
New functions / changed functions in Safe Guard Professional DOS 4.1B
Condition 28th September 1994



SG4-CTRL.EXE



     SG4-CTRL L = <Username> /P=<Source-Server> /S=<Target-Server>
     copies the Novell password of the source server stored in the 
     Safe Guard rights file as the Novell password for the target 
     server into the rights file. There is no check whether a server
     is available or the user has already a password for the target server.


     SG4-CTRL L U <Word> creates the file SG4-USER.DAT in the Safe Guard 
     directory. This file contains for each user a line with the
     first entry user name and the second entry the parameter <word>.
     This file can edited and renamed. For more information see 
     chapter SG4_SET.EXE.



SG4-EMU.EXE



     To load emulation software after Safe Guard Professional you have to
     use the program SG4-EMU.EXE. It must be loaded after the emulation
     and unloaded befor the emulation.
      
     Example for loading :      PC3270        /* Load Emulation 
                                SG4-EMU       /* Load SG4-EMU

     Example for unloading:     SG4-EMU /U    /* Unload SG4-EMU
                                PCSEND        /* Unload Emulation

     If the CTRL switch 48 is deleted SG4-EMU should be run with
     parameter /8.



SG4-F8.EXE



     Normally a parameter window can be aborted only if it is the
     first entry in the menu line. A later parameter window can be
     aborted if <F8> is followed by <!>.
     
     Example:  <F8>!+<F8>

     Hint   : The abort of a parameter window causes the end of the
              whole menu line.



SG4-ID.EXE / SG4-ID_.HLP



     Logon-Program for ID-Token logon. The program has to be loaded
     as PRG4 in chapter [LOGON].



SG4-INST.EXE



     During the installation the call of SG4-CHK in AUTOEXEC.BAT 
     is added by the parameter /X. For more information see
     chapter SG4-CHK.EXE.



SG4_SET.EXE



     For a better control of batch files SET variables can be filled
     with values from a file. 
     
     Example :

             SG4_SET <Envrionment-variable>=?<Search-value> <Filename>
     
     If no filename is given the file SG4-USER.DAT in Safe Guard 
     directory is used. The file must have the following contents :
     
     <Search-value>  <Value of environment-variable>.
     
     See also SG4-CTRL L U.

     If <Search-value> is found in the file, the <Environment-
     Variable> is set to <Value of environment-variable>.

     Example:
     Contents of SG4-USER.DAT:      DEMO       TEST_SERVER
                                    USER1      MAIN_SERVER
                                    USER2      SUPPORT_SERVER
                                    TEST       TEST_SERVER
                                    USER3      MAIN_SERVER

     The call of: SG4_SET SERVER=?USER2 changes or creates the
                  environment variable  SERVER=SUPPORT_SERVER.



Generell Hints:

     

     For a easy use of the Safe Guard Professional Windows file
     SG4-WIN.DAT it is now integrated into the rights file of 
     Safe Guard.
     All user information will be administered automatically with 
     a reorganisation of the rights file.
     The arrangements of the windows are also copied automatically
     if a user is copied.
     
     If you want to use this function you need Safe Guard Professional 
     Windows 1.0E and you have to delete the file SG4-WIN.DAT in the
     Safe Guard directory.



Oberursel, 28th September 1994



New functions / changed functions in Safe Guard Professional DOS 4.1B
Condition 08th August 1994



SG4-BAT.EXE



     Five new commands are available in internal Safe Guard batch files :
     *PROG=<New program directories>
     *DAT=<New data directories>
     *SG=<Safe Guard data directory>
     *SG2=<Safe Guard program directory>
     *LOGIN


     *PROG=<New program directories>

     With this command the allowed program directories (according to user 
     or menu item definitions) are replaced by the entry <new program
     directories>.

     Example: *PROG=C:\WORD5;
              From this line onwards C:\WORD5 is the program directory.

     In this way it is possible to change the allowed program directories 
     even within a batch file . This is always a good idea if several 
     applications are executed in a batch file or if internal batch files 
     are called from DOS.


