





                               StopLight ELS
                        Entry Level Security System

                           Demonstration Version

                This product is not freeware or shareware.



This product can be used for commercial or private evaluation purposes
only.  It is identical to the retail version with the following exceptions:

1. The hard drive is not protected from floppy disk boot access.
2. The Master Admin password is displayed on the login screen.
   To login as Master Admin, use the name SUPERMSF and password AKVPPEOK.

For ordering information or assistance, please contact:

Safetynet, Inc.
Customer Service Dept.
55 Bleeker Street
Millburn, NJ 07041-1414 USA

Sales      - 1-800-851-0188
Support    - 1-201-467-1024
Fax        - 1-201-467-1611
BBS        - 1-201-467-1581 (14400,N,8,1)
CompuServe - GO SAFE
E-Mail     - 74431.1646@compuserve.com

International Sales - +1 908-276-9641
International Fax   - +1 908-276-6575


Safetynet products are available on GSA Schedule.  Single unit, volume
discount and site license pricing is available.

For information on becoming a reseller of our products, please contact our
dealer sales department at the address listed above.  Our complete product
line is found on page 3.


--------------------------------------------------------------------------

Safetynet, Inc. is a member of the National Computer Security Association
(NCSA), Information Systems Security Association (ISSA), and Software
Publisher's Association (SPA).

Copyright Notice
This software package and document are copyrighted (c) 1991-1994 by
Safetynet, Inc.  Portions (c) Eliashim, Inc.  All rights are reserved.  No
part of this publication may be reproduced, transmitted, stored in any
retrieval system, or translated into any language by any means without the
express written permission of Safetynet, Inc.

Disclaimer
Safetynet, Inc. makes no warranties as to the contents of this
documentation and specifically disclaims any implied warranties of
merchantability or fitness for any particular purpose.  Safetynet, Inc.
further reserves the right to alter the specifications of the program
and/or the contents of the manual without obligation to notify any person
or organization of these changes.

Trademark Notice
StopLight and Drive-In are registered trademarks, and StopLight/ELS,
VirusNet/Pro and ProfileNet are trademarks of Safetynet, Inc.  All other
trademark names referenced are for identification purposes only and are
proprietary to their respective companies.

TABLE OF CONTENTS

     Safetynet Product Line..............................3
     System Requirements.................................5
     Technical Support...................................5

1. Security Features.....................................7
     Password Management.................................7
     Super  Password.....................................8
     Restricted Directory................................9
     Audit Trail Log.....................................9
     Screen Blanker / Keyboard Lock......................9
     MS-Windows Screen Blanker...........................10
     Hot Key Protection..................................10

2. Installation..........................................11
     Initial System Preparation..........................11
     Security Module Installation........................11
     Uninstalling Stoplight ELS..........................12
     Emergency Unlocking Procedure.......................13
          Method 1.......................................13
          Method 2.......................................13

3. Security Setup (ELSUTIL)..............................14
     Setup Global Security...............................14
          Administrator Name.............................14
          Administrator Password.........................14
          Exp. (Password Expiration).....................15
          System-Wide Settings...........................15
          Read Only/Public Directory.....................15
          Audit Trail Log................................16
          Request User Name On Boot......................16
          Request Password On Boot.......................16
          Minimum Password Length........................16
          Customize Password Screen......................16
     Initial Users Privileges (Window)...................17
               Floppy Disk Write Protect.................17
               Floppy Disk Read Protect..................17
               Disable Printer Access....................17
               Disable Serial Port (Rs-232) Access.......17
               Keyboard Lock During Screen Blank.........17
               Virus Protection..........................17
               Disable DOS Shell Access..................18
               Disable Break.............................18
               Hard Disk Format/FDISK Protect............18
               Disable Date/Time Change..................18
               Disable CONFIG.SYS & AUTOEXEC.BAT Change..18
               Disable Copying EXE & COM Files...........18
     Setup User Profiles.................................19
          User Name......................................19
          User Active....................................19
          Boot Password..................................19
          Exp. (Password Expiration).....................19
          Auto Screen Saver..............................20


StopLight ELS Demonstration Guide                                   Page 1

          Hot Keys.......................................20
          Allow Password Change..........................21
          Trustee Assignments (Window)...................21
          Trustee Assignment Rights......................21
          Protecting A Specific Directory................21
          Protecting A Directory And Its Sub-Directories.21
          Protecting A Specific Drive....................22
          Protecting A Specific File.....................22
          Protecting A Pattern Of Files..................22
          Trustee Assignment Examples....................23
          Privileges (Window)............................23
     Audit Trail Log Reports Generation..................23
     Optional Elsutil Switches...........................24

4. End-User Operation....................................25
     Log In..............................................25
     Password............................................25
     Screen Blanker / Keyboard Lock......................26
     Hot Key Activation..................................27
     What A User Cannot Do...............................27
     Security Violations.................................28
     Logging Off.........................................28

5. Special Programs......................................29
     PCC.................................................29
          Overview.......................................29
          Environment....................................29
          Memory Map.....................................29
          Adapters.......................................30
          Files..........................................30
          Hard Drive Parameters..........................30
          Hard Drive Fix.................................30
          Network........................................30
     ALERT...............................................30
     DEFMSG..............................................31
     EX..................................................31
     KEYBFIX.............................................31
     LOGON...............................................31
     WHOAMI..............................................31
     UNLOCK..............................................31

Appendix.................................................32
     Solutions To Common Problems........................32
     New Solutions.......................................33
     List Of Violation Messages..........................33
     Error Messages That Users May Encounter.............34
Index....................................................36








StopLight ELS Demonstration Guide                                   Page 2

SAFETYNET PRODUCT LINE

Safetynet, Inc. is a development and marketing company focusing on security
software.  Our current line of DOS-based products for PCs and networks
include:

   * StopLight - StopLight builds on the features of StopLight ELS.  It
     provides up to 16 distinct users, and adds additional security
     settings, real-time and DES data encryption, and password management.
     VirusNet/Pro and Drive-In are included with StopLight.

   * StopLight LAN - With a comprehensive list of security features,
     StopLight LAN can centrally control the security of your network and
     their workstations.  Included are access control, single-signon,
     secure directories and files, and control over floppy drives, serial,
     and parallel ports.

   * Drive-In - A powerful menu system that provides fast access to
     programs.  An ideal corporate standard since it shares the same
     interface as our LAN and security versions, and uses no-memory
     overhead.

   * Drive-In LAN - Add sophisticated menuing to your network with Drive-In
     LAN.  Offering unlimited group and user menu setups, all of your
     menuing needs can be handled with no memory overhead.  Drive-In LAN
     can be easily upgraded to its anti-virus version, providing automatic
     virus protection for your entire network.

   * VirusNet/Pro - Rated #1, VirusNet/Pro lets you create a virus-free
     computing environment.  With advanced detection, correction, and
     prevention features, VirusNet/Pro is your total solution to virus
     problems.  Its sophisticated scanner quickly checks PC and network
     drives for infections.  Continuous protection is provided by a TSR
     monitor which prevents infected programs from being run or copied.
     Heuristic and checksum scanning allows VirusNet/Pro to find new
     viruses before they spread.  Also included is disaster recovery which
     revives PCs that fail to boot, and a comprehensive scheduler which
     runs virus scans at certain times or intervals.

   * VirusNet/Pro LAN - The LAN version of VirusNet/Pro provides protection
     across your entire network.  Its TSR monitor can be loaded during
     login to protect all workstations from virus infection and prevent
     infected files from being copied to your file server.  Infected
     programs are prevented from running, instead displaying a custom user
     help message.  The scanner can be scheduled to scan workstations at
     specific intervals.  Central scheduling and workstation disaster
     recovery make VirusNet/Pro indespensible for network virus protection.

   * Drive-In AntiVirus - Launch your programs without worry of virus
     infection.  Before accessing a program, Drive-In AntiVirus quickly
     scans for viruses.  A few seconds later, your program will be run, and
     you'll know that the program is virus free.  If Drive-In AntiVirus
     detects a virus, your system will be automatically scanned and



StopLight ELS Demonstration Guide                                   Page 3

     disinfected.  Drive-In AntiVirus includes menu choices for one-key
     scanning of hard drives, floppy diskettes, and network drives.

   * ProfileNet - Automatically inventory software and hardware for all
     your PCs and network workstations.  With ProfileNet, a job that would
     take days can be done automatically in minutes.  ProfileNet also
     tracks user information and support notes, making it a valuable tool
     for Help Desk management.  Workstation startup files are cataloged and
     can be modified from the server.  Inventories can be scheduled at
     specific intervals to detect changes.














































StopLight ELS Demonstration Guide                                   Page 4

Welcome to StopLight(R) ELS.

