



                           StopLight for Team OS/2

                                 MANUAL.TXT

                              September 5, 1995



  StopLight for Team OS/2 is identical to the commercial StopLight for OS/2
                     version, except for the following:

              * Team OS/2 logo on the logon and Setup screens.
                      * Boot protection is not included
              * Super Password is displayed on the logon screen



  StopLight for Team OS/2 is for use by Team OS/2 members on their personal
  or corporate workstation.  Team OS/2 members may use the software without
      charge, and are entitled to a substantially reduced price for the
                             commercial version.

   Non-Team OS/2 members may evaluate this version for 30 days.  After the
   evaluation period has expired, they must remove the software from their
   systems or contact Safetynet, Inc. at the address below to purchase the
                             commercial version.

    *** SPECIAL OFFER * SPECIAL OFFER * SPECIAL OFFER * SPECIAL OFFER ***

 Team OS/2 members may purchase one copy of StopLight for OS/2 for $59 plus
  shipping and handling, which is $90 off the list price of $149.  Only one
           copy may be purchased at this deeply discounted price.

 All StopLight for Team OS/2 technical support questions should be directed
 to support@safe.net.  If you have further questions, please send e-mail or
                               contact us at:


                               Safetynet, Inc.
                              140 Mountain Ave.
                            Springfield, NJ 07081

                           1-800-OS2-SAFE (Sales)
                           1-201-467-1024 (Sales)
                            1-201-467-1611 (Fax)
                            1-201-467-1581 (BBS)
                         http://www.safe.net/safety/
                      ftp://ftp.safe.net/pub/safetynet/
                          CompuServe - go cis:safe






 TABLE OF CONTENTS

  Introduction ............................................................1
  Backup Instructions .....................................................1
 1. Security Overview......................................................2
  Password Management .....................................................2
  Audit Trail Log .........................................................3
  Screen Blanker / Keyboard Lock ..........................................3
 2. Installation & Removal.................................................5
  Multiple Operating Systems and Automatic Translation ....................5
  File Names Convention ...................................................6
  Step-by-Step Installation ...............................................6
  Desktop Locations .......................................................7
  Uninstalling StopLight OS/2 .............................................7
 3. Global Security Setup..................................................9
   Administrator Name .....................................................9
   Administrator Password and Expiration ..................................9
   Changing the Password ..................................................9
   Safe Directory .........................................................9
   Public Directory ......................................................10
   Work Station Name .....................................................10
   Minimum Password Length ...............................................10
   Invalid Logins to System Lock .........................................10
   Encryption Key ........................................................10
   Mouse Type ............................................................10
   Read-only Directory ...................................................10
   Request User Name .....................................................11
   Request Password ......................................................11
   Id Key Device .........................................................11
 4. Administrator Features................................................13
  User Privileges ........................................................13
   SUPER USER ............................................................14
   USER ACTIVE ...........................................................14
   HARD DISK WRITE PROTECT ...............................................14
   FLOPPY DISK READ/WRITE PROTECT ........................................14
   KBD LOCK WHILE SCREEN BLANK ...........................................14
   ALLOW PASSWORD CHANGE .................................................14
   DISABLE PRINTER ACCESS ................................................14
   DISABLE SERIAL PORT ACCESS ............................................14
   ALLOW DATE AND TIME CHANGE ............................................14
   AUDIT TRAIL ...........................................................14
  Super User Privileges ..................................................14
  System Administrator Privileges ........................................15
  Desktop and Directory Management .......................................15
   The SAFER.OS2 Directory ...............................................15
   The SAFE Directory Mask ...............................................15
   The PUBLIC/Read-Only Directory ........................................15
  Audit Trail Log ........................................................15
  Screen and Keyboard Lock ...............................................16
 5. Log Viewer & Utilities................................................17
  Log Viewer .............................................................17

 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                      Page i




   Display Modes .........................................................17
   Deleting the Log ......................................................17
   Saving and Printing the Log ...........................................17
  Additional Utilities ...................................................18
   MSBOOT ................................................................18
   OS2CRYPT ..............................................................18
 6. User Operations.......................................................19
  Logging into the System ................................................19
   User Name .............................................................19
   User Password .........................................................19
   Password Expiration ...................................................20
  User Directory .........................................................20
  Auto Screen and Keyboard Lock ..........................................20
  User Privileges ........................................................21
   Using File Encryption (Not included in Eval Version) ..................21
  Logging Out of the System ..............................................22
   Dual Boot System ......................................................22
 Appendix.................................................................23
  Frequently Asked User Questions ........................................23
   What is StopLight OS/2? ...............................................23
   How do I Login to the System? .........................................23
   How do I change my Password? ..........................................23
   How do I Exit the System? .............................................23
   How do I Manage my Data Files? ........................................23
   What is the Screen and Keyboard Lock? .................................23
  List of Error Messages .................................................24
   StopLight OS/2 Messages while Running OS/2 ............................24
   Error messages that users are likely to encounter: ....................25
  Master Disk Contents ...................................................26

























 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                     Page ii





 Introduction

 Welcome to StopLight(R) for OS/2.

 StopLight for OS/2 provides the essential features required for protecting
 workstations.  With its very low memory and disk requirements and simple
 operation, StopLight for OS/2 easily integrates with your system.  During
 normal operation, you will not even know that security is there.  But if an
 intruder or hacker attempts to get at your sensitive information, or
 perform an unwanted action, StopLight for OS/2 will immediately come to the
 rescue.

 StopLight for OS/2 provides security by preventing unauthorized users from
 accessing the computer.  Security profiles can be set up quickly for users
 and the administrator.  An almost unlimited number of possibilities can be
 assigned to each user based on the type of access that is deemed
 appropriate.  And through its log file, user activity and attempted
 violations can be tracked.

 StopLight for OS/2 quietly protects your computer and its files from
 unauthorized activity in the background, providing you with a secure and
 highly productive environment.

 Backup Instructions
 Protecting sensitive information on your computer requires security and
 good backup procedures.  StopLight for OS/2 does its part by providing
 comprehensive security protection.  You must do your part by backing up
 your system.

 System Backup
 We strongly recommend that you backup your system before installing
 StopLight for OS/2.  You can use the backup program provided with DOS or
 one of the many commercially-available backup programs.  StopLight for OS/2
 makes changes to your hard disk to prevent unauthorized access.  It has
 been successfully implemented on many types of computers and has safeguards
 which prevent data loss.  As a rule, though, no software product can be
 guaranteed to work under every possible condition.

 System Requirements
 Hardware       Any IBM PC 286 or above processor (including Intel Pentium)
                or compatible.  A hard disk with 1Mb free space and one (or
                more) floppy disk drives.

 Operating      IBM OS/2 version 2.x, OS/2 Warp 3.x.
 System

 Network        Novell, LAN Manager, Banyan, and all networks supporting a
                DOS or OS/2 client

 Video Display  MDA, CGA, EGA, VGA, SVGA and compatibles.  The screen saver
                blanks all standard DOS text and graphics video modes
                including those used by Microsoft Windows.