     *DAT=<New data directories>

     With this command the allowed data directories (according to the user
     and menu item definition) are replaced by the entry <new data 
     directories>.

     Example: *DAT=C:\WORD5\TEXTS;
              From this line onwards C:\WORD5\TEXTS is the data directory.

     In this way it is possible to change the allowed data directories, even
     within a batch file. This is always a good idea if several applications
     are executed in a batch file or if internal batch files are called from
     DOS. 


     *SG=<Safe Guard Data directory>

     With this command another Safe Guard data directory can be declared
     the active Safe Guard data directory. This command is used particularly
     in network environments when you want to switch to another rights file
     on another server. The environment variable SG is set accordingly. 
     If the directory given is longer than 40 characters, the error message 
     SG-ERROR 22 is output and the system stops, as Safe Guard can only 
     administer directories of up to 40 characters in this area.

     Note: Changing the environment variables on DOS level  
           with the command SET SG=<Directoryname> has no effect,
           as Safe Guard programs do not evaluate this variable.

     If *SG= is called without further parameter, the Safe Guard data
     directory is reset to the initial value.


     *SG2=<Safe Guard Program directory>

     With this command another Safe Guard program directory can be
     defined as Safe Guard program directory. This command 
     is used particularly in network environments if a complete change
     to another server is required. The environment variable SG2 is set
     accordingly. If the directory given is longer than 40 characters, 
     the error message SG-ERROR 22 is output and the system stops, as Safe
     Guard is only administer directories of up to 40 characters in this 
     area.

     Note: Changing the environment variables SG2 on the DOS level
           with the command SET SG2=<Directoryname> has no effect,
           as Safe Guard programs do not evaluate this variable.

     If *SG2= is called without further parameters, the Safe Guard program
     directory is reset to the initial value.


     *LOGIN

     This command is only available with a central Safe Guard installation 
     in conjunction with Novell. It presupposes that a start user has been 
     defined in the Safe Guard kernel (see SG4-INST.EXE and SG4-NKON.EXE). 

     When *LOGIN is called, the start user is logged on again. This is 
     a good idea if a previous user login was unsuccessful.



SG4-CHK.EXE



     If SG4-CHK.EXE <Filename>##<Checksum> /S is called with the additional 
     parameter /X, then when the checksum is changed (file to be checked  
     is changed)  branch is not made to an infinite loop but the environment 
     variable SGXX is occupied.

     If Safe Guard determines at the start that this variable is not empty,
     the relevant message is output and only the system administrator  
     can log on.



SG4-CONF.EXE 



     Changing the system administrator name no longer causes the forced
     logoff of the system administrator. Now the user name is immediately  
     changed, both in the Safe Guard data area as well as in the environment
     (variable SGUSER).
                                                                            

     The drive table has been revised. No longer do you need to choose 
     between the 1st, 2nd, 3rd and 4th hard disk. In addition the drive type
     "Other drives" has been added. The other drives (e.g. RAM drive) are 
     treated as hard disk drives, but there is no INT h25/h26 (direct 
     Read/Write) and INT h13 (absolute Read/Write) protection.

          
     The protection for "Drives not present" has been changed. Drives which
     are termed not present, cannot be used by a user, even if he has the 
     entry \\ as data or program directory or if he is explicitly allowed 
     the drive. The system administrator still has access to these drives.



SG4-CTRL.EXE



     Numerical CTRL switches

     New numerical CTRL switches:

     + 20  As before, screen blanking can only be removed with a password.
     - 20  Screen blanking can be removed without entering a password.


     + 36  The Safe Guard control on INI files on the WIN.COM call is 
           enabled. For more details, see the description of the program 
           SG4-WCPY.EXE.
     - 36  The Safe Guard control on INI files on the WIN.COM call is
           disabled.


     Altered numerical CTRL switch:

     CTRL switch 54 now has no function.
     As a result of an internal change in the treatment of drives it is no
     longer necessary to evaluate the partition table.


