





                                       LanLock



                               Software Metering System

                                     Version 1.2















       Abstract: LanLock is a software metering program that can be used
                 to enforce license restrictions on a Novell wide area
                 network.  Each installed application is required to call
                 a LanLock server and receive permission to run.  The
                 LanLock server can enforce the number of copies of
                 software that may be in use at once.  If the application
                 is copied to another machine that is not within the
                 LanLock server's domain, the application will refuse to
                 work.


       Demo:     A demo copy of LanLock is provided to allow you to "try
                 before you buy," (for 60 days)  however this program is
                 not free.


       Software by:   Secure Design
                      PO Box 475               Phone (503) 758-0955
                      Corvallis, OR 97339      E-mail herzogs@ucs.orst.edu










                                       Page - 1











       Copyright :    Copyright  (c) 1992  by  Secure Design

       Other brand and product names are trademarks or registered trademarks of
       their respective holders.

       U.S. Government Restricted Rights:

       Use, duplication or disclosure by the Government is subject to
       restrictions set fourth in subparagraph (a) through (d) of the
       Commercial Computer Restricted Rights clause at FAR 52.227-19 when
       applicable, or subparagraph (c) (1) (ii) of the Rights in Technical Data
       and Computer Software clause at DFARS 252.227-1013, and in similar
       clauses in the NASA FAR Supplement.

       License Agreement:

       This software is provided on a trial basis for a 60 (sixty) day period.
       This is intended to allow 30 days to decide on the purchase of this
       software, and 30 days to purchase a copy.  After 60 days, should you
       decide not to purchase this software, you must remove all copies from
       your system.  By using this software you are agreeing to these terms.

       Once you have purchased this software, you will be given a serial number
       for each zone.  This serial number may not be exchanged, sold, or
       otherwise distributed.


       Warranty:

       This  software  is sold on an as-is basis.  Secure Design specifically
       disclaims all warranties, expressed or implied.  In no event shall
       Secure Design be liable for any loss of profit or any other damage
       including but not limited to special, incidental, consequential or other
       damages including damages to a third party.  (See warranty page for
       further details)  By using this software you are agreeing to these
       terms.  If these terms are not agreeable, do not use this software.










                                       Page - 2


       Table Of Contents

       Overview                                4
       Quick install                           5
       System requirements                     6
       What is a "zone"                        7
       The llsetup utility                     9
         Software record options               11
       Application installation                12
         Dos doppelganger                      13
         Windows doppelganger                  14
         Batch files and menus                 15
         The lanlock.exe utility               16
       The llboot utility                      18
       The LanLock server                      19
       The time server                         21
       The llgraph utility                     22
       Troubleshooting                         24
         The LanLock Server Debugger           25
         The LanLock.exe Debugger              27
       Developer's section                     28
         Time Server Services
         Log file format
       Warranty information                    30
       Registration / Distribution information 31
         LanLock Order Form                    32





























                                       Page - 3


       Overview



            LanLock is a software security system designed to assist in
       enforcing licensing agreements for local and wide area Novell networks.
       With LanLock you may limit the number of copies of your software that
       may run at the same time.  LanLock can keep a log file for statistical
       or billing purposes and can also assist in preventing software pirating.

            LanLock has two main parts:  The llserver and the lanlock.exe
       utility.  The llserver controls a list of software and networks (Zones)
       and the lanlock.exe is the client end program that requests the llserver
       for available copies of software.

            There are several setup and support programs that are included in
       this package.  Llsetup is the main program for administering the
       information for each zone.  This includes the list of software, approved
       networks, and other miscellaneous functions of the llserver.  The
       llsetup utility may also be used for administering your LanLock server
       remotely.  With it you can create new application records or modify the
       existing software limits.  You may also add features such as a Message
       Of The Day (MOTD) or change the approved networks that software may run
       from.

            The llins program is used to install LanLock on the application
       that are to be monitored.  This modifies the application so that the
       lanlock.exe program will be executed before and after the software is
       run.  When the application is run, lanlock.exe calls the LanLock zones
       and asks for permission to run.  If granted, the application will run as
       it normally would.  If denied, the application will not run, and an
       error message describing the reason for refusal will be shown in its
       place.

            The final part of this package is used to analyze your network
       statistics generated by the LanLock server. The llgraph utility can
       process usage data from the LanLock zones and present the data as graphs
       or spreadsheets.

















