home *** CD-ROM | disk | FTP | other *** search
Text File | 1992-12-09 | 124.3 KB | 2,570 lines |
-
-
-
-
-
-
-
- PC-Vault Version 4.5f
- Hard Disk Protection System
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Administrator's Manual
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- (c) Copyright 1985, 1991 by
- Johnson Computer Systems, Inc.
- 20 Dinwiddie Place
- Newport News, VA 23602
- (804) 872-9583
-
-
-
-
-
- Table of Contents
-
-
- THANK YOU . . . . . . . . . . . . . . . . . . . . . . . . . . 4
-
- ABOUT THIS MANUAL . . . . . . . . . . . . . . . . . . . . . . 4
-
- WHAT PC-VAULT DOES . . . . . . . . . . . . . . . . . . . . . 5
-
- RESTRICTIONS . . . . . . . . . . . . . . . . . . . . . . . . 6
-
- DISCLAIMER OF WARRANTY . . . . . . . . . . . . . . . . . . . 6
-
- YOUR PC-VAULT LICENSE . . . . . . . . . . . . . . . . . . . . 7
-
- USING PC-VAULT MENUS . . . . . . . . . . . . . . . . . . . . 8
-
- PC-VAULT PASSWORDS AND USER NAMES . . . . . . . . . . . . . . 8
-
- BEFORE INSTALLING PC-VAULT . . . . . . . . . . . . . . . . . 9
- The Logo Program . . . . . . . . . . . . . . . . . . . . 9
- The HelpUser Program . . . . . . . . . . . . . . . . . . 10
- Pre-installation Setup . . . . . . . . . . . . . . . . . 11
-
- HOW TO INSTALL PC-VAULT . . . . . . . . . . . . . . . . . . . 13
-
- USING THE PC-VAULT MAIN PROGRAM . . . . . . . . . . . . . . . 15
-
- HOW TO USE THE MAIN MENU . . . . . . . . . . . . . . . . . . 15
- Installing PC-Vault MS-Windows Support . . . . . . . . . 15
- Changing User Names, Passwords and Password Attributes . 16
- Changing a User's Name or Password . . . . . . . . 16
- Changing the Number of DAYS Passwords Remain
- Valid . . . . . . . . . . . . . . . . . . . . 16
- Changing the number of Different Passwords
- REQUIRED . . . . . . . . . . . . . . . . . . . 17
- Selecting What Will be Displayed During Password
- Definition . . . . . . . . . . . . . . . . . . 17
- Selecting PC-Vault Options . . . . . . . . . . . . . . . 17
- MAXIMUM floppy boot protection . . . . . . . . . . 18
- DISPLAY password entry asterisks . . . . . . . . . 18
- SIDEKICK compatibility mode . . . . . . . . . . . . 18
- CTRL-BREAK prohibited during boot . . . . . . . . . 18
- TIME/date change prohibited . . . . . . . . . . . . 19
- BLANK screen during LunchBreak . . . . . . . . . . 19
- FREEZE computer during LunchBreak . . . . . . . . . 19
- ALL users may exit LunchBreak . . . . . . . . . . . 19
- SPECIAL display blanking . . . . . . . . . . . . . 19
- User NAMES are required . . . . . . . . . . . . . . 19
- USER may change his/her name . . . . . . . . . . . 19
- Selecting Limits . . . . . . . . . . . . . . . . . . . . 19
- Maximum keyboard IDLE time . . . . . . . . . . . . 20
-
- PC-Vault 4.5f Administrator's Manual - Page 2
-
-
-
-
-
- Minimum number of PASSWORD characters . . . . . . . 20
- Maximum invalid logons before ALARM . . . . . . . . 20
- Maximum invalid logons before LOCKOUT . . . . . . . 20
- SECONDS to wait before auto logon . . . . . . . . . 20
- Alternate KEYBOARD/clock handling . . . . . . . . . 21
- Locking and Unlocking PC-Vault Related Files . . . . . . 21
- Accessing Your Fixed Disk When Booting From a Diskette . 21
- Removing PC-Vault From Your Computer . . . . . . . . . . 22
- The PC-Vault Hot Key . . . . . . . . . . . . . . . . . . 22
- Selecting Automatic LunchBreak . . . . . . . . . . . . . 22
- Controlling User Access to Directories [+] . . . . . . . 23
- Controlling Logging of User Activity [+] . . . . . . . . 25
-
- USING THE PC-VAULT PROGRAM AFTER PC-VAULT IS INSTALLED . . . 27
-
- USING PC-VAULT ON LIMITED SYSTEMS . . . . . . . . . . . . . . 27
-
- YOUR PC-VAULT FILES . . . . . . . . . . . . . . . . . . . . . 28
-
- OPTIONAL PC-VAULT FILES . . . . . . . . . . . . . . . . . . . 34
-
- IN CASE OF DIFFICULTY . . . . . . . . . . . . . . . . . . . . 34
-
- HOW TO ORDER PC-VAULT 4.5f . . . . . . . . . . . . . . . . . 36
-
- PC-VAULT VERSION 4.5f ORDER FORM . . . . . . . . . . . . . . 37
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- PC-Vault 4.5f Administrator's Manual - Page 3
-
-
-
-
-
- THANK YOU
-
- Thank you for investing in PC-Vault (formerly PC-Lock) version
- 4.5f. We believe you will find it to be an effective and
- convenient security system for your IBM-PC/XT/AT/PS2 or
- compatible. Version 1.1 was reviewed in the June 23, 1987 issue
- of PC-Magazine and listed among "The Best of the Best Utilities."
- Subsequent versions have provided enhanced security and many new
- features. Please note that you are not licensed to use this
- software until you have read and agree to the "DISCLAIMER OF
- WARRANTY" and "YOUR PC-VAULT LICENSE" beginning on page 6.
-
- If you have any suggestions for improvements, please tell us
- about them. While we cannot make every change in either the
- manuals or the programs which has been suggested by our users, we
- do give careful consideration to each suggestion and have
- implemented many of them.
-
-
-
- ABOUT THIS MANUAL
-
- This Administrator's Manual is written for the PC-Vault and/or
- PC-Vault Plus administrator. It provides complete information
- for installing and using both products. The name "PC-Vault" is
- used to refer to both PC-Vault and PC-Vault Plus unless the text
- explicitly states otherwise. Sections which describe features
- which are only available in PC-Vault Plus are indicated by "[+]".
-
- The features of PC-Vault are accessed from a few simple menus.
- This manual describes each menu and provides a detailed
- description of each feature accessible from that menu. Several
- features, such as defining a password, may be accessed from more
- than one menu. These features are fully described along with the
- administrator's main menu.
-
- The following optional programs are briefly described in this
- manual:
-
- Logo - Allows you to design your own logon screen,
-
- HelpUser - Allows granting one-time emergency access
- without knowing any passwords and without
- compromising security.
-
-
- If there is a file named READ-ME.1ST on your distribution
- diskette, please read it before proceeding. It contains
- information on last minute enhancements to the program and its
- associated manuals.
-
-
-
- PC-Vault 4.5f Administrator's Manual - Page 4
-
-
-
-
-
-
- WHAT PC-VAULT DOES
-
- After you install PC-Vault you will be asked to enter a password
- each time your computer is booted from its hard disk. Just type
- your password and press Enter. The boot process will then
- continue normally. When you boot from a diskette, the system
- will boot normally, but you will not be able to access your hard
- disk.
-
- The PC-Vault LunchBreak feature provides protection for your
- computer when it is running but the operator is not physically
- present. When a computer is in the LunchBreak state:
-
- The screen is completely blank,
-
- The keyboard is locked, and
-
- Processing continues normally.
-
- This means that a large spread sheet computation, data base
- operation, or other process will continue normally during
- LunchBreak. A "would be" observer will not be able either to see
- or exercise control over the operation.
-
- LunchBreak may be activated by pressing the user selectable PC-
- Vault hot key. If you so choose, the LunchBreak feature will be
- automatically activated after a selectable period of keyboard and
- mouse inactivity. When the correct password is entered, the
- screen and keyboard will return to normal operation. This
- feature not only provides protection for the data on the PC's
- hard disk but also protects any mainframe or network to which the
- PC is logged on.
-
- As PC-Vault administrator you may:
-
- - Prevent users from using Ctrl-Brk to exit AUTOEXEC.BAT,
- - Force each user into a specific application,
- - Prevent users from obtaining a DOS prompt,
- - Change any user's name and/or password,
- - Define a minimum password length,
- - Require users to enter both their user name and password,
- - Require automatic LunchBreak and select a maximum keyboard
- idle time,
- - Remove PC-Vault from the computer,
- - Display a list of illegal logon attempts,
- - Access the hard disk when booting from a diskette, and
- - Control several other aspects of PC-Vault operation.
-
-
-
-
-
- PC-Vault 4.5f Administrator's Manual - Page 5
-
-
-
-
-
- As PC-Vault Plus administrator you may also,
-
- - Grant or deny read/write/execute access to specific hard
- disk directories on a per user basis,
- - Disallow sector oriented disk read/writes,
- - Grant or deny read/write/execute access to diskettes, and
- - Obtain a log (history) of the activity of each user
- including illegal access attempts, programs executed,
- and files accessed.
-
- This software security program is probably somewhat more secure
- than a dead bolt lock on your front door. A sufficiently
- knowledgeable and determined individual will be able to
- circumvent the system, as indeed any software security system can
- be circumvented. The level of protection provided is, however,
- sufficient for most purposes and exceeds that of any similar
- program known to us.
-
-
-
- RESTRICTIONS
-
- Norton Cache version 6.0 contains a very serious bug which may
- destroy all of the data on your hard disk if you have both Norton
- Cache Intelliwrites and PC-Vault Maximum Floppy Boot Protection
- enabled at the same time. (It may also cause similar problems
- when used with other disk related software products.) This bug
- was fixed in Norton Cache version 6.01 which was distributed free
- to all registered version 6.0 users. We strongly recommend that
- you upgrade to version 6.01 on all your machines whether or not
- you plan to use PC-Vault on them.
-
- PC-Vault may work with Windows versions 1.x or 2.x but we no
- longer explicitly support versions prior to 3.0. Currently, the
- LunchBreak feature does not work reliably when you are in a
- Windows DOS Box. This will be fixed in a forthcoming release.
-
- PC-Vault will not install if your hard disk uses a non-standard
- sector size.
-
- Your hard drive(s) must not contain partitions belonging to
- operating systems other than DOS.
-
- Do not use FDISK or other partitioning software while PC-Vault is
- installed.
-
-
- DISCLAIMER OF WARRANTY
-
- PC-Vault, PC-Vault Plus, AND ASSOCIATED SOFTWARE AND THIS
- DOCUMENTATION ARE SOLD "AS-IS" AND WITHOUT WARRANTIES AS TO
- PERFORMANCE OR MERCHANTABILITY. THE SELLER'S SALESPERSONS AND/OR
-
- PC-Vault 4.5f Administrator's Manual - Page 6
-
-
-
-
-
- THIS OR OTHER DOCUMENTATION PROVIDED BY JOHNSON COMPUTER SYSTEMS,
- INC. MAY HAVE MADE STATEMENTS ABOUT THIS SOFTWARE. ANY SUCH
- STATEMENTS DO NOT CONSTITUTE WARRANTIES AND SHALL NOT BE RELIED
- ON BY THE BUYER IN DECIDING WHETHER TO PURCHASE AND/OR USE THIS
- PROGRAM.