StopLight ELS is a PC security system that combines exceptional power with
ease of use.  StopLight ELS is the Entry Level version of our widely
acclaimed StopLight security system.  It provides the essential features
required for protecting PCs and laptop computers.  With its very low memory
and disk requirements and simple operation, StopLight ELS can easily
integrate with your system.  During normal operation, you will not even
know that security is there.  But if an intruder or hacker attempts to get
at your sensitive information, or perform an unwanted action, StopLight ELS
will immediately come to the rescue.

StopLight ELS provides security by preventing unauthorized users from
accessing the computer.  Security profiles can be set up quickly for the
administrator and two users.  An almost unlimited number of possibilities
can be assigned to each user based on the type of access that is deemed
appropriate.  And through its log file, user activity and attempted
violations can be tracked.

StopLight ELS quietly protects your computer and its files from
unauthorized activity in the background, providing you with a secure and
highly productive environment.


SYSTEM REQUIREMENTS

     Hardware       IBM PC, XT, AT, PS/2 or true compatible PC with 400K
                    free space on Hard Drive C.

     Operating      PC-DOS and MS-DOS 3.0 or higher,
     System         Microsoft Windows 3.0 and 3.1

     Network        Supports Novell, LAN Manager, Banyan, and all networks
                    supporting a DOS client

     Video Display  MDA, CGA, EGA, VGA, SVGA and compatibles.  The screen
                    saver blanks all DOS text and graphics video modes
                    including those used by Microsoft Windows.

     Memory         384K of free RAM required.  StopLight ELS uses 12K
                    memory for its security kernel.

     Mouse          Any Microsoft and MS-Mouse compatible mouse is
                    supported, although its use is optional.


TECHNICAL SUPPORT

We have included many features which make StopLight ELS as user-friendly
and helpful as possible.  If you run into a problem during its installation
or use, please refer to the section in the manual covering that topic.  If
you have found a problem or situation that is not covered in this
documentation, contact our technical support department as described at the
beginning of this guide.


StopLight ELS Demonstration Guide                                   Page 5


When calling  for technical  support,  you should  be  at the  computer  in
question so that our support personnel  can effectively work with you.  You
may need to  be logged  in as System  Administrator to  properly solve  the
problem.



















































StopLight ELS Demonstration Guide                                   Page 6

1. Security Features


This chapter provides an overview of security concepts and how they are
implemented in StopLight ELS.  To successfully implement a security
strategy, you should become familiar with this chapter.  If you are already
proficient with security systems, you may only need to skim over this
information before moving onto the installation instructions found in the
next chapter.


PASSWORD MANAGEMENT

Use of passwords, variously controlled and managed in the background, is
the essence of protection offered by StopLight ELS. The system
administrator may establish a flexible security system by defining users
and their passwords in different combinations described below.  Use of
individual passwords for access to the system during login is the first
stage of security offered by StopLight ELS.  Examples of user name and
password combinations offered by StopLight ELS follow:

a) Name and Password: This is the default setting and is deemed appropriate
   for most situations.  The user name will be displayed on the screen but
   the password will remain concealed.

  
b) Password, No Name: It is possible to enter a password without the need
   to have a user's name. In this case the user will simply enter the
   password and skip the name entry.

c) No Password, No Name: In some cases, for example, in classrooms where
   users do not require confidentiality from each other, security can be
   provided without assigning user names and passwords.  Initial PC access
   will be possible by merely pressing <Enter> when prompted at the login
   screen. Students will then receive the security profile defined by USER1
   in the Setup Users section described below.  Along with other
   protection, security can be provided for the AUTOEXEC.BAT and CONFIG.SYS
   files, virus protection can be activated, and the hard disk can be
   protected against formatting.

d) No Password, Many Names: A fourth possibility is to allow access by
   entering the user's name only (no need for a password).  This option is
   particularly useful for systems where every user has equal access to the
   system but the output itself must be separated (for example, an
   accountant may want to compute the total time spent on one customer for
   billing purposes).

          For security reasons, when logging in as SYSADMIN the
          password will still be required.

The system administrator controls the use of passwords by the users in
different ways. A minimum valid length for the password may be specified.
Thus, even if users are allowed to replace their password, it may not be
shorter than the minimum length. The system administrator may also specify
the number of times or days that a given password may be used.  After the


StopLight ELS Demonstration Guide                                   Page 7

password has expired, access to the system with this password will be
denied.

The user's name is not normally a password since it is visible to all when
entered on the screen.  However, the password itself is known only to the
individual user.  The password is stored in encrypted form to ensure its
confidentiality.

The system administrator has access to the hard disk with an administrator
password. Once logged in, the administrator has access to the complete
system including every users' privileges and secure directories. Further,
the administrator also has access to the main security menu and to the
Global Security Setup and Setup Users. In other words, when logging in as
administrator, all security protection (except virus protection) is
suspended from the computer.  Therefore, it is recommended that great care
be taken to keep the administrator password completely confidential.


          When you login as system administrator, you have all
          privileges including access to the \SAFER directory. It
          is advisable that you also define yourself as a USER
          and login as a user while normally using the system.
          Login as a system administrator only when making
          changes to the StopLight ELS security system. This will
          avoid unnecessary exposure to the security system and
          to the administrator password.


SUPER PASSWORD

There may be occasions when the administrator password is not available
(resignation, vacation, forgotten password), or the security system needs
to be uninstalled after booting from a floppy disk (corrupted hard disk,
etc.).  Under these circumstances, the StopLight ELS Super Password is
required.  This password is linked to your unique StopLight ELS serial
number and cannot be used to access another StopLight ELS package.  The
Super Password cannot be changed by the administrator and should only be
used for emergency purposes.

          Since the Super Password can access or unlock the
          system, it is very important that you keep it safe and
          secure at all times.  You may wish to store the Super
          Password away from the computer in a locked filing
          cabinet or safe.

To login to the system with the Super Password, follow these steps:

  Boot the computer from the hard disk.
  At the ELS login screen, for the User Name, type

                      SUPERMSF   (and press <Enter>)

  At the password prompt, type in your Super Password (and press <Enter>).

  In the eval version, the Super Password is AKVPPEOK.


StopLight ELS Demonstration Guide                                   Page 8

If your computer does not boot and you must uninstall StopLight ELS, please
refer to the Appendix section - Hard Disk Problems.


RESTRICTED DIRECTORY

SAFER Directory

The \SAFER directory (usually on drive C:) contains all the security
parameters and configuration as set by the system administrator. It
contains the security configuration file, the Log file and all other
security files generated by StopLight ELS. Only the system administrator
has access to this directory.

To define access rights to specific files and directories, please see the
Trustee Assignments section of this manual.


AUDIT TRAIL LOG

The Audit Trail Log records DOS and security-related activity performed at
any time by each user from the moment of login. By consulting the contents
of the Audit Trail Log, the system administrator can globally supervise the
activity in the system, check each user's activity, check any attempts to
get access to unauthorized areas of the disk, violations, etc., and even
get statistical reports of the activity conducted on the computer.  The
options for Audit Trail tracking are Off, Full, and Brief.  Selecting Off
prevents any actions from being tracked.  It is used when you do not wish
to monitor activity.  Full and Brief settings track login and logout times,
violation messages and programs that are run.  The Full tracking option
also records all data file activity including Read, Write, Create and
Delete.  Since most user activity involves data file access, the Full
tracking option generates significantely larger log files than the Brief
option.  Full tracking should only be used if you will be frequently
monitoring the audit log.  The log file should be periodically cleared to
conserve disk space.

A flexible Audit Trail report generator helps the administrator manage
audit information.  Reports are generated based on date ranges, users and
activity.  Report information is displayed to the screen or exported to
data file for use with other programs.  Violations are emphasized on the
screen in Red for easy recognition.  On monochrome systems, violations will
appear in Bold.


SCREEN BLANKER / KEYBOARD LOCK

When a user leaves the computer unattended for a period of time, StopLight
ELS can blank out the screen to prevent monitor burn.  The computer system
will continue to work, but nothing but a moving box will appear (for text
mode applications).  In graphics applications other than Microsoft Windows,
the screen will not display the moving box.  Instead, it will be blanked to
blue for the Screen Saver and red for the Keyboard Lock.  The result is the


StopLight ELS Demonstration Guide                                   Page 9

same, since information on the screen will not be visible to users and the
monitor will be protected from burn in.

The Screen Blanker / Keyboard Lock can be activated automatically if the
computer keyboard and mouse are not used after a period of time.  This
period of inactivity is adjustable from 2 minutes to 60 minutes.  An
adjustable hot-key is also available to activate the Screen Blanker /
Keyboard Lock on demand.

When the Screen Blanker is activated, the user simply presses <Enter> to
restore the screen.  All underlying screen information will be properly
restored.

Normally, only the Screen Blanker will appear when you step away from your
computer. However, if you want your keyboard lock to activate along with
your Screen Blanker, select the "Keyboard Lock During Screen Saver"
option on the Users' Privileges window during set-up.