                                       Page - 4


       Quick install

       This section gives the basic steps to install the LanLock software on
       your server.  For each step, you should refer to other sections in this
       document that give more detailed information.


       1)   Copy the following files into the SYS:PUBLIC directory on your
       server(s).

                 LLSETUP.EXE    LLINS.EXE      LLDOS.EXE
                 LANLOCK.EXE    LLGRAPH.EXE    SYNCTIME.EXE
                 LLWIN.EXE      LLCALL.DLL     LLBOOT.EXE

       2)   For the LanLock server, you will need a dedicated computer with IPX
       and NETX (or net3, net4, etc.) loaded.  Create a sub directory on a hard
       disk titled "LANLOCK" and copy the following files into this directory.
       (For floppy boot machines, copy the files to a boot disk)

                 LLSERVER.EXE   LLSETUP.EXE

       3)   Run the llsetup utility.  Select "Create Zone File."  Next select
       "Modify Zone File" and run the following options:

            * "Change Zone Name"  to give your zone a name.
            * "Change Network Addresses" to add your network address.
              (press <ins> to add)
            * "Enter Password" to secure your zone.
            * "Log Files" to select data collection method.
            * "Print Zone Summary" to have a printed record of the zone.

       4)   Run the llserver program.  You should create an autoexec.bat that
       runs castoff and llserver for automatic loading on bootup.

       5)   You should make a backup of each application before you install
       LanLock.  Using another workstation, login to your file server with
       sufficient rights to modify applications.  Run the llins utility and
       select "Install DOS Doppelganger"  Select the application you wish to
       install first, and press enter.  Print the "Log File" when done.

       6)   Run the llsetup utility again, and select "Remote Administration."
       Choose your zone and press enter.  Select the software record option,
       and press <ins> to add a software record.  Fill in the record to reflect
       the application that was just installed. (Refer to the section on
       Software Record Options in this document)

       7)   Repeat steps 5 and 6 for each application.  For alternate
       installation methods, see sections on application installation, and the
       lanlock.exe utility.





                                       Page - 5


       System requirements


       The following is a list of system requirements that you will need to run
       LanLock.


       *    Novell network.  (v2.1 or better)
       *    Dedicated IBM compatible computer. (see note 1)
       *    Network card.
       *    Hard disk. (see note 2)
       *    DOS 3.3 or better.
       *    IPX, NETX. (or net3, net4, etc.)

            Note 1:   One dedicated computer can be used to control up to 5
       separate and independent LanLock zones.

            Note 2:   A hard disk is required for the large data files that are
       generated by keeping a log file.  If you do not intend to keep a log
       file, the hard disk is optional.



       Recommended for improved performance...

       *    Dos5.
       *    Smartdrive. (a dos5 driver)
       *    Use as few TSRs as possible.
       *    The more free memory under 640k, the better.
       *    Run with the screen saver on.



       LanLock was designed to run on a low end XT computer and a monochrome
       monitor.  You will receive better performance from a faster machine.
       You should use an AT computer if you are running more than 3 zones on
       one computer.

















                                       Page - 6


       What is a "zone"


            A zone is simply a list of software applications and a list of
       networks.  You may create zones at your discretion, and you may have
       many zones covering your network.  When a workstation requests a copy of
       an application, it begins by calling the first zone it can find.  It
       then proceeds to call them one by one until one gives it permission to
       run. (Only if the workstation is in an approved network, and there are
       copies available.)  The application may be located anywhere, as long as
       the workstation address matches that of one listed for the zone.  Below
       is an example of several zones.





       <- picture available in PostScript file ->






       Zone file name ZONE_01.CFG         ZONE_02.CFG         ZONE_03.CFG

       Zone "name"    BUSINESS_ZONE       CS_LAB_ZONE         CS_ZONE

       Networks:      0000361A            000010AA            000055BB
                                                              000010AA

       Software:      WP51.EXE  (5)       WP51.EXE  (2)       SURF.EXE  (10)
       (copies)       WORD.EXE  (3)       WORKS.EXE (4)       TED.EXE    (6)
                                          TED.EXE   (6)




            With the above configuration, 5 copies of WP51.EXE could be run on
       any 5 machines on the network [0000361A] but only 2 copies could run in
       the network [000010AA].  The other 2 networks can not run any copies.
       Remember, since the application is encrypted, it does not matter where
       the software is located.  WP.EXE could be located on any of the file
       servers or on the hard disk but the above rules would still apply.











