        PRGSEC12, Program Manager Security, Version 1.2
          Copyright (c) 1995, Marvin E. Wilborne III

                        Summary

This program is designed to be used by a Systems or Network manager to
control the amount of changes users of "public" PC's can make to Windows.

This program allows you to remove programs and features from Program Manager
and password protect them.

If you've ever gone to a PC to fix the colors so that users can see what
they're doing (they set the foreground and background colors to the same
thing), or you've gone to PUT BACK and ICON they've deleted, then this
program may be of interest to you.

This program is also designed for the home user that has children who                        
occasionally delete, by accident of course, programs and program groups.
                        
                        Installation

Unzip PRGSEC12.ZIP into your \WINDOWS\SYSTEM directory.  Don't replace any
files in your \WINDOWS\SYSTEM directory that are NEWER than the files
included in this .ZIP.

Files included:  VSVBX.VBX, VSVBX.LIC, CTL3D.DLL, MHRUN400.DLL, THREED.VBX
and PROGSEC.EXE, FILE_ID.DIZ, README.TXT you'll also need VBRUN300.DLL (not
included with this distribution) to run the program.

Optionally, you can unzip this zip file into any directory that you create.
You may want to copy the VSVBX.*, CTL3D.DLL, MHRUN400.DLL and THREED.VBX
files to your \WINDOWS\SYSTEM directory.

                        Use

After installing the files, you should create an entry in one of your
program manager groups by dragging the .EXE file from File Manager to the
program group of your choice.  You should see a "padlock" icon once the
program is successfully placed.

Run the program by clicking the icon and press <ENTER> or double click on
the icon.  The main screen allows you to set the windows options that are
allowed or disallowed in the program manager:

The "Run" group allows you to disable the option under the File menu of
program manager that allows you to run programs.  In a secure environment
you would set this option to "NO" so that programs such as Control Panel
or File Manager couldn't be run manually.

The "File Menu" group allows you to turn on or off the entire "File" menu
choice of program manager.  This option prevents the user from using File
Exit to exit Windows and disallows someone from rearranging the program
manager and saving it by selecting File Exit while the left shift key is
pressed.

The "Close" group allows you to enable or disable the System Menu Close
option so that <ALT><F4> doesn't work and Close don't work.

The "Save Settings" group allows you to disable the Options menu item Save
Settings on Exit.

The "Edit Level" group allows you to set the levels of editting allowed in
program manager.

Normal = All normal functions such as deleting and creating icons, changing
properties and rearranging groups are allowed.

No Group = No group changes are allowed.  Disables creating new entries in
a group.

No Icon = No icon changes are allowed.

No Cmdline = disables command line changes to a program's properties.

No Property = disables changes to any property of a program.  (The most
secure).

After setting the options by clicking the Yes, No, or Option Level, to make
the changes effective you need to press the Save button and then choose 
Restart Windows under the Tools Menu.  Anytime changes are made to these 5
groups they DO NOT become effective until you restart Windows.

These program manager restrictions are stored in the \WINDOWS\PROGMAN.INI
file in the [restrictions] section.  This file can be edited at the DOS
prompt so the security isn't fool proof.  If someone can get to DOS either
at the time of boot up or from Windows they can bypass the security
restrictions placed on Program Manager by directly editing the PROGMAN.INI
file.

To password protect the program so that when it is run you have to enter a
password to get into it, choose New Password under the Edit menu.  If you
forget the password, you will need to remove the Password entry from the
[Security] section of the \WINDOWS\PROGSEC.INI file.

For the most secure Windows, you should remove the following programs from
program manager groups:

        Control Panel - Why?  Because people can get in here and add
                different printers or affect the settings for network
                based printers.  They can change the Window colors, the
                desktop, the screen saver, and much more!
        
        File Manager - Why?  Because you can launch just about any program
                you want.
                
        MS-DOS - Why?  Because a DOS user could use Edit to change the
                PROGMAN.INI file settings or to delete the password from the
                PROGSEC.INI file.
                