          For non-Windows graphics programs, a color other than
          red or blue may be displayed for the Screen Blanker /
          Keyboard Lock.


MS-WINDOWS SCREEN BLANKER

A program (MSWIN.EXE) is provided to blank the screen while using Microsoft
Windows.  During the StopLight ELS installation process, your system is
automatically configured to run this program when Windows is started.  To
activate the screen blanker, double-click on its icon.

If you change your Windows configuration and the blanker does not start
automatically with Windows, you will have to manually reinsert the MSWIN
command.  To start the MSWIN.EXE program automatically each time your run
Windows, edit your "LOAD=" line in the Windows WIN.INI file and add the
MSWIN.EXE program to it:

                    LOAD=C:\PUBLIC\MSWIN.EXE

If another program is already loaded by this line, make sure there is a
space after the program and then add MSWIN.EXE:

                    LOAD=ANYPROG.EXE C:\PUBLIC\MSWIN.EXE


HOT KEY PROTECTION

A hot-key is provided to activate the Screen Saver / Keyboard Lock
immediately.  Press and hold the <Ctrl><Alt> together for five seconds to
blank or lock your screen.

The administrator can  redefine the hot  keys or even  add a  letter to  be
pressed after the first  hot-key is pressed.   Hot keys  can be changed  by
using the ELSUTIL security setup program.



StopLight ELS Demonstration Guide                                   Page 10

2. Installation


This chapter lets you install and get acquainted with StopLight ELS and
test it with the default settings. When you are more familiar with the
system and determine what your requirements are, StopLight ELS can be
configured to meet your security needs.

StopLight ELS Security Defaults are as follows:

System Administrator Name:         SYSADMIN
System Administrator Password:     PASSWORD

Superuser Name:      SUPERMSF
Superuser Password:  AKVPPEOK

User 1 Name:        USER1
User 1 Password:    PASSWORD

User 2 Name:     USER2
User 2 Password: PASSWORD


INITIAL SYSTEM PREPARATION

Before installing StopLight ELS, please be sure to follow these steps:

1. The COMMAND.COM program must be in the root directory of drive C:.  If
   it is not, please place a copy of it there.

2. If you are using a SHELL program in your CONFIG.SYS file other than
   COMMAND.COM (e.g. NDOS from Norton Utilities), you must find an
   alternate way to run that program.  StopLight ELS loads itself as a
   SHELL and unlike DEVICE drivers, DOS cannot run more than one SHELL
   statement.  Consult your SHELL program documentation for alternate ways
   to run the program, or try running it from the DOS prompt or
   AUTOEXEC.BAT file.


SECURITY MODULE INSTALLATION

The ELSUTIL security administration program is responsible for the
installation and configuration of the security module.  Insert StopLight
ELS disk in Drive A; or B:, change to the drive letter, type ELSUTIL and
press <Enter>.


1. Using the ELSUTIL program, configure your security as appropriate or
   simply use the default security setup described at the beginning of
   this chapter.

2. Highlight "Install Security System" from the ELSUTIL Main Menu and
   press <Enter>. Without selecting Install, the Security System will not
   be installed.


StopLight ELS Demonstration Guide                                   Page 11


3. After selecting "Install Security System", you will be prompted to
   select the drive letter where the StopLight ELS disk is inserted. Once
   you select the drive, the StopLight ELS security files will be
   installed to the C:\SAFER and C:\PUBLIC directories.

4. On completion of the install process, remove the StopLight ELS disk
   from the floppy drive and press any key to reboot the computer.

6. When the computer reboots, StopLight ELS will ask if it should lock the
   hard drive.  Select "No" the first time to make sure the computer
   completes the boot process and you can successfully login.

7. When the login screen appears, type in your system administrator name
   and password.  The default is SYSADMIN for the name and PASSWORD for
   the password.

8. If PASSWORD is your password, after you login to the system, StopLight
   ELS will display a message that this is the default password and that
   you must change it.  Type in a new password in the space provided and
   then verify the password by retyping it.

9. You are ready to explore the many features of StopLight ELS that can
   increase your security and productivity.

This completes your installation of the StopLight ELS.


UNINSTALLING STOPLIGHT ELS

Never try to uninstall StopLight ELS by manually removing the
SHELL=C:\SAFER\SAFER.PGM line from the CONFIG.SYS file.  The computer will
not boot if this line is removed.  Instead, use the standard technique
described below.

To uninstall StopLight ELS, insert the first StopLight ELS disk into a
floppy drive and run ELSUTIL.  Select the Uninstall option from the menu.
Uninstalling will be automatically performed.

          If you are performing UNINSTALL for a system that is
          locked up for any reason, you may be asked to enter the
          Super Password which can be found at the beginning of
          this guide.

On completion of the uninstall procedure, the following message will appear
on the screen:

          System successfully uninstalled.
          Must BOOT the computer now...




StopLight ELS Demonstration Guide                                   Page 12

Remove the original disk from the drive, and BOOT the computer.  The
security login will be removed and you will have access to your system.


EMERGENCY UNLOCKING PROCEDURE

(This section does not apply to the DEMO version of StopLight/ELS since  it
does not lock the hard disk.)

StopLight ELS has been enhanced to restore hard drives that fail to boot.
If, after installing StopLight ELS, a problem arises that prevents access
to the hard drive, do not use FDISK, FORMAT or a disk recovery software
such as Norton Disk Doctor.  By following the steps listed below, you
should be able to unlock the hard drive and recover your data.  This
procedure should only be used if you have already tried the standard
uninstall procedure as described above and still cannot gain access to the
hard drive.

          Do not format your hard drive if you cannot access your
          data.  Call for help if anything goes wrong.

METHOD 1

Use this method only if the standard uninstallation described previously
did not work.

1. Boot the computer with a DOS diskette.
2. Place the ELS disk into a floppy drive.
3. Run     ELSUTIL /US
4. Follow the on-screen prompts.
5. Type in the Super Password listed at the beginning of this guide.
6. Follow the on-screen prompts and reboot from the hard drive.

   If you still cannot boot from the hard drive, boot from a floppy disk
   and switch to the C: drive.  If you can gain access to C:, you may need
   to perform a SYS C: command to transfer the system files back to the
   hard drive.

METHOD 2

Use this method only if the above method did not work.

1. Boot the computer with a DOS diskette.
2. Place the ELS diskette into the floppy drive.
3. Run     PCC
4. Highlight the HD Fix choice and press 
5. Follow the on-screen prompts.
6. Contact Safetynet when prompted for a password.








StopLight ELS Demonstration Guide                                   Page 13

3. Security Setup (ELSUTIL)


          The following instructions are meant exclusively for
          the system administrator.  Since this section includes
          sensitive information, please make sure that this
          information is never accessible to others.

This chapter will allow you to customize StopLight ELS to suit your
particular needs.  Before you can effectively use the security system, you
must configure it to your needs and to the needs of each additional user.
The ELSUTIL program allows you to do this.  To run ELSUTIL, follow these
steps:

1. Type  C:         and press <Enter>
2. Type  CD \SAFER  and press <Enter>
3. Type  ELSUTIL    and press <Enter>

A Main Menu screen will appear showing various options. At the top of the
menu selection, you will see the message "Security System Active".  This
means that your system has StopLight ELS security installed.  If the
Security System is not active, please install it by referring to the
installation instructions given in the previous chapter.


SETUP GLOBAL SECURITY

You may now configure StopLight ELS to meet your specific security needs.
From the menu window, highlight the selection entitled: "Setup Global
Security", and press <Enter>.  This screen allows you to set up Global
Security features for all users.

The following pages in this section give a detailed explanation of each
entry on the setup screen. Please read these carefully before you make
entries on the screen. Use the Help Windows <F1> when required.  Press 
<F5> to create a report of your security settings.

          The administrator shares two settings with USER1, the
          password expiration unit of login times or days, and
          the Keyboard Lock hot key.  Making a change to either
          of these settings for USER1 will also change them for
          the administrator.  User security settings are
          discussed later in this chapter.

ADMINISTRATOR NAME
The default name of the system administrator is SYSADMIN. It is not a
password and will be displayed when typed.  It may be changed to any
suitable name up to eight characters.

ADMINISTRATOR PASSWORD
This is the password used by the administrator to gain access to the
system.  You can select any combination of up to eight alphanumeric
characters. After your password is entered, you will be requested to verify
the password. If the password entered after verify does not match the


StopLight ELS Demonstration Guide                                   Page 14

password entered on the first request, the message: "Password/Key Mismatch"
will appear along with the request to enter the password again.

An existing password can be replaced from the StopLight ELS login screen by
pressing <Home> instead of <Enter> after the user name and password are
entered.  In this case, a field will open to accommodate the new password.