     Parameter L

     The parameter L has been extended by a function. When calling

                 SG4-CTRL L C <Username> <Context> 

     the context necessary for a logon under Novell 4.0 can be stored in the
     Safe Guard user record. At the user logon under Safe Guard this infor-
     mation can be made available in the environment variable SGCX. In this 
     way a switch can be made into the correct context before the user Novell
     logon.


     Parameter S
     
     In conjunction with SG4-CTRL S <Directory> there is a new error message.
     If the directory name is longer than 40 characters, the SG-ERROR 22 is 
     output and the rights file change is not implemented.




SG4-DEF.EXE



     To simplify the definition it is now possible to display, the existing 
     directory structures in the fields "Data Directories" and "Program 
     Directories" and to accept the existing directories in these fields.
     Use <SHIFT>-<F10> to display in the relevant field. With <CTRL>-<Drive 
     letter> you can switch to another partition. If the cursor is positioned
     on the relevant directory, this can be confirmed with <RETURN>.


     Another measure to simplify the definition "Directory negation" has been
     added to the area Data Directory. By means of a leading -  (minus 
     character) at the beginning of the line, Safe Guard is informed that all
     directories are allowed as data directories except the one indicated. 
     A combination of allowed and not allowed directories is not possible. 


     For a user-specific overview on the menu items available the function 
     "User check" can be used. There all the menu items on which the indivi-
     dual user has access are listed. No listing occurs if the check result 
     is output on the screen.


     If no output target is indicated with "User check", the output occurs 
     on the screen.


     For improved separation between empty password fields and password
     fields with contents but without display, all password fields contain 
     the character  (ASCII 019 = double exclamation mark), once a password
     is defined.

     An automatic user lock is now possible not only on a particular date, 
     but also after X days since the last user logon have elapsed. If a user
     tries to log on after this time he is denied access to the system, 
     unless alterations were made in his user definition in the meantime.

     If a user is blocked, this lock can be removed by removing the flag
     "User locked" or with changes in SG4-O I.

     Note: If a user definition is loaded and then saved, then the last 
           time in use is deleted. A lock can only be valid again after
           the first permitted logon.


     For documentation purposes a "full name" can be defined for each 
     user. This field is only taken into consideration when printing the 
     user definitions.


     For Novell 4.0 a new piece of information, the context, is now stored. 
     This information, similar to that of the server passwords, is not 
     displayed on the screen. However it is output with "Print User" using
     SG4-O E. The programs SG4-O I and SG4-CTRL L are available for defining
     this information. At user logon this information is made available
     in the environment variable SGCX.


     For each menu item you can now enter whether it should be made available
     to the user in the DOS menu, in the Windows menu or in both menu 
     environments.



SG4-F8.EXE



     The restrictive file selection (see Page 3-47) has been extended.
     If the directory entry is terminated with a double backslash, a user 
     also has access on the inferior directories; with a single backslash
     only on the directory given.
     Exam.: [F8]+C:\TEXT\\[F8]  The user has access to the directory
                                C:\TEXT and also to the sub-directories.
            [F8]+C:\TEXT\[F8]   The user has access to the directory 
                                C:\TEXT, but not to existing sub-directories.



SG4-FREE.EXE


 
     for SG4-FREE.EXE further parameters are available:

     /F   Die temporary Safe Guard files are not deleted
     /U   The deleted users in the rights file are not released
     /X   The deleted menus, batch files, help texts are not released


     SG4-FREE.EXE can no longer be called, if the rights file is processed
     by SG4-DEF.EXE, SG4-KONF.EXE or SG4-O.EXE. The appropriate error
     message appears.



SG4-INST.EXE



     The Safe Guard Installation has been completely revised.