 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                      Page 1




 1. Security Overview

 This chapter provides an overview of security concepts and how they are
 implemented in StopLight for OS/2.  To successfully implement a security
 strategy, you should become familiar with this chapter.  If you are already
 proficient with security systems, you may only need to skim over this
 information before moving onto the installation instructions found in the
 next chapter.

 Password Management
 Use of passwords, variously controlled and managed in the background, is
 the essence of protection offered by StopLight for OS/2. The system
 administrator may establish a flexible security system by defining users
 and their passwords in different combinations described below.  Use of
 individual passwords for access to the system during login is the first
 stage of security offered by StopLight for OS/2.  Examples of user name and
 password combinations offered by StopLight for OS/2 follow:

       a)Name and Password: This is the default setting and is deemed
         appropriate for most situations.  The user name will be displayed
         on the screen but the password will remain concealed.

       b)Password, No Name: It is possible to enter a password without the
         need to have a user's name. In this case the user will simply
         enter the password and skip the name entry.

       c)No Password, No Name: In some cases, for example, in classrooms
         where users do not require confidentiality from each other,
         security can be provided without assigning user names and
         passwords.  Initial PC access will be possible by merely pressing
         <Enter> when prompted at the login screen. Students will then
         receive the security profile defined by USER1 in the Setup Users
         section described below.  Along with other protection, security
         can be provided for the AUTOEXEC.BAT and CONFIG.SYS files, virus
         protection can be activated, and the hard disk can be protected
         against formatting.

       d)No Password, Many Names: A fourth possibility is to allow access
         by entering the user's name only (no need for a password).  This
         option is particularly useful for systems where every user has
         equal access to the system but the output itself must be separated
         (for example, an accountant may want to compute the total time
         spent on one customer for billing purposes).

 For security reasons, when logging in as SYSADMIN the password will still
 be required.

 The system administrator controls the use of passwords by the users in
 different ways. A minimum valid length for the password may be specified.
 Thus, even if users are allowed to replace their password, it may not be
 shorter than the minimum length. The system administrator may also specify
 the number of times or days that a given password may be used.  After the


 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                      Page 2




 password has expired, access to the system with this password will be
 denied.

 The user's name is not normally a password since it is visible to all when
 entered on the screen.  However, the password itself is known only to the
 individual user.  The password is stored in encrypted form to ensure its
 confidentiality.

 The system administrator has access to the hard disk with an administrator
 password. Once logged in, the administrator has access to the complete
 system including every users' privileges and secure directories. Further,
 the administrator also has access to the main security menu and to the
 Global Security Setup and Setup Users. In other words, when logging in as
 administrator, all security protection (except virus protection) is
 suspended from the computer.  Therefore, it is recommended that great care
 be taken to keep the administrator password completely confidential.

 When you login as system administrator, you have all privileges including
 access to the SAFER.OS2 directory. It is advisable that you also define
 yourself as a USER and login as a user while normally using the system.
 Login as a system administrator only when making changes to the StopLight
 for OS/2 security system. This will avoid unnecessary exposure to the
 security system and to the administrator password.

 Restricted Directory - SAFER.OS2 Directory
 The \SAFER.OS2 directory contains all the security parameters and
 configuration as set by the system administrator. It contains the security
 configuration file, the Log file and all other security files generated by
 StopLight ELS. Only the system administrator has access to this directory.

 To define access rights to specific files and directories, please see the
 Trustee Assignments section of this manual.

 Audit Trail Log
 The Audit Trail Log records user and security-related activity performed at
 any time by each user from the moment of login. By consulting the contents
 of the Audit Trail Log, the system administrator can globally supervise the
 activity in the system, check each user's activity, check any attempts to
 get access to unauthorized areas of the disk, violations, etc., and even
 get statistical reports of the activity conducted on the computer.  The log
 file should be periodically cleared to conserve disk space.

 A flexible Audit Trail report generator helps the administrator manage
 audit information.  Reports are generated based on date ranges, users and
 activity.  Report information is displayed to the screen or exported to
 data file for use with other programs.  Violations are emphasized on the
 screen in Red for easy recognition.  On monochrome systems, violations will
 appear in Bold.

 Screen Blanker / Keyboard Lock
 When a user leaves the computer unattended for a period of time, StopLight
 can blank out the screen to prevent monitor burn.  The computer system will
 continue to work, but nothing but a moving box will appear.  Information on

 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                      Page 3




 the screen will not be visible to users and the monitor will be protected
 from burn in.

 The Screen Blanker / Keyboard Lock can be activated automatically if the
 computer keyboard and mouse are not used after a period of time.  This
 period of inactivity is adjustable from 2 minutes to 60 minutes.  When the
 Screen Blanker is activated, the user simply presses <Enter> to restore the
 screen.  All underlying screen information will be properly restored.

 Normally, only the Screen Blanker will appear when you step away from your
 computer. However, if you want your keyboard lock to activate along with
 your Screen Blanker, select the "KBD Lock while Screen Blank" option on the
 "User Privileges" window during set-up.









































 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                      Page 4




 2. Installation & Removal

 This section provides an easy, first-time installation and operation of the
 StopLight OS/2 system.  It allows you to get acquainted with the system and
 to test it with the default settings. When you are more familiar with the
 program and can determine what your requirements are, it will be much
 easier to configure a system that is fully customized to your security
 needs.

 INSTALL.EXE, located on the StopLight OS/2 installation diskette, performs
 the following tasks:

 1. It creates a directory named SAFER.OS2 for OS/2, in the Root Directory
    of the OS/2 system drive.
 2. It creates a directory named PUBLIC in the selected OS/2 drive.
 3. It copies files from the installation diskette to those directories.
 4. If DOS installation is selected, it creates directories on the DOS drive
    named SAFER, and PUBLIC.
 5. It updates the CONFIG.SYS and AUTOEXEC.BAT files.
 6. If selected, it installs Hard Disk Boot Protection, and saves an
    UnInstall emergency file on the emergency diskette with the workstation
    name specified in the GLOBAL SETUP screen (saved in the profile).  A
    backup of this file is saved in the SAFER.OS2 directory.

 Note for owners of a site license for StopLight OS/2:

 If you are going to install StopLight OS/2 according to a site license, you
 should assign a unique workstation name for each computer on which the
 StopLight OS/2 system is installed.  This information will be saved to
 allow you to uninstall the security from that specific computer when
 necessary.

 It is possible to save several files on a single diskette.

 Multiple Operating Systems and Automatic Translation
 StopLight OS/2 can be installed on a system with multiple operating systems
 installed.  In such systems, the OS/2 installation is the master
 installation, and the system administrator uses the OS/2 installation to
 set the user profile.  The profile is automatically transferred to the DOS
 partition.

 Password and login count information is communicated in both directions
 across a partition, e.g., if the password expires and is changed while
 logging into DOS it will affect both DOS and OS/2.  This works both on FAT
 and HPFS systems (see below).

 Automatic translation supports both dual boot and boot manager with only
 one operating system of each.  If the system includes several OS/2
 installations or several DOS installations, manual management is required.