Please remember not to reveal your password to any user as it leaves your
system unprotected and accessible to others.  If, for any reason, you must
give your password to another person, remember to replace it by a new one
and update other related sensitive information as soon as you recover
control of the system.  If you forget your password, please refer to the
Super Password section in Chapter 1.

EXP. (PASSWORD EXPIRATION)
Password expiration, also known as password aging, may be specified here.
StopLight ELS ages administrator passwords based on the number of days or
uses.  Use the +/- keys to select the number of days/uses before the
password expires.  Based on the setting of USER1, the administrator
password will expire in the selected number of days or logins.

          The system administrator's password should be replaced
          as soon as the password expiration warning is given. In
          case the password is not replaced and expires, the
          system administrator will be denied access to the
          system.  If this happens, only the Super Password will
          unlock the system.

SYSTEM-WIDE SETTINGS
Your next step will be to define a global configuration of your security
system. Follow the directions on screen for each step and consult the Help
Windows when necessary. The following information applies to the system in
general and not to individual users.

READ ONLY/PUBLIC DIRECTORY
This choice allows you to create read only directories anywhere on your
system by matching the directory name with the Read Only directory pattern.
Files in Read Only directories can be accessed by any user but can only be
modified by the system administrator.

          This feature is included with your version of StopLight
          ELS for compatibility with previous releases.  We
          highly recommend that you use Trustee Assignments to
          protect files and directories.  Trustee Assignments are
          described later in this chapter.

For example, to make all directories Read Only that end with an RDO
extension (e.g. PROGRAM.RDO, DOS.RDO), select Rd Only in the left field and
press <Enter>.  In the field to the right, type *.RDO or ????????.RDO.  You
will have to rename existing directories to include them in this pattern.

Public directories take the opposite approach to Rd Only directories,
allowing Read and Write access to directories matching the Public pattern
and Read Only access to directories outside the pattern.  For example, to


StopLight ELS Demonstration Guide                                   Page 15

have Read/Write access to your data files, select Public for the field on
the left and *.PUB for the field on the right.  Then make a directory
called DATA.PUB and place your data files in this directory.  Users will
have Read and Write access to these files, but programs and other files
outside of this directory definition will be Read Only.

AUDIT TRAIL LOG
If this option is set to Full or Brief, a file named SAFER.LOG will be
created in the C:\SAFER directory, in which all the information on
supervised activities will be recorded for the administrator's use.  The
Full log tracks user logins and logouts, program, data, and violation
activities.  This log provides maximum details, but also grows the fastest.
The Brief log option reports all activity except data file activity.  Since
data file activity represents the largest portion of typical Audit Logs,
Brief tracking will result in substantially smaller Audit Trail Logs.  If
you do not need an audit log, choose Off for this selection

REQUEST USER NAME ON BOOT
Determine whether users must enter their User Name in order to have access
to the system. Press the <Space Bar> or +/- keys to change between Yes and
No.

REQUEST PASSWORD ON BOOT
Determine whether a valid password must be entered to gain access to the
system.  Press the <Space Bar> or +/- keys to change between Yes and No.
For security reasons, the System Administrator login password is always
required to gain access to the system.

          It is very useful in classrooms to turn off the User
          Name and Password prompts on the login screen,
          displaying "Press Enter to continue" instead.  The
          student simply presses <Enter> to gain access to the
          computer and is automatically assigned the security
          profile of USER1.  This is ideal for preventing
          CONFIG.SYS and AUTOEXEC.BAT deletions, and activating
          virus protection and Hard Disk Format protection.  The
          student can even be prevented from adding or copying
          software.

MINIMUM PASSWORD LENGTH
StopLight ELS passwords can be up to 8 characters in length.  To set a
minimum password length, enter it here by pressing the <Space Bar> or +/-
keys to move through valid lengths.

CUSTOMIZE PASSWORD SCREEN
The login screen contains a large StopLight ELS banner.  This area can be
changed to meet your needs.  Highlight this choice and press <Enter>.  An
editing window will allow you to make changes to this banner.  The banner
information is saved in a file named LOGO in the C:\SAFER directory.  This
file may also be edited with any standard text editor.  To put your banner
changes in effect, you must exit the "Global Security Setup" screen and
save your changes.




StopLight ELS Demonstration Guide                                   Page 16

INITIAL USERS PRIVILEGES (WINDOW)

Highlight this choice and press <Enter> to access the Privileges window.
This is a global setup that will be applicable to all users, but may be
changed during the configuration of individual user's setup.  If you want
to set the same configuration for all users of the system, press <Esc> when
the window is active and answer Yes to "Duplicate this configuration to all
users?".  You can then customize this starting point for each user
individually from the "Setup Users" option of the Main Menu.

Select the initial privileges that you are authorizing the users to have by
pressing the <Space Bar> or +/- keys.  Choices with a check mark in front
of them are enabled.


The following user privileges may be set in the privileges window:

Floppy Disk Write Protect
By turning on this option, you prevent any writing to diskettes inserted in
the disk drives. Thus copying software/data is prevented, but reading new
information into the computer from the floppy disk is still allowed.

Floppy Disk Read Protect
In a similar manner to the previous option, when active, this option will
prevent reading your diskettes.  Since the floppy disk must be read before
it can be written to, choosing this option will totally disable the use of
the floppy drives.

Disable Printer Access
No printer access will be allowed on PRN or any of the LPT ports.  A
network printer is not protected with this option, but generally can be
protected from the network server.  Also, if you need to protect a serial
printer, refer to the following option.

Disable Serial Port (RS-232) Access
This option is used to prevent serial port access via BIOS.  A computer
mouse connected to the serial port will not be affected by this option,
allowing you to restrict a serial printer while continuing to use a serial
mouse.

Keyboard Lock During Screen Blank
This option adds more security to the screen blanking option when you leave
the computer unattended. With this option, the keyboard is locked when the
screen saver is activated by time out.  Only upon entering your login
password will access be allowed to the PC.  If this option is not selected,
only the screen blanker will be activated, with access to the blanked
program granted by pressing <Enter>.

Virus Protection
Activates the real-time virus protection feature, which detects many common
viruses.  This option should be on at all times.  If a virus is found in
the system, both the virus and the infected program will be stopped from
running.  This option only applies to users and not the system



StopLight ELS Demonstration Guide                                   Page 17

administrator.  No security or virus protection is provided during a system
administrator session.

          This option does not detect a significant number of
          viruses.  For top-rated virus detection and removal,
          please contact Safetynet or your dealer for information
          on our VirusNet/Pro anti-virus system.

Disable DOS Shell Access
No DOS prompt access will be allowed by shelling out of applications.  For
example, in Word Perfect, the user cannot reach the DOS prompt by pressing
<Ctrl><F1> and selecting "Go to DOS".  Instead, a warning message will be
displayed and control will return back to the program.

Disable Break
The <Ctrl><C> and <Ctrl><Break> keys will be disabled, preventing the user
from breaking out of and stopping the AUTOEXEC.BAT and other batch files.

Disabling both DOS Shell Access and Break are most useful when combined
with a menu system since the user can be completely isolated from the DOS
prompt.  In a typical scenario, the user logs into the system and is
brought into the menu system by the AUTOEXEC file.  The menu system can be
set to restrict exiting to DOS and accessing menu Setup by passwords.
Choices on the menu can be run, and control will return to the menu after
the program choice is finished.  No possibility will exist to get to the
DOS prompt, since back door attempts such as shelling out of application
programs will be denied.  This effectively locks the user into the menu
environment, and prevents running programs and performing DOS actions that
are not set up in the menu.

Hard Disk Format/FDisk Protect
Formatting and repartitioning of the hard disk (FORMAT and FDISK programs)
will not be permitted.

Disable Date/Time Change
The user will not be able to change the system time and date, providing for
the integrity of the Audit Trail Log.  Do not select this option if you are
receiving StopLight ELS Date/Time change warning messages or experiencing
problems when logging to a Novell or similar network.  Some networks try to
synchronize the workstations date and time, and will not allow a login if
they cannot be changed.

Disable Config.sys & Autoexec.bat Change
This feature should always be enabled since StopLight's security shell must
be loaded from the CONFIG.SYS file.  By choosing this option, no permission
will be granted to users to delete, replace, alter or rename these files.
The administrator login always has full access to these files.

Disable Copying EXE & COM Files
With this option selected, users will be prevented from copying programs to
or from the hard drive, but they still can use the floppy drives for
reading or writing data files.  This option is a highly effective tool for
preventing software piracy.  It can be used to keep your software licenses
legal.


StopLight ELS Demonstration Guide                                   Page 18

SETUP USER PROFILES

After the global security is configured, the system administrator should
configure the user's information for every individual who is authorized to
use the system.

From the ELSUTIL Main Menu, select the Setup Users option, then press
<Enter>.