     After calling the program SG4-INST a new installation screen appears. 
     As opposed to the mask described in the manual on Page 2-9 the "Safe 
     Guard Directory" field described there is split into 2 fields. These
     are : "Safe Guard program directory" and "Safe Guard data directory".
     In this way it is possible to split Safe Guard program and data files,
     but it is not forced. This division was made chiefly to simplify network
     installations. Please enter the current logical directory name of the 
     Safe Guard directory here. By converting to the physical path names 
     (max. 40 characters allowed), Safe Guard automatically recognises 
     whether it is a local or central (network) installation. For this 
     reason the selection field "Stand alone Version, Novell Network, Other
     Network" no longer exists.

     In addition, the importance of the field "Windows Directory" has been 
     reduced. Only the files necessary for screen blanking under Windows are
     copied into this directory. Changes necessary to the INI-files are only
     made at the WIN.COM call. For more information on this, please read the
     section SG4-WCPY.EXE.

     All other entries are the same as the description in the manual.

     In a local installation the installation procedure is completed
     after copying the Safe Guard files. If Safe Guard detects a network 
     installation, you are now prompted to enter the network operating 
     system. Safe Guard currently supports only an automatic installation 
     for Novell. If you have another network, please call our hotline for 
     help.

     If however you work with the Novell network operating system the  
     installation is continued for you. The screen described on page 2-19
     of the manual appears. There are one or two additional field(s).

     The significance of the individual fields has slightly changed. The 
     fields "Safe Guard Data Directory" and "Safe Guard Program Directory"
     can no longer be changed as the files have already been copied 
     accordingly. 
     
     In the field "Server-Login-Directory" the current logical directory  
     name must be given, as Safe Guard copies the kernel file (SG4-RRxN.EXE) 
     and the program SG4-NETP.EXE into this directory. If nothing is entered 
     in this field, the files are only modified (see page 2-20). Later  
     they must be manually copied into the Login Directory. The file
     SG4-NETP.NOV must be copied as SG4-NETP.EXE into the Login-Directory. 
     Warning: If the file name is changed when copying the file name 
              manually, the corresponding entry must be adjusted in the 
              AUTOEXEC.BAT or the AUTOEXEC.SG.

     In the new field "First Network Drive" you must enter the drive    
     designation available when starting the workstation as the first 
     network drive.

     The name and the password of the Novell start user correspond to the
     description in the manual. If Novell 4.0 is detected by Safe Guard,
     a field to enter the context for the start user also appears.

     After confirming these entries, Safe Guard performs the following 
     actions:
     - The files SG4-CHK.EXE and C_LOCK.SYS are copied onto the local disk.
       The directory used is the one entered in the first screen as the
       Safe Guard data directory. However, the central drive letter is 
       replaced by the entry "Boot Drive" from the first mask.
     - The entries in the CONFIG.SYS and AUTOEXEC.BAT or CONFIG.SG and
       AUTOEXEC.SG are adjusted accordingly. In addition, a switch is made     
       to the first network drive in the AUTOEXEC.BAT or AUTOEXEC.SG    
       before the Safe Guard kernel call.
     - The drive "First Network Drive" and all further drives are auto-
       matically marked in the Safe Guard rights file as network drives.

     This completes the network installation.


     SG4-INST /WRITE

     With SG4-INST /WRITE it is possible to generate a configuration
     file for the local Safe Guard installation. Moreover it is possible
     to deposit a predefined rights file (SG4-MEN.DAT) and a predefined
     Safe Guard INI file (SG4.INI) on the installation diskette.

     To do this, duplicate the original Safe Guard diskette set with the 
     program DISKCOPY. If required, copy the SG4-MEN.DAT and SG4.INI  
     you have generated onto the first diskette. You may not make any 
     further changes. Leave the first diskette without write protection 
     in the drive and then call the program SG4-INST /WRITE. The entries
     necessary are the same as in normal Safe Guard installation, but
     must relate to the target PC. 

     On completing SG4-INST the installation is not started, but the file 
     SGCFG is generated on the diskette and all necessary checksum changes
     are made.

     If SG4-INST is now started on the target PC, Safe Guard is installed
     without further user entries. If problems occur (e.g. disk is full)
     the relevant message appears and the installation is aborted.