-
- PC-Vault, PC-Vault Plus, AND ASSOCIATED SOFTWARE AND THIS
- DOCUMENTATION ARE SOLD WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES
- WHATSOEVER. BECAUSE OF THE DIVERSITY OF CONDITIONS AND HARDWARE
- UNDER WHICH THIS PROGRAM MAY BE USED, NO WARRANTY OF FITNESS FOR
- A PARTICULAR PURPOSE IS OFFERED. THE USER IS ADVISED TO BACKUP
- ALL DATA ON HARD DISKS BEFORE TRYING IT, AND TO THOROUGHLY TEST
- IT BEFORE RELYING ON IT. THE USER MUST ASSUME THE ENTIRE RISK OF
- USING THE PROGRAM. ANY LIABILITY OF SELLER OR MANUFACTURER WILL
- BE LIMITED EXCLUSIVELY TO PRODUCT REPLACEMENT OR REFUND OF THE
- PURCHASE PRICE.
-
- If within ninety days after we ship your order, you wish to
- discontinue using PC-Vault because it does not perform to YOUR
- expectations or because you do not agree with the terms and
- conditions under which it is sold, we will be happy to refund
- your full purchase price. Just write to us stating that you do
- not and will not have PC-Vault installed on any of your
- computer(s) and that you no longer have any copies of the
- program. Enclose the original PC-Vault diskette(s) with your
- letter. We would appreciate a description of any problem(s) you
- encountered, but you are in no way obligated to provide one.
-
-
-
- YOUR PC-VAULT LICENSE
-
- AFTER you have read and AGREE TO the Disclaimer of Warranty you
- are licensed to install and use PC-Vault Version 4.5f on the
- number of computers for which you have paid the license fee as
- shown in the fee schedule on page 36. Removing PC-Vault from one
- computer and installing it on another is specifically permitted
- and does not increase the number of computers for which the
- license fee must be paid. Any form of disassembly or reverse
- engineering of any portion of any version of PC-Vault is
- specifically not included in your license or granted by it and is
- explicitly prohibited.
-
- PC-Vault Version 4.5f is a fully copyrighted software product and
- Johnson Computer Systems, Inc. reserves all rights which are not
- specifically granted in this license.
-
-
-
-
-
-
-
- PC-Vault 4.5f Administrator's Manual - Page 7
-
-
-
-
-
- USING PC-VAULT MENUS
-
- Each menu contains the list of functions which you may perform
- when that menu is displayed. You may select any item from a menu
- simply by
-
- Pressing the letter displayed in front of that item, or
-
- Using the "up" and/or "down" cursor control keys to position
- the light-bar (inverse video bar) over the item and pressing
- Enter.
-
- Additional information about a function may be displayed by
- moving the light bar to the item and pressing the "?" key.
- Letters and the "?" may be typed in either upper or lower case.
- Either the Escape or the "E" keys may be used to exit any menu.
- The menus shown in this manual may differ slightly from those
- displayed on the screen due to page/screen size limitations.
-
-
-
- PC-VAULT PASSWORDS AND USER NAMES
-
- All PC-Vault passwords consist of zero to sixteen characters
- (key-strokes). The minimum password length may be set to any
- value from zero to sixteen. User names are optional. If used,
- they must be from one to seven characters in length. User names
- are set by the administrator, and may also be set by the user if
- the administrator has granted that permission.
-
- You must enter a password (and at the administrator's option, a
- user name) whenever the computer is booted from the hard disk,
- whenever you wish to exit LunchBreak, and whenever the PC-VAULT
- program is started.
-
- If user names are required, begin by entering your user name and
- pressing the Enter key. Then enter your password and press the
- Enter key. If the entry is incorrect you will hear a beep and
- the system will wait for you to start the process over with the
- user name.
-
- The backspace key may be used to correct errors in the normal
- manner. The escape key may be used to terminate the present
- attempt and start all over. The Enter key signifies the end of
- your user name or password.
-
- After entering a password, you may hear a sequence of "beeps"
- alternating between two tones. This is called an alarm and
- occurs when a number of consecutive incorrect user name/password
- entries have been entered. The number of consecutive incorrect
- entries required to trigger the alarm is determined by the
- administrator. If the number of consecutive errors exceeds
-
- PC-Vault 4.5f Administrator's Manual - Page 8
-
-
-
-
-
- another limit, also chosen by the administrator, the machine will
- sound the alarm and then lock for five minutes following each
- incorrect entry. Turning the machine off will not influence the
- count of incorrect entries. If the machine is turned off during
- a five minute lock-up, the five minutes will be repeated from the
- beginning when the machine is next re-booted.
-
- For more information on user names and passwords, see the section
- on changing passwords on page 16.
-
-
-
- BEFORE INSTALLING PC-VAULT
-
- You may skip this section and go directly to the "INSTALLING PC-
- VAULT" section if:
- You are not using PC-Vault Plus, and
- You only want one password on your computer, and
- You do not have the optional HelpUser or Logo programs.
-
- You, as administrator, may select an original administrator
- password and make several other choices about how you want PC-
- Vault to work on your computer(s). This is done by using one or
- more of the three programs described in this section to modify a
- copy of the PC-Vault program itself before you install it. You
- may then use the modified copy to install PC-Vault on one or more
- computers and your administrator password and other selections
- will automatically be in effect.
-
- Please place a diskette containing a COPY of the file PC-
- VAULT.EXE in drive A:. Your original PC-Vault diskette is not
- copy protected and may easily be copied using the COPY command.
- The DISKCOPY command will not work, so please use COPY.
-
- THE CHOICES YOU MAKE IN THIS SECTION WILL ONLY AFFECT THE COPY OF
- PC-VAULT.EXE THAT IS ON THE DISKETTE IN DRIVE A:. NO CHANGES
- WILL BE MADE TO THE COMPUTER YOU ARE USING.
-
- The three programs which may be used are HelpUser, Logo, and PC-
- Vault itself. These programs may be used in any order. HelpUser
- and Logo are optional programs whose functions are described in
- the next two sections. Detailed instructions for using PC-Vault
- to select an initial administrator password and other features of
- PC-Vault are included in the "Pre-installation Setup" section
- starting on page 11.
-
-
- The Logo Program
-
- The Logo program allows you to design the appearance of the user
- name/password request screen that is displayed when you boot your
- computer. You may completely replace our logo and messages.
-
- PC-Vault 4.5f Administrator's Manual - Page 9
-
-
-
-
-
- Logo provides something similar to a full screen editor which is
- used to design your logon screen. Once it is designed, you may
- save your design to a file which you can recall at any later time
- for additional editing, and/or you may install your design into
- PC-VAULT.EXE replacing our screen with your design.
-
- You may wish to install your company's logo, or have a misleading
- screen such as "System Board Error 101". If you are using PC-
- Vault Plus, you might provide very restricted access to anyone
- who desires to use the system and greater access to specified
- users. You could accomplish this by assigning a password of
- GUEST and using Logo to create a boot time message such as,
- "Please enter your password (if you only wish to use the modem,
- enter GUEST)." Complete documentation is provided with the Logo
- program.
-
-
- The HelpUser Program
-
- The HelpUser program allows a corporate security officer (CSO) to
- grant one time access to a machine without the physical presence
- of the security officer and without either the CSO or the user
- knowing any passwords. Subsequent access to the same or another
- machine will require a new approval by the security officer. The
- CSO will not be able to grant access to machines other than those
- in his organization.
-
- Each copy of HelpUser is unique, and may be run in either the
- normal mode or in a special configuration mode. When HelpUser is
- run in the configuration mode, it reads a copy of PC-Vault from a
- diskette, modifies it to work only with that specific copy of
- HelpUser and writes PC-Vault back to the diskette. The modified
- copy of PC-Vault may then be installed on the organization's
- computers.
-
- When an individual needs to gain access to a computer, but
- doesn't know a valid password, he must call the CSO and convince
- him/her to grant the access. The CSO then instructs the user to
- start the PC-Vault program with a special parameter. Instead of
- requesting the user to enter a password, PC-Vault will display
- the message:
-
- Please read the following string to your
- security officer: AZq9-Q=4.
-
- Then enter the EXACT string you receive in return:
-
- The string displayed (AZq9-Q=4 in the above example) is randomly
- generated and will be different each time. PC-Vault will use the
- displayed string to compute, but not display, two response
- strings. The CSO must start HelpUser and enter the exact string
- which the user read to him. HelpUser will then display both of
-
- PC-Vault 4.5f Administrator's Manual - Page 10
-
-
-
-
-
- the responses for which PC-Vault is waiting. One response will
- have the same result as entering the administrator's password.
- The other will have the same result as entering the password for
- user 1. The CSO simply tells the user the string which
- corresponds to the privilege he wishes to grant. Complete
- documentation is provided with the HelpUser program.
-
-
- Pre-installation Setup
-
- Pre-installation setup is a simple process that allows the system
- administrator to modify a copy of the PC-Vault main program (PC-
- VAULT.EXE) so that it automatically works as desired on each
- computer on which it is subsequently installed. Pre-installation
- set up is optional for PC-Vault but is required for PC-Vault
- Plus. If the setup is not done, you will be able to use only one
- password. If you do not wish to perform the setup you may go to
- the "HOW TO INSTALL PC-VAULT" section on page 13.
-
- THE PRE-INSTALLATION PROCESS DESCRIBED IN THIS SECTION MAKES NO
- CHANGES TO THE COMPUTER USED TO PERFORM IT. IT MODIFIES ONLY THE
- PC-VAULT.EXE FILE ON THE DISKETTE.
-
- To setup PC-Vault, place a diskette containing a copy of the file
- PC-VAULT.EXE (not your original please) in drive A:. (If you wish
- to use drive B: rather than A: enter the DOS command ASSIGN B=A
- at the DOS prompt. This will cause your computer to treat drive
- B: as though it were drive A:) Then enter:
-
- PC-VAULT /P
-
- The screen shown in Fig. 1 will be displayed. Read the screen
- and then press any key. The screen shown in Fig. 2 will be
- displayed. This may seem somewhat redundant, but experience has
- indicated the value of asking this question one more time. When
- you are certain you are not using your original diskette press Y
- to continue.
-
- If you have not previously defined an administrator password, the
- pre-installation main menu shown in Fig. 4 will be immediately
- displayed. If you have already done pre-installation setup on
- the copy of PC-Vault in drive A: to define an administrator
- password, the screen shown in Fig. 3 will be displayed. In this
- case you must enter your password in order to get to the screen
- shown in Fig. 4. Please review USING PC-VAULT MENUS on page 8
- for general information on menus.
-
- An original administrator password must be defined prior to
- installation in any of the following situations:
-
- - You are using PC-Vault Plus,
- - You wish to have an administrator password, or
-
- PC-Vault 4.5f Administrator's Manual - Page 11
-
-
-
-
-
- - You wish to have more than one user password.
-
- The P (Define Original Passwords and Names) menu item allows you
- to define original passwords, user names, password lifetimes,
- etc. for each user. Defining an administrator password enables
- PC-Vault's multi-user features. The exact procedure and the
- screens you will see during are discussed in "Changing User
- Names, Passwords and Password Attributes" on page 16.
-
- The O (Select OPTIONS) menu item allows you to determine the way
- PC-Vault will operate once it is installed. Any options you
- select at this time may also be selected and/or deselected by
- you, as administrator, after installation. For additional
- information on this subject see "Selecting PC-Vault Options" on
- page 17.
-
- The S (SET Limits) menu item allows you to set bounds on certain
- user selections such as minimum password length, maximum invalid
- logons, and maximum keyboard/mouse idle time before LunchBreak is
- automatically invoked, etc. For detailed information on limits
- see "Setting Limits" on page 19.