Select a user from the pop-up Select User window and press <Enter>.  After
you have finished editing a particular profile, press <Esc> to return to
the Select User window.  You can then select a different user or press
<Esc> to return to the Main Menu.

USER NAME
Two different user profiles may be defined in StopLight ELS.

          If you need more than 2 users to access a PC, please
          contact Safetynet or your dealer for information about
          the StopLight Security System.

A user's name is a combination of up to eight alphanumeric characters.
Please note that this is not a password and is visible to all users.

USER ACTIVE
Is the user active? Select Yes or No by using the <Space Bar> or +/- keys.
This option can be temporarily set to No when the user is away, on
vacation, etc., or when the system administrator decides to deny the user
access to the system. By selecting No, the administrator will completely
prevent access by the user or any one who is familiar with this user's
password. Anyone attempting to enter under an inactive user's password will
receive the message: "User Not Active, Log-In Denied!".

BOOT PASSWORD
Enter a unique login password for this user. Select any combination of up
to eight alphanumeric characters. After this password is entered, there
will be a request to verify password. If the password entered after Verify
is wrong, the message: "Password/Key mismatch" will appear, followed by a
request to enter the password again.

This could be an initial password for the specific user, and you may want
to authorize the user to replace it with another one.  Please refer to the
`` Allow Password Change   option described below.  In this case, the new                      ''
password will be entered by the user by pressing <Home> instead of <Enter>,
after typing the old password on the login screen.

EXP. (PASSWORD EXPIRATION)
Password expiration, also known as password aging, may be specified here.
StopLight ELS can age passwords based on the date or by number of uses.
First, select the number (either days or uses) before the password expires
by using the <Space Bar> or +/- keys.  Then press         to move the                                                  <Enter>
cursor to the field immediately to the right.  Use the <Space Bar> or +/-
keys to select between  "Times" and "Days" depending on your requirements.


StopLight ELS Demonstration Guide                                   Page 19


If you decide to use password expiration, the user will receive the
following message before the password actually expires:

              "Password usage expires, MUST change password"

If the user has permission to change their login password, a New Password
and Verify Password field will be displayed on the login screen.  If the
user is not allowed to change their password, or if they allow their
password to expire, they must contact the administrator for a new password.

AUTO SCREEN SAVER
The screen blanker can be activated automatically after the keyboard has
been inactive for a predetermined time.  In the User Privileges window, if
"Keyboard Lock During Screen Saver" is selected, the login password will
be required to regain access to the computer.

Select values from two minutes up to 60 minutes with the <Space Bar> or +/-
keys.  If you do not want the screen saver to activate automatically,
select OFF.  Please note that the screen blanker can be instantly activated
anytime using the hot keys as discussed in the "Screen Blanker / Keyboard
Lock" section of Chapter 1.

HOT KEYS
The hot key combination used to activate the screen saver, keyboard lock,
and reboot on program exit can be redefined by modifying this choice.  It
is made up of a combination of <Ctrl>, <Alt>, and <Shift> keys followed by
an optional letter.  By requiring a letter after the initial combination,
several security features can be activated on demand.

With the cursor on the left Hot Keys field, press the <Space Bar> to bring
up a list of key combinations.

Select the initial hot key and press <Enter>.  The cursor will then move to
the hot key field on the right.  Use the <Space Bar> or +/- keys to choose
between "+ Letter" and "No Letter".

By selecting "+ Letter" along with the initial key sequence, the screen
saver, keyboard lock, and reboot on program exit features can be accessed.
Hold down the key sequence in the left field for five seconds.  When the
computer speaker makes a clicking sound, press D to activate the screen
saver, S to activate the screen saver with keyboard lock, K to activate the
keyboard lock, and B to reboot the computer after the current application
is exited.  See Chapter 1 for more details.

For users who wish to activate the hot key sequence in Microsoft Windows,
"No Letter" must be selected for the field on the right.  Holding the key
sequence in the left field for five seconds will activate the screen saver
with or without the keyboard lock (the reboot and keyboard lock only
features will not be available).  You can make the keyboard lock activate
by setting the "Keyboard Lock during Screen Saver" choice found in the
"Initial Users Privileges" window (described earlier in this chapter).




StopLight ELS Demonstration Guide                                   Page 20

For Microsoft Windows users, a special program (MSWIN.EXE) is provided to
activate the screen saver by clicking on an icon.  See Chapter 1 for more
details.

ALLOW PASSWORD CHANGE
You may authorize some users to replace their initial password by a
different one. Indicate for every user whether they may or may not change
their login password.  A user who is authorized to do so can replace their
password by pressing the <Home> key instead of <Enter> after the password
is typed on the login screen.  A field will appear on the screen prompting
them for the new password.

TRUSTEE ASSIGNMENTS (WINDOW)
Each user can be assigned Trustee Assignments for files and  directories.
Trustee Assignments can control the type of access available for files,
directories and drives.  If Trustee Assignments overlap for a particular
file or directory, the most specific assignment will be used.  For example,
assume that an entire drive is set to Read Only and a Trustee Assignment
for a file on that drive is set Read and Write.  Since the file assignment
is more specific than the drive assignment, the user will have Read / Write
access to that file.

Highlight the "Trustee Assignment (window)" choice and press <Enter> to
display the Trustee Assignment setup screen.

TRUSTEE ASSIGNMENT RIGHTS
Trustee Assignments can be added to drives, directories and files.  Rights
which can be granted (or denied) include (C)reate, (D)elete, (E)xecute,
(R)ead and (W)rite.  If a right is not given, it is not allowed.  Trustee
Assignments that are blank for an object mean that the user will have no
access to that object.

(C)reate  - Allows a user to use the DOS Create function to add a new file
            to a drive or directory.
(D)elete  - Allows a user to delete a file from the drive or directory.
(E)xecute - Allows a user to run a program from the drive or directory.
            This must be accompanied by the (R)ead privilege.
(R)ead    - Allows a user to have Read file access.
(W)rite   - Allows a user to have Write file access.  It is usually
            accompanied by the (R)ead privilege.

When a drive, directory or file is not listed, either explicitly, or by a
pattern, the user has full rights.  Only items that are included in the
Trustee Assignment window are protected.

PROTECTING A SPECIFIC DIRECTORY
1. Display the Drive and Directory window by pressing the <F5> function
   key.
2. Highlight the drive to work with and press <Enter>.
3. Select the directory to protect and press <Enter>.

PROTECTING A DIRECTORY AND ITS SUB-DIRECTORIES
Directories and Drives with a trailing backslash (e.g. C:\DOS\) do not
include their subdirectories as part of their Trustee Assignment


StopLight ELS Demonstration Guide                                   Page 21

protection.  Remove the trailing backslash to include subdirectories as
part of the Trustee Assignment protection.

1. Display the Drive and Directory window by pressing the <F5> function
   key.
2. Highlight the drive to work with and press <Enter>.
3. Select the directory to protect and press <Enter>.
4. Remove the Trailing Backslash from the Directory Name.

PROTECTING A SPECIFIC DRIVE
        
1. Press <Insert> when the highlight bar is on the Trustee Assignment
   window.
2. Type in the name of the drive you wish to protect (e.g. C:) and press
   <Enter>.
3. Remove the trailing backslash from the entry by pressing the <Enter> key
   on the drive item and editing the choice.
4. Add various Trustee Assignments as described in the Trustee Assignment
   Rights section above.

PROTECTING A SPECIFIC FILE
1. Select a directory by following the Protecting a Specific Directory
   steps 1-3 above.
2. With the Trustee Assignment highlight bar on that directory, press
   <Enter> to display the Edit window.
3. Type in the full path of the file you wish to protect.  Standard DOS
   wildcards are allowed.
4. Then add the appropriate Trustee Assignments as described in Trustee
   Assignment Rights above.

PROTECTING A PATTERN OF FILES
(DOS wildcards * and ? can be used to protect a pattern of files.)

Method 1:
1. Press <Insert> and type in the drive, directory and pattern of files to
   protect.  The syntax for protecting multiple files is the same as the
   syntax used to select multiple files with a DOS DIR or COPY command.
   (e.g. C:\WINDOWS\*.INI)
2. Then add the appropriate Trustee Assignments to the selected file
   pattern.

Method 2:
1. Select a directory by following the Protecting a Specific Directory
   steps 1-3 above.
2. With the Trustee Assignment highlight bar on that directory, press
   <Enter> to display the Edit window.
3. Add to the directory the wildcard file pattern you wish to protect (e.g.
   C:\DATA\*.DBF).
4. Then add the appropriate Trustee Assignments to the selected file
   pattern.





StopLight ELS Demonstration Guide                                   Page 22

C:\WKS\
[RW  ] Files in C:\WKS will be Read and Write Only. The trailing "\"
after WKS means that files in directories under C:\WKS are not affected by
these rights and will remain with full access.