                                       Page - 7


            Where the zone covers 2 networks, (CS_ZONE), machines may run
       software from either of the two networks on the zone's list.  For
       example,  SURF.EXE could be run on any machine on the networks
       [000010AA] and [000055BB] as long as the total number in use does not
       exceed 10.

            A conflict may occur when zones overlap, and there is an identical
       software application listed in both zones.  For example, a workstation
       in network [000010AA] may request a copy of TED.EXE.  A copy may be
       granted to him from either the CS_ZONE, or the CS_LAB_ZONE.  When copies
       start running out, the requesting workstation will ask every zone if
       there is a copy available.  7 workstations may have TED.EXE running on
       network [000010AA] however, 6 of these may be checked out from the
       CS_ZONE.  If this is the case, no more copies may be run from the
       network [000055BB].  When a workstation requests a copy of software, it
       takes a copy from the first available zone.






































                                       Page - 8

       The llsetup utility

       The first step in installing LanLock is to set up a LanLock server.  You
       will need a dedicated IBM compatible computer that is attached to the
       network.  One with a hard disk will allow space to keep a log file of
       software usage.  This program has been designed to run on a low end XT
       class computer however, you will get improved performance on a faster
       machine.

       When setting up a LanLock server, create a subdirectory on the hard disk
       for the LanLock program.  Copy the following files into this
       subdirectory.

            LLSERVER.EXE
            LLSETUP.EXE

       Next, change into this directory, and run llsetup.  You will now see a
       list of options.  First select the option Create A Zone File.  This will
       automatically create a file called "ZONE_01.CFG" in the current
       directory.  You may create up to 5 zone files for a single LanLock
       server.

       Select Modify A Zone File from the menu.  You will be presented with the
       following list of options:

                      Change Zone Name
                      Change Network Addresses
                      Enter Password
                      Log Files
                      Message Of The Day
                      Print Zone Summary
                      Enter Serial Number
                      Screen Saver (ZONE_01.CFG only)
                      Time_Server (ZONE_01.CFG only)

       You will need to select each option at least once when you have created
       a zone file.  If you are changing an existing zone file, you need only
       select the options that you wish to change.  The options are listed
       below with a description of their functions.

       Change Zone Name:
       This option allows you to name your zone.  The name you choose may be
       any set of capitol letters and symbols excluding '*' or any other non
       standard DOS characters,  and up to 12 characters long.  You must name
       each zone with a unique name.

       Change Network Addresses:
       This will provide you with a list of networks that this zone is approved
       to run software for.  You may add networks by pressing <INS> or remove
       by pressing <DEL> .  If you press enter, you may change an existing
       network number.  (when adding networks, you must apply the leading
       zeros.  If you do not, they will be applied for you) If you need to see
       what network a workstation is logged in from, you can type "userlist
       /a" from the DOS prompt to show the network and node each user is logged
       in from.  (This may also be edited remotely)  If you enter [00000000]
       for a network address, anyone attached to any network on your system
       will be allowed to use the software listed in this zone file.  (Events
                                       Page - 9


       are not recorded for workstations that are admitted by the 00000000
       network wild card, but software usage is.)

       Log Files:
       Log Files store the information about the activity of software usage.
       This option provides you with three choices.  You may choose to keep no
       log file, a basic log file or an extensive log file.  The basic log file
       keeps record of only the amount of time each piece of software is used.
       The extensive log file also keeps track of where, when, how long each
       software application was used, and who used it.(See the section on the
       log file format for details)  Unless you are billing for software usage,
       You should use the basic log file option.  The extensive log file uses
       much more disk space.

       Message Of The Day:
       This will provide a message to appear in a pop-up dialog on each
       workstation startup. (with lanlock -s)  You may edit this message with
       the standard arrow keys, del and backspace.  <Ctrl>-Y will delete the
       current line, and <Ctrl>-X will delete the entire message.  You may end
       editing by pressing <Esc>.  If there is no message, no pop-up message
       will appear at the workstation on startup.  The message may have a
       maximum length of  465 characters. (This may also be edited remotely)

       Modify Software List:
       This will give a list of software that this zone is approved to run.
       The software must be listed by the program's DOS name.  If you have two
       applications with the same name, you will have to rename one.  To add an
       application to the list, press <Ins>.  To remove one, press <Del>.  if
       you wish to edit an application that already exists, select it, and
       press <enter>.

