YY/MM/DD Defining File Access Groups. The file access groups control who gets access to which programs, devices and files. The file access group list contains four columns of information. .. Finance files ...... Report Allowed Security Levels .. . FORECAST.90 Write All 1 . . FORECAST.90 None Read 2 3 4 5 6 7 . . *.* Write All 1 2 3 4 5 6 7 . ............................................................ The leftmost column gives the file, program or device name. This column may contain paths and the standard DOS wildcard characters '*' and '?'. The next column, titled 'Report', indicates which accesses will be recorded in the station log. The report column will contain either 'None', 'Read', 'Write' or 'All'. 'None' indicates that the system will not record any access information about the named file or device. An entry of 'Read' indicates that the system will record only read accesses of the named file or device. An entry of 'Write' indicates that the system will record only write and delete accesses of the named file or device. An entry of 'All' indicates that the system will record all read, write and delete accesses made of the named file or device. The next column, titled 'Allowed', indicates which accesses will be allowed. The allowed column works in conjunction with the rightmost column, titled 'Security levels', to control who gets access to what. If a security level of the current user matches a security level listed in the 'Security levels' column he will be allowed the access listed in the 'Allowed' column. The 'Allowed' column may contain either 'None', 'Read', or 'All'. 'None' indicates that no access is allowed. 'Read' indicates that only read access is allowed. 'All' indicates that read, write and delete accesses are allowed. It is not possible to allow write and delete access without giving read access. The 'Security levels' column may contain any combination of the seven security levels. The first time a program issues a read or write request for a particular file, the Logon program scans the current file access group list searching for a match that will allow the necessary access. Since the Logon program scans the access group list from top to bottom, the order of your entries is important. .. Finance files ...... Report Allowed Security Levels .. . . . *.* All All 1 2 3 4 5 6 7 . . FORECAST.90 All All 1 . . FORECAST.90 All Read 2 3 4 5 6 7 . . . ............................................................ Referring to the INCORRECT access group list above, if the current user has only a security level of 2, he will still have unlimited access to file FORECAST.90 since the Logon program will get a match when it evaluates the first line of the access group. To limit the user to read-only access of file FORECAST.90 the access group should be structured as shown below. .. Finance files ...... Report Allowed Security Levels .. . . . FORECAST.90 All All 1 . . FORECAST.90 All Read 2 3 4 5 6 7 . . *.* All All 1 2 3 4 5 6 7 . . . ............................................................ The order of entries in the access group list is controlled by the location of the cursor when you begin typing a new entry for the list. New entries are inserted before the line at the cursor. Whenever Logon encounters a wildcard character '*' or '?' it checks to see if a match has already failed for the desired file or device name. .. Finance files ...... Report Allowed Security Levels .. . . . FORECAST.90 All All 1 . . FORECAST.90 All Read 2 3 4 5 6 7 . . FORECAST.* All All 1 2 3 4 5 6 7 . . . ............................................................ Using the above access group list, a user with only security level 2 will not be able to write file FORECAST.90. The user will be able to write any other FORECAST file so long as it does not end with the suffix 90. Once a particular file or device name appears in the access group list each security level must be explicitly granted access to use it. .. Finance files ...... Report Allowed Security Levels .. . . . FORECAST.90 All Read 2 3 4 5 6 7 . . . ............................................................ Using the above access group list, a user with only security level 1 will not be able to use file FORECAST.90. To allow the security level 1 user access to file FORECAST.90 you must add another entry as in the following list. .. Finance files ...... Report Allowed Security Levels .. . . . FORECAST.90 All All 1 . . FORECAST.90 All Read 2 3 4 5 6 7 . . . ............................................................ Usually, when you make an entry in the access group list that restricts the access for certain security levels you will make a matching entry that allows access for other security levels. To restrict certain security levels from running a particular program set the 'Allowed' column to 'None'. For example, the following access group will allow only users with a security level of 1 to run the Report or Setup programs. Read access allows a user to run a program. .. Finance files ...... Report Allowed Security Levels .. . . . SETUP.EXE All Read 1 . 2 . SETUP.EXE All None 2 3 4 5 6 7 . . REPORT.EXE All Read 1 . 4 . REPORT.EXE All None 2 3 4 5 6 7 . . . . FORECAST.90 All All 1 . . FORECAST.90 All Read 2 3 4 5 6 7 . . *.* Write All 1 2 3 4 5 6 7 . . . ............................................................ Since each security level needs to be explicitly granted access to each name in the access group we may delete the 2nd and 4th lines of the list and still retain the same functionality. .. Finance files ...... Report Allowed Security Levels .. . . . SETUP.EXE All Read 1 . . REPORT.EXE All Read 1 . . . . FORECAST.90 All All 1 . . FORECAST.90 All Read 2 3 4 5 6 7 . . *.* Write All 1 2 3 4 5 6 7 . . . ............................................................ A similar method may be used when you want to give only certain security levels access to a file. For example, using the following access group list only users with a security level of 1 or 2 will be able to access file ACTUALS.90. .. Finance files ...... Report Allowed Security Levels .. . . . SETUP.EXE All Read 1 . . REPORT.EXE All Read 1 . . ACTUALS.90 All All 1 2 . . FORECAST.90 All All 1 . . FORECAST.90 All Read 2 3 4 5 6 7 . . *.* Write All 1 2 3 4 5 6 7 . . . ............................................................ The 'Report' column in the access group list controls what access information is written to the station logs. There are usually many files accessed by a program that you do not care to have the system track. For instance, files with a suffix of .TMP or .WRK are often temporary work files. To keep the station logs from using excessive disk storage you may want to eliminate the reporting of these files by setting the 'Report' column to 'None' as in the following. .. Finance files ...... Report Allowed Security Levels .. . . . *.TMP None All 1 2 3 4 5 6 7 . . *.WRK None All 1 2 3 4 5 6 7 . . SETUP.EXE All Read 1 . . REPORT.EXE All Read 1 . . ACTUALS.90 All All 1 2 . . FORECAST.90 All All 1 . . FORECAST.90 All Read 2 3 4 5 6 7 . . *.* Write All 1 2 3 4 5 6 7 . . . ............................................................ The best way to find out which files you do not want reported is to use the LAN Watch system for 1 day and then run the Report program. An examination of the file report will quickly show you what files to exclude. You may want to set the 'Report' column to 'Write' for those files that you do not care who reads. Actually, this is most often what we want. So, if we set the 'Report' column to 'Write' our sample access group will look like the following. .. Finance files ...... Report Allowed Security Levels .. . . . *.TMP None All 1 2 3 4 5 6 7 . . *.WRK None All 1 2 3 4 5 6 7 . . SETUP.EXE Write Read 1 . . REPORT.EXE Write Read 1 . . ACTUALS.90 Write All 1 2 . . FORECAST.90 Write All 1 . . FORECAST.90 Write Read 2 3 4 5 6 7 . . *.* Write All 1 2 3 4 5 6 7 . . . ............................................................ An exception to this may be when we publish a new set of policies and procedures that we want everyone to read. By setting the 'Report' column to 'Read' or 'All' we will later be able to run a report that shows who has actually read the new policies and procedures. .. Finance files ...... Report Allowed Security Levels .. . . . POLICIES.NEW All All 1 2 3 4 5 6 7 . . *.TMP None All 1 2 3 4 5 6 7 . . *.WRK None All 1 2 3 4 5 6 7 . . SETUP.EXE Write Read 1 . . REPORT.EXE Write Read 1 . . ACTUALS.90 Write All 1 2 . . FORECAST.90 Write All 1 . . FORECAST.90 Write Read 2 3 4 5 6 7 . . *.* Write All 1 2 3 4 5 6 7 . . . ............................................................ Careful use of the file access groups can eliminate software theft and the introduction of computer viruses into your computer. To eliminate software theft simply lock out selected users from writing to floppy drives A: and B:. In the following example only users with a security level of 1 can write to drives A: or B:. .. Finance files ...... Report Allowed Security Levels .. . . . A: Write Read 2 3 4 5 6 7 . . A: Write All 1 . . B: Write Read 2 3 4 5 6 7 . . B: Write All 1 . . *.TMP None All 1 2 3 4 5 6 7 . . *.WRK None All 1 2 3 4 5 6 7 . . FORECAST.90 Write All 1 . . FORECAST.90 Write Read 2 3 4 5 6 7 . . *.* Write All 1 2 3 4 5 6 7 . . . ............................................................ To eliminate the introduction of viruses lock out selected users from reading executable files (*.exe and *.com) from floppy drives A: and B:. In the following example only users with a security level of 1 can write to drives A: or B:, or can read an executable file from drives A: or B:. Other users will still be able to read a data file from drives A: or B:. .. Finance files ...... Report Allowed Security Levels .. . . . A:*.COM Write Read 1 . . A:*.EXE Write Read 1 . . A:*.* Write Read 2 3 4 5 6 7 . . A:*.* Write All 1 . . B:*.COM Write Read 1 . . B:*.EXE Write Read 1 . . B:*.* Write Read 2 3 4 5 6 7 . . B:*.* Write All 1 . . *.* Write All 1 2 3 4 5 6 7 . ............................................................ To positively exclude the introduction of new *.com or *.exe files you need to prevent a user from loading an executable file under a different name and then renaming it with a .exe or .com suffix. The following access list does that by giving only security level 1 users write access to *.exe or *.com files. In the LAN Watch system, renaming a file requires write access. Lines 9 through 12 in the following access list give security level 1 users the ability to write *.exe and *.com files, while restricting other users to read-only access. .. Finance files ...... Report Allowed Security Levels .. . . . A:*.COM Write Read 1 . . A:*.EXE Write Read 1 . . A:*.* Write Read 2 3 4 5 6 7 . . A:*.* Write All 1 . . B:*.COM Write Read 1 . . B:*.EXE Write Read 1 . . B:*.* Write Read 2 3 4 5 6 7 . . B:*.* Write All 1 . 9 . *.EXE Write All 1 . . *.COM Write All 1 . . *.EXE Write Read 2 3 4 5 6 7 . . *.COM Write Read 2 3 4 5 6 7 . . *.* Write All 1 2 3 4 5 6 7 . ............................................................ I suggest that you group similar file names to make your file list more readable. You should also list more restrictive names before less restrictive names (*.COM is more restrictive than *.*, FORECAST.90 is more restrictive than FORECAST.*). When setting up an access group list you should always keep one name/password combination assigned to a different access group list that you know works. This is a precaution to insure that you will always be able to get back into the Setup program even if you completely mess up the access group on which you are working. You may change the file access groups at any time, but the changes you make will not take affect until the next time you log on.