-
- The L (LOCK files during installation) option will cause the
- CONFIG.SYS, AUTOEXEC.BAT, and CLEANDSK.DRV (the PC-Vault device
- driver) files to be locked during installation. Locked files can
- not be altered by anyone other than the system administrator. A
- user cannot delete them or change their names, contents, or
- attributes. For additional information on locked files see
- "Locking and Unlocking PC-Vault Related Files" on page 21.
-
- The W (Choose WHO will install PC-Vault) option allows you to
- choose whether the administrator's or user's menu will be
- displayed after PC-Vault is installed. If the administrator's
- menu is displayed, the person who installed PC-Vault will be able
- to change all user names, passwords, options, and limits. In the
- case of PC-Vault Plus, directory access permissions and logging
- levels can also be changed. If the user's menu is displayed, the
- user may change only the User 1 password and perform other
- functions available to all users. If you choose to have the
- administrator's menu displayed, you will be asked if you wish to
- require the administrator's password to be entered in order to
- install PC-Vault. This will prevent unauthorized persons from
- installing PC-Vault, and ensure that the installer knows the
- administrator password.
-
- The R (RECORD your choices for later use) option causes the file
- PC-VAULT.EXE in drive A: to be modified to incorporate your
- administrator password and other selections. When you use this
- copy of PC-VAULT.EXE to install PC-Vault on a computer, your
- selections will be written to the computer's hard disk and will
- automatically be in effect.
-
-
- PC-Vault 4.5f Administrator's Manual - Page 12
-
-
-
-
-
-
-
- HOW TO INSTALL PC-VAULT
-
- Before installing PC-Vault, it is important that you read the
- warranty disclaimer and the terms of your license starting on
- page 6. You are not licensed to install and/or use this program
- until you have read and agree with the terms and conditions
- contained in those sections. Thank you.
-
- While we have a very high degree of confidence in PC-Vault, it is
- impossible to guarantee that any software program will work on
- all the millions of differently configured systems on which it
- may be used. For this reason we ask that you ensure you have a
- current backup of your hard disk before you install PC-Vault. We
- do not anticipate that you will experience any problems in
- installing and using PC-Vault, but we do want you to be able to
- recover in the unlikely event a problem does occur.
-
- If you have an earlier version of PC-Vault installed on your
- computer, please remove it by using that version of PC-Vault.
- (NOTE: Your earlier version may have been called PC-Lock.)
-
- You will need to have the file PC-VAULT.EXE on a diskette drive
- or on your hard disk. To install or use PC-Vault simply enter
-
- PC-VAULT
-
- You may need to type the drive letter if the drive containing PC-
- Vault is not the default drive, for example:
-
- A:PC-VAULT or C:PC-VAULT or C:\PCV\PC-Vault
-
- If PC-Vault is not already installed, the menu shown in Fig. 5
- will be displayed. Simply select the "INSTALL PC-Vault" option
- and PC-Vault will install itself on your computer. After PC-
- Vault installation has been completed a screen giving important
- information will be displayed. Please read the entire screen
- carefully. After reading the screen, press any key and a main
- menu will be displayed. Please note that a file named
- CLEANDSK.DRV has been placed in the root directory of your hard
- drive and the line DEVICE=CLEANDSK.DRV has been placed at the
- beginning of your CONFIG.SYS file. Do not delete the file or the
- device statement. They will be removed automatically when you
- de-install PC-Vault. If you wish to de-install PC-Vault, use the
- "Remove PC-Vault from this computer" option described on page 22.
-
- The installation process is completed by selecting any desired
- items from the main menu. For a complete description of the use
- of this menu see "HOW TO USE THE MAIN MENU" on page 15. When all
- desired selections (if any) have been made, select the E (END
- THIS PROGRAM) option to return to DOS. Protection is now in
-
- PC-Vault 4.5f Administrator's Manual - Page 13
-
-
-
-
-
- effect. The LunchBreak feature will not be available until you
- reboot your computer.
-
- If you are using DOS 5.0 or a memory manager you may wish to
- install the PC-Vault device driver in Upper Memory Blocks (UMB),
- or in rare instances, you may need to place the PC-Vault DEVICE
- statement at another location in your CONFIG.SYS file. You may
- use any text editor or word processor to modify the DEVICE =
- CLEANDSK.DRV statement and/or to move it to the desired location.
- If you expect to remove and re-install PC-Vault from time to
- time, we suggest placing one of the following lines in your
- CONFIG.SYS file:
-
- Rem CLEANDSK.DRV here
- Rem CLEANDSK.DRV here (High)
- Rem CLEANDSK.DRV here (Special,text)
-
- PC-Vault will place its DEVICE statement immediately following
- any of the above lines. If "(High)" is included, PC-Vault will
- use a standard DOS DEVICEHIGH statement. If "(Special,
- text)" is included, PC-Vault will create the following CONFIG.SYS
- line:
-
- Device=text CleanDsk.Drv
-
- This allows automatic creation of Device statements for QEMM or
- other memory managers. For example, using:
-
- Rem CleanDsk.Drv here (Special,c:\qemm\loadhi.sys /r:2)
-
- will create the line:
-
- Device=c:\qemm\loadhi.sys /r:2 CleanDsk.Drv
-
- Later versions of DOS ignore any CONFIG.SYS statement beginning
- with "Rem". Earlier versions will display a message stating that
- they cannot recognize the statement but will otherwise ignore it.
-
- If PC-Vault is already setup as you desire, you may do a quick
- installation by entering:
-
- PC-VAULT /I or
- PC-VAULT /I /W
-
- at the DOS prompt or from within a batch file instead of
- selecting Install from a menu. Use the second form if you wish
- to also install MS-Windows support (described on page 15).
-
-
-
-
-
-
- PC-Vault 4.5f Administrator's Manual - Page 14
-
-
-
-
-
- USING THE PC-VAULT MAIN PROGRAM
-
- If you run the PC-Vault program when PC-Vault is already
- installed on the computer, you will immediately be asked to enter
- your password. The administrator password or any user password
- may be entered. If the administrator has so required, you will
- also have to enter your user name. As soon as a password is
- correctly entered, one of three main menus will be displayed.
- The PC-Vault Plus administrator's main menu is shown in Fig. 6.
- The PC-Vault administrator's menu is the same except that the
- last two items which control access to directories and logging
- are not present. The user's main menu contains only items E, H,
- W, P, K, and I.
-
-
- HOW TO USE THE MAIN MENU
-
- For general information on using menus, see "HOW TO USE PC-VAULT
- MENUS" on page 8. You may return to DOS from the main menu by
- selecting the E option or by pressing the Esc key. The following
- sections describe the use of each main menu option.
-
-
- Installing PC-Vault MS-Windows Support
-
- Before using the LunchBreak feature with Windows, you must
- install PC-Vault Windows support by either of two methods: (1)
- Use the /W switch on the PC-Vault command line when you are
- installing PC-Vault, or (2) Select the W option from the main
- menu. This method may be used any time after PC-Vault is
- installed.
-
- Either method will cause PC-Vault to search for your Windows
- directory, add the files DRVR-APP.EXE and DRVR-DLL.DLL to the
- directory, and append the characters "DRVR-APP.EXE" to the load
- statement in your WIN.INI file. If PC-Vault cannot find your
- Windows directory, it will ask you to enter the directory's drive
- and path. If you are using the /W switch you may specify the
- directory by /W=drive:path. For example, if your Window's
- directory is on drive E: and is named MAIN, you may use:
-
- PC-Vault /W=E:\MAIN
-
- If you will be using Windows, do not select the "Freeze Computer
- during LunchBreak" option (page 19) or set the "Alternate
- Keyboard/Clock Handling" limit (page 21) to a non-zero value.
-
- NOTE - It is no longer necessary to select the Special Display
- Blanking option when using a VGA display with Windows.
-
-
-
-
- PC-Vault 4.5f Administrator's Manual - Page 15
-
-
-
-
-
- Changing User Names, Passwords and Password Attributes
-
- You may change user names, passwords and password attributes by
- selecting the P (Change PASSWORD) option in the main menu. If
- the administrator is using PC-Vault, the screen shown in Fig. 7
- will appear.
-
- - Changing a User's Name or Password
- Enter the user number of the user whose name and/or password you
- wish to change. A screen similar to that shown in Fig. 8 will
- allow you to change the name associated with the selected user.
- If you just press Enter, the name will not be changed and you
- will go directly to the password definition screen shown in
- Fig. 9. If you enter a new name you will be asked to enter it
- again to be sure you entered it correctly. The administrator may
- require that user names be entered whenever a password is
- required, so please be certain that you remember your user name.
- If user names have not been assigned, the default names of Admin,
- User 1, User 2, etc., will be used. If you cannot change user
- names, please see "USING PC-VAULT ON LIMITED SYSTEMS" on page 27.
-
- After the name has been defined the upper portion of Fig. 9 is
- displayed. Please read the screen and then enter the new
- password of your choice. If you do not wish to change the
- password, press the escape key. The default password for User 1
- is PASSWORD. There is no default password for other users. The
- example in the figure shows that the user has selected "SECRET-
- STUFF" as the new password. After you enter your password you
- will be asked to enter it one or two more times to be certain it
- has been entered correctly. The lower portion of the screen
- shown in Fig. 9 is then displayed and the new password is stored.
-
- Passwords are stored in an encrypted form. Whenever you enter a
- password to gain access, it is encrypted and then compared to the
- stored value. It is impossible for us to decrypt passwords. It
- is, therefore, extremely important for the administrator to
- remember his/her password. If the password is forgotten and your
- organization has not already purchased and installed the HelpUser
- program, it will be necessary to perform a low level format of
- your hard disk. If there were another way to get in, the
- security provided by PC-Vault would be seriously compromised.
-
- - Changing the Number of DAYS Passwords Remain Valid
- System security can be enhanced by requiring users to change
- their passwords periodically. If the number of days is set to a
- value other than zero, it specifies the number of days a newly
- defined password remains valid. A value of zero means that a
- password will never expire.
-
- Any time you enter an expired password, you will be required to
- change it before gaining access. A user may try to prevent
- expiration by setting the PC's clock/calendar back. For this
-
- PC-Vault 4.5f Administrator's Manual - Page 16
-
-
-
-
-
- reason, all passwords are marked as expired whenever the clock
- regresses by four or more hours. Passwords defined during pre-
- installation expire the first time they are used.
-
- To define the number of days passwords remain valid, press D.
- You will then be asked to enter the user number for which the
- change is to be made. Enter the number, or enter "A" to change
- the value for all users. You will then be asked to enter the
- number of days.
-
- If you have an XT class computer and choose to have passwords
- expire, we can only check for expiration after DOS's clock has
- been set from a custom battery-backed clock/calendar installed in
- your machine. In this case, you MUST have PC-VAULT.EXE on your
- hard disk, and execute it on each boot by placing the line:
-
- PC-VAULT/A
-
- near the beginning of your AUTOEXEC.BAT file, but after the
- statement that sets your DOS's clock from the battery operated
- clock. This is required for XT class machines only.
-
- - Changing the number of Different Passwords REQUIRED
- Password expiration is ineffective if a user is allowed to change
- to the same password he or she had before. As administrator, you
- can require that a user use several different passwords before
- being allowed to reuse an earlier one. You can specify that up
- to ten different passwords must be defined before the first one
- can be reused.
-
- To define the number of different passwords required, press R.
- You will then be asked to enter the user number for which the
- change is to be made. Enter the number, or enter "A" to change
- the value for all users. You will then be asked to enter the
- number of different passwords required.
