Screen Pass   Copyright 1995-96 Birch Grove Software, Inc. 
             All rights reserved worldwide.

*********************** ATTENTION  ******************************
THIS VERSION OF SCREEN PASS IS FOR DEMONSTRATION PURPOSES ONLY. 
It differs from the licensed version only by the text on the
main window, and a hidden security loophole.

Contact Birch Grove Software or your reseller if you wish to
purchase a licensed version of this product. See the File 
'PRICING.TXT' for more information.
*****************************************************************


Overview:
  Screen Pass is a Windows screen saver that requires you to confirm
  your network password before your workstation is unlocked.  By default
  it displays a bouncing football, but Screen Pass can be configured to 
  display any .BMP image. Settings can be changed by the user or they can 
  be centrally managed by the network administrator.


Table of Contents:
  i) Overview  
  1) Features
  2) Compatibility
  3) Installation
        General
        Installing From the Network
        First Time Installation vs. Subsequent Executions of Setup
        Running Windows From the Network
        Special Considerations for 32 bit Login Programs
        Summary of SETUP Syntax
  4) Passwords
        Banyan Vines
        NetWare
  5) Bitmap Selection
  6) Security Report
  7) Hot Key and CTRL-ALT-DEL
  8) Files
  9) .INI Settings
 10) Contact Information


1) Features:
  - Unlocks with either the user's or an administrator's password.  

  - Disables CTRL-ALT-DEL while the screen saver is active, ensuring
    network security.
    
  - Optionally displays a security report when unlocked, showing elapsed 
    time, user ID, and failed password attempts.
    
  - Allows the user to select a .BMP file and to control the speed of 
    the bouncing bitmap.
    
  - Is configurable from the Windows Control Panel.    
    
  - Starts on demand with a hot key combination, even from DOS sessions.     
  
  - Includes a DOS-based setup program to permit installation and 
    configuration from a login script.  

    
2) Compatibility:
  Screen Pass runs on Windows 3.x or Windows 95 with either 16 bit or
  32 bit clients.  It can verify passwords on Banyan Vines or Novell
  NetWare (NDS or bindery mode).

        
3) Installation:  
  General - 
    Screen Pass comes with a Windows-based install program SETUP.EXE and a 
    DOS-based install program SETUPDOS.EXE.  Both programs perform exactly
    the same steps in configuring a workstation to use Screen Pass. The
    Windows-based program provides an option to restart Windows if system
    files or settings have been changed.
  
    The setup program will copy the Screen Pass files to the users's 
    workstation.  Only files that are out of date or not existent on the 
    user's workstation are copied.

    The setup program will modify .INI settings to make Screen Pass the 
    active screen saver.  For a list of the .INI settings modified by the
    setup program see the '.INI Settings' section below.
  
  Installing From the Network - 
    Users may install Screen Pass from a diskette or the network. To allow 
    installation from the network, simply copy the files on the diskette to a 
    network directory.  You may direct users to run the setup program, or you
    can distribute Screen Pass by placing the SETUPDOS.EXE command in the
    users' login scripts.
    
    Settings that users receive during setup can be customized by editing the 
    SPSETUP.INF file. A SPSETUP.INF file is included on the diskette.
    For a complete description of this file, see the comments inside the
    file.
    
    By default the setup program looks for the SPSETUP.INF file in the same 
    directory as the setup executable. Another .INF file may be used by 
    passing the filename on the command line of the setup program. This 
    allows administrators to deliver different settings to different users 
    depending on their group or list membership.

  First Time Installation vs. Subsequent Executions of Setup - 
    The setup .INF file is divided into two sections.  The section entitled
    [FirstTimeInstall] contains the parameters given to users during their 
    first execution of the setup program.  The other section entitled
    [Reset] contains Boolean values specifying whether the 'first time'
    parameters should be used on subsequent executions of the setup 
    program.  This allows the administrator to distribute the Screen Saver
    from a login script and to exert varying degrees of control over the
    configuration in the future. 
      
    The setup program considers a first time execution to be one where the 
    SCRNPASS.SCR file is copied or updated.

  Running Windows From the Network -
    If you are running Windows from the network, a setup command-line
    switch can be used to prevent the files from being copied.  The
    administrator can copy the files to the appropriate directories, and
    the setup program will provide the users with the proper settings.
    The command-line switch to prevent the files from being copied is /NC.

  Special Considerations for 32 Bit Login Programs -
    Users of 32 bit clients for Windows 95 with graphical login programs
    can receive the Screen Pass software via the login script, but
    special care must be given. Since Windows has already started, either
    SETUPDOS.EXE or SETUP.EXE can be run. The Windows-based setup program
    is prefered because when executed with the /NUI switch to suppress the
    user interface, it makes for a less obtrusive login process.  It also
    allows the user the option of restarting Windows if system files or
    system settings have been changed.  Unfortunately, it is not always
    possible to restart Windows during the login process without obtaining
    an undesirable result. The /NR switch can be used to disable the restart
    Windows option.

    The recommended method for installing via 32 bit login programs is to
    run SETUP.EXE /NUI /NR.  You may want to experiment to see what works 
    best in your environment.

    The Windows-based setup will spawn the DOS-based setup when run from a
    Windows 3.x DOS box. This allows you to put SETUP.EXE in login scripts
    that are meant to serve both Windows 3.x and Windows 95 users.