     If the file SGCFG is deleted before the installation, an installation
     is not possible as Safe Guard recognizes that this diskette set was 
     instituted for automatic configuration. 

     If further diskette sets need to be created, this is only possible with 
     DISKCOPY and/or on a renewed call of SG4-INST /WRITE. It is not enough 
     to simply copy only the file SGCFG.


     SG4-INST /WS


     If Safe Guard has already been installed centrally, the installation
     (automatic activation) can take place on additional workstations
     as follows.
     
     The workstation must be booted and the network connection established.
     Then the SG4-RRxN.EXE required must be activated manually. After a logon
     in Safe Guard, the program SG4-INST /WS must be started. Safe Guard 
     prompts the first network drive, the boot drive, the Windows directory, 
     virus protection and whether Safe Guard should be activated. After 
     confirmation of these entries Safe Guard, undertakes following actions:
     - The files SG4-CHK.EXE and C_LOCK.SYS are copied onto the local 
       disk. The directory used here is the Safe Guard data directory
       stored in SG4-RRxN.EXE. However the central drive letter is replaced
       by the entry "Boot Drive".
     - The entries in the CONFIG.SYS and AUTOEXEC.BAT or CONFIG.SG and
       AUTOEXEC.SG are adjusted accordingly. In addition, a switch is made
       to the first network drive in the AUTOEXEC.BAT or AUTOEXEC.SG
       before the Safe Guard kernel call.
     - The files SM-BLK*.* from the central Safe Guard program directory
       are copied into the Windows directory entered.


     SG4-INST /WRITE /WS

     The SG4-INST /WRITE /WS call generates a configuration file for a 
     workstation installation (see SG4-INST /WS). The functionality of 
     SG4-INST /WRITE /WS corresponds to that of SG4-INST /WRITE. However 
     it is the first network drives which are prompted here, not the Safe
     Guard data and program directories.
     
     The SGCFG file generated is saved on a diskette. It need not be the
     first Safe Guard diskette. The file SGCFG can be copied into any
     directory. The actual installation on the workstation takes place
     with the call SG4-INST /WS=<SGCFG-File>.


     SG4-INST /WS=<SGCFG-File>
     
     
     The procedure for automatic installation of Safe Guard on a workstation 
     is the same as with SG4-INST /WS. However, at the SG4-INST /WS call, 
     the configuration file must also be entered. The caller then does not
     need to make any more entries. In this way a user could be created, 
     in Safe Guard for example, whose only function is to install Safe Guard
     on a workstation. With every workstation added to the network, the 
     corresponding SG4-RRxN.EXE must then be manually started and this user
     then logged on.



SG4-LGIN.EXE / SG4-INIT.EXE 



     If, when starting Safe Guard it is determined that the Safe Guard 
     directory in the SG variable is longer than 40 characters, then the
     start is prevented with the error message SG-ERROR 22.


     The previous program SG4-LGIN.EXE has been divided into SG4-LGIN.EXE 
     and SG4-INIT.EXE. SG4-INIT.EXE is started only once, at booting, and
     is responsible for the largest part of the necessary Safe Guard 
     initialisation. If an error is detected in this initialisation phase,
     an appropriate error message is output and only the system administrator
     can log on.


     If Safe Guard determines when starting that the environment variable
     SGXX is not empty (see SG4-CHK.EXE), the relevant message is output
     and only the system administrator may log on.


     If a user logon is denied, this is now audited in a differentiated 
     fashion:
     Record type   Reason                                         
       4           User locked                             
       5           User rights expired (expiry date or no use for X days)
       6           Logon outside allowed working hours
       7           Computer locked                                                   


     In the file SG4-STOP.SYS (see pages 2-28, 3-6) a wildcard entry *
     is possible. This wildcard can be placed at the beginning or at the 
     end of illegal passwords and so stand for 0 - 15 characters.
     Exam.:  S*     It is not possible to use a password which starts 
                    with s or S.
            *S      It is not possible to use a password which ends 
                    with s or S.
            *S*     It is not possible to use a password which contains
                    an s or S.