 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                      Page 5





 File Names Convention
 StopLight OS/2 can be installed on both FAT and HPFS systems.  It can also
 be installed on any combination of the two systems, e.g. a boot manager
 with DOS installed on the FAT system and OS/2 installed on the HPFS system.
 FAT system file names are eight characters long with a three character
 extension separated with a period.  HPFS file names can be up to 256
 characters long.  StopLight OS/2 defines HPFS file names by the first 30
 characters.  On dual system installation translation of HPFS names into FAT
 names is required and the following rules apply:
 .  The first eight characters (or all characters preceding the first period
    if less than 8) are used for the name.
 .  The first three characters following the first period form the
    extension.
 .  Wildcards may also be used.

 An example of this nomenclature is the file name,
 STOPLIGHT_FOR_OS2.DOCUMENTATION.  This is clearly an HPFS file name.  For
 DOS, it translates to STOPLIGH.DOC.

 Step-by-Step Installation
 During the installation of the StopLight OS/2 system, you get instructions
 on-line.
 1. Boot OS/2.
 2. Click or press <Ctrl><Esc> to go to full screen OS/2.  Insert the
    original StopLight OS/2 diskette in drive A:, type A:\INSTALL, then
    press <Enter>.

    Alternatively, click the desktop A: drive folder to display the files on
    the installation diskette.  Double-click the INSTALL.EXE icon to open
    the installation screen. The StopLight OS/2 Installation Screen is
    opened:

 3. Click Global Setup. The Global Security Setup screen is opened.
 4. Enter a name for your workstation and click Save. You return to the
    StopLight OS/2 Install Screen.
 5. Click Install.  The Install-Configuration box opens and allows you to
    select, by clicking on the appropriate checkbox, OS/2 installation, DOS
    installation, and/or hard disk boot protection.  Under normal
    circumstances, with a single unpartitioned hard drive, select OS/2 and
    boot protection only.  If you select DOS installation, you must enter a
    directory on your DOS drive.  Click OK to continue installation, Cancel
    to abort the installation.
 6. If you select boot protection, you are prompted to insert a new
    emergency diskette.  This must be an OS/2 formatted diskette.  Click OK
    to continue, select the drive for the emergency diskette, and OK again.
    You have the option to quit by clicking Cancel.  Replace the
    installation diskette if using the same drive, and click OK.
    In case an emergency file already exists on the diskette, click OK to
    overwrite or CANCEL to abort the installation.
 7. Installation automatically begins and messages inform you of the
    progress.  You may click Abort to stop the installation.  StopLight


 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                      Page 6




    OS/2 informs you when installation is complete.  Click OK, and exit the
    Install program.
 8. Remove your original StopLight OS/2 diskette from the drive, store it
    in a safe place, and reboot the computer.  When the installation is
    completed, two directories are created:
    \SAFER.OS2    All the system administrator's files and programs of the
    StopLight OS/2 are located here.
    \PUBLIC       All the users' utilities are located here.
    When StopLight OS/2 is installed, the SAFERLOG.LOG. file will be
    created. This is the Audit trail log output file.  All the information
    on supervised activities will be recorded in this file.
 9. When the StopLight OS/2 logon screen appears, type in your system
    administrator's name and password.  The default name is SYSADMIN and
    the default password is PASSWORD.  Click Change rather than OK, and
    enter a new password twice.  Be sure to make a note of this password in
    a secure place, in case you forget it.
 10.Shut down and reboot.

 Note: If StopLight OS/2 is already installed on your system, and you try to
 install it again, you receive a warning that StopLight OS/2 was already
 installed on your computer. It is possible, however, to remove StopLight
 OS/2 and reinstall it on the same computer.

 Desktop Locations
 StopLight OS/2 creates a StopLight folder on the desktop, with icons for
 its various utilities.  The Setup and Log Viewer icons are only visible by
 the StopLight administrator, and are automatically removed when a User logs
 into the system.

 The logon screen is active every time the computer is booted and, if not
 deactivated, the screen saver begins whenever the computer is inactive for
 the specified length of time.  To manually access the logon screen and
 keyboard lock features, open the Minimized Window viewer and select the
 appropriate icon.

 Uninstalling StopLight OS/2
 In order to uninstall the StopLight OS/2 Security System, you must have the
 original StopLight OS/2 diskette from which the installation of the
 security system was executed.  Removal can be performed only by the system
 administrator, who must prepare for removal in the following ways:
 a. All encrypted files must be decrypted before uninstalling the security
    system.  It will no longer be possible to decipher files that remain
    encrypted after the security system is uninstalled.
 b. A printout of the contents of the log file must be generated.  During
    the uninstall procedure, this file is deleted, and the reports that it
    contains are destroyed.
 c. Never attempt to uninstall StopLight OS/2 by manually removing files or
    directories.

 Note: If you have a site license installation disk, you must use the
 special diskette prepared at the time of installation of StopLight OS/2 on
 that particular machine.


 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                      Page 7




 To uninstall StopLight OS/2:
 1. Insert the original StopLight OS/2 diskette in drive A:, and login as
    system administrator.
 2. Click open the A: drive folder and click the INSTALL.EXE icon to reach
    the Main Menu.
 3. Select the uninstall option.  Uninstall will be automatically
    performed.
 4. If the StopLight OS/2 system requests the emergency diskette, supply
    the diskette created during installation for that specific computer.
 5. On completion of the procedure, exit the StopLight OS/2 Installation
    screen, shut down OS/2 and reboot your computer for the changes to take
    effect.  You must reboot before installing StopLight OS/2 again.

 Warning! The uninstall procedure consists of restoring the installation
 properties to the original StopLight OS/2 diskette. However, if this fails
 such that re-installation becomes impossible:

 Try to uninstall the system again, from the command line.  On the command
 line, type A:\INSTALL, and follow the same steps described above, inserting
 a super-password, etc.).

 If, for some reason, the uninstallation process can still not be properly
 completed, please contact your dealer for technical support.































 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                      Page 8




 3. Global Security Setup

 To receive optimal benefit from StopLight's powerful features, the system
 administrator must customize the options to best suit system needs. The
 intuitive nature of StopLight OS/2's interface enables you to prepare your
 setup with a minimum of time and effort.

 The Global Security Setup Screen and a feature by feature description of
 its elements follows.  To open the Global Security Setup window, click on
 the INSTALL. EXE object on the OS/2 desktop or within a Safer.OS2 directory
 window, then click on the Global Setup button.  You may also change the
 directory to Safer.OS2 in Full Screen OS/2, then type INSTALL.EXE.

 Administrator Name
 The system default name for the system administrator is SYSADMIN. You may
 choose to keep this name or select one of your own.  You may change it as
 frequently as you wish. Any combination of up to eight alpha-numeric
 characters is a valid name.

 Administrator Password and Expiration
 Click in the password box (or tab from the user name box) and type the
 administrator password.  You may select any combination of up to eight
 alpha-numeric characters.

