Saber Secure 4.0 - Release Notes
SECURING WORKSTATIONS (continued)


Logout and reboot after period of inactivity (-Lnnn) 
----------------------------------------------------

Secure can be run to automatically log off a network 
session and reboot the workstation after a period of 
inactivity at the keyboard. A workstation reboot (the 
same as [Ctrl]+[Alt]+[Del]) is performed unless you are 
using a Novell network; with Novell, a network session 
logoff is performed before the workstation is rebooted. 
A visual and audible warning is provided five minutes 
and one minute prior to the function; if the user 
presses any key during the waiting period, the 
countdown is started again. 

NOTE:	Novell users: Note that this process closes 
	files but it does not save them. The effect is 
	the same as issuing CLEAR CONSOLE from the 
	server console.

Syntax: 
------
To use this option, enter the Secure command as 
follows:

	SECURE -Lnnn

where nnn is up to 999 minutes of inactivity. 

Example:  
-------
On a Novell network, the network session is logged off 
and the workstation is rebooted if there is no keyboard 
activity for 30 minutes. At 25 and 29 minutes, a 
warning is provided. 

	SECURE -L30


Logout and reboot at a specified time (-Thh:mm) 
-----------------------------------------------

Secure can be run to automatically log off a network 
session and reboot the workstation at a specified time 
within 24 hours. You might use this option to make sure 
all users are logged off their network sessions before 
performing a system backup. A workstation reboot (the 
same as [Ctrl]+[Alt]+[Del]) is performed unless you are 
using a Novell network; with Novell, a network session 
logoff is performed before the workstation is rebooted. 
A visual and audible warning is provided five minutes 
and one minute prior to the function.

NOTE:	Novell users: Note that this process closes 
	files but it does not save them. The effect is 
	the same as issuing CLEAR CONSOLE from the 
	server console.

Syntax: 
------
To use this option, enter the Secure command as 
follows:

	SECURE -Thh:mm

where hh:mm is the hour and minute to begin the process 
(military time). Represent midnight as 00:00 and noon 
as 12:00.

Example:
-------
The workstation is rebooted at 5 p.m. At 4:55 and 4:59, 
a warning is provided. 

	SECURE -T17:00


Prevent logout and reboot if file is open (-O)
----------------------------------------------

Use this switch in combination with the -T or -L switch 
to prevent network session logoff or workstation reboot 
in cases where files are open. However, the -O switch 
does not prevent logout and reboot when programs are in 
the "memory buffer" stage, since it does not find any 
open disk files. For example, some programs such as 
word processors and spreadsheets read disk files into 
memory buffers and close the files while you work with 
the application. When editing is complete, these 
programs reopen the disk files, update them, and close 
them again. 

Syntax: 
------
Enter the command as follows:

	SECURE -required_switch -O

where  -required_switch is the -Lnnn or -Thh:mm switch.
This switch works when any workstation file is opened 
after Secure is loaded. However, logout and reboot does 
occur if a file was already open when Secure was 
loaded.

Example: 
-------
Load Secure with the option to reboot after 10 minutes 
of inactivity and include the option to prevent the 
reboot if a file is open at the workstation:

	SECURE -L10 -O


Disable warning beep before logout and reboot (-A)
--------------------------------------------------

In some environments, the audible warning beep which 
accompanies the functions above may be disruptive. This 
switch disables the audible warning but retains the 
visible warning at five minutes and one minute prior to 
the logout or reboot. 

Syntax: 
------
In this case, enter the command as follows:

	SECURE -Lnnn -A

	or

	SECURE -Thh:mm -A

Example: 
-------
On a Novell network, the network session is logged off 
and the workstation is rebooted if there is no keyboard 
activity for 30 minutes. At 25 and 29 minutes, a 
visible warning is provided but the audible warning is 
disabled. 