  Summary of SETUP Syntax -
    SETUP.EXE [Filename] [/NUI] [/NC] [/NR]

    Filename specifies a .INF file.
    /NUI suppresses the Windows user interface. No effect in DOS.
    /NC  prevents the files from being copied.
    /NR  disables the restart Windows option. No effect in DOS. 

      
4) Passwords: 
  Screen Pass will unlock when the current user of the workstation enters his 
  or her password.  If the workstation is not logged in, Screen Pass will not
  prompt for the password.  Screen Pass is meant to protect network
  resources only.  While, an intruder can repower the workstation to gain 
  access to local data, once Screen Pass is active, he cannot access the
  network without knowing the network password.
  
  The password verification can be turned off through the Screen Pass Options
  dialog, accessible through the windows control panel or through the .INF 
  mechanism.
      
  The Admin button on the Password dialog activates the Administrator dialog
  which allows an administrator to unlock the workstation with his or her 
  ID and password.

  Banyan Vines -     
    On Banyan Vines systems, users on the AdminList for current 
    user can use their own ID and password to unlock the workstation.  
    
    Alternatively, on Banyan Systems, the administrator can setup a group 
    wide master password by creating a user or nickname object 'Screen Pass'
    in that group.  Either the user's password or the 'Screen Pass' object's
    password will unlock the workstation from the Password dialog.
    
  NetWare -             
    On NetWare systems, Screen Pass will verify the user's Directory
    Services password if he or she is currently logged in to a tree.
    For bindery login sessions, Screen Pass will verify the user's
    password on the primary server.  The default server is checked if
    the user is no longer connected to the primary server.
      
    For NDS login sessions, only administrators with Supervisor Access
    Rights to the user can unlock the workstation with the Administrator
    dialog. 

    For bindery login sessions, the SUPERVISOR or a Manager of the user 
    can unlock the workstation with the Administrator dialog.  Screen 
    Pass uses the Manager bindery property.  It does not accept Security 
    Equivalence of SUPERVISOR, when determining which administrators can 
    unlock another user's workstation.


5) Bitmap Selection:
  The user can select an alternative to the football image by specifying an
  alternative .BMP on the Screen Pass Options dialog, accessible through the
  Control Panel.
  
  The administrator can specify the .BMP file and actually 
  distribute the file using the .INF mechanism in the installation procedure.
  If a fully qualified name for the alternate .BMP is entered in the 
  SPSETUP.INF file, Screen Pass will use that file after setup is run.
  If only the file name and extension are given, the setup program will 
  attempt to copy the .BMP from the setup directory to the Windows directory.
  Screen pass will then use the newly distributed .BMP.
  
  If for any reason, Screen Pass cannot access a specified alternate .BMP,
  it will display the default football. 
  
  
6) Security report:
  A security report is displayed after the workstation is unlocked. The
  report displays the elapsed time the screen saver has been active, the
  number of failed password attempts, and the current user of the 
  workstation. This feature can be disabled through the Screen Pass Options
  dialog accessible from the control panel or by the administrator using the
  .INF mechanism.

  
7) Hot Key and CTRL-ALT-DEL:
  Screen Pass can be activated on demand by pressing CTRL-CTRL.  This hot key
  combination functions even if a full screen DOS sessions is active. The VxD 
  program VBGKXD.386 must be loaded using a 'device=' line in the system.ini 
  file in order for the hot key to function. 
  
  The VxD also disables CTRL-ALT-DEL and other Windows hot keys. If the VxD
  not installed properly, Screen Pass will execute, but network security can
  be defeated by pressing CTRL-ALT-DEL while a password is being verified. If
  the VxD is not loaded, the user will be alerted after he or she unlocks the
  screen.

  
8) Files:
  These files are installed by the Screen Pass setup program.
  
    FILE             LOCATION                            PURPOSE
  SCRNPASS.SCR   Windows directory            The Screen Pass executable 
                                              file.

  VBGKXD.386     Windows system directory     Disables Ctrl-Alt-Del and other 
                                              hot keys. Enables Screen Pass 
                                              hot key. Must be loaded with
                                              a 'device=' line in system.ini. 
                                                    
  SPSTART.EXE    Windows directory            Works with VxD to launch Screen 
                                              Pass with the hot key.

  NWCALLS.DLL    Windows system directory     Accesses NetWare information.
                                              Installed only for NetWare
                                              clients.
  
9) .INI Settings:
  These parameters are set by the setup program and can be modified via the 
  Control Panel.
  
  SETTING                 SECTION                    FILE                   
  AlternateBmp        [ScreenSaver.Screen Pass]    control.ini
  Speed               [ScreenSaver.Screen Pass]    control.ini
  Report              [ScreenSaver.Screen Pass]    control.ini
  PWProtected         [ScreenSaver.Screen Pass]    control.ini
  SCRNSAVE.EXE        [boot]                       system.ini
  ScreenSaveTimeOut   [windows]                    win.ini or Win95 Registry 
  ScreenSaveActive    [windows]                    win.ini or Win95 Registry 
  device=vbgkxd.386   [Enh386]                     system.ini


10) Contact Information:
  For questions, comments, or technical support contact
  Birch Grove Software, Inc. 
  
  Voice:  214-340-6982
  Fax:    214-340-6476
  CompuServe: 70751,3010
  Internet: bgrove@onramp.net 