C:\WKS
[RW  ] Files in C:\WKS and directories below it have Read Write privileges.
(Notice that no trailing backslash is placed after WKS.)

C:\SECURE
[    ] The C:\SECURE directory (and directories below it) are not
accessible to the user since no rights were granted.

C:\123\TS.WKS
[RWCD] User has full rights to the TS.WKS file.

PRIVILEGES (WINDOW)
Press <Enter> to select the Privileges window for the current user.  From
this window, you can mark the privileges available to the user by pressing
the <Space Bar> or the +/- keys.  Remember that the system administrator
has complete privileges to the system, including removing or altering the
security configuration.  If the administrator needs to use the computer for
reasons other than security setup, a separate user login should be
provided.  Detailed descriptions of each privilege option can be found in
the "Initial Users' Privileges" section earlier in this chapter.


AUDIT TRAIL LOG REPORTS GENERATION

StopLight ELS automatically records the users LogIn/LogOff date and time in
the SAFER.LOG file.  Depending on your Audit Log setting (Off, Brief, or
Full), various amounts of user activity will be recorded and kept in the
log including attempts to perform illegal activities.

The administrator can create a report according to the following criteria:

     All:        Any activities that matches a definition below will be
                 registered.

     User Name:  List activities of the user whose name is specified.

     Sys.Admin.: Lists the login, logout, and virus warnings generated by
                 the system administrator.

     Violation:  Any activity that does not conform to the privileges
                 authorized will be highlighted in the report.

     Statistics: The total computer time spent by every user will be
                 recorded.

After the criterion for the production of the report is selected, you may
be asked the output destination:



StopLight ELS Demonstration Guide                                   Page 23


     Screen:    The report will be displayed on the screen.

     Printer:   A printed listing will be sent to the printer connected to
                LPT1:.

     File:      The file option will write the output to a SAFER.REP file.

     Data file: This report is produced in the form of a data file under
                the name of SAFER.REP (fields are written between
                quotation marks, and separated by commas). The data can
                then be analyzed with a database or spreadsheet program.


OPTIONAL ELSUTIL SWITCHES

ELSUTIL accepts command-line instructions for various features.  An example
of the syntax is as follows:

     ELSUTIL /U  -  To select the uninstall option.
     ELSUTIL /W  -  To display black and white screens.

Since new switches may be added that are not documented in this guide, run
ELSUTIL /? to display a complete description of the current switches.
Following are switches that ELSUTIL can accept:

     /U         Runs the Uninstall Security System choice.
     /SG        Directly runs the Setup Global Security window.
     /SU        Directly runs the Setup Users window.
     /RU        Produces a report of the Global and User security
                settings.
     /R         Runs the Generate Audit Log Reports menu selection.
     /RD=S|P|F  Selects a report Destination of (S)creen, (P)rinter or
                (F)ile.  (e.g. MSUTIL /RD=F will produce a report to a
                file.)
     /CO        Runs the Configuration menu choice.
     /HI        Used during installation to tell the security system that
                you have more that 640K of conventional memory.
     /P         Selects a non-IBM/Epson printer for printing audit trail
                reports.
     /L         Selects a HP Laser printer for printing audit trail
                reports.
     /W         Optimizes the display for non-color screens.
     /S         Removes sound effects from pop-up windows.
     /? or /H   Views the help screen.











StopLight ELS Demonstration Guide                                   Page 24

4. End-User Operation


          This chapter should be read by all users of StopLight
          ELS.  It covers operation when you are logged in as a
          User (non-administrator).

StopLight ELS is a sophisticated security system that will protect your
important information and make your computer time more enjoyable.  It gives
you the privacy and levels of security that will guarantee that no
unauthorized user has access to your private files or programs.

    * StopLight ELS is user-transparent. In other words, it will not
      inhibit you in any of your activities, unless you do something that
      your system administrator has not authorized you to do (for example,
      trying to have access to another user's files!). The system
      administrator may have assigned a separate safe directory to you
      where you can store your files without worrying about other users
      gaining access to them.

    * StopLight ELS cannot be by-passed.  It is not possible to boot the
      system from a diskette and gain access to the hard drive.  Also,
      certain directories and files may be restricted from being accessed.

You are one of the authorized users who has been assigned certain access
and user privileges by your administrator.  This chapter will help you to
understand and use the security features of your system.


LOG IN

When the PC is first powered on, the StopLight ELS login screen will
appear, asking you for your Login Name and Password.  Type in the
information requested and press <Enter> after each line.  Upon supplying
the correct information, you will gain access to the computer with a
certain security profile assigned by the system administrator.  Access to
the computer will not be granted until you supply the correct information.


PASSWORD

Proper use of your login password is very important to the security of your
information stored on the PC.  The system administrator has assigned each
user a unique login password.  With your password you can prevent other
users from gaining access to your files.  If you disclose your password to
another user, they will then have access to your files.

Along with your Login Name you must use this password to enter the system,
or access will be denied.  If you forget your password, ask your system
administrator.  Don't try to randomly guess your password at the login
screen.  Proper password use is critical to the StopLight ELS system.  The
following sections provide important information regarding password use.




StopLight ELS Demonstration Guide                                   Page 25

Default password
If the administrator gave you a password of PASSWORD, you will be asked to
change the password to a new one.  Type in a new password and press
<Enter>.  Then type it in again to verify that it was typed correctly.  You
will then use this new password to access the system.
        
Invalid password
Three consecutive attempts to enter the system with a wrong user name or
password will produce the message: "System Halted!". You may unlock the
system by pressing the reset button and try to login again with your
correct user name and password.

Expired password
For additional security, your system administrator may decide that your
password will be valid for a certain period of time or number of valid
logins, and then expire. When your password is due to expire, the following
message will be displayed on your screen: "Password usage expires, MUST
change password!". If you are authorized to replace your password, do so
AT ONCE! If not, please notify your system administrator as soon as
possible. After the password expires, you will no longer have access to the
system!

Changing your password
An existing password can be replaced on the login screen by following these
instructions.

     1. Type in your user name and press <Enter>.
     2. Type in your current password and press <Home>.
        (If you are authorized to change your password, two new fields will
        appear.)
     3. Type in your new password and press <Enter>.
     4. Type in your new password again to verify that it was typed in
        correctly and press <Enter>.

Your new password will remain in effect until you change it voluntarily,
the system administrator changes it for you, or the system requires you to
change it.

          If the administrator has not allowed you to change your
          password, pressing <Home> after you type in your user
          name and password will not work.  You must notify the
          administrator that your password needs to be changed.

The system administrator may have specified a minimum password length. If
the new password you entered is less than the minimum length, a "Password
too short" message will be displayed.  Please enter a longer password
(maximum eight characters).


SCREEN BLANKER / KEYBOARD LOCK

When the computer is left unattended for a period of time, it is possible
to implement a Screen Blanker or Keyboard Lock.  Each one blanks out the
screen to protect sensitive information and prevent monitor burn.  While


StopLight ELS Demonstration Guide                                   Page 26

the screen is blanked, any programs which were running will continue to
run.  The screen will be replaced by a moving message display.  The Screen
Blanker is cleared by pressing <Enter>, and the Keyboard Lock is cleared by
pressing <Enter>, typing in your login password and pressing <Enter> again.
The system will be unlocked and its screen information will be restored.

The Microsoft Windows keyboard lock clears the screen and displays a moving
message window.  DOS-based programs will also be replaced by a moving
display.

In graphics applications other than Microsoft Windows, the Screen Blanker
and Keyboard Lock will blank the screen with a solid color.  For most
programs, the Screen Blanker will display a blue screen, and the Keyboard
Lock will display a red screen.  Some programs may change the video display
and alter these colors.  To regain access to the system, press <Enter> to
clear the keyboard buffer.  If the screen is not restored, the Keyboard
Lock is active.  Type in your login password and press <Enter> to restore
the screen.

Normally, only the Screen Blanker will appear when you step away from your
computer.  However, to activate the keyboard lock instead of your Screen
Blanker, ask the administrator to select the "Keyboard Lock during Screen
Saver" choice in ELSUTIL.


HOT KEY ACTIVATION

A hot-key is provided to activate the Screen Saver / Keyboard Lock
immediately.  Press and hold <Alt><Ctrl> together for five seconds to blank
or lock your screen.  If the administrator requires a letter to be pressed
along with the hot key, press the hot key and hold it down for five
seconds.  The computer speaker will then make a clicking sound.  Without
lifting the hot key, press one of the following keys:

     D key: Dims the screen (Screen Blanker).
     S key: Secures the keyboard and dims the screen (Keyboard Lock &
            Screen Blanker.)
     K key: Keyboard lock but does not dim the screen.
     B key: Boots the computer after the current program is exited.  When
            activated, two beeps will be heard to confirm that the feature
            is activated. This feature is ideal for unattended modem
            transfers and tape backups when you wish to ensure that no
            other programs will be run from the computer.