 You can also set the period of time permitted until the password expires
 and an new password must be entered.  Type the number of logins permitted
 in the box to the right of Exp.    The maximum expiration period permitted
 is 254 logins.  To cancel, type Off or 255.

 Subsequently, the number of logins remaining until password expiration will
 be displayed in the entry box.  Click on Exp to refresh the number of
 logins remaining, to the number previously set.

 Changing the Password
 To gain another level of protection it is recommended that you change your
 password frequently.  Quite often another person may observe you entering
 the system and later try to access the system by themselves.  Fortunately,
 their actions will be recorded in the Audit Trail Log under system
 administrator for later detection.

 Safe Directory
 All files and directories that you wish to protect must be part of this
 directory.  StopLight creates a mask according to the information you type
 in this field.  If you want the Safe Directory to include the whole disk
 type *.* in the field.

 However, if you want to protect only part of the disk, utilize the default
 extension .SEC that appears in the field.  For further details, see Chapter
 2, section on File Names Conventions.





 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                      Page 9





 Public Directory
 This directory, or mask, does not require privileges to gain entry. It
 covers all areas of the disk not masked by the Safe Directory, i.e., the
 not safe area.

 The Public Directory can be defined as one of the following:  1) All users
 have full read and write activities;  2) All users have read activities
 only. By entering a name in the Public Directory field you automatically
 divide the unprotected part of the disk into these two areas, the named
 field being fully accessible and the other read-only.

 To provide further flexibility these two areas can be inverted in respect
 to their Read/Write activities. See "Read-only Directory" later in this
 chapter for further details.

 Work Station Name
 Enter a name for your work station.  This and all setup information
 enhances the degree of detail within the Audit Trail Log. It can help you
 analyze problems (such as unauthorized access) at a later date.  The work
 station name is also used to identify the emergency diskette created during
 installation and used for security emergencies and for  removal.

 Minimum Password Length
 As system administrator, you can preset the minimum password length for all
 users.  Statistically speaking, a longer password enhances overall security
 protection. The default setting is four (4).

 Invalid Logins to System Lock
 Enter in this field the number of invalid logins permitted until the system
 locks.  When the specified number of illegal entry attempts are reached,
 the system will lock and only the system administrator can unlock it.
 After an illegal entry attempt takes place even legal users cannot enter
 the system unless their attempt to login occurs before the lockup.

 Encryption Key
 Enter in this field zero to eight characters to serve as a key for data
 encryption.

 NOTE:  You must record this key in case you need to change the key in the
 future.  After changing keys, the previous key is needed to access data
 encrypted before the change.

 Mouse Type
 Select the type of mouse connect to your computer, from the drop-down list.
 This information is used only for StopLight DOS.

 Read-only Directory
 Click on this box to make the named portion of the Public Directory read-
 only, leaving the rest of the disk (except the Safe area) open to full
 access.  To invert these settings, deselect the box by clicking a second
 time.


 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                     Page 10




 Checking Read Only in the Privilege window makes the portion of the Public
 area (B, light gray), not included in the Safe area (D&C, dark gray), read-
 only, while the rest of the disk (A, white) is unlimited.  Unchecking Read
 Only makes the portion of the Public area (B, white), not included in the
 Safe area (D&C, dark gray,) unlimited, while the rest of the disk (A, light
 gray) is read-only.

 Request User Name
 To require that users enter only their User Names, select this checkbox and
 deselect the Request Password box below it.  To require entry of both User
 Name and Password select both boxes.  To remove security, uncheck both
 boxes and click OK.  Following the latter choice, it will be possible to
 log in only as sysadmin or as the first user not defined as supervisor.

 Request Password
 Conversely to the previous section, to require that users enter only their
 Passwords, select this checkbox and deselect the Request User Name box
 below it.  To require entry of both User Name and Password select both
 boxes.  To remove security, check neither box.

 Id Key Device
 StopLight OS/2 offers optional key devices for physical user
 identification.  If your system is so equipped, select the appropriate
 definition.  Refer to the documentation included with your key device for
 further details.

 Click Save to save your Global Security Setup entries and exit the screen.
 Click Cancel to exit without saving-
                                    -
                                     -all entered data will be lost.  Click
 Help to view on-line help.

 Trustee Assignments
 Trustee assignments control which directories and files a user can access
 and which operations he can perform on them. A trustee assignment is
 comprised of the rights (indicated by flags), granted to a user in a
 directory or file. A user who has been granted rights in a directory or
 file is called a "trustee" of that directory or file.

 Trustee assignments work in descending order through the directory
 structure (i.e., if a trustee has certain rights in a directory, he
 automatically has the same rights in this directory's files, subdirectories
 and the files in the subdirectory, unless the trustee assignments are
 redefined at a lower level of the directory structure).  See "Syntax for
 Specifying Directories or Files" for syntax considerations when specifying
 the scope of the trustee assignments.

 You can view, assign and modify trustee assignments through the Trustee
 Assignment Screen,.

 Select a user whose trustee assignments you want to view, assign or modify
 from the User List combo box.  You can perform the following:
      . To add a new directory to the user trustee assignments select a
        directory from the Directory list box (multiple selection is
        allowed) and click on the Add button.

 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                     Page 11




      . To delete a directory from the user trustee assignments select a
        directory from the Trustee list box (multiple selection is allowed)
        and click on the Delete button.
      . To modify existing trustee assignments for a specific directory,
        select this directory from the Trustee List Box and click on the
        Edit Button. The Trustee Edit Screen is displayed:

 By setting flags in this screen you can reassign user rights for a selected
 directory or files.  Available flags are:

      Read:     enables a user to read from a file.
      Write:    enables a user to write to a file.  Note that in order to
                write to a file, a user should also have the Read flag set.
      Execute:  enables a user to invoke an executable file.
      Create:   enables a user to create new files in the specified
                directory.
      Delete:   enables a user to delete files in the specified directory.
      Directory/File Name:  The directory in which the flags assigned take
                effect.  Change the directory by typing a new directory name
                (wildcards are permitted).

 You can get instant help on how flag settings define rights to perform
 certain operations on directories and files from the "book" in the center
 of the screen.
 . To copy trustee assignments from one user to another, select Copy from
  the Trustee Assignment Screen.
 . To save the changes to the trustee assignments and exit the Trustee
  Assignment Screen, click on the Save button.  To discard the changes,
  click on the Exit button.

 Syntax for Specifying Directories or Files
 Appending a backslash character ("\") to a directory designation limits the
 influence of the trustee assignments to the path preceding the backslash
 character.  For example:

      C:\TEST  defines TEST directory and all its subdirectories.
      C:\TEST\ defines only TEST directory itself.

 Note:  Directories not included in trustee assignments have full access
 rights.  If a directory is specified and no flags are set, a user has no
 rights in this directory.













 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                     Page 12




 4. Administrator Features

 The basic security tool used by StopLight OS/2 is the limitation of user
 access to those who enter a valid individual password only.  Before any
 user can enter the StopLight OS/2 protected system, the system
 administrator, who has total access to all parts of the system, must assign
 a password to the newly authorized user.