	SECURE -L30 -A


Bypass use of Novell password (-N)
----------------------------------

This switch allows you to bypass use of the Novell 
network password and require the user to define a 
password. A password definition screen requires the 
user to enter a password for reentry and an optional 
message to be displayed in case someone attempts to use 
the workstation. After this information is entered, the 
screen is blanked until the user returns and presses 
any key. At this time, the password screen is displayed 
again and requires the defined password for access to 
the workstation.

You can combine this function with other switches, 
such as logout and reboot or the initial password 
prompt. 

Syntax: 
------
Enter the command as follows when running Secure as a 
DOS application:

	SECURE -N

Example: 
-------
Use of the Novell password is bypassed and the user is 
required to define a password. The screen is then 
blanked until the user returns and presses any key; the 
password screen is displayed, requiring the user to 
enter the defined password. At 9:30 p.m., the user is 
logged off the network and the workstation is rebooted 
after two warning messages are issued.

	SECURE -N -T21:30

NOTE:	The -N switch works differently when Secure is 
	loaded as memory resident; see the section 
	"Setting Up Secure To Run as a Memory-resident 
	Utility" for more information.


Escape from password screen 
after period of inactivity (-Ennn)
----------------------------------

With the -E switch, you can specify the time-out period 
for the password definition and prompt screen. After 
the time-out period has elapsed, the screen is blanked 
until the user presses any key; and the password screen 
is displayed again. On a Novell network, use this switch
only in combination with the -N switch, which bypasses 
use of the Novell password and requires password 
definition by the user.

Syntax: 
------
Enter the command as follows:

	SECURE -Ennn

where nnn is up to 999 seconds of keyboard inactivity. 
You must provide a parameter with this command. The 
default period for display time-out is 60 seconds. 

Example:  
-------
In this example, the time-out period is set to two 
minutes (120 seconds). If the Novell network user does 
not press a key while the password definition screen 
is displayed, secure is unloaded and the word processing 
application is not started.

	SECURE -N -E120

NOTE:	See "Setting Up Secure To Run as a 
	Memory-resident Utility" to see how this switch 
	works when you are running Secure memory 
	resident.

_____________________________________________________
SETTING UP SECURE TO RUN AS A MEMORY-RESIDENT UTILITY

All command line options described in the previous 
section for running Secure as a DOS application are 
also available if you run Secure as a memory resident 
utility (TSR). You must use a command line switch to 
indicate that Secure is to be loaded as memory 
resident. If there is a difference in the way the 
options work for a memory-resident utility, those 
differences are documented in this section. Otherwise, 
the following options are available only if you run 
Secure as a memory-resident utility.

NOTE:	Secure does not prevent keyboard activity for 
	memory resident utilities loaded before it, 
	such as terminal emulators or similar programs. 
	

Loading and unloading Secure
----------------------------

Command line switches are available to load and 
unload Secure as a memory-resident utility. You can 
load Secure as part of your regular workstation login, 
or you may prefer to load it for use with certain 
applications and unload it when the application is 
closed. However, you can unload Secure only if it is 
the most recently loaded TSR; if another 
memory-resident utility has been added, Secure waits 
until this program has been unloaded before it is 
unloaded. 

NOTE:	Be sure to load Secure from a directory to 
	which you have Write access, since Secure creates 
	temporary disk files regardless of the memory 
	swapping method specified.


Syntax:
------
To load Secure, use the following command:

	SECURE -R

With this command, the default hot key S is set for 
quickly starting the program (for example, the user can 
press [Alt]+[S] to secure the workstation).  If you 
prefer, you can set your own hot key for Secure by 
using the following command:

	SECURE -Rkey

where key is the key you specify. Values allowed are A-Z 
and 0-9.

Example: 
-------
Secure is loaded as a memory-resident utility, and the 
hot key is defined as Q. When the user wishes to secure 
the workstation, he or she uses a hot key combination, 
such as [Alt]+[Q], which includes Q.