-
- - Selecting What Will be Displayed During Password Definition
- You may select what PC-Vault displays during password definition.
- You may choose to display the actual password characters,
- asterisks, or nothing at all by pressing C, A, or N respectively.
- If you choose to display characters, you will be asked to enter
- passwords twice during the password definition process.
- Otherwise, you must enter it three times.
-
- Selecting PC-Vault Options
-
- Selecting the O (Change OPTIONS) item from the main menu causes
- the screen shown in Fig. 10 to be displayed. Pressing the letter
- in front of the option will change its selection/deselection
- state. Each of the options is described in the following
- paragraphs. Except as noted, option changes are effective
- immediately.
-
- PC-Vault 4.5f Administrator's Manual - Page 17
-
-
-
-
-
-
- - MAXIMUM floppy boot protection
- This option makes it even more difficult for an unauthorized
- person to break into your computer by erecting a significant
- additional barrier that they must overcome. Selecting this
- option causes no visible difference in the operation of your
- machine. If you are using or may use Norton Cache version 6.0
- (as opposed to 6.01 or later), please see the VERY IMPORTANT
- note in the Restrictions section on page 6. This option becomes
- effective the next time you boot your computer after you select
- it. Deselecting this option is effective immediately. If the
- words "Not Available" appear by this option, please see "USING
- PC-VAULT ON LIMITED SYSTEMS" on page 27.
-
- - DISPLAY password entry asterisks
- This option controls what is displayed when a password is entered
- in order to gain access. Selecting this option causes an
- asterisk to be displayed for each password character entered. If
- this option is not selected, nothing will be displayed. To
- control what is displayed while passwords are being defined,
- please see "Selecting What Will be Displayed During Password
- Definition" on page 17.
-
- - SIDEKICK compatibility mode
- This option prevents the computer from responding to Sidekick's
- hot key during LunchBreak. Select this option only if you are
- using Sidekick and you find that the computer responds to
- Sidekick's hot key during LunchBreak.
-
- This paragraph contains a detailed technical description of this
- option so feel free to skip to the next paragraph if you wish.
- PC-Vault intercepts both the clock (IRQ 0) and keyboard (IRQ 1)
- interrupts at boot time and again on entry into LunchBreak. Each
- time the clock interrupt is issued, Sidekick determines if any
- program has intercepted the keyboard interrupt since it has. If
- so, it re-intercepts the keyboard interrupt. This is why they
- say it must be loaded last, and why it can see its hot key even
- during LunchBreak. If PC-Vault's Sidekick Compatibility option
- is selected, PC-Vault passes clock interrupts intercepted to the
- IRQ 0 interrupt address that was in effect when its device driver
- was loaded at boot time. This effectively passes clock
- interrupts around Sidekick (and perhaps other TSRs) so that it
- never re-intercepts the keyboard interrupt. This also assures
- that the DOS/BIOS system clock continues to run.
-
- - CTRL-BREAK prohibited during boot
- Selecting this option prevents anyone other than the
- administrator from breaking out of the AUTOEXEC.BAT file during
- boot. This option is used in conjunction with the BRK-CNTL.COM
- file described on page 28.
-
-
-
- PC-Vault 4.5f Administrator's Manual - Page 18
-
-
-
-
-
- - TIME/date change prohibited
- Selecting this option will prevent users, but not the
- administrator, from changing the system date and/or time.
-
- - BLANK screen during LunchBreak
- This option causes the screen to become completely blank during
- LunchBreak. If it is not selected, the keyboard will lock but
- the screen will remain active. This allows you to use the system
- to monitor some process while prohibiting observers from
- interfering with the process.
-
- - FREEZE computer during LunchBreak
- This option prevents the computer from continuing to process
- during LunchBreak and is rarely needed. It should not be
- selected if you will be running Windows.
-
- - ALL users may exit LunchBreak
- You may allow any user name/password to be used to exit
- LunchBreak. If this option is not selected, only the
- name/password used to boot the machine and the administrator's
- name/password will be accepted. The permissions in effect will
- be those of the user whose password was used to exit LunchBreak.
-
- - SPECIAL display blanking
- If the "BLANK screen during LunchBreak" option is selected, but
- your VGA or CGA screen will not blank and/or unblank as it
- should, please select this option. A few non-standard display
- CGA and VGA display adapters require selection of this option to
- blank properly.
-
- - User NAMES are required
- You may require that users enter a correct user name in addition
- to a password. The user must then type a user name followed by
- the enter key and then the corresponding password followed by the
- enter key. After both items have been entered, access will be
- granted, or a beep will sound to indicate that the entries were
- not correct.
-
- - USER may change his/her name
- This option allows a user to change his/her own name. If this
- option is not selected, only the administrator may change a user
- name.
-
-
- Selecting Limits
-
- Selecting this option from the administrator's main menu allows
- you to select certain limiting values which users are unable to
- change. Each of the limits is described in the following
- paragraphs. Except as noted, limit changes are effective
- immediately.
-
-
- PC-Vault 4.5f Administrator's Manual - Page 19
-
-
-
-
-
- - Maximum keyboard IDLE time
- Keyboard idle time is the time in minutes between the most recent
- keystroke or mouse activity and the time when the machine
- automatically goes into LunchBreak. This limit allows you to
- determine the maximum keyboard idle time a user can specify. If
- the user specifies a time of 61 minutes, automatic LunchBreak
- will never occur. If you set this limit to 10, a user may set
- the actual idle time to any value between 3 and 10 minutes. If
- you are using a mouse see VMOUSE on page 34.
-
- - Minimum number of PASSWORD characters
- This limit allows you to determine the minimum number of
- characters in a password. When you select this limit you will be
- asked to enter a number from 0 to 16. Newly defined passwords
- must contain at least the number of characters you specify.
-
- - Maximum invalid logons before ALARM
- After an excessive number of consecutive unsuccessful attempts to
- boot the computer and/or use the PC-Vault program, an alarm will
- sound. This is also true when exiting LunchBreak if the VIOLS /R
- utility has been loaded as explained on page 34. The alarm
- consists of several repetitions of a two tone signal. Turning
- the computer off between attempts will not keep the alarm from
- working. This limit allows you to select the number of failed
- attempts prior to the alarm being sounded. If you select the
- value zero, the alarm will not sound.
-
- - Maximum invalid logons before LOCKOUT
- After an excessive number of consecutive unsuccessful attempts to
- boot the computer, exit LunchBreak, and/or use the PC-Vault
- program, the machine will lock for a period of five minutes.
- Turning the computer off during a lockout period will cause the
- five minute lockout to be restarted from the beginning on the
- next power up. This limit allows you to select the number of
- failed attempts prior to lockout. If you select the value zero,
- the lockout will never occur.
-
- - SECONDS to wait before auto logon
- This feature is frequently used when it is desirable to allow
- anyone restricted access to a computer while granting specific
- users less restricted access. It is also used to provide for
- unattended automatic boot-up.
-
- Normally, PC-Vault requires that a correct password (and
- optionally a user name) be entered each time the machine is
- booted. If this limit is set to a value other than zero, it
- specifies the number of seconds that PC-Vault will wait for a
- correct entry. If no correct entry is made during the specified
- interval, your computer will automatically boot as though the
- password for User 6 had been correctly entered. The LunchBreak
- feature will be disabled because it is assumed that the user does
- not know the User 6 password, and so could not exit LunchBreak.
-
- PC-Vault 4.5f Administrator's Manual - Page 20
-
-
-
-
-
- LunchBreak may be re-enabled with the SET-TIME command as
- described on page 31.
-
- This allows you, as administrator, to assign to User 6 those
- permissions, etc. that you wish to provide to anyone who uses the
- computer. Only those users requiring additional permissions will
- have to know a password. Using PC-Vault's ability to prevent
- breaking out of the AUTOEXEC.BAT file, will ensure that the
- statements it contains will be executed. The SET-TIME 0 command
- may be used in the AUTOEXEC.BAT file to re-enable LunchBreak and
- place the machine into LunchBreak immediately, thus providing for
- a secure unattended boot-up.
-
- - Alternate KEYBOARD/clock handling
- There are a few hardware and software combinations which cause
- the LunchBreak feature to operate incorrectly unless this limit
- is set to a non-zero value. If PC-Vault refuses to go into
- LunchBreak when it should or will not return from LunchBreak
- properly, try using this feature. Do not use this feature if you
- will also be using Windows.
-
- When you select this feature, you will be asked to choose one of
- several software interrupt groups for PC-Vault to use. (You do
- not have to know what an interrupt is to use this feature.) PC-
- Vault will list the values from which you may choose, and even
- give a recommended choice. Changes you make to this limit become
- effective when you reboot your computer.
-
-
- Locking and Unlocking PC-Vault Related Files
-
- These options lock and unlock CONFIG.SYS, AUTOEXEC.BAT, and the
- PC-Vault device driver. (When a file is locked its DOS read-
- only and system attributes are set and the hidden attribute is
- not set.) Only the administrator can change the attributes or
- the name of a locked file. Since the file is read-only, DOS will
- not allow a user to write to or delete the file. (Note: Norton's
- FA utility may tell a user that it has changed the attributes of
- a locked file, but it cannot and does not actually change them
- unless the administrator's password is in use.)
-
-
- Accessing Your Fixed Disk When Booting From a Diskette
-
- It may become impossible to boot from your hard disk due to
- causes unrelated to PC-Vault. For example, if COMMAND.COM is
- accidentally deleted or a defective device driver is installed,
- you cannot boot from the hard disk whether PC-Vault is installed
- or not. You will then have to boot from a diskette and repair
- the problem. This option allows you to access your hard disk so
- that you can repair it. Simply boot from a diskette USING THE
- SAME VERSION OF DOS THAT YOU HAVE ON YOUR HARD DISK or a later
-
- PC-Vault 4.5f Administrator's Manual - Page 21
-
-
-
-
-
- version. Then run PC-Vault, enter the administrator's password
- and select "ACCESS fixed disk after diskette boot." You will be
- told that PC-Vault protection has been temporarily suspended and
- that the next time you boot from a floppy you will have access to
- your hard disk. The next time you boot from your hard disk after
- correcting the problem, full protection will be automatically
- restored.
-
-
- Removing PC-Vault From Your Computer
-
- Selecting the "REMOVE PC-Vault from this computer" option will
- completely de-install PC-Vault. The PC-Vault device driver will
- be deleted, the corresponding device statement will be removed
- from the CONFIG.SYS file, PC-Vault related files will be unlocked
- and other changes PC-Vault made to your hard disk will be
- restored. The MEM-STAT.SYS and/or MEM_STAT.SYS file(s) (page
- 31), the FPERMF.INF file (page 30), and Windows Support (page 15)
- will not be removed because they contain information that may be
- used when PC-Vault is re-installed.
-
-
- The PC-Vault Hot Key
-
- The PC-Vault hot key is used to place your computer in
- LunchBreak. (For more information on LunchBreak, see "WHAT PC-
- VAULT DOES" on page 5.) The hot key is actually a combination of
- two or more keys held down simultaneously.
-
- The original hot key consists of the left and right shift keys.
- You may change it to any combination of two or more of the
- following keys: Left Shift, Right Shift, Alt, and Ctrl. PC-
- Vault distinguishes between the left and right Ctrl and Alt keys,
- but you cannot have both Alt or both Ctrl keys in your hot key
- definition at the same time.
- NOTE: MS-Windows converts the right Ctrl and Alt keys into the
- corresponding left key. Therefore do not use the right Ctrl
- and/or Alt key when defining a hot key which will be used from
- within MS-Windows.