 User Privileges
 Once StopLight OS/2 is installed, the system administrator should enter the
 users' names and their passwords in the User Setup area from the
 Installation screen and may further restrict the use of the passwords.

 The user's name is not a password and is displayed on the screen, visible
 to all.  The password itself, on the contrary, is known to the individual
 user only and is never displayed.  The password is encrypted with a double
 key encryption and kept in the form of a number on the hard drive, to
 ensure that the password cannot be back-calculated.  Normally both user
 name and password should be required.  However, the administrator can, for
 special purposes, require only one or the other.  For instance, the
 administrator may allow a "guest" user without password with limited
 privileges for a limited period of time.

 The system administrator should design a security system with the needs of
 the system in mind.  The process begins with reviewing and revising the
 User List, determining privileges for each user and assigning work groups.

 To start the installation execute INSTALL.EXE from the original diskette
 and perform the following steps:
 1. From the Installation screen, click on User Setup. The Users List Screen
    appears:

 2. Click Add to add a new user name.
 3. Highlight the desired user name and either edit the name and privileges
    (click OK) or delete that user name (click Delete), but remember that
    you can temporarily inactivate without deleting when you edit the
    information.
 4. Click OK when you have finished all User Setup activity and want to
    return to the Installation Screen.

 When you add or edit User Setup information, the User Security Setup Screen
 appears.

 The system administrator may:
 1. Change or create the User Name and User Password (maximum 8 characters,
    minimum as set under Global Setup.
 2. Set the number of logins until the password expires by typing a number
    between 1 and 254 in the rightmost box, or type "OFF" or 255 to disable
    the function.
 3. Click on Exp to refresh the tries remaining in the left (view remaining
    time) box.
 4. Assign a private directory for this user.


 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                     Page 13




 5. In the Auto Screen Saver box, type the number of minutes of inactivity
    until the screen saver takes over.
 6. Assign a data encryption level for this user.  When data is encrypted,
    only users with the same encryption level may access that information.
 7. Complete the security assignment by checking or unchecking the following
    available options:

 SUPER USER
 Establishes this user as a super user who can have additional but not all
 privileges. Super user can serve as local administrator, manage other
 users, view Audit File, but he cannot set or remove users.

 USER ACTIVE
 Click this to remove the check and temporarily remove the user from the
 system.

 HARD DISK WRITE PROTECT
 Click the check mark in the box to prohibit the user from writing to the
 hard disk (read-only), click off permit.

 FLOPPY DISK READ/WRITE PROTECT
 Click the check mark in the box to prohibit use of  floppy disk drives,
 click off to permit the user access to floppies.

 KBD LOCK WHILE SCREEN BLANK
 Click the check mark in the box to lock the keyboard whenever the screen
 saver comes on, click off for screen saver only.

 ALLOW PASSWORD CHANGE
 Click the check mark to allow the user to change his or her own password at
 any time.

 DISABLE PRINTER ACCESS
 Clicking the check mark prevents access to the (LPT PORT, PRN) printer.

 DISABLE SERIAL PORT ACCESS
 Click the check mark to prevents access to the (COM PORT) serial port.

 ALLOW DATE AND TIME CHANGE
 Clicking check mark allows the User to change the system date and time.

 AUDIT TRAIL
 Normally check this option.  Removing the check excuses the user from being
 audited.  For example, you might exempt an executive in a sensitive
 position from the monitoring process for the sake of confidentiality.

 Super User Privileges
 The Super User serves as local or departmental administrator.  He can:
 1. View the Log.
 2. Assign default-user privileges to new users.
 3. Have free access to the system.



 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                     Page 14





 System Administrator Privileges
 Because the system administrator has unrestricted privileges, it is
 recommended that the system administrator also be defined as a regular
 user, with a different password, but with all the privileges.  This is an
 additional precaution to avoid exposing the system administrator's password
 too often, by entering it repeatedly in the presence of other users.
 Moreover, when logging on as system administrator, all security is removed
 from the computer.

 Desktop and Directory Management
 The SAFER.OS2 Directory
 The security parameters and configuration are set by the system supervisor
 and are stored in a separate, special directory named SAFER.OS2. This
 directory contains all the StopLight OS/2 administrative utilities and
 security files, such as the Setup and LOG files.  Only the system
 administrator and super users have access to this directory in which the
 security privileges are set.

 The SAFE Directory Mask
 Another directory (or directories) that the system administrator must
 define is the SAFE directory.  Only super users and the administrator have
 free access to any directory included under SAFE.

 The PUBLIC/Read-Only Directory
 The system administrator may allocate a portion of the hard disk for
 general purposes.  For convenience sake, we will refer to this part of the
 disk as the NOT SAFE area.  The NOT SAFE area can be divided into two
 portions:
 a. The PUBLIC directory mask (defined in Global Setup): All users have free
    access to read and write files and subdirectories, just like on any
    unprotected system.  No password or privilege is required to work in
    this directory.
 b. The balance of the NOT SAFE area may be designated as a read-only area,
    in which users may not write to files and may not create or delete files
    or directories.  As an example, this area might be used to store
    programs available to all the users.

 Optionally, the definition of the above two areas can be inverted such that
 the PUBLIC directory is read-only and the balance of the NOT SAFE area is
 read/write.

 Note: Be careful not to set the entire disk to Read-only since many
 programs require temporary disk files to run.

 Audit Trail Log
 The Audit Trail Log includes activities performed by users from the moment
 they log in.  By consulting the contents of the Audit Trail Log, the system
 administrator can globally supervise the activity in the system, check
 every individual user's activity, check any attempts to get access to
 unauthorized areas of the disk, violations, etc., and even get statistical
 reports on the activity conducted on the computer.


 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                     Page 15




 Login/logout activities and access violations are recorded in the Audit
 Trail Log. For ease of identification, recorded violations appear in red
 (reverse video on a monochrome screen).

 The Audit Trail Log of activities in both DOS and OS/2 can be viewed only
 with the StopLight OS/2 Viewer.

 Screen and Keyboard Lock
 When a user leaves the computer unattended for some time, good security
 requires that unauthorized access by others be prevented.  For this reason,
 StopLight OS/2 offers the Auto Screen Saver option.  This means that the
 monitor display be replaced by a "screen saver", that no information be
 displayed for as long as the computer remains unattended, and/or that the
 keyboard be locked to prevent its use.  The computer continues to work, but
 the active screen is not displayed.

 The Auto Screen Saver option is specified during the system configuration .
 After any specified number of minutes up to 60, the display will be
 replaced by the screen saver.  For manual activation of this option, click
 on the LOCKER icon on the desktop.

 On the screen saver, a message is displayed requesting that the user enter
 the password to resume activity (if the keyboard lock is specified), or
 that the user press <Enter>.

 To activate the screen saver from inside a DOS box, press <Alt> for at
 least five seconds.  It is not necessary to switch to the presentation
 manager desktop in this case.


























 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                     Page 16




 5. Log Viewer & Utilities

 StopLight OS/2 is provided with several utility programs which extend the
 functionality of the system.