     The account number given in the user logon can be taken from the 
     environment variable SGANR for further use (e.g. in batch files). To 
     define a default value for the account number, the variable SG4ANR0 
     can be filled in the AUTOEXEC.BAT with a value. This value is then 
     used in the variable SGANR.


     In order that the correct self test of the Safe Guard kernel started
     is also implemented in a network environment, the test takes place with
     a Novell network (start user is saved in SG4-RRxN.EXE) using physical 
     directory names (TRUENAME). With all other networks checking takes 
     place as before via the logical directory names.


     If an ID Token logon attempt is denied due to an incorrect response, 
     this causes an incrementing the incorrect user attempts just as an
     incorrect password and can lead to the user being blocked after n 
     incorrect attempts.



SG4-LOG.EXE



     When calling SG4-LOG.EXE there are two new return codes:
     -  The ERRORLEVEL is set to 6, if when outputting to a printer, the
        printer is not ready or when the output is in file format there is
        not enough memory space on the memory medium. In both cases the 
        output is aborted and the log file is not deleted.
     -  The ERRORLEVEL is set to 7, if the 4-Eyes-Principle is activated
        for the log file and the User #LOG is not logged on.


     If a user logon is denied, this denial is now audited in a more 
     precise manner:
     Record type   Reason                                         
           4       User locked                             
           5       User rights expired (expiry date or no use for X days)
           6       Logon outside allowed working hours
           7       Computer locked                                                   
       


SG4-MENU.EXE



     In some environments Safe Guard user should not be able to call 
     menu items directly via the field Direct Selection. In order for this 
     to be the case, the field Direct Selection field and the display of the
     menu short selections can now be disabled. Disable with the entry 
     DIRECT=NO in the capital MISC of the file SG4.INI.



SG4-NKON.EXE



     Use the program SG4-NKON.EXE for subsequent addition or changes  
     of the start user for Novell. It can be called with the following 
     parameters:
     
     /SG=<Safe Guard Data Directory>
     /SG2=<Safe Guard Program Directory>
     /U=<Name of the Start User>
     /P=<Novell password of the start user>
     /C=<Context of the Start User>

     The call enters the values given into the Safe Guard program
     SG4-RRxN.EXE. The programs modified in this way must then be copied
     into the Server-Login-Directory.

     To check the entries the following parameter is available: 
     /?=<Novell password of the Start user>. 
     Use the same password which was entered with /P. On correct password 
     entry, the currently saved values are output.


     To make an update of the new SG4-RRxN.EXE possible, without having to 
     re-enter the parameters individually, use the parameter: /X=<Name>.
     At Name Drive, Path and Filename with Extension must be given.
     (Example: SG4-NKON /X=I:\SG41B\NEW\SG4-RR1N.EXE)

     /U, /P and /C are taken from the Safe Guard data area, /SG and /SG2 
     from the environment. This means that a configuration can be made
     for the same or another directory.                 


     If the directory given in the parameter /SG and /SG2 is longer than
     40 characters, the entry is denied with SG-ERROR 22, as Safe Guard
     can only administer directories of up to 40 characters in this area.



SG4-O.EXE 



     Parameter O

     Individual configuration elements can also be adopted. Whether and how
     far it is possible to adopt the elements, depends on the status of the
     target systems (target rights file).
     - If the setting has been made in the target system that log file  
       editing is only possible when using the 4-eyes-principle, it is only
       possible to use the log file options, if the User "LOG" is also logged
       on. 
     - If the target system is locked, and the locking does not allow the
       system administrator to execute individual configuration items, these
       cannot be performed with SG4-O either. First the locking must be 
       released there. The same applies for the individual definition 
       options.
     Note: The areas "Special User Names" and "Lock" are only then 
           adopted if the target rights file does not exist.

     The functions described in the manual on page 5-7 indicating the source
     and target file when calling SG4-O O is not available with a central 
     installation of Safe Guard and in connection with Safe Guard for 
     Windows.
     