WHAT A USER CANNOT DO

By being granted User access to the computer, you inherit certain
restrictions which will keep your computer operating correctly.

              * A user cannot access the \SAFER Directory.  This is the
                directory where the security parameters are defined by the
                system administrator.



StopLight ELS Demonstration Guide                                   Page 27

              * A user cannot alter or write to the Boot sectors.

              * A user cannot use the CHKDSK program since no access is
                granted to the \SAFER directory and other private user
                directories.  If you must use CHKDSK, please contact your
                system administrator.


SECURITY VIOLATIONS

If an action results in the breach of any security rules, a warning message
is displayed and the action is denied.  Typical actions which may breach
security include unauthorized access to the CONFIG.SYS and AUTOEXEC.BAT
files, and attempting to change to a secure directory.  A complete list of
messages can be found in the Appendix.


LOGGING OFF

When you are done working with the PC, you must exit the system in one of
the following manners:

     a) By pressing <Ctrl><Alt><Del>; or,
     b) By running LOGON when you wish to return to the initial login
        screen without rebooting the computer.  As in the example above,
        this command may be located in the C:\PUBLIC directory.

Your logoff time will be recorded in the Audit Log file when you exit the
system in one of the above ways. If you exit the system by turning the
computer off, the system will not be able to record the logoff time.
Instead, the security system will record this as an "INVALID LOGOFF" and
include it as a violation in a report to the system administrator.
























StopLight ELS Demonstration Guide                                   Page 28

5. Special Programs


Several programs are included with StopLight ELS to enhance its overall
performance and flexibility.  Some programs are especially useful when
placed in batch files.  Each of these programs can be used at the DOS
prompt or incorporated in a menu system.


PCC

PC Checkup (PCC.EXE) is a powerful tool for examining your system
configuration and recovering from hard drive failure.  It is located in the
C:\SAFER directory.  When PCC is first run, it displays an overview of your
computer's specifications.

OVERVIEW
Information about your hardware includes the computer, CPU and numeric
processing unit types.  The video adapter card type and monitor type are
also detected.  Super VGA or SVGA cards are reported as VGA-class cards.
Also reported is your DOS version, your Microsoft Windows operating mode if
PCC is being run under Windows, and the date of your BIOS chipset.  An
overview of your memory is then provided, including extended and expanded
memory sizes and versions.  Finally, information about your serial (COM)
and parallel (LPT) ports is displayed, including the number of each
detected and their addresses.

Press the <PgDn> key to display a second screen of overview information.
This screen displays detailed information about your floppy drives, hard
drives, RAM drives and network drives.  Depending on the amount of
information collected, a third screen may also be available.  Press <PgDn>
to view the following screen.

This third Overview screen displays detailed hard drive specifications.
First, information about the number of heads, cylinders and sectors is
displayed.  Then, for certain drive types, the serial number of the hard
drive, the hard drive controller version, and the model ID of the drive are
displayed.

ENVIRONMENT
Press the <Down Arrow> key to highlight the Environment menu choice.  This
window will display all variables defined in your DOS environment.

MEMORY MAP
Highlight the Memory Map choice to display detailed information about the
programs, TSRs and device drivers running on your system.

Included in this display is the address that the program is running in, its
environment size, the total amount of memory it is occupying, its name, and
the interrupts that it is using.  This information is very useful for
optimizing your system and determining if there are any conflicts between
programs.  If you have a large memory map, press <PgDn> to view additional
pages.



StopLight ELS Demonstration Guide                                   Page 29

ADAPTERS
Highlight the Adapters menu choice to display information about your BIOS
and adapter cards.  This window searches for identification fingerprints in
memory.  The first column displays the memory location that the fingerprint
was found.  The second column shows the information that was found in that
location.  Depending on the adapter cards that are in your system, some
cards may not be shown in this display.

FILES
The files menu item enables you to easily edit your DOS configuration
files, run CHKDSK and search for files.  If you press <Enter> on the
AUTOEXEC.BAT or CONFIG.SYS choices, you will be presented with a simple
editor which can be used to view and modify these files.  The keys listed
at the bottom of the screen can be used to edit, insert, delete and move
(transfer) lines.  When you are finished editing or viewing the file, press
<Esc> to either save or cancel your changes.

HARD DRIVE PARAMETERS
Highlight the HD Params menu item to display detailed information about
your DOS drives.  Use the <Left Arrow> and <Right Arrow> keys to move among
the various drives.  Information is displayed about the drive's sectors,
clusters, FAT table and directory table.  Also, media descriptor byte,
total number of clusters and total drive size are displayed.

HARD DRIVE FIX
The HD Fix menu choice should only be selected if your hard drive fails to
boot.  It should not be used to uninstall StopLight ELS unless hard drive
corruption prevents the standard uninstall procedure from working.  HD Fix
should only be used as a last resort to restoring a damaged hard drive.
You will be required to contact Safetynet technical support to fix a
damaged drive using this method.

NETWORK
If you are connected to a network such as Novell Netware, the network menu
choice will be displayed.  Selecting this choice will display information
about your file servers, network shell version and node address of your
network interface card (NIC address).


ALERT

When a program attempts to perform an action that is not allowed by the
user's security definition, StopLight ELS generates a warning beep and
displays a message indicating the type of offense.  To prevent this
violation alert, run ALERT OFF before running your program.  After the
program is finished, ALERT ON will reactivate security alerts.  These
commands can be placed in a batch file to automate this process.  It is
important to note that turning alerts off has no effect on the user's
security priviledges, just on the warning that is given.







StopLight ELS Demonstration Guide                                   Page 30

DEFMSG

The DEFMSG command allows you to insert a new or different message that
will appear when the screen is blanked.

Syntax:  DEFMSG message

When the screen blank option is active, your personal message will be
displayed.


EX

Fixes access denied errors in some programs that try to access secure
directories.  When these programs encounter a directory that is restricted,
they either stop and issue an error message, or rescan the drive in an
infinite loop.  The EX program will allow these programs to skip secure
directories and continue to read the drive properly.

Syntax:  EX ProgramName


KEYBFIX

Keyboard fix is for international language KEYBxx support when certain hot-
keys are used.  This program must be executed in the AUTOEXEC.BAT
immediately after KEYBxx is loaded.


LOGON

Utility to login as another user without rebooting the computer.  This
utility is essential for accessing a secured system remotely.


WHOAMI

Displays the current user name, system date and time.


UNLOCK

Used by  the system  administrator to  temporarily unlock  the hard  drive.
This is useful when making modifications to the CONFIG.SYS or  AUTOEXEC.BAT
files.  When the computer is rebooted, the security system will ask if  the
hard drive  should  be relocked.    After  testing that  the  boot  process
completes successfully, the  computer can be  rebooted and  the hard  drive
locked.  If someone logged in as a USER tries to access this utility,  they
will be denied.







StopLight ELS Demonstration Guide                                   Page 31

Appendix


This chapter starts with solutions to common problems that can occur with
security software.  Then, a list of error messages that the system
generates is presented.  The final section of the chapter briefly describes
other Safetynet products which can complement StopLight ELS.


SOLUTIONS TO COMMON PROBLEMS

The following section represents situations and suggestions that have been
compiled from our customers.

     Some programs cause the computer to issue warning beeps during their
     startup or normal operation.
Solution
         beeps may be coming from the security system, signaling that some     The 
     program actions are being prevented because they break a security rule
     for the current user.  Check your audit log to see what kind of
     violations are being registered.  Then modify your security settings
     to allow this activity.  If you do not wish to allow this activity,
     but still wish to prevent the warning messages and beeps, use the
     ALERT.EXE command with an OFF parameter (ALERT OFF).  This will
     prevent StopLight ELS from generating any visual or audible error
     messages.  To turn security alerts back on, use the ALERT ON command.
     More information about the ALERT program is found in the previous
     chapter.

     Netware does not allow a user to login to the network.  A Date/Time
     Change warning is given.
Solution
     Upon login to Netware networks, the network may try to synchronize
     your PC's date and time.  If you Disable DATE/TIME Change, the network
     may not let you login.  Do not select Disable DATE/TIME Change if you
     are experiencing this problem.

     After logging into the network, DOS Shell Access is no longer
     disabled.
Solution
     Some network drivers (e.g. NETx.COM) do not allow Prevent DOS Shell
     Access to work properly.  To restore this feature, make a batch file
     that runs these drivers and then runs the StopLight ELS NETFIX.COM
     utility.

     Programs that scan the hard disk stop when they encounter a secure
     directory.
Solution
     Run the program by using the EX.EXE utility to prevent warning
     messages while scanning the disk.