 Log Viewer
 The Log Viewer enables administrators and super users to view both OS/2 and
 DOS activities.  You can display the Audit Log with various filters
 specified, and save, delete or print the Audit Log.  This provides the
 system administrator the maximum speed and flexibility in monitoring system
 use and in detecting attempts at unauthorized use.  A regular schedule of
 reviewing the Audit Log is required to maintain maximum security,
 especially on larger systems.

 The system administrator or super user may view the Audit Log by double-
 clicking on the LOGVIEW.EXE program object in the SAFER.OS2 directory
 window.  The log is immediately visible.

 The date, time, user name, and action are given for each entry.  Violations
 of security are highlighted in red.  Click on the Dos Log File button if
 you have StopLight on a DOS partition or drive on your system.  Click on
 Report to update the log with any new entries.

 Display Modes
 Click on Display to open the Log Viewer Sort screen.  The click on any of
 the filters to change the display.  This changes only the display and not
 the actual entries.  If you wish to redisplay all entries, click on Full
 View.

 .  Click on Date to specify a beginning and ending date to display.
 .  Click on User Name to choose the user name whose actions you want to
    display, then click OK.
 .  Click on Action to choose the actions you want the report to display,
    then click OK.

 Deleting the Log
 To delete part or all of the Audit Log, click on Delete.  A window will
 open to specify the beginning and ending dates of the log entries you want
 to delete. An updated report will be displayed.  Both the system
 administrator and super user may view the logged activity, but only the
 system administrator may delete the log file.

 Warning: Data deleted using this function will be permanently lost.  It is
 recommended that you archive the log with a date-type name before deleting.
 For instance, copy the file SAFERLOG.LOG to a file JAN1993.LOG then you can
 use the LOGVIEW.EXE program to delete as you desire.  You can then later
 view the JAN1993.LOG by temporarily renaming the current SAFERLOG.LOG and
 giving the JAN1993.LOG that name.

 Saving and Printing the Log
 After deleting, as a further precaution against losing data, you must click
 Save to copy the changed log to SAFERLOG.LOG.


 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                     Page 17




 Click Print to create a text file consisting of all the information in the
 Audit Log.

 Additional Utilities

 MSBOOT
 MSBOOT is a utility replacing the OS/2 BOOT command when using a dual-boot
 system. This utility will run under either OS/2 and DOS and is used to
 switch between the two operating systems. In either DOS or OS/2 running in
 full screen, type MSBOOT.

 You can also set up MSBOOT as a Presentation Manager icon.  In either case,
 when MSBOOT is run you will be prompted to enter the OS/2 system drive.

 OS2CRYPT
 Off-line file encryption utility. Encryption key is determined during
 installation in the PASSWORD KEY option. Various security level options can
 be chosen. To invoke this utility use the following syntax:
                       OS2CRYPT <file_name_to_encrypt>

 Note: Care must be taken in using this utility. For example, if a user
 tries to decrypt a file encrypted by a user with a different security
 level, the file would be encrypted twice rather than decrypted. This would
 make it difficult to reconstruct the file and trace the source of a
 problem.





























 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                     Page 18




 6. User Operations

 StopLight OS/2 is a sophisticated security system that was installed and
 configured by your system administrator in order to give you the privacy
 and levels of security that will guarantee that no unauthorized user will
 have access to your private files or programs.

 StopLight OS/2 is user-transparent.  In other words, StopLight OS/2 does
 not interfere with any of your activities, unless you do something that
 your system supervisor thinks you should not be authorized to do (for
 example, trying to have access to another user's files!).  The system
 administrator can assign a private directory to every user.  Other users
 cannot access other users' private directories.

 StopLight OS/2 cannot be bypassed.  It is not normally possible to boot the
 system from a diskette, nor to write to a protected portion of the hard
 disk unless the security configuration is set to allow this type of
 activity.

 In addition to private directories, the system administrator can create a
 special directory called the PUBLIC directory, to which every user has
 either full or read-only access.

 The system administrator keeps track of your activities in a special
 auditing log.  This allows for maximum efficiency and security of the
 system.

 Logging into the System

 User Name
 The system administrator will assign you a User Name consisting of any
 alpha-numeric combination of up to eight characters.  As determined in the
 Global Setup, the supervisor may or may not require you to enter your User
 Name during the login process.  However, this information is still
 essential for identification purposes.

 User Password
 Normally, your system supervisor will assign you a directory and an initial
 password.  You must use this password to enter the system, or access will
 be denied.  There are some limitations, which are found in the following
 sections.  StopLight OS/2 also includes the option of a magnetic card or
 smart card in addition to or instead of the password to for system entry.
 Three consecutive attempts to enter the system with an incorrect password
 results in system lockup, and the following message is displayed:
                               SYSTEM HALTED !

 To unlock the system, press the computer's reset button.  However, the
 three invalid attempts will be counted towards the total number of attempts
 allowed by the supervisor (i.e., after the pre-determined number of
 attempts expires).  Once this number is exceeded, the system will be
 locked, and the following message is displayed:
                        SYSTEM LOCKED FOR ALL USERS !


 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                     Page 19




 The message will remain on the screen until the system administrator resets
 and starts the system again with a special password.

 Password Expiration
 The system administrator determines whether to make a User Password
 permanent or preset a limited number of entries.  (For added security the
 latter option is usually chosen).  The system administrator also determines
 whether or not you have permission to choose a new password when your old
 one expires.  For details, see the section on User Privileges later in this
 chapter.

 Five times before your User Password is due to expire, you will get a
 message on the screen, requesting you to change your password.  If you are
 authorized to change it yourself, do so at once!  If not, please notify
 your system administrator as soon as possible.  Remember that after the
 last five sessions expire, you will no longer have access to the system!
 An existing password can be replaced on the boot up screen.  In this case,
 a field will open to accommodate the new password.

 .  Type in your user name and either press <Tab> or click on the password
    field.
 .  Type in your current password and click Change.  If you are authorized
    to change your password, two new fields will appear.  If not, consult
    your system administrator.
 .  Type in your new password and press <Tab>.
 .  Type in your new password again for verification, and press <Enter>.

 If your system supervisor has specified a minimum password length, you must
 comply with this request.  The maximum password length is eight characters.
 This new password will remain in effect until you change it, or until you
 are requested by the system or by the system supervisor to change it.

 OS/2 is a multi-tasking operating system, so there may be tasks loaded into
 the system before your login.  If the tasks were set by the system
 administrator, there is no problem.  However, if  a previous user left
 active tasks running on the system, a dialog box will be displayed warning
 of the conflict.  You may either continue login or shut down.  It is
 recommended that you shut down, since such active tasks can access your
 data and generate security violations under your name.

 User Directory
 Normally, your system supervisor will assign you a personal directory.
 This directory is for your exclusive use. Besides you, only the system
 administrator and super users are authorized to enter your directory.  In
 addition to private directories, the system administrator can create a
 special directory called the PUBLIC directory, to which every user has
 either full or read-only access.