-
- To change your hot key, select the K (Define new hot KEY) option
- from the main menu. The hot key selection screen shown in
- Fig. 12 will then be displayed. Simply follow the directions on
- the screen and your new hot key will be in effect for all users.
-
-
- Selecting Automatic LunchBreak
-
- You may choose to have your computer automatically enter the
- LunchBreak state when your keyboard and mouse have been idle for
- a specified period from 3 to 60 minutes. If you select a time of
- 61 minutes, automatic activation of LunchBreak is disabled and
-
- PC-Vault 4.5f Administrator's Manual - Page 22
-
-
-
-
-
- your computer will go into LunchBreak only when the hot key is
- pressed. If you find that PC-Vault places the maximum value you
- can enter below 61, the system administrator has selected that
- lower value as described on page 20. If you are using a mouse
- see VMOUSE on page 34.
-
- To select, deselect, or change the automatic LunchBreak time,
- choose the I (Select maximum keyboard IDLE time) item from the
- main menu. The screen shown in Fig. 13 will then be displayed.
- Simply enter the desired time and press Enter. The time you
- select will be effective for all users.
-
-
- Controlling User Access to Directories [+]
-
- If you are using PC-Vault Plus, you may control each user's
- access to the sub-directories on your hard disk(s), to sector
- oriented hard disk I/O, and to diskettes. These functions are
- accomplished by selecting the "Control DIRECTORY access by user"
- item from the administrator's main menu. When this item is
- selected, a table similar to the one shown in Fig. 14 will be
- displayed. Access rights assigned to a root directory apply only
- to that directory, while those assigned to a first level sub-
- directory also apply to all of its sub-directories.
-
- In all cases except HardDisk Abs I/O (described below), you may
- separately grant access rights to .EXE and .COM files (programs)
- and to all other files. The access that may be granted are
- "Read" and "Write", and in the case of programs, "Execute".
-
- READ access means that program can read data from files. WRITE
- access means that files can be created, written to, over written,
- renamed, deleted, and have their attributes changed. EXECUTE
- access means that files containing programs can be executed. For
- example, if the WordPerfect word processor program is a file
- named WP.EXE, it may be executed only by user's having Execute
- access to it. Execute access does not imply read access. Thus,
- if a user has only execute access to WP.EXE, the command,
-
- COPY C:WP.EXE A:WP.EXE
-
- will fail because the copy command is not allowed to read the
- file.
-
- Some programs such as WordPerfect sometimes modify themselves.
- If you are using DOS 3.1 or above, PC-Vault will always allow an
- executing program to read and write itself even if the access is
- not explicitly granted. In versions of DOS prior to 3.1, PC-
- Vault cannot determine exactly which file is executing and so the
- access is denied if it is not explicitly granted. Thus,
- WordPerfect running under DOS 3.1 or above will be allowed to
- modify itself even if Write permission has not been granted.
-
- PC-Vault 4.5f Administrator's Manual - Page 23
-
-
-
-
-
-
- Some programs are designed to read and/or write files that they
- require to be in the same directory as the executing program. If
- you wish to prevent such programs from being copied, grant only
- Execute access to .EXE/.COM files but full access to other files.
- Alternately, you could deny Write access to diskettes.
-
- All users are always granted read access to the file named
- AUTOEXEC.BAT in the root directory of the hard drive from which
- the system was booted. This is done to allow all users to
- execute AUTOEXEC.BAT when the system is booting.
-
- As shown in Fig. 14, the table begins with three special lines
- which do not contain directory names. The first line, labeled
- "Diskette Access," allows you to control user's access to
- diskettes. The permissions you grant apply to all directories in
- drives A: and B:.
-
- A very few programs ask DOS to read/write specific physical
- locations on the disk rather than performing operations on files.
- If such a program can find the physical location of a file, it
- may be able to read data from the file even if the user does not
- have read access to its directory. The second line, labeled
- "HardDisk Abs I/O" allows the administrator to control this type
- of access. Preventing the access may prevent some programs from
- running, but will result in a more secure system. We suggest
- that you do not grant this access unless you find that the user
- must run a program that requires it. The column labeled
- .EXE/.COM is not applicable to absolute I/O.
-
- The "New Level 1 Dirs" line allows you to specify the permissions
- each user will be automatically be given in newly created level 1
- directories and their sub-directories. A user may create a new
- 1st level sub-directory only if you allow that user write
- permission to new level 1 sub-directories. Write permission to
- the root directory is not required. (A user may create new sub-
- directories at other levels if he/she has permission to write to
- its parent. For example a user having write permission to
- C:\INVEST is allowed to create C:\INVEST\TBILLS).
-
- Please note that in rare instances a program that runs well when
- PC-Vault Plus is not installed will fail to run correctly when
- PC-Vault Plus is installed. This does not necessarily indicate
- an error in PC-Vault Plus. For instance, a program may try to
- change the attribute of a file from read-only to read-write. If
- the user has not been granted appropriate access to the file's
- directory, DOS will return an "access denied" error. It is
- possible that the program may not handle the error correctly.
- This bug in the program may never have been noticed because the
- program never encountered that error before.
-
-
-
- PC-Vault 4.5f Administrator's Manual - Page 24
-
-
-
-
-
- A sample directory access control table is shown in Fig. 14. The
- first two lines allow control of diskette and sector oriented I/O
- access. The remaining lines control access to the root and first
- level sub-directories of your hard drive(s). Access granted to a
- root directory applies only to that directory. Access granted to
- a first level sub-directory applies to that directory and all of
- its sub-directories. Each column shows the access currently
- granted to the user whose name appears at the top of the column.
- User names are assigned using the PASSWORD option of the main
- menu. In the example shown, user 1 has been assigned to TheBoss
- and no name has been assigned to user 2.
-
- The cursor control, page up, page down, home, and end keys may be
- used to move the highlight bar from one position to another.
- Pressing the R, W, and X keys will toggle (turn on and off) read,
- write, and execute permissions respectively. To grant/deny all
- permissions in the highlighted square, press A or N respectively.
- Pressing Ctrl with R, W, X, A, or N, will grant/deny the
- corresponding access to all directories (the entire column).
- Similarly, using the Alt key will affect all users' access to
- that directory (the entire row). Thus, if a user is to be
- granted access to almost everything, begin by moving the bar to
- the user's column and press Ctrl-A. Then remove the undesired
- accesses. Attempting to move the bar off the screen will cause
- more users or directory names to be displayed.
-
- When you have the access permissions set as you desire, press the
- escape or the "E" key to return to the main menu. If no new
- directories have been created since you last booted the computer,
- your selections will be in effect immediately. If this is not
- the case, you will be notified that your selections will be
- effective when you re-boot your computer.
-
-
- Controlling Logging of User Activity [+]
-
- Choosing the "Select FILE accesses to be logged" item from the
- main menu causes the table shown in Fig. 15 to be displayed. You
- may then select which type(s) of file access you wish to log.
- Access types which may be selected are Denials, Program
- Executions, and All Other accesses.
-
- Denied accesses occur when PC-Vault Plus refuses to grant a
- requested access. For example, an attempt by a user to delete,
- write to, or change the name or attributes of a file in a
- directory to which the user has read only access will result in a
- denial. It is not possible to select logging of denied accesses
- for the administrator because all administrator access requests
- are granted.
-
-
-
-
- PC-Vault 4.5f Administrator's Manual - Page 25
-
-
-
-
-
- The following lines, extracted from an actual log, indicate the
- type of information that is available to the administrator:
-
- Log file starting date is 4-04-89
- 17:18:43 User 2 - Allowed: Open. C:\COMMAND.COM
- 17:18:40 User 2 - ═══════ RE-BOOT on 4-04-89
- 17:18:41 User 2 - Allowed: Open. C:\DOS3.31\ANSI.SYS
- 17:18:44 User 2 - Allowed: Open. C:\AUTOEXEC.BAT
- 17:18:44 User 2 - Execute: ExecPrgm. C:\SAV-DTAB.COM
- 17:18:55 User 2 - NotAlwd: Change Dir. C:\CBH\
- 17:19:02 User 0 - Allowed: Change Dir. C:\CBH\
- 17:19:39 User 0 - Allowed: FCB Rename. C:\CBH\SPC\EV.CFG
- 17:20:15 User 2 - Allowed: Open. C:\AUTOEXEC.BAT
- 17:20:15 User 2 - Allowed: Open. C:\AUTOEXEC.BAT
- 17:20:27 User 2 - NotAlwd: Create. A:\AUTOEXEC.BAT
- 17:20:53 User 2 - Allowed: Change Dir. C:\DOC\
- 17:21:08 User 2 - Allowed: FCB Delete. C:\JNK
- 17:21:41 User 1 - ═══════ RE-BOOT on 4-04-89
- 17:21:41 User 1 - Allowed: Open. C:\AUTOEXEC.BAT
- 17:21:41 User 1 - Execute: ExecPrgm. C:\SAV-DTAB.COM
- End of log file.
-
-
- A small portion of each line was deleted so that it would fit on
- one line in this document. This portion indicates if files were
- opened with write access, etc. The above sample indicates that
- user 2 booted the machine, DOS opened ANSI.SYS and AUTOEXEC.BAT,
- and then SAV-DTAB was executed. Following this the user
- attempted to change to a directory, CBH, for which he had no
- access. The user apparently called the administrator who placed
- the machine in LunchBreak, entered the administrator password to
- exit LunchBreak so that the administrator's permissions would be
- in effect, did the directory change for the user, renamed a file,
- and re-entered LunchBreak. User 2 then entered his password and
- continued as shown. Later, User 1 booted the machine, etc.
-
- A small area of memory is reserved for recording log entries.
- These entries are written to the log file on the disk whenever
- the area is nearly full, when the FLUSHLOG utility is run, and
- whenever a denial is logged. It is, therefore, possible that a
- few entries (other than denials) may be lost when the machine is
- re-booted unless FLUSHLOG is run just prior to booting.
-
- The log file is a locked file named ACCESS.SYS and is located in
- the root directory of the hard drive from which the machine is
- booted. Normally, one would run the FLUSHLOG utility to write
- any entries remaining in memory to the ACCESS.SYS file and then
- change the name of ACCESS.SYS to another name. (PC-Vault will
- create a new ACCESS.SYS whenever it needs to write log entries
- and the file does not already exist.) The LOG utility may then
- be run as described on page 30 to produce a file similar to the
- sample above.
-
- PC-Vault 4.5f Administrator's Manual - Page 26
-
-
-
-
-
-
- ACCESS.SYS is created as a locked file. The administrator can
- unlock this file by using the command FLUSHLOG /U. For more
- information on locked files see "Locking and Unlocking PC-Vault
- related files" on page 21.
-
-
-
- USING THE PC-VAULT PROGRAM AFTER PC-VAULT IS INSTALLED
-
- Whenever you run the PC-Vault program on a machine on which PC-
- Vault is already installed, you will be asked to enter your
- password. When you enter a correct password, the appropriate
- main menu will be displayed. If you enter any user password the
- main menu will contain only the items to which users have access.
- You may then select any of the options shown. Each of these is
- described in detail in the preceding sections. Your selections
- will be effective immediately except for Alternate Keyboard/Clock
- Handling which become effective the next time the machine is
- booted.
-
- When the system is in LunchBreak, the password used to boot the
- computer or the administrator's password may be used to exit
- LunchBreak. The administrator may choose to allow any user
- name/password to exit LunchBreak as described on page 19. The
- permissions and capabilities normally associated with the
- password used to exit LunchBreak will then be in effect. If you
- hear a two-tone beep when exiting LunchBreak, there are recorded
- password violations. (Someone may have tried to get into your
- computer while you were away.) For information on how to view
- the violations record, see the description of the VIOLS utility
- on page 34.