	SECURE -RQ

Syntax:
------
To unload Secure, enter the command as follows:

	SECURE -U

	or

	SECURE -K

Example: 
-------
This example illustrates the use of Secure as a 
memory-resident program to control the use of a popular 
word processing program. Commands are included in the 
Saber Menu source language which contains the 
definition for the menu item. 

	ITEM Word 5.0 {CHDIR BATCH}
	EXEC CD X:\DOCS
	EXEC SECURE -R -B5 -L30
	EXEC Word5
	EXEC SECURE -U

NOTE:	Saber Menu Language is provided with Saber Menu 
	for DOS. See the appropriate manual for more 
	details.


Basic memory-resident Secure
----------------------------

When Secure is loaded as a memory resident utility 
without any other optional switches, the program is 
loaded into memory and the default method for swapping 
files is used (described later). No other functions are 
performed at the time Secure is loaded. The following 
paragraphs describe how basic Secure works after the 
default period of keyboard inactivity and when it is 
started on demand with the use of a hot key 
combination. Step-by-step instructions for using Secure 
are provided in "Using Secure at the Desktop" later in 
this document. 


AFTER THE DEFAULT PERIOD OF KEYBOARD INACTIVITY:
For networks other than Novell, after 10 minutes of 
inactivity at the keyboard, the screen is blanked. The 
user presses Enter to return to the workstation 
session. 

For Novell networks, the screen is also blanked after 
10 minutes of keyboard inactivity. However, the user 
must unlock the workstation using his or her Novell 
password.

WHEN THE HOT KEY COMBINATION IS USED:
For networks other than Novell, when the user presses 
the hot key combination, a password definition screen 
is displayed, requiring the user to enter a password 
for reentry and an optional message to be displayed in 
case someone attempts to use the workstation. After 
this information is entered, the screen is blanked 
until the user returns and presses any key. At this 
time, the password screen is displayed again and 
requires the defined password for access to the 
workstation.

For Novell networks, when the user presses the hot key 
combination, the password definition screen is 
displayed with the following message in the password 
field:

	TAKEN FROM NETWORK

The user may enter an optional message but may not 
define a password. This message (or a default message 
if none is entered) and a password prompt is displayed 
whenever the user presses a key while the screen is 
blanked. Once the Novell password is properly entered, 
the user is returned to the workstation session.


Blank screen after specified period of inactivity 
(-Bnnn)
--------------------------------------------------

This switch allows you to specify the period of 
inactivity at the keyboard before blanking the screen. 
Without this switch, the default time for screen 
blanking is 10 minutes. 

Syntax: 
------
Enter the command as follows:

	SECURE -R -Bnnn

where nnn represents up to 999 minutes of inactivity 
(16 hours and 39 minutes). The default if you do not 
use this switch is 10 minutes.

Syntax: 
------
To disable the screen blanker, enter zero as the value, 
as follows:

	SECURE -R -B0

Example: 
-------
Load Secure as memory resident and blank the screen 
after three minutes of inactivity. 

	SECURE -R -B3 


Disable all or selected local drives (-D[drv])
----------------------------------------------

You may wish to disable all or selected local drives 
for a particular department such as Accounting, or for 
an application such as a confidential payroll system. 

Once a local drive is disabled, it remains disabled 
even after Secure is unloaded. Local drives may be 
enabled by rebooting the workstation. Depending upon 
your needs, this may or may not provide sufficient 
security; to ensure that drives are disabled at logon 
or workstation startup, load Secure as a 
memory-resident utility and disable drives in the logon 
script, or in the SABER.WKS file if you have Saber LAN 
Workstation or Saber LAN Pack.

Syntax: 
------
To disable all local workstation drives, enter the 
Secure command as follows:

	SECURE -R -D

The default if you use this switch without parameters 
is to disable all local drives. To disable selected 
drives, indicate the drive letter after the -D switch, 
and repeat the switch and parameter for each local 
drive you wish to disable, as follows:

	SECURE -R -Ddrv {-Ddrv}

where drv is the letter of the drive you wish to 
disable. Do not include the colon to specify the drive 
(see example below).