 Auto Screen and Keyboard Lock
 To protect any sensitive information from being seen on an unattended
 screen, and to prevent unauthorized keyboard entry, StopLight blanks the
 screen and locks the keyboard.  After this feature is activated access can
 only be gained by the entry of a valid password.  The computer system will

 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                     Page 20




 go on working and the program is still executed, but nothing appears on the
 screen.  If the keyboard lock function has been disabled by the system
 administrator, you may exit the screen saver and return to the active
 display without a password by pressing <Enter>.

 The period between any activity and an automatic screen and keyboard lock
 can be set.  A message indicating that a password must be entered to resume
 activity is displayed.  When you reenter the system, the screen will return
 to the point that the running program has reached.

 For additional security, it is possible to combine automatic screen
 blanking with keyboard lock, so that it is not possible to boot the system.
 After keyboard lock is activated, a valid password must be used to reenter
 the system.

 User Privileges
 The versatility of StopLight can be seen by the various choices available
 to the system administrator when setting your user configuration.  The
 following privilege options are available:
 .  SUPER USER:  establishes this user as a super user.
 .  USER ACTIVE:  if disabled this prevents a user from being active without
    having to remove them from the profile.
 .  HARD DISK WRITE PROTECT:  enables the User to write to the User
    directory only.  The rest of the hard drive is read-only.
 .  FLOPPY DISK ACCESS:  enables the User to access floppy disks.
 .  KBD LOCK WHILE SCREEN BLANK:  requires the User to enter the user
    password to terminate the screen saver and resume the active display.
    If this feature is disabled, the User needs only to press <Enter>.
 .  ALLOW PASSWORD CHANGE:  allows the User to change the password when it
    expires.
 .  DISABLE PRINTER ACCESS:  prevents access to the (LPT, PRN) printer.
 .  DISABLE SERIAL PORT ACCESS:  prevents access to the (COM PORT) serial
    port.
 .  ALLOW DATE AND TIME CHANGE:  allows the User to change the system date
    and time.
 .  AUDIT TRAIL:  creates an activity log for User activities on the system.

 With access to a StopLight OS/2-protected system, you inherit certain
 restrictions that will keep your computer operating correctly:

 .  A user cannot access other users' secure directories.
 .  A user cannot access the SAFER.OS2 directory.  This is the directory
    where the security parameters are defined by the system supervisor and
    it is not accessible to any user.
 .  A user cannot alter nor write to boot sectors.
 .  A user cannot use the CHKDSK program since he has no access to the
    directories defined as SAFE.  Any attempt to use CHKDSK will produce
    illegal results.  If you must use CHKDSK, please refer to your system
    administrator.

 Using File Encryption (Not included in Eval Version)
 File encryption is an important security measure that you can implement to
 protect your more sensitive data from unauthorized access. Only people

 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                     Page 21




 having the encryption key can access encrypted data. To encrypt your data,
 use the off-line file encryption utility, OS2CRYPT. The encryption key is
 determined by your system administrator during installation in the PASSWORD
 KEY option. To invoke this utility use the following syntax:
                       OS2CRYPT <file_name_to_encrypt>

 Note: Care must be taken in using this utility. For example, if you try to
 decrypt a file encrypted by a user with a different security level, the
 file would be encrypted twice rather than decrypted. This would make it
 difficult to reconstruct the file and trace the source of a problem.

 Logging Out of the System
 After you have finished working on your system, you have to log out in
 order to prevent others from accessing the system under your name. You can
 use either of the following procedures:

 . Normal shutdown. Use regular OS/2 shutdown procedure - click right mouse
 button on the desktop and select SHUT DOWN from the pop-up menu box.

 . Screen locking.  If you have active tasks running or expect another
 authorized user to work on your system, you can log out without shutting
 down your system.  Click on StopLight icon to open the login screen.  In
 several seconds the screen will lock up forcing the user to enter the
 password to get access to the system.  The active tasks will continue
 running and the next user will be informed about them.

 Dual Boot System
 The StopLight folder on the OS/2 desktop contains an icon for dual booting
 between DOS and OS/2.  To return to OS/2 from DOS, or if you are at an OS/2
 command prompt, run the MSBOOT program located in the C:\PUBLIC directory.
























 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                     Page 22




 Appendix

 Frequently Asked User Questions

 What is StopLight OS/2?
 StopLight OS/2 is a sophisticated security system that was installed and
 configured by your system administrator in order to give you the privacy
 and levels of security that will guarantee that no unauthorized user will
 have access to your private files or programs.

 You have your own unique user name and/or password, which guarantees you
 exclusive access to the areas of the computer system assigned to you.  This
 guarantees that your data will be safe and confidential.

 How do I Login to the System?
 After you boot OS/2 on the computer, the StopLight OS/2 login window
 appears and requests User Name and Password.  To err is human, so StopLight
 OS/2 allows you to make login errors three times before rebooting.  If,
 after rebooting, you continue to err, the system may lock up and only the
 administrator is able to get the system back on line.

 How do I change my Password?
 Changing the password is simple-
                                -
                                 -so long as it is permitted by the system
 administrator.  After typing in your User Name and Password in the login
 window, click Change instead of okay.  A password changing screen is
 displayed.  Type your new password twice, to eliminate typing errors, and
 remember the new password.

 How do I Exit the System?
 Exit StopLight OS/2 in the same way you normally shutdown the OS/2 system:
 Right-click on the desktop and click shutdown.  When OS/2 displays its
 ready message, Power down or reboot the computer.

 How do I Manage my Data Files?
 StopLight OS/2 is user-transparent.  In other words, StopLight OS/2 does
 not interfere with any of your activities, unless you do something that
 your system supervisor thinks you should not be authorized to do (for
 example, trying to have access to another user's files!).

 The system administrator usually assigns a private directory to every user.
 Other users cannot access other users' private directories.  Save all your
 data in this directory, or in subdirectories within it, with the security
 that you data is safe from tampering or snooping by others.

 What is the Screen and Keyboard Lock?
 When your computer is idle for a period of time set by the system
 administrator, a screen saver takes over your monitor's display.  In
 addition, if keyboard locking is selected by the administrator, the system
 cannot be rebooted while the screen saver is active.

 The program continues running while the screen and keyboard lock functions
 are active.  This means that long calculations, print jobs, or data


 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                     Page 23




 transfers may be left running in your absence with complete security
 protection afforded.

 List of Error Messages
 Following is a list of error messages that may occasionally appear on your
 screen.  For your convenience, we have first listed the messages that you
 may encounter when installing or accessing your system as a system
 administrator.  The second part of the list contains error messages that
 users will get whenever they attempt to execute any function that does not
 conform to the security provisions.  You may want to photocopy this section
 and give it to the users.

 Important!  If you are unsure of how to continue after an error occurs,
 please contact your nearest dealer.  In any event never format your hard
 disk!

 StopLight OS/2 Messages while Running OS/2

 Error Opening Profile
 Profile.dat is not found.

 Error Uninstalling Boot Protection
 Error while removing StopLight OS/2 from one of the following:
 . Boot Protection
 . CONFIG.SYS
 . AUTOEXEC.BAT

 Error Translating to DOS StopLight Profile
 DOS profile file cannot be located.