-
-
- USING PC-VAULT ON LIMITED SYSTEMS
-
- Some small hard disks which have been set up with older versions
- or computer vendor proprietary versions of DOS do not allow PC-
- Vault to implement Maximum Floppy Boot Protection, or user names.
- On such systems, the words "Not Available" will be displayed with
- the "Maximum Floppy Boot Protection" option in the "Select
- Options" menu, and user names will not be displayed when the
- administrator is defining passwords (see Fig. 6).
-
- There will be no change in the way you use PC-Vault on such
- systems, but they will not be quite as secure. Using a later
- version of the DOS FDISK command to set up your hard disk will
- probably correct the problem. Setting up your disk with FDISK
- will destroy all of the data on your disk, and will require that
- you run the DOS FORMAT command to reformat your disk.
-
-
-
- PC-Vault 4.5f Administrator's Manual - Page 27
-
-
-
-
-
-
- YOUR PC-VAULT FILES
-
- This section describes each of the files on your PC-Vault
- distribution diskette, as well as those files created by PC-
- Vault during or after installation.
-
-
- - ACCESS.SYS [+]
- This PC-Vault Plus file is not on your diskette. It is created
- in the root directory of your first (or only) hard drive at any
- time it does not already exist and there are log entries to be
- written. This file is used by the LOG utility to generate the
- user readable log. The LOG utility is described below.
-
-
- - BRK-CNTL.COM
- This program is used to enable/disable Ctrl-Break, Ctrl-C, and
- Alt-NumericPad3 at any time after your computer is booted. The
- system administrator can prevent users from breaking out of the
- AUTOEXEC file during system boot. This program can be placed in
- the AUTOEXEC file to re-enable breaks. Use BRK-CNTL ON to
- enable breaks and BRK-CNTL OFF to disable them.
-
- Resident programs, such as some of the DOS keyboard utilities for
- various languages which completely take over the keyboard
- interrupt, will cause your machine to recognize breaks even when
- you have them disabled. They will also prevent PC-Vault from
- "knowing" when you are typing on your keyboard. Thus, if you
- have selected the automatic LunchBreak feature, PC-Vault may go
- into LunchBreak right while you are typing. To prevent both of
- these anomalies you may also use the optional RES parameter. This
- will direct BRK-CNTL to remain resident. For example,
-
- BRK-CNTL ON RES
-
- will enable breaks and cause BRK-CNTL to remain resident. The
- RES parameter should be used after the resident program which
- takes over the keyboard and should be used only once per system
- boot.
-
-
- - CLEANDSK.DRV
- This file is a device driver. It is not on your PC-Vault
- diskette, but is created on your hard disk when you install PC-
- Vault. It will be automatically deleted when you remove PC-
- Vault. THIS FILE MUST NOT BE DELETED IN ANY OTHER WAY BECAUSE
- YOUR COMPUTER WILL NOT BOOT FROM ITS HARD DRIVE UNLESS IT IS
- PRESENT.
-
-
-
-
- PC-Vault 4.5f Administrator's Manual - Page 28
-
-
-
-
-
- - EXEC.COM
- This program allows the system administrator to execute a program
- for a user and prevent the user from escaping to the DOS prompt
- or executing any other program. Typically, EXEC would be placed
- in the AUTOEXEC.BAT file to call a program such as 123, DBase, or
- WordPerfect into execution. The EXEC command line has the form:
-
- EXEC [/R] [/Ln] [/Tn] drive:\fullpathname\prog.ext param-list
-
- The square brackets indicate the three optional parameters (or
- switches). Do not enter the [].
-
- For example, placing the following lines in the AUTOEXEC.BAT file
- will force users (but not the administrator) into WordPerfect to
- begin editing file LETTER.FRM. The WordPerfect "Go to DOS"
- command will not work.
-
- .
- .
- WHO
- IF NOT ERRORLEVEL 1 GOTO ADM
- EXEC C:\WPERF\WP.EXE LETTER.FRM
- :ADM
- .
- .
-
- Note that you must give the drive, full path and complete name of
- the program you wish to execute. In the above example the
- program is WP.EXE in directory \WPERF on drive C:. See the
- description of the WHO utility below for more information.
-
- The /R parameter cause the program being executed (WP.EXE in the
- example above) to be restarted if it terminates. Thus if you use
-
- EXEC /R C:\WPERF\WP.EXE LETTER.FRM
-
- and the user terminates WP.EXE, it will be immediately re-
- started.
-
- Occasionally it is necessary for a program to start and execute
- another program. This is called a child program. The /Ln
- parameter allows the program started by EXEC to execute another
- program, which may execute another program, etc. to a depth of n
- levels. Thus if EXEC /L1 started a menu program (level 0), the
- menu program could execute any number of other programs (all at
- level 1). The level 1 programs started by the menu program could
- not execute any other programs because a depth of level 2 would
- not be allowed. The n may be any number from 0 (the default)
- through 9.
-
- The /Tn parameter allows a total of n programs to be executed,
- additional execution attempts will fail. The n may be any number
-
- PC-Vault 4.5f Administrator's Manual - Page 29
-
-
-
-
-
- from 0 (the default) through 9. This parameter is necessary to
- start Windows 3.1, for example, because it asks DOS to execute 2
- or 3 programs (Standard or 386 modes) during its startup. Once
- started windows could execute any number of Windows programs, but
- no DOS programs since that would exceed the selected value of a
- properly chosen n.
-
- - FLUSHLOG.COM [+]
- This PC-Vault Plus utility causes any log entries remaining in
- memory to be written out to the ACCESS.SYS file as described in
- the section on log control on page 25. ACCESS.SYS is created as
- a locked file. The administrator may use the command FLUSHLOG /U
- to unlock ACCESS.SYS and write any remaining log entries to it.
-
- - FPERMF.INF [+]
- This file is re-created whenever PC-Vault Plus directory access
- permissions are changed and is not deleted when PC-Vault Plus is
- removed. It will be used to recover the directory permissions
- the next time you install.
-
-
- - LOG.EXE [+]
- This PC-Vault Plus utility is used to read the log file produced
- by PC-Vault Plus and generate a user readable log or journal of
- the users' activity. A sample of the output from this utility is
- shown in the section on log control on page 25. To use this
- utility enter
-
- LOG in-file-name out-file-name
-
- at the DOS prompt. For example one might use the commands
-
- FLUSHLOG
- RENAME C:\ACCESS.SYS OLDLOG
- LOG OLDLOG PRN
-
- to flush any log entries remaining in memory to the disk, ensure
- (by renaming) that no new log entries will be added to the file,
- and write a user readable log of system activity to the printer.
-
-
- - LOGOFF.COM
- The LOGOFF utility provides a means for one user to log off and
- another to log on without having to re-boot the computer. For
- PC-Vault Plus, this file should be placed in a directory having
- EXEC permission for all users. Typing LOGOFF at the DOS prompt
- will clear the screen, and display a box requesting the user to
- press any key to begin the logon process. When a key is pressed,
- the boot time logon screen will be displayed. Any valid user
- password will be accepted. PC-Vault will then control the
- machine just as though the corresponding user had booted it.
-
-
- PC-Vault 4.5f Administrator's Manual - Page 30
-
-
-
-
-
-
- - MEM-STAT.SYS and/or MEM_STAT.SYS
- These small files contain information about the state of your
- hard disk(s) before the first installation of PC-Vault. They can
- be used for disaster recovery, and have allowed us to help users
- to recover from a number of problems which had nothing to do with
- PC-Vault.
-
- If they do not already exist, these files are created when PC-
- Vault installs but are not deleted when PC-Vault is removed. We
- suggest that you allow them to remain on your disk if you may re-
- install PC-Vault at a later time. Please do not copy them from
- one hard disk to another.
-
-
- - PC-VAULT.EXE
- This is the main PC-Vault program and is described in the
- preceding sections of this manual.
-
-
- - SET-TIME.COM
- With this program you can:
- Set the keyboard/mouse idle time from a batch file,
- Re-enable LunchBreak after automatic logon,
- Place the machine into LunchBreak immediately, and
- Eliminate incompatibilities caused by other programs.
-
- To set the idle time from a batch file or from the DOS prompt,
- use the command: SET-TIME time
- where time is any value between 3 and 61 minutes (or the maximum
- allowed by the system administrator). For more information on
- automatic LunchBreak see "Selecting Automatic LunchBreak" on page
- 22. To place the computer into LunchBreak immediately, use
- SET-TIME 0 from the DOS prompt or from a batch file. This will
- not alter the maximum keyboard idle time setting.
-
- To return the idle time to the current default (selected from the
- PC-Vault main menu), use the command: SET-TIME D.
-
-
- - VIOLS.COM
- PC-Vault records each unsuccessful attempt to enter a password or
- a user name/password combination. Such attempts are called
- "violations". When a correct password is entered, PC-Vault
- erases the record of any violations which occurred during the
- immediately preceding two or three minutes. This prevents
- recording "typos" made by a valid user.
-
- The record of each violation contains the user number of the name
- entered (if any), and the date and time of the violation. When
- booting the computer, the DOS clock has not yet been set, so we
- must use the hardware clock. Since XT class machines do not have
-
- PC-Vault 4.5f Administrator's Manual - Page 31
-
-
-
-
-
- a standard hardware clock, we cannot record the times on these
- machines. We do, however, keep a record of each violation.
-
- This program has three separate functions related to password
- entry violations. One, two or all three of the functions may be
- used on a single execution of VIOLS.COM. The command:
-
- VIOLS /L=FileName /C /R
-
- will perform all three functions. The "/L" will generate a
- report of any recorded violations and give the date and time that
- you last logged on. If a date and time when you know you weren't
- on the computer are displayed, it is an indication that someone
- else may know your password. If "=FileName" is present, the
- report will be written to the file specified by "FileName". If
- it is not present the report will be written to the screen. The
- "/C" will remove (clear) all entries from the violation record.
- If both /L and /C are present, the record will be cleared after
- the report is generated.
-
- The "/R" will cause VIOLS.COM to remain resident. This should
- not be done more than once per system boot. Violations during
- LunchBreak will not be recorded unless VIOLS is resident. In
- addition, the alarm and Lockout features will not work during
- LunchBreak unless VIOLS is resident.
-
- VIOLS terminates with a DOS error level of 8 if an error occurs,
- an error level of 4 if violations are reported, and 0 otherwise.
- The following statements in your AUTOEXEC.BAT file would
- automatically install VIOLS as resident and alert the user to any
- previous violations:
-
- VIOLS /L /R
- IF NOT ERRORLEVEL 4 GOTO CONTINUE
-
- ECHO WARNING --- Violations are listed above
- PAUSE
-
- :CONTINUE
-
-
- - VMOUSE.COM
- This utility causes the automatic LunchBreak feature to treat
- mouse activity as keyboard activity. It also prevents anyone
- from using the mouse while your computer is in LunchBreak.
- VMOUSE should be loaded after your mouse driver. If your mouse
- driver is a device driver (commonly MOUSE.SYS or MSCMOUSE.SYS)
- place a VMOUSE statement near the beginning of your AUTOEXEC.BAT
- file. If your mouse driver is loaded from your AUTOEXEC.BAT
- file, place the VMOUSE statement immediately after the statement
- that loads your mouse driver. NOTE: PC-Vault Windows Support
- provides these capabilities while Windows is running. Thus if
-
- PC-Vault 4.5f Administrator's Manual - Page 32
-
-
-
-
-
- you use your mouse only while you are in Windows, you do not need
- to use VMOUSE.