StopLight ELS Demonstration Guide                                   Page 32

NEW SOLUTIONS

If you have implemented StopLight ELS to solve a difficult problem, please
let us know.  We would like to pass the knowledge on to others.  Also, if
you have any programs that need special handling when working in a security
environment, we would like to hear from you.  Please contact our Technical
Support department and share your experiences with them.


LIST OF VIOLATION MESSAGES

The following is a list of Error and Security Violation Messages that may
appear on your screen.  For your convenience, we have listed first the
messages that you may encounter when installing or accessing your system as
a system administrator.  It is followed by the messages that the users will
get whenever they execute a function that may not conform to the security
provisions.

Security System Not Installed
          Your PC is not protected by StopLight ELS presently, because the
          system is not installed.

Error while reading security system from Hard Drive
          Non-standard hard drive, or hard drive failure.  Run a
          diagnostics program such as Norton Disk Doctor to see if the
          problem can be corrected.

Installation was already done from this diskette
          This disk was already used for installation of security system on
          one PC and contains information for unlocking the hard disk of
          that machine.  If you continue with the installation, you will
          overwrite the unlocking information of the first computer.  This
          will prevent the security system from unlocking the hard drive
          and uninstalling from the first computer. You may continue with
          the installation, but if you do so, you will NOT be able to
          uninstall the security system from the first PC.  If you are
          reinstalling the system to the same PC and receive this warning
          message, you can continue with the installation without risking
          proper uninstallation.

CONFIG.SYS is not accessible. Must clear attributes. Continue installation?
          CONFIG.SYS is read-only. Therefore, attributes must be cleared
          before installation can be completed. If you answer YES, all
          attributes will be cleared.

Security system is already installed on this computer!
          If you are trying to install the security system on a computer
          that already has it active, you will be warned that StopLight ELS
          was already installed and will not be able to complete the
          installation.  The system only needs to be installed once per PC.
          Any changes made to the system setup will take place after the
          next user logs into the computer (preferably after rebooting).




StopLight ELS Demonstration Guide                                   Page 33

The security system was not installed on this computer. Cannot Uninstall.
          You cannot uninstall the system as it was not installed (or,
          perhaps, it was installed and already uninstalled).  If you
          cannot uninstall the system even though StopLight ELS is
          installed, contact Safetynet for further assistance.

Serial Number mismatch! Cannot UnInstall
          The installation was not done from the diskette inserted in the
          drive. Therefore, please use the diskette that the system was
          installed with to uninstall StopLight ELS.  This precaution is
          implemented to prevent uninstall information from a different
          computer from being written to the hard disk.

The security system was not installed from this diskette. Cannot UnInstall.
          There is no uninstall information on this diskette for StopLight
          ELS to use to unlock the computer.  Most likely, the diskette was
          not the one used during installation.  If you are sure this is
          the diskette used for installation, contact Safetynet for further
          instructions.

Security file error, System Halted!
              SAFER.LOG file in which the Audit Trail is logged cannot be          The 
          accessed. The possible causes could be that the file is missing,
          or the disk is full.  In rare cases, there may not be enough file
          handles to write the log file and continue your program
          operation. If there is disk space remaining, try increasing your
          FILES= statement in the CONFIG.SYS file.  For further assistance,
          please contact Safetynet Technical Support.


ERROR MESSAGES THAT USERS MAY ENCOUNTER

Password too short, reenter!
          There is a minimum length requirement for your password. Please
          choose another password accordingly.

Password Expires, must change!
          Your password will expire soon. If you cannot change your
          password, please contact your system administrator. If you are
          authorized to replace your password, do so at once by logging in
          with the old password and entering a new one in the field that
          will open on the screen for this purpose.

Password Usage expired!
          This is the last of the five consecutive warnings that the login
          password is about to expire. The user will not be allowed into
          the system until the administrator assigns a new password using
          ELSUTIL.

Default password, must change!
          When a user or system administrator logs into the system with the
          default password of PASSWORD, StopLight ELS requires that a new
          password be provided.



StopLight ELS Demonstration Guide                                   Page 34

User Not Active, Log-in Denied!
          When a user is set to inactive from ELSUTIL, this message will be
          displayed.  To reactivate the user, use the Setup Users section
          of ELSUTIL and set the User Active choice to Yes.

Password Mismatch, Reenter!
          The password you entered does not match the valid password. Try
          again.

Invalid Password, System Halted!
          The user must reset the computer to return to the login screen.

Same Password as Old, Reenter!
          The user was requested to choose a new password but has selected
          the old password again.  A different password must be used for
          the new password.

System Locked for all Users!
          Too many attempts were made to enter the system with a wrong
          password.  After this occurs, no user is authorized to enter the
          system.  The system administrator must unlock the system by
          logging in as Administrator.

Hardware access denied to: (HD, Boot Sector, etc.)
          The user is not authorized to carry out this activity since it
          was denied in the User Privileges window by the administrator.

Access Denied to: (File Name, Directory Name, etc.)
          An attempt to access the specified part of the system represents
          a violation and will be denied.  If the user must have permission
          to access the given feature, the administrator must make the
          modification in the security setup of ELSUTIL.
























StopLight ELS Demonstration Guide                                   Page 35

INDEX


Adapters, 30
ALERT.EXE, 30, 32
Audit Log, 28
Audit Trail Log, 9, 16
  brief, 16
  full, 16
  full tracking, 9
  report, 23
  report generator, 9
  SAFER.REP, 24
  user's activity, 9
AUTOEXEC.BAT, 28
  disable modification, 18
Beeps, 32
Boot, 25
Boot Sector, 28
Break disable, 18
CHKDSK, 28
CONFIG.SYS, 28
  disable modification, 18
Customer Service, 5
Date change disable, 18, 32
DEFMSG.EXE, 31
Directories
  Public, 15
  Read Only, 15
  SAFER, 8
  Trustee Assignments, 21
DOS Shell Disable, 18, 32
Drive-In, 3
Drive-In AntiVirus, 3
Drive-In LAN, 3
Encryption
  of password, 8
Environment, 29
Error Messages, 33
EX.EXE, 31, 32
Files, 30
  Log, 9
  SAFER.LOG, 16
  security, 9
  Setup, 9
  Trustee Assignments, 21
Floppy Disk
  read protect, 17
  write protect, 17
Function Keys
  <F1>, 14
  F5, 14
Hard Disk
  format/fdisk protection, 18


StopLight ELS Demonstration Guide                                   Page 36

Hard Drive Fix, 30
Hard Drive Parameters, 30
Hot Keys, 14, 20
Initial Users Privileges, 17, 20
International language support, 31
  KEYBFIX.EXE, 31
KEYBFIX.EXE, 31
Keyboard Lock
  during screen blank, 17
  hot key, 14
  Windows, 9
License Control, 18
Login, 8
  name, 16
  password, 16
  system administrator, 8
  user, 8
  valid, 26
Logoff, 28
  invalid, 28
LOGON.EXE, 28, 31
Memory Map, 29
MSWIN.EXE, 21
NETFIX.COM, 32
Network, 5, 30, 32
  drivers, 32
Password
  aging, 15, 19
  change, 12, 15
  changing, 26
  combinations, 7
  default, 26, 34
  encrypted, 8
  expiration, 15, 19, 34
  expired, 26, 34
  invalid, 26
  login, 7, 19
  minimum length, 16, 34
  mismatch, 35
  replace, 15, 19, 21, 26
  super password, 15
  system administrator, 14
  system halted, 35
  user, 7
  valid, 7
  verify, 14, 19
Password expiration, 14
PC Checkup, 29
PCC.EXE, 31
Printer access disable, 17
Private Directory, 28
Privileges, 17
  user, 17, 23
ProfileNet, 4


StopLight ELS Demonstration Guide                                   Page 37

SAFER Directory, 9, 27
SAFER.LOG, 34
SAFER.REP, 24
Screen Blanking, 26
  activate instantly, 20
  automatic, 20
  DEFMSG.EXE, 31
  Windows, 9
Security, 9
  configuration, 9
  global, 19
  global configuration, 15
  parameters, 9
  report of settings, 14
  unprotected, 8
Serial Number, 34
Serial port access disable, 17
Software piracy prevention, 18
StopLight, 3
StopLight LAN, 3
Super  Password, 8
Super Password, 15
System Requirements, 5
  memory overhead, 5
Technical Support, 5
Time change disable, 18, 32
Trustee Assignments, 9, 15, 21, 35
  directory, 21
  error messages, 32
  EX.EXE, 32
UNLOCK.EXE, 31
User
  active, 19, 35
  authorized, 25
  privileges, 25
Virus Protection, 17
  VirusNet/Pro, 3
  VirusNet/Pro LAN, 3
VirusNet/Pro, 3
VirusNet/Pro LAN, 3
WHOAMI.EXE, 31
WIN.INI, 10
Windows, 9
  hot keys, 20
  MSWIN.EXE, 21











StopLight ELS Demonstration Guide                                   Page 38