 Error Installing OS/2 StopLight on CONFIG.SYS
 Cannot access the CONFIG.SYS file.

 Error Uninstalling OS/2 StopLight from CONFIG.SYS
 Cannot access the CONFIG.SYS file.

 Error Installing DOS StopLight on CONFIG.SYS
 Cannot access the CONFIG.SYS file.

 Error Uninstalling DOS StopLight from CONFIG.SYS
 Cannot access the CONFIG.SYS file.

 Error Setting Boot Protection
 Unable to access the system boot areas while adding boot protection to the
 system.

 ERROR: Opening Help File
 The file, HELPTXT, is not present.

 ERROR: Reading Help File
 File access error.



 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                     Page 24





 Error Creating Emergency Disk File
 Failed to create the Emergency Disk File and will not be able to uninstall
 the system.

 StopLight OS/2 Messages while Running DOS
 Error while reading security information from Hard Disk
 Nonstandard hard disk, or hard disk failure.

 Installation was already done from this diskette.
 You may now continue with installation, however, if you do so, you will not
 be able to uninstall this security system from the computer it was
 previously installed on.

 Error while writing security information to Hard Disk.
 Nonstandard hard disk, or hard disk failure.

 Security system is already installed on this computer!
 If you are trying to again to install a security system on your computer,
 you will be warned that StopLight OS/2 was already installed.

 The Security System was not installed on this computer. Cannot Uninstall.
 You cannot uninstall the system, because it was not installed yet (or
 perhaps, it was installed and uninstalled already once).

 Serial Number mismatch! Cannot Uninstall.
 The installation was not done from the specific diskette currently inserted
 in the drive. Make sure that the exact diskette used to install the
 security system on that specific computer is inserted.

 The Security System was not installed from this diskette. Cannot Uninstall.
 Same as above.  The diskette in the drive is not the diskette from which
 installation was done.

 Security file error, System Halted!
 The file in which the Audit Trail is logged cannot be written onto.  The
 possible causes could be that the file is missing, or the disk is full.
 Error messages that users are likely to encounter:

 Password too short, reenter!
 There is a minimum length requirement for your password.  Please choose a
 longer password.

 Password expired, must change!
 Your password will expire soon.  If you cannot change your password, please
 contact your system administrator.  If you are authorized to replace your
 password, do so at once by logging in with the old password and entering a
 new one in the field that will open on the screen for this purpose.

 Password usage expired!
 This is the last of five consecutive warnings that your password was about
 to expire.  Your password is no longer valid, and you must contact your


 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                     Page 25




 system administrator to get a new password.  Until you do so, access to the
 system will be denied.

 User Not Active, Log-In Denied!
 Contact your system administrator.

 Password mismatch, reenter!
 The password that you have entered does not match the valid password. Try
 again.

 Invalid Password, System Halted!
 You have tried to enter the system with a wrong password too many times.
 Please see your system supervisor.

 Same Password as old, reenter!
 You were requested to choose a new password but have selected the old
 password again.  Try a different combination of characters.

 System Locked for all Users!
 Too many attempts to enter the system with a wrong password.  No user is
 authorized to enter the system.  Please ask you system administrator to
 unlock the system.

 Access Denied to: (HD, Boot sector, etc.)
 You are not authorized to carry out this activity.  If you must do it,
 contact your system administrator.
 Access Denied to: (File, directory, etc.)
 Your attempt to access the specified part of the system represents a
 violation.  Contact your system administrator if you must have access to
 it.

 Direct Disk Read/Write Denied to:
 You are not authorized to use the Disk Management utilities (such as
 Norton, PC Tools, QDOS, etc.). If you must, see your system administrator.
 not have permission to change date or time.  See your system administrator.

 Master Disk Contents
 StopLight OS/2 master diskette contains the following files and programs:

 MLTISAFE.SYS
 The StopLight security operations device driver is composed of two parts:
 The first part is loaded at Boot time and the second part is loaded as a PM
 program.  After MLTISAFE.SYS is loaded to memory, it becomes part of the
 Kernel and has the same privilege level.

 DOSMSAFE.SYS
 This file handles the security of OS/2 Virtual mode, including MS-Windows.
 It functions like OSMS.EXE and MLTISAFE.SYS under PM environment, except
 for changing users.

 OSMS.EXE
 StopLight security operations.  Whenever a security protection violation is
 made, a message is sent  to the PM application, OSMS.EXE, which opens a

 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                     Page 26




 Dialog Box with a "Protection Violation" message. Therefore, OSMS.EXE links
 between MLTISAFE.SYS at Kernel Privilege level and the PM.

 LOCKER.EXE
 LOCKER handles the Screen Saver and Keyboard Lock of the Security system.
 By double clicking on the Locker's Icon, you can activate the Screen Saver.
 The screen will be blanked, and the keyboard will be locked.  Only a
 correct Password will release the Computer lock.

 INSTALL.EXE
 Installs the security system and sets/changes user and global security.

 PROFILE.DAT
 Saves the security data for the system.

 LOGVIEW.EXE
 Manages the saved activity and violation data.

 SAFER.DAT
 Contains information for the configuration of the system and the users'
 security setup (comes with default settings).

 HELP.TXT
 On-line help text.

 LOCK.ICO
 Icon for the locker function.

 OS2CRYPT.EXE
 Encryption of data files.

 README.DOC
 Latest information about StopLight OS/2.

 UNINSTAL.EXE
 Module in the removal process.

 MSBOOT.EXE
 Manages a dual boot operation.

 After StopLight OS/2 is installed, the following files will be created:

 safer.prn
 File for the printed output of the audit trail log (if a printed output is
 requested)

 SAFER.REP and SAFERLOG.TXT
 Data file for the Audit Trail report (if a data file is requested).

 safer.log and saferlog.log
 Audit Trail Log output file.  All the information on supervised activities
 will be recorded in this file.


 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                     Page 27




 INDEX



 Audit trail, 7
 Audit Trail Log, 3
  report generator, 3
  user's activity, 3

 Backup, 1

 chkdsk, 21

 Directories
  SAFER, 3

 Encryption, 18, 27
  of password, 3

 Files
  Log, 3
  security, 3
  Setup, 3

 Installation, 6, 8, 13, 25

 Login, 3, 16
  system administrator, 3
  user, 3

 Mastersafe os, 5, 6
 Minimized Window, 7

 Network, 1

 Operating systems
  multiple, 5

 Password
  combinations, 2
  encrypted, 3
  login, 2
  user, 2
  valid, 2
 Password,, 26


 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                     Page 28




 Removing, 14

 SAFER Directory, 3
 safer.log, 7, 27
 safer.os2, 5, 7, 15, 17, 21
 Security, 3
  configuration, 3
  parameters, 3
  unprotected, 3
 Super user, 14
 system locked, 19
 System Requirements, 1

 Trustee Assignments, 3

 Uninstall, 7
 User Privileges, 20





































 ___________________________________________________________________________
 StopLight for OS/2 - MANUAL.TXT                                     Page 29