Example: 
-------
Load Secure as memory resident and disable local drives 
A: and C: the first time the payroll system is accessed 
during a workstation session. Unload Secure from memory 
when the application is closed. Drives A: and C: remain 
disabled during the session, but when the workstation 
is rebooted, the drives are available until the secured 
application is started during the new session.

	ITEM Payroll System {CHDIR BATCH}
	EXEC CD x:\PAYROLL
	EXEC CD\PAYROLL\DATA
	EXEC SECURE -R -DA -DC
	EXEC PAYROLL
	EXEC SECURE -U

NOTES:	Loading and unloading a memory-resident program 
	such as Secure from Saber Menus requires the 
	menu language BATCH option.

	You cannot disable the current drive or a drive 
	specified for memory swapping (described 
	below). 


Allow processing while workstation is secured (-C)
--------------------------------------------------

If you wish to allow programs to continue running while 
the screen is blank, add the -C switch to your command. 
However, be aware that memory swapping is disabled with 
this switch. This restriction prevents the 
memory-resident program from swapping over the 
application you wish to run in the background. 

Syntax: 
------
Enter the command as follows:

	SECURE -C

This switch is intended for use with applications that 
don't write to the screen, such as long calculation 
programs. If the program running in the background does 
write to the screen, Secure does not prevent the 
display, but the screen is repeatedly cleared as the 
Saber graphic "travels" across the screen.

NOTE:	In order to allow an application to continue 
	processing, Secure retains control of the 
	screen, and this doesn't work if the 
	applications are not in the same video mode. 
	Therefore, do not use this switch if you are 
	running graphics applications.  
	

Bypass use of Novell password for memory-resident
Secure (-N)
-------------------------------------------------

The -N switch performs a little differently when Secure 
is loaded as a memory-resident utility. In this case, 
the switch is used to bypass use of the Novell 
password; the user is not required to enter a password 
when Secure is loaded or when the screen is blanked 
after a period of inactivity. However, if the user 
presses the hot key combination for on-demand security, 
the password screen is displayed and the user must 
define a password and optional message. The screen is 
then blanked immediately and the password is required 
to unlock the workstation. If you wish to require 
password definition when Secure is loaded as memory 
resident, you must use this switch in combination with 
the initial password switch (-I), which is described in 
the next section.

Syntax:
------
Enter the command to bypass use of the Novell password 
as follows:

	SECURE -R -N

Example: 
-------
On a Novell network, the screen is blanked after five 
minutes of inactivity. The user presses any key to 
return to the workstation session. The user has 
on-demand security available by using the [Alt]+[Q] hot 
key combination.

	SECURE -RQ -N -B5 

NOTE:	For a description of how the -N switch works 
	when Secure is run as a DOS application, see 
	the section "Setting Up Secure To Run as a DOS 
	Application."


Require initial password definition (-I)
----------------------------------------

For networks other than Novell, this switch requires 
the user to define a password when Secure is loaded as 
memory resident. Once the password is defined, the user 
is returned to the workstation session. After a period 
of inactivity, the screen is blanked and the password 
is required to unlock the workstation. The user may 
also use a hot key combination for on-demand security. 
At this time, the user is again prompted for password 
definition, and must use this password to return to the 
workstation session. 

NOTE:	The user may bypass the requirement for a 
	password definition by pressing [Enter] at the 
	password field. The user can then return to the 
	workstation session by pressing any key while 
	the screen is blanked. Be aware that with this 
	method security is reduced.