        PIF Editor - Why?  Because an experienced user may be able to find
                a DOS batch file that is started from a PIF and edit it to
                start up DOS programs of their choice.
        
        Sys Edit - Why?  This simply allows the user to go in and make
                changes that could directly affect the operation of Windows.
                
        Reg Edit - Why?  We don't need the user to put the "Package" object
                type in the Registration Database.
        
        Object Packager - Why?  Object Packager gives you another way to
                start programs.
                
        Windows Setup - Why?  Again, we don't need the user to change the
                configuration of Windows.

        Network Setup - Why?  Here again, users are notorious for changing
                the network configuration, breaking their programs that use
                the network.

        Windows Setup - Why?  Same as all of the above.

You can also Exit Windows from Program Manager Security as long as you know
the password to get into the program.

                        Advanced

Program Manager Security creates the file \WINDOWS\PROGSEC.INI and places the
password in it (encrypted).

You can also set up the User1 and User2 menu options to run programs that you
use for configuring Windows, such as screen resolution changing program or
even the Windows Setup utility.  To use these options, create a [User]
section in the \WINDOWS\PROGSEC.INI file and set User1=WINSETUP.EXE and
User2=SETRES.EXE or to whatever your program names are.  You can use a
complete drive/path specification.

All programs launched from the Tools menu can be user defined.  To change
the menu option, you can change the program but not the menu name, put a
[Tools] section in the \WINDOWS\PROGSEC.INI file.  You can then define the
following programs:

        [Tools]
        FileManager=winfile.exe ; default windows file manager
        ControlPanel=control.exe ; default windows control panel
        DosPrompt=dosprmpt.pif ; default windows dos pif
        PIFEdit=pifedit.exe ; default windows pif editor
        SysEdit=sysedit.exe ; default windows system editor
        RegEdit=regedit.exe /v ; default windows registration database editor
        WinSetup=winsetup.exe ; default windows setup program
        NetSetup=winsetup.exe /z ; default windows network setup program

                        More About Object Packager

You should remove the "Package" type from the Registration Database using
RegEdit.  Why?  Because a user could start up Write and then chose Insert
Object, chose Package and this would start up the Object Packager.  From
Object Packager you can execute any program on the system.  This is why the
object packager should be removed from any program groups in program manager.

Object packager is harder to use than file manager but is just as effective
in starting programs as file manager.

                Limitations of Program Manager Security

This version DOES NOT WRITE PROTECT any of the important Windows .INI files
so that anyone could use Notepad or other editors to change settings in the
files that affect what you can do.  For example, they could edit SYSTEM.INI
and replace the shell=progman.exe line with shell=winfile.exe and start up
File Manager and execute any program from there.  Even simpler, they could
reenable all of the limitations of Program Manager by removing the
[Restrictions] section of \WINDOWS\PROGMAN.INI.

DOS allows several methods of stopping start up execution, including <F5> and
<F8>, LEFT SHIFT while STARTING MS-DOS... is displayed and less elegantly the
good old <CTRL><BREAK>.  Since this is possible, it is impossible for
Program Manager Security to prevent a user from using Edit or any other DOS
word processor to edit any of the important Windows .INI files.

This program relies on a user's ignorance of how Windows operates to make it
more secure than it is normally.  This program IS NOT designed to prevent
the experienced PC/Windows user or programmer from getting around the
security limitations of Program Manager Security.

Additionally, if there are programs that you would like to leave access to,
you simply don't delete their icon from program manager.  For example, you
could remove the Windows Setup icon, restricting it's access to PROGSEC but
you could leave the Network Setup icon.

        REGISTRATION

Individual users who find this program useful can license it for their
personal user for $15.00.

Companies that would like to license and install this program on corporate
PC's to lockout setup programs can register this program for an entire
corporate site for $100.00.

Any additional contributions, comments or suggestions are welcome.

Please send registration fee, along with your name and address to:

Marvin E. Wilborne III
900 Jamerson Circle, Apt 16
Danville, VA 24540

Registered users will receive both telephone, written and e-mail support.
