home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Collection of Tools & Utilities
/
Collection of Tools and Utilities.iso
/
dskut
/
dcom344.zip
/
LOGIN.DOC
< prev
next >
Wrap
Text File
|
1990-02-25
|
17KB
|
364 lines
┌────────────────────────────────────────────┐
│ LOGIN.DOC │
├────────────────────────────────────────────┤
│ This file provides temporary documentation │
│ on dCOM's new user login system. │
└────────────────────────────────────────────┘
INTRODUCTION
────────────
A need has been recognized where in many situations it is common to share a
PC among several users, and since we're human, there tends to be a little
distrust from time to time.
To help give the primary user some peace of mind while away from his/her PC,
we have implemented a login system which allows designated the access rights
(privaleges) available to other users while in dCOM's utility mode. These
rights dictate whether a user is capable of such things as opening files
(copying, printing, or editing), modifying files (deleting, renaming, moving,
hiding, or editing w/save), changing configurations, saving configurations,
running programs, exiting dCOM, viewing hidden files, or even whether they
can enter the utility mode. Additionally, user groups are also assignable
which are used in conjunction with the macro keys and/or its Menu Mode, to
control which users have access to which menu (macro key) selections.
AFFECTED AREAS
──────────────
The /MP switch which used to invoke the menu mode, not allowing users to
escape out to the utility mode unless they knew the system password, no
longer has any relevance and has been retired. Whether a user has this
capability is now governed by their Rights in the Access Control Menu.
Actually, for that matter, there is no more "system" password. There is
however, a "current" password, which is established differently depending
on whether the login system is used. If the login system is active (a /L
switch was specified on dCOM's command line), the user's password becomes
the current password. If the login system is not active, the password for
the SUPERVISOR's entry in the Access Control Menu becomes the current
password.
Outside of logging in, the only instance in which the current password is
now used is when rectivating the screen blanking feature (Shift-Ctrl-B) and
when invoking the Access Control Menu, if the login system is not active.
(If the login system is active, the user must be a supervisor to gain entry
to the Access Control Menu.)
The screen blanking feature (Shift-Ctrl-B), still works as it did before,
where if a password is active, it must be entered to reactivate the screen
and keyboard. If no password is set for the logged in user, pressing
Shift-Ctrl-B again will reactivate the screen.
The Alt-A command, which used to allow changing the System Password, now
invokes the Access Control Menu (described in a following section).
If the login system isn't used (the /L switch isn't given), when dCOM is run
the current user will be considered the SUPERVISOR, with total access to all
rights and groups. Additionally, even though the login system isn't active,
dCOM will still lookup the SUPERVISOR in the Access Control Menu (Alt-A),
and use the SUPERVISOR's password as the "current" password. If you don't
wish to use the login system but still want the screen blanking feature
password protected, be sure to edit the Access Control Menu and set the
SUPERVISOR's password accordingly.
OVERVIEW
────────
Enabling the login system serves a variety of needs. Some people may just
wish to have their computer password protected when it is first turned on.
Others, may have more of a concern with what capabilities are available to
other users using their computer. Or, what capabilities are available while
using a network drive. Or, from a menuing perspective, what menu functions
(macro keys) are available to which users. And lastly, maybe just keeping
track of usage, and which users were on when, using the login system in
combination with the audit trail feature. Of course, all of these capabi-
lities are now provided to you using the login system.
ACCESS CONTROL MENU
───────────────────
The heart of the login system is the Access Control Menu. Handling how this
menu is invoked varies depending on whether the login system is active. If
the login system is active, any user with a supervisor group flag may enter
and edit the Access Control Menu. If the login system is not active, the
current password (which will be the SUPERVISOR's password) will be prompted
for (provided its been set), before access is allowed.
If the login system is active and the current user does not have a supervisor
group flag, pressing the Alt-A command to invoke the Access Control Menu will
only dislay a window showing the current user's name, rights, and groups.
Under the Access Control Menu you define a list of users which will have
access to your computer, and what privaleges they will have.
The Access Control Menu will initially default with two entries, SUPERVISOR
and GUEST. Both entries play a role under different situations and shouldn't
be deleted carelessly. The SUPERVISOR entry establishes the active password
in the event that dCOM is run without the /L switch. One of the first orders
of business should be to enter a password for the SUPERVISOR entry so that
other users can't log in using its name. The GUEST entry controls the rights
and groups of users not successfully logging in. By default, a guest user
will have access to dCOM's utility mode, but that's it - a guest user won't be
able to access configuration menu's, modify files, exit dCOM, or run programs.
If you wish your guest users to more or less privaleges, then edit the GUEST
entry appropriately. If you don't wish to allow invalid login's then delete
the GUEST entry. If there are a large number of users fitting a certain
description, instead of building all their names in the Access Control Menu,
you could just tell them all to log in using the name "guest". If you don't
enter a password for the GUEST entry, one won't be asked for.
Normally, the primary supervisor would immediately add his login name under
the Access Control Menu and give himself a group flag of "$" (making his name
a supervisor with full rights and privaleges). If the primary supervisor
wants to further delegate some junior supervisors, he would add their names
under the Access Control Menu and give them a group flag of "#", which gives
them the same access privaleges as him except that they cannot modify other
users having a supervisor, or junior supervisor group flag.
ENABLING THE LOGIN SYSTEM
─────────────────────────
Whether the entire login system is enabled depends entirely on whether the
/L or /LA command line switches are provided when dCOM is first run.
The only difference between /L and /LA is that /LA enables the automatic
logout feature. Both of them activate the login system and, as described
next, both accept the same parameters:
/L[:name][,password]
/LA[:name][,password]
Although giving both the user name and password on the command line is rather
self-defeating, it is provided as an option non-the-less. Providing both the
user's name and password on the command line results in the computer never
prompting for a login when initially powered up, but would still allow the
user to manually generate a logout using Alt-L (which leaves the display
prompting for a new login), at times when he/she will be away from their
computer for a period of time (of course other users soon figure out all they
have to do is reset the computer and it automatically logs in...).
The automatic logout feature (using /LA instead of /L) is provided for those
situations where it is like pulling teeth trying to get users to comply with
logging themselves out when they are through with the computer. Or, if you
just want the comfort of knowing that if you get up and walk away from your
computer, that it will log itself out automatically after a certain period of
time. In order for the automatic l