-
-
- - WHO.COM
- This utility allows the AUTOEXEC or other batch files to do
- different things for different users. WHO will always return the
- user number as a DOS error level, or will return an errorlevel of
- 255 if PC-Vault is not installed. In addition WHO /L will
- display the name of the user, and WHO /E will set the DOS
- environment variable PCVU to the name of the current user. (Any
- spaces in the name will be deleted.) For more information on DOS
- errorlevels and environment variables and IF statements, please
- see your DOS manual.
-
- The error level facility of the WHO program may be used by
- structuring your AUTOEXEC file as shown in the following example.
- Upper case characters indicate actual lines of the AUTOEXEC file.
-
-
- .
- .
- commands common to all users
- .
- .
- WHO
- IF ERRORLEVEL 3 GOTO ERROR
- IF ERRORLEVEL 2 GOTO USER2
- IF ERRORLEVEL 1 GOTO USER1
- .
- .
- commands to be executed when the
- administrator's password was used.
- .
- .
- GOTO COMMON
- :USER1
- .
- .
- commands for user 1
- .
- .
- GOTO COMMON
- :USER2
- .
- .
- commands for user 2
- .
- .
- GOTO COMMON
-
- :ERROR
-
- PC-Vault 4.5f Administrator's Manual - Page 33
-
-
-
-
-
- .
- .
- commands to be used when PC-Vault is not
- installed or User 3 or above logged on.
- .
- .
- :COMMON
- .
- .
- commands common to all users
-
- The environment variable facility may be used as follows:
-
- WHO /E
- IF %PCVU%==TheBoss GOTO SomeLabel
- IF %PCVU%==User2 GOTO SomeOtherLabel
-
-
- OPTIONAL PC-VAULT FILES
-
- These programs, available separately, are designed to work with
- PC-Vault.
-
-
- HELPUSER.COM
- This optional utility allows a corporate security officer (CSO)
- to grant access to a PC-Vault protected computer on a one time
- basis. The CSO does not need to know any passwords, does not
- need to be physically present, and cannot grant access to another
- organization's computers. For more information see "The HELPUSER
- Program" on page 10.
-
-
-
- LOGO.EXE
- This optional utility allows the system administrator to design
- the appearance of the screen when the system is booted. Our
- standard logo may be completely replaced with one of your own
- design. The use of color is supported. For more information see
- "The Logo Program" on page 9.
-
-
- IN CASE OF DIFFICULTY
-
- The fastest way to solve most problems is to review the
- appropriate section(s) of this manual.
-
- If the problem might be a conflict with other resident software,
- try renaming your AUTOEXEC.BAT file to another name such as
- AUTOEXEC.1, and then rebooting your computer. If the problem
- disappears, rename the AUTOEXEC file back to its original name
- and then remove statements one at a time until the conflicting
-
- PC-Vault 4.5f Administrator's Manual - Page 34
-
-
-
-
-
- software is identified. Call for technical support if more help
- is needed.
-
- In the event that you should need technical support please:
-
- 1. Corporate customers using PC-Vault on a large number of
- computers are supported ONLY through their corporate PC
- support staff. We will provide technical assistance to them
- as needed.
-
- 2. Contact us by phone (804) 872-9583, or call our BBS at (804)
- 877-6261. Foreign customers only may also FAX us at (804)
- 874-8090.
-
- 3. Please be prepared to provide:
- a. Your serial number,
- b. The dates and times shown by doing a DIR of the PC-Vault
- diskette,
- c. The EXACT text of any error messages displayed,
- d. The selection status of each item in the Options menu,
- e. The value of each item in the Limits menu, and
- f. As much information about your system as possible such as
- brand, model, hard disk(s), video cards, DOS version,
- resident software, content of your AUTOEXEC.BAT and
- CONFIG.SYS files, etc.
-
- If you do not have this information available when you call,
- we will most likely be unable to provide correct answers or
- solutions, and we may have to request that you call again
- with more complete information.
-
- 4. If at all possible, call when you are at the computer in
- question. We can most often resolve a problem immediately
- if you can be at the computer while we are talking together.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- PC-Vault 4.5f Administrator's Manual - Page 35
-
-
-
-
-
- HOW TO ORDER PC-VAULT 4.5f
-
-
- PC-Vault may be ordered from: Johnson Computer Systems, Inc.
- 20 Dinwiddie Place
- Newport News, VA 23602
- Voice (804) 872-9583
- FAX (804) 874-8090
-
- We accept: Your personal or company check with your order,
- Money Orders,
- Purchase orders over $50.00 (Net 30 days),
- VISA or MasterCard, and
- COD orders (USA only).
-
-
- Orders are usually shipped within one working day, but may
- occasionally take longer.
-
- The price of PC-Vault consists of the following:
-
- 1. A license fee which is dependent on the number of
- computers on which you wish to have PC-Vault
- concurrently installed:
-
- No. of Concurrent PC-Vault License PC-Vault Plus
- Installations per Computer per Computer
-
- 1 - 5 30.00 90.00
- 6 - 15 26.00 75.00
- 16 - 99 22.00 55.00
- 100 - 999 18.00 Call
- 1000 - Up 15.00 Call
-
- 2. A media fee of $5.00 ($7.50 outside the U.S. and
- Canada) for each PC-Vault diskette you wish us to ship
- to you. We only require you to buy one diskette.
-
- 3. There is an additional $5.00 collection fee for
- Canadian checks not payable through a U.S. bank and a
- $7.50 fee for electronic fund transfers. These fees
- are those charged by our bank. All other foreign
- checks MUST be payable through a U.S. bank.
-
- We pay shipping via First-Class air mail to all locations. Add
- actual shipping costs for other carriers. Overnight service is
- also available.
-
- All prices are subject to change without notice. Our warranty
- and your return privileges are described in the DISCLAIMER OF
- WARRANTY section on page 6.
-
-
- PC-Vault 4.5f Administrator's Manual - Page 36
-
-
-
-
-
-
- PC-VAULT VERSION 4.5f ORDER FORM
-
-
- To: Johnson Computer Systems, Inc.
- 20 Dinwiddie Place
- Newport News, VA 23602
- Voice (804) 872-9583
- FAX (804) 874-8090
-
- Please accept our order for PC-Vault version 4.5f as indicated
- below:
-
-
- ______ Concurrent Installations of PC-Vault $_________
-
- ______ Concurrent Installations of PC-Vault Plus _________
-
- ______ PC-Vault diskette(s) at $5.00 each _________
- ($7.50 outside U.S./Canada)
-
- ______ Logo ($100.00 per organization) _________
-
- ______ HelpUser ($100.00 per organization) _________
-
- Shipping charge (See preceding page) _________
-
- Virginia State Sales Tax (Ship/Bill address in VA) _________
-
-
- Total Order _________
-
-
- Purchase Order _________________________ Date __________________
-
- Company Name ____________________________________________________
-
- Attention _______________________________________________________
-
- Dept./Mail Stop _________________________________________________
-
- City, State, Zip ________________________________________________
-
- Phone: Daytime ____________________ Evening ____________________
-
-
- Credit card: VISA MasterCard
-
- Name on Card ___________________________________________________
-
- Card Number ______________________________ Expires: ___________
-
-
- PC-Vault 4.5f Administrator's Manual - Page 37
-
-
- ╔══════════════════════════════════════════════════════════════╗
- ║ PC-Vault Hard Disk Protection System - Version 4.5 ║
- ║ (C)Copyright 1988 by Johnson Computer Systems, Inc. ║
- ║ 20 Dinwiddie Place, Newport News VA. ║
- ║ ║
- ║ ║
- ║ PC-Vault Pre-Installation Setup ║
- ║ ║
- ║ You have chosen the pre-installation set up option. The ║
- ║ choices you make will be recorded in the PC-Vault program ║
- ║ on the drive A: diskette. When you use that copy to ║
- ║ install PC-Vault your selections will already be in effect. ║
- ║ ║
- ║ Nothing you do during this run will have any effect on ║
- ║ any machine on which PC-Vault is already installed. To ║
- ║ change installed values run PC-Vault without the /P. ║
- ║ ║
- ║ Please place the diskette containing the copy of PC-VAULT ║
- ║ to be modified in drive A: and then press any key. ║
- ║ ║
- ║ ║
- ║ Do NOT use your original PC-Vault diskette. ║
- ║ ║
- ╚══════════════════════════════════════════════════════════════╝
- Fig. 1 - Pre-installation Notice
-
-
-
-
-
-
-
-
-
- ╔═════════════════════════════════════════════════════════════╗
- ║ PC-Vault Hard Disk Protection System - Version 4.5 ║
- ║ ║
- ║ ║
- ║ Are you CERTAIN the diskette in drive A is a COPY? ║
- ║ ║
- ║ Please press Y or N. ║
- ║ ║
- ╚═════════════════════════════════════════════════════════════╝
- Fig. 2 - Pre-installation Warning
-
-
-
- ╔═════════════════════════════════════════════════════════════╗
- ║ PC-Vault Hard Disk Protection System - Version 4.5 ║
- ║ ║
- ║ An administrator password has already been assigned to this ║
- ║ file. You must enter that password to make additional ║
- ║ changes. ║
- ║ ║
- ║ Do you wish to continue? (Please enter Y or N) ║
- ║ ║
- ╚═════════════════════════════════════════════════════════════╝
- Fig. 3 - Pre-installation Password Request
-
-
-
-
-
- ╔══════════════════════════════════════════════════════════════╗
- ║ ║
- ║ PC-Vault Pre-Installation Setup Menu ║
- ║ ║
- ║ Please press the LETTER in front of the option you wish. ║
- ║ ║
- ║ E. END this program. ║
- ║ ║
- ║ H. HOW to use this menu. ║
- ║ ║
- ║ R. RECORD your choices for later use. ║
- ║ ║
- ║ P. Define original PASSWORDS and names. ║
- ║ ║
- ║ O. Select OPTIONS. ║
- ║ ║
- ║ S. SET limits. ║
- ║ ║
- ║ L. LOCK files during installation. ║
- ║ ║
- ║ W. Choose WHO will install PC-Vault. ║
- ║ ║
- ╚══════════════════════════════════════════════════════════════╝
- Fig. 4 - Pre-Installation Main Menu