      

     Parameter E, Parameter I

     Analog to the new fields in the definition programs new lines are
     available here. They are
     - at user definition:
       55: full name
       56: expiry days
       57: context for Novell 4.0

     - at menu definition:
       22: 0 = both menu environments
           1 = only Windows menus
           2 = only DOS menus



     Parameter A

     With SG4-O A the configuration items can be adopted using the call
     parameter /K.



     Parameter U

     With the call of SG4-O U <Target file> all information is adopted  
     in the target file - including special user names, user passwords,   
     token settings and entire configurations of the active rights file.



     General

     As file names, absolute path names can now be given
     (e.g. \\SERVER\SYS\SG-VERZ\SG4-MEN.DAT).
     


SG4-RRx(N).EXE



     The DOS output lock under Windows now functions correctly.
     It is no longer necessary to maintain a permanent swap file.


     In conjunction with CTRL switch 20, screen blanking can now also be 
     eliminated without password if required.


     If individual drives were configured in Safe Guard as "not available", 
     then these drives cannot be addressed by the user even if entered as 
     program or data directory \\ or if these drives were explicitly allowed.

     
     "Directory negation" in the area of data directories is supported.
     By means of a leading - (minus character) at the definitions, Safe Guard
     is informed that all directories are allowed as data directories  
     except for the data directories indicated .


     After an illegal INT h25/h26 (direct Read/Write), INT h13 (absolute 
     Read/Write) is no longer globally locked. Rather the lock is dependent
     on the INT h25/h26 restriction selected:    
     -  With SG4-CTRL D 0 the INT h13 is locked for diskette drives
        and hard disks after INT h25/h26.
     -  With SG4-CTRL D 1 the INT h13 is only locked for hard disks   
        after INT h25/h26.      


     The SG4-CTRL switches 38 and 39 are now also evaluated with 
     SG4-RR1(N).EXE. Previously this protection was only enabled with 
     SG4-RR2(N).        


     To check the entries in Windows INI files, a new functionality has been
     included in Safe Guard. For more details on this see the description of
     the program SG4-WCPY.EXE. This control can be disabled with 
     SG4-CTRL - 36.


     User directories (.USR directories) are now also protected in sub-
     directories against "foreign" user access. As before, this protection
     can be removed with SG4-CTRL - 7. 


     A new method of preventing the Novell broadcast for the period when the
     screen is blanked has been implemented. As before this function must be
     enabled via SG4-CTRL - 48.


     A multiple Safe Guard start or an initial start in a multitasking 
     environment (e.g. Windows) is no longer possible.



SG4-UTI.EXE



     When using the parameter /V3 or the entry CRYPT=V3 in the SG4.INI it 
     is now longer allowed to operate with the user password when encrypting
     files, because it is not possible to transform a password saved in a 
     Safe Guard Professional 4.x rights file into a password valid for Safe
     Guard Professional 3.2x.



SG4-VAR.EXE



     With the program SG4-VAR.EXE an additional parameter /W is available. 
     If SG4-VAR.EXE is called with this parameter, the user entry prompt 
     does not occur in line mode but in a window. 

     Linking parameters /H and /W is not possible.



SG4-VP.EXE



     When using the parameter /V3 or the entry CRYPT=V3 in the SG4.INI it
     is no longer allowed to operate with the user password, as it is not
     possible to transform a password saved in a Safe Guard Professional 4.x
     rights file into password valid for Safe Guard Professional 3.2x.




SG4-WCPY.EXE



     The new program SG4-WCPY.EXE checks the Windows INI files at every 
     WIN.COM start. As soon as an Execute is made on the program WIN.COM,
     the program SG4-WCPY.EXE is started. This program compares entries 
     in the SG4.INI against entries in the corresponding INI files (the 
     INI files in the same directory as WIN.COM are checked) and corrects
     them. Only then is WIN.COM actually executed. In this way it is possible
     to allow a user access on INI files and at the same time to have a 
     certain control on the entries. As the program SG4-WCPY.EXE is active 
     when Windows is running and has a memory requirement of approximately 
     15 Kb, this functionality can be deactivated with SG4-CTRL - 36.

