Smart Security for Windows NT

Smart Security is a Windows NT service which allows the administrator of the machine, or the domain, to set permissions for the local devices of the machine. This is achieved by including users into the membership of some special user groups: These groups can be local, or can be 'global' groups held on the server.

If the user is a member of the group, then they will be allowed to use that particular local device. If the user isn't a member of the appropriate group, then permission will be denied, and they will not be permitted to access that device. If there is no group relating to a particular device, then everybody has access to that device.

Administrators of both the local machine, or the domain, are granted complete access to all devices.

Using a software based approach such as this has considerable advantages over the traditional approach using a physical lock on the floppy drive - there are no keys to manage; it's easy for support personnel to gain access to the floppy drive simply by logging on; and it's not easy currently to restrict access to CD drives and Printer or Com Ports any other way.

The special group names are as follows:

SS_Floppy	Any removable media recognised as Floppy Disks
SS_CD-ROM	CD ROM Drives
SS_RemovableDisk	All removable media not recognised as Floppy Disks
SS_SerialPort	Serial Ports (COM1 through 8)
SS_ParallelPort	Parallel Ports (LPT1 though 4)

Installation Instructions:

As an NT Service this product cannot be automatically installed - you must follow the instructions below after running the installer which will copy the files to a temporary directory on your hard drive that you can delete afterwards.

1. Set up the user groups you wish to implement.
2. Copy SmartSec.exe and SmartSec.hlp from the temporary directory the installer created to a suitable location on the Hard Disk of the machine you wish to install to (it MUST be installed locally, and not on a Network Drive). An ideal location is the System32 sub-directory of your Windows NT directory. If you are installing a licensed version, then you should copy the SmartSec.dll file to the same location as the .EXE.
3. Using an account with Administration privileges, execute the SmartSec.exe. You will be presented with a dialog, and you should press the 'Install' button.
4. You should be notified that the service was installed correctly. If you wish to check this, then it can be confirmed by viewing its status in the 'Services' applet within Control Panel. The status should read 'Started' and the startup should be 'Automatic'.

NB. For installations on versions of Windows NT prior to Release Candidate 1.3, that include the SS_CD-ROM group, an extra item will be added to the 'Shell' entry in the HKEY_LOCAL_MACHINE area of the registry. This is to work around a bug in the CDFS of these versions of NT. For more information, please refer to the FAQ section. of the Help File.

Removal Instructions

1. Using an account with Administration privileges, run SmartSec.exe.
2. You will be presented with a dialog asking if you wish to remove the service. If you answer 'Yes' then the service will be stopped, and then removed from the service list.
3. At this point, you can delete the SmartSec.exe (and SmartSec.dll in the case of a licensed version) if you wish.
4. You can now remove any of the 'SS_' user groups that you have created.