-
-
-
- ╔══════════════════════════════════════════════════════════════╗
- ║ PC-Vault Hard Disk Protection System - Version 4.5 ║
- ║ (C)Copyright 1988 by Johnson Computer Systems, Inc. ║
- ║ 20 Dinwiddie Place, Newport News VA. (804) 872-9583 ║
- ║ ║
- ║ ║
- ║ PC-Vault is not installed on this computer. ║
- ║ ║
- ║ ║
- ║ Please press the LETTER in front of the option you wish. ║
- ║ ║
- ║ E. END this program. ║
- ║ ║
- ║ H. HOW to use this menu. ║
- ║ ║
- ║ I. INSTALL PC-Vault. ║
- ║ ║
- ║ ║
- ╚══════════════════════════════════════════════════════════════╝
- Fig. 5 - PC-Vault Installation Menu
-
-
-
-
-
-
- ╔═══════════════════════════════════════════════════════════════╗
- ║ PC-Vault Administrator's Main Menu ║
- ║ Please press the LETTER in front of the option you wish. ║
- ║ ║
- ║ E. END this program. ║
- ║ H. HOW to use this menu. ║
- ║ W. Install WINDOWS support. ║
- ║ ║
- ║ P. Change PASSWORD. ║
- ║ O. Select OPTIONS. ║
- ║ S. SET Limits. ║
- ║ ║
- ║ L. LOCK PC-Vault related files. ║
- ║ U. UNLOCK PC-Vault related files. ║
- ║ ║
- ║ A. ACCESS fixed disk after diskette boot. ║
- ║ R. REMOVE PC-Vault from this computer. ║
- ║ ║
- ║ K. Define new hot KEY combination. ║
- ║ I. Set keyboard IDLE time. ║
- ║ ║
- ║ D. Control DIRECTORY access by user. ║
- ║ F. Select FILE accesses to be logged. ║
- ║ ║
- ╚═══════════════════════════════════════════════════════════════╝
- Fig. 6 - PC-Vault Plus Administrator's Main Menu
-
-
-
- ╔═══════════════════════════════════════════════════════════════╗
- ║ PC-Vault Name and Password Definition ║
- ║ ║
- ║ ║
- ║ Please press: ║
- ║ ║
- ║ 0 to change the administrator password and/or name. ║
- ║ 1-12 to change a user password and/or name. ║
- ║ D to change the number of DAYS passwords remain valid. ║
- ║ R to change the number different passwords REQUIRED. ║
- ║ C to display CHARACTERS during password definition. ║
- ║ A to display ASTERISKS during password definition. ║
- ║ N to display NOTHING during password definition. ║
- ║ Enter to return to the main menu. ║
- ║ ? for help. ║
- ║ ║
- ║ ║
- ║ User Name Days Recycle User Name Days Recycle ║
- ║ 0. Admin 0 0 7. User 7 0 0 ║
- ║ 1. User 1 0 0 8. User 8 0 0 ║
- ║ 2. User 2 0 0 9. User 9 0 0 ║
- ║ 3. User 3 3 2 10. User 10 0 0 ║
- ║ 4. User 4 0 0 11. User 11 0 0 ║
- ║ 5. User 5 0 0 12. User 12 0 0 ║
- ║ 6. User 6 0 0 ║
- ║ ║
- ║ Please enter your selection: ║
- ║ ║
- ╚═══════════════════════════════════════════════════════════════╝
- Fig. 7 - Administrator's Name/Password Selection Screen
-
-
-
-
-
-
- ╔═══════════════════════════════════════════════════════════════╗
- ║ ║
- ║ PC-Vault Name Definition ║
- ║ ║
- ║ ║
- ║ The current name for this user is: Admin ║
- ║ ║
- ║ Press return to retain this name, or enter a new name: Tiny ║
- ║ ║
- ║ Please enter the new name again to be sure its correct: Tiny ║
- ║ You may be required to enter this name to gain access. ║
- ║ ║
- ╚═══════════════════════════════════════════════════════════════╝
- Fig. 8 - Change User Name Screen
-
-
-
- ╔══════════════════════════════════════════════════════════════╗
- ║ ║
- ║ PC-Vault Password Definition ║
- ║ ║
- ║ ║
- ║ Passwords may be one to sixteen key strokes, and include ║
- ║ letters, numbers, and the keys: space - = [ ] ; , . ║
- ║ ║
- ║ Case is not significant. Three special keys are: ║
- ║ Backspace - Used to correct an error in the normal way. ║
- ║ Return - Means, "Password entry is complete." ║
- ║ Escape - Means, "I don't want to enter a password." ║
- ║ ║
- ║ ║
- ║ Please enter new password and press return: SECRET-STUFF ║
- ║ ║
- ║ Your new password is defined. Whenever PC-Vault asks for ║
- ║ your password, type it in and then press return. You MUST ║
- ║ be able to enter it correctly. We suggest you use your ║
- ║ print screen key and then keep it in a safe place. ║
- ║ ║
- ║ ║
- ║ Please press any key to continue. ║
- ║ ║
- ╚══════════════════════════════════════════════════════════════╝
- Fig. 9 - Password Definition Screen
-
-
-
-
- ╔═══════════════════════════════════════════════════════════════╗
- ║ ║
- ║ Administrator Options Selections Menu ║
- ║ ║
- ║ Press the LETTER in front of the option you wish to change. ║
- ║ ║
- ║ E. END option selection and return to main menu. ║
- ║ H. HOW to use this menu, how to get additional help. ║
- ║ ║
- ║ M. MAXIMUM floppy boot protection - Not Selected. ║
- ║ D. DISPLAY password entry asterisks. - Selected. ║
- ║ ║
- ║ K. SIDEKICK compatibility mode. - Not Selected. ║
- ║ C. CTRL-BREAK prohibited during boot. - Not Selected. ║
- ║ T. TIME/Date change prohibited. - Not Selected. ║
- ║ ║
- ║ B. BLANK screen during LunchBreak. - Selected. ║
- ║ F. FREEZE computer during LunchBreak. - Not Selected. ║
- ║ A. ALL users may exit LunchBreak. - Not Selected. ║
- ║ S. SPECIAL Display blanking - Not Selected. ║
- ║ ║
- ║ N. User NAMES are required. - Not Selected. ║
- ║ U. USER may change his/her user name. - Not Selected. ║
- ║ ║
- ╚═══════════════════════════════════════════════════════════════╝
- Fig. 10 - Administrator's Options Menu
-
-
-
-
-
-
- ╔══════════════════════════════════════════════════════════════╗
- ║ ║
- ║ Administrator Limits Selection Menu ║
- ║ ║
- ║ Press the LETTER in front of the option you wish to change. ║
- ║ ║
- ║ ║
- ║ E. END limit selection and return to main menu. ║
- ║ ║
- ║ H. HOW to use this menu, how to get additional help. ║
- ║ ║
- ║ I. Maximum keyboard IDLE time (minutes). - Currently 61 ║
- ║ ║
- ║ P. Minimum number of PASSWORD characters. - Currently 0 ║
- ║ ║
- ║ A. Maximum invalid logons before ALARM. - Currently 5 ║
- ║ ║
- ║ L. Maximum invalid logons before LOCKOUT. - Currently 0 ║
- ║ ║
- ║ S. SECONDS to wait before auto logon. - Currently 0 ║
- ║ ║
- ║ K. Alternate KEYBOARD/clock handling - Currently 0 ║
- ║ ║
- ║ ║
- ╚══════════════════════════════════════════════════════════════╝
- Fig. 11 - Administrator's Limits Selection Screen
-
-
-
-
-
-
-
- ╔══════════════════════════════════════════════════════════════╗
- ║ PC-Vault Hard Disk Protection System - Version 4.5 ║
- ║ ║
- ║ You may now select the keys which will cause your computer's ║
- ║ screen to blank (if selected) and your keyboard to lock ║
- ║ until you enter your password. ║
- ║ ║
- ║ Please press any two or more of the following keys: ║
- ║ ║
- ║ Left Shift Right Shift Alt Ctrl ║
- ║ ║
- ║ Hold them down until you hear a two tone beep and you are ║
- ║ asked to release them. You will have to hold the keys down ║
- ║ approximately four seconds. ║
- ║ ║
- ╚══════════════════════════════════════════════════════════════╝
- Fig. 12 - Hot Key Selection Screen
-
-
- ╔═════════════════════════════════════════════════════════════╗
- ║ PC-Vault Hard Disk Protection System - Version 4.5 ║
- ║ ║
- ║ You may request that your machine automatically go into the ║
- ║ LunchBreak state if the keyboard is idle for a specified ║
- ║ time period. You may select a time period from 3 to 61 ║
- ║ minutes. ║
- ║ ║
- ║ A time of 61 minutes means that automatic LunchBreak will ║
- ║ never occur. ║
- ║ ║
- ║ The current keyboard idle time is 5 minutes. ║
- ║ ║
- ║ Please enter new keyboard idle time in minutes: ║
- ║ ║
- ╚═════════════════════════════════════════════════════════════╝
- Fig. 13 - Maximum Idle Time Selection Screen
-
-
-
-
-
-
- ╔══════════════════╦═════════════╦═════════════╗ To Select User
- ║ Directory/Area ║ TheBoss ║ User 2 ║ Cursor keys
- ║ ║EXE/COM│Other║EXE/COM│Other║
- ╠══════════════════╬═══════╪═════╬═══════╪═════╣ To Select Dir.
- ║ Diskette Access ║ R-W-X │ R-W ║ ----- │ R-W ║ Cursor, PgUp/Dn
- ╟──────────────────╫───────┼─────╫───────┼─────╢ Home, End
- ║ HardDisk AbsI/O ║ ----- │ R-W ║ ----- │ --- ║
- ╟──────────────────╫───────┼─────╫───────┼─────╢ To Control Access
- ║ New Level 1 Dirs ║ R-W-X │ R-W ║ ----- │ R-W ║ R=Read W=Write
- ╟──────────────────╫───────┼─────╫───────┼─────╢ X=Execute
- ║ C:\ ║ R-W-X │ R-W ║ --X-- │ R-- ║ A=All N=None
- ╟──────────────────╫───────┼─────╫───────┼─────╢
- ║ C:\DATABASE ║ R-W-X │ R-W ║ R-W-X │ R-W ║ To chg all users'
- ╟──────────────────╫───────┼─────╫───────┼─────╢ access to this
- ║ C:\UTILS ║ R-W-X │ R-W ║ --X-- │ --- ║ dir, use Alt
- ╟──────────────────╫───────┼─────╫───────┼─────╢ with R,W,X,A,N
- ║ C:\GAMES ║ R-W-X │ R-W ║ --X-- │ --- ║
- ╟──────────────────╫───────┼─────╫───────┼─────╢ To chg this usr's
- ║ C:\PAYROLL ║ R-W-X │ R-W ║ ----- │ --- ║ access to all
- ╟──────────────────╫───────┼─────╫───────┼─────╢ dirs, use Cntrl
- ║ D:\ ║ R-W-X │ R-W ║ R-W-X │ R-W ║ with R,W,X,A,N
- ╟──────────────────╫───────┼─────╫───────┼─────╢
- ║ D:\BACKUP ║ R-W-X │ R-W ║ R---X │ R-- ║ To Save Choices
- ╚══════════════════╩═══════╧═════╩═══════╧═════╝ Esc or E
- Note: R, W and X toggle the corresponding permission.
-
- Fig. 14 - Directory Access Control Table
-
-
-
- ╔═════════════════════════════════════════════════════════════╗
- ║ PC-Vault Hard Disk Protection System - Version 4.5+ ║
- ║ ║
- ║ ╔═════════════════════════════════════════════════╗ ║
- ║ ║ Log Control ║ ║
- ║ ╠═════════╤═════════╤═════════╤═════════╤═════════╣ ║
- ║ ║ Admin │ John T. │ User 2 │ User 3 │ User 4 ║ ║
- ║ ╟─────────┼─────────┼─────────┼─────────┼─────────╢ ║
- ║ ║ ----- │ D-X-- │ D-X-O │ D---- │ D---- ║ ║
- ║ ╚═════════╧═════════╧═════════╧═════════╧═════════╝ ║
- ║ ║
- ║ Press: Right/Left cursor keys to select a user. ║
- ║ D - to toggle logging of denied accesses. ║
- ║ X - to toggle logging of programs executed. ║
- ║ O - to toggle logging of all other accesses. ║
- ║ A - to select all of the above (D, X, F). ║
- ║ N - to select none of the above (D, X, F). ║
- ║ Esc to save your choices, go to main menu. ║
- ║ ║
- ╚═════════════════════════════════════════════════════════════╝
- Fig. 15 - Logging Control Table