For Novell networks, the -I switch can be used alone or 
in combination with the -N switch. When Secure is 
loaded:

     -	With the -I switch alone, the password screen 
	is displayed with the following message in the 
	password field:
	
		TAKEN FROM NETWORK

	The user may enter an optional message but may 
	not define a password. This message (or a 
	default message if none is entered) and a 
	password prompt is displayed whenever the user 
	presses a key while the screen is blanked. Once 
	the Novell password is properly entered, the 
	user is returned to the workstation session.

     -	When the -I switch is used in combination with 
	the -N switch, use of the Novell password is 
	bypassed, and the user is required to enter a 
	password and optional message. This message (or 
	a default message if none is entered) and a 
	password prompt is displayed whenever the user 
	presses a key while the screen is blanked.

Syntax: 
------
Enter the command as follows:

	SECURE -R -I 		

	or

	SECURE -R -N -I	(for Novell networks)

Example: 
-------
The user is required to define a password for unlocking 
the workstation. The screen is blanked, and a password 
is required to unlock the workstation. If no keyboard 
activity occurs within 30 minutes, the user is logged 
off the network and the workstation is rebooted after 
two warning messages are issued. For on-demand security 
once Secure is loaded, the user may press the default 
hot key combination [Alt/S] and define a password and 
optional message. 

	SECURE -R -I -L30


Escape from password screen after period of inactivity 
(-Ennn)
-------------------------------------------------------

If you are running Secure as memory resident, you can 
specify a time-out for the password screen in the same 
way you do for Secure as a DOS application. However, in 
this case, the screen is blanked after the specified 
period of inactivity, regardless of whether the 
password definition or prompt screen is displayed. 
Secure is not unloaded.


Select type of memory for swapping (-Sx) 
----------------------------------------

You can select the type of memory for swapping when 
Secure is loaded as a memory-resident utility. If you 
do not select an area, Secure automatically detects the 
best method of swapping to use (criteria described in 
example below). You may also choose not to use memory 
swapping with this switch. Enter the command as 
follows:

	SECURE -R -Sx

where x is one of the following parameters:

	E 	Use Expanded memory (EMS). 
	X	use Extended memory (XMS).
	D	Use disk file for swapping (required 
		when you wish to ensure a specified 
		file is used, as described below). 
	O	Don't use memory swapping. 

NOTE:	Some form of memory swapping is required for 
	using Secure in conjunction with graphics 
	applications. Therefore, do not use the -SO 
	switch if you are running graphics 
	applications. 

Example: 
-------
Load Secure as memory-resident and use expanded memory 
for swapping. Secure checks the memory availability 
first in EMS; if not enough memory is available, it 
checks XMS; if not enough memory is available there, it 
swaps to disk: 

	SECURE -R -SE

NOTE:	If there is no room in the type of memory you 
specify, the swapping takes place in the next available 
type of memory in the standard hierarchy used by the 
automatic method. For example, if you specify expanded 
memory (E) and there isn't room there, extended memory 
(X) is used if enough memory is available there.


Specify a drive, path or file for swapping (-Foptions)
------------------------------------------------------

To keep track of orphan (unneeded) swap files, you can 
specify a drive, directory path, or file to be used for 
memory swapping. To ensure that the swap file is used 
every time, make sure the -SD switch is included; 
otherwise, the swap file you specify will be used only 
if Secure automatically detects that disk swapping is 
the best method. Enter the command as follows:

	SECURE -R -SD -Ffile

where file is one of the following parameters:

filename		A file in the current drive and 
			directory.

x:filename		A file in the current directory 
			of a specified drive.

x:\filename		A file in the root directory of 
			a specified drive.

x:\path\filename	A file in the specified path of 
			a specified drive.

\path\filename		A file in the specified path of 
			the current drive.

x:\path\		Secure creates a temporary swap 
			file in the specified path in 
			the specified directory. A 
			trailing backslash (\) is 
			required.

If you do not use this switch, Secure creates a swap file on 
the current drive and directory.

NOTE: 	Make sure there is not an existing directory name the 
	same as the file name you specify with the x:\filename 
	syntax.