     Syntax for the entries in SG4.INI:
     -  There must be a chapter [WINDOWS].
     -  In this chapter the individual INI-Files are entered (INI file name)
        (e.g. (SYSTEM.INI)).
     -  The individual actions must be declared within this file entry.
        The syntax for this is:
        <Action> <Section> <Variable=Value>
        Following actions are available:
        + When <Variable> is available, <Value> is appended, otherwise
          the line is completely generated.
          Example: (WIN.INI)
                   + [WINDOWS] LOAD=SM-BLK.EXE  
                   If the line LOAD= exists in the section [WINDOWS] of the 
                   file WIN.INI and if it not contains the entry SM-BLK.EXE 
                   SM-BLK.EXE is appended to the existing value. If the whole
                   line does not exist, the complete line LOAD=SM-BLK.EXE is 
                   used.
        - When <Variable> with <Value> is available, the line
          is completely deleted.
          Example: (SYSTEM.INI)
                   - [386ENH] DEVICE=VFAT.386
                   If an entry DEVICE=VFAT.386 exists in the section 
                   [386ENH], this entry is deleted.
	= When <Variable> exists, it is set to <Value>, independent of its 
	  current value.
          Example: (SYSTEM.INI)
                    = [386ENH] 32BITDISKACCESS=OFF
                    If in the section [386ENH] there is an entry
                    32BITDISKACCESS=<any value> the line is replaced with 
                    32BITDISKACCESS=OFF.
        # If a line with <Variable> and <Value> exists, nothing happens.
          Otherwise this line is generated anew. This action is necessary for
          variables, which can exist in several positions.
          Example: (SYSTEM.INI)
                   # [386ENH] DEVICE=*VSD
                   If there is a line DEVICE=*VSD in the section [386ENH],
                   nothing happens. If the line does not exist, it is added.
	           If a + instead of # is entered, an *VSD would then be 
                   appended with every DEVICE= entry.

     If a line of the SG4.INI contains the chain %SG% this is replaced   
     by the Safe Guard data directory. The section [WINDOWS] in the WIN.INI
     is an exception here. Here %SG% is replaced by the Safe Guard program 
     directory.

     If one of the files entered with (<Filename>) is missing, Windows is not
     started and the whole system is placed on hold. This stop is marked by a
     "circle".

     To detect the changes made by Safe Guard a comment is made in the 
     relevant lines in the INI files. The commentary lines and the changes 
     made can be set back in the Windows directory at a later Safe Guard  
     deinstallation. This can be achieved via the PATH command.
     For safety reasons the INI files should be backed up before deinstal-
     lation or the entries in the SG4.INI should be deleted first, as Safe 
     Guard cannot distinguish at deinstallation whether these entries were
     adopted by SG4-WCPY.EXE or whether they existed previously.

     Safe Guard is supplied with following entries in the SG4.INI:

     [WINDOWS]
     (SYSTEM.INI)
     = [386ENH]  32BITDISKACCESS=OFF
     - [386ENH]  DEVICE=VFAT.386
     (WIN.INI)
     + [WINDOWS] LOAD=SM-BLK.EXE
     (CONTROL.INI)
     + [DON'T LOAD] 386 enhanced=false



NET 



     Safe Guard now supports the Novell function 
     "SET ALLOW UNENCRYPTED PASSWORDS = OFF"


     For Novell 4.x with several servers special measures have been  
     taken in Safe Guard. If you are using Novell 4.x, please request 
     the supplement to the Safe Guard Professional 4.1B Manual, or contact 
     our Hotline.



General Note:

     

     All manual page references refer to the Safe Guard Professional
     Version 4.0E / 4.1A Manual from September 15, 1993.


     The Safe Guard Professional Version 4.1B is not certified. References 
     in the Manual which refer to the certification are not relevant.

Oberursel, 08th August 1994
                                                                                          