       You will be presented with a window that lists the software record
       options.  Enter information into the fields where appropriate.  For more
       information on these fields, see the section titled "Software record
       Options."

       Print Zone Summary:
       This will print (draft text to LPT1) a list of software and networks for
       a zone file.  This print out also includes the zone's configuration
       options.  This is useful for keeping track of what software you are
       running in each zone.

       Select a Password:
       A password is used to protect the zone file from undesired remote
       administration.  When running the LLSetup program from the dedicated
       LanLock server machine, you can select any password you wish.  If you
       are worried that someone else may change this password, you should
       remove the keyboard lockout key from the computer.  This is a rather
       effective security method for preventing unwanted tampering.  Remember
       what the password is: you will need it for remote administration.  The
       password may be up to 12 characters.  The default password is "0".





                                      Page - 10


       Software record options


       These are the options shown when editing a specific software record. You
       will see the following dialog in both Modify Zone File, and Remote
       Administration.


       Software Record

         Executable Name     : SURF.EXE
         Real Software Name  : Surfing Software
         Maximum Limit       : 2                        (Max 9999)
         Enforce Limit       : YES                      (Read Disclaimer)

         User Message
         You are using 1 of 2 copies of Surf.~Please use sparingly!



       *    The Executable Name is the DOS name for the application.  If you
       are adding an application called surf.exe, you would enter SURF.EXE on
       this line.

       *    The Real Software Name is used to hold the applications title.  For
       this you could enter "Surfing Software."  (This name will be recorded in
       the log file)

       *    Under Maximum Limit, you enter the total number of copies that you
       wish to allow to run in this zone.  This can be anywhere from 0 to 9999.
       (If you wish an application to have unlimited access, set the maximum
       limit to 9999.)

       *    Enforce Limit allows you the option to check your system.  If you
       set this to "NO," an unlimited number of this application will be
       allowed to run.  This is not intended to be used on a regular basis.  It
       totally defeats the purpose of using this metering software if you turn
       off the limit control.  (You take full  responsibility for the use or
       misuse of this option.  See the Warrantee for detail on the liabilities
       for this software)

       *    The User Message allows you to present a short message when the
       specific application is started.  A good use of this could be "You are
       using 1 of 2 copies of Surf.~Please use sparingly!"  Note the ~ symbol
       may be used to start a new line in the dialog box that appears on the
       user screen.  If there are no characters in the User Message field, no
       dialog will appear before running the application (unless an error
       occurred, or there are no more copies.)







                                      Page - 11


       Application installation

       The llins.exe program is used to install applications with a
       "Doppelganger" to allow LanLock to monitor its usage.  A Doppelganger is
       a small executable program with the same name as the application to be
       protected.  It first runs the lanlock.exe program, and if successful
       runs the real application that has been renamed.

       Before applications can be installed, you must be sure to make a backup.
       Instillation of the doppelganger is not easy to reverse.



       <-- Picture available in PostScript file -->



       The flow chart to the left shows the basic operations of the
       doppelganger.

       If you do not wish to modify the original application, you can use a
       batch file or a menu system to achieve the same effect.  For more
       information see the section on the lanlock.exe program.

       The Windows version of the doppelganger works in a similar fashion,
       however the llcall.dll is called instead of the lanlock.exe program.



       To install applications, run the LLINS.EXE program.  You will see a menu
       that  contains the following options:

                 Install a DOS doppelganger
                 Install a Windows doppelganger
                 Print Log File
                 Quit

       Print Log File will print a list of applications that have been
       installed.  This information is kept in INSTALL.LOG in the same
       directory as the llins.exe program.  You must have read and write access
       to this file.

       Choose the appropriate install method for your application.  If you are
       running a DOS application under a windows shell, you must use the DOS
       install method.

       Each of the two methods are described on the following pages.








                                      Page - 12


      Dos doppelganger



       An example:  If you install surf.exe with a doppelganger, surf.exe will
       be renamed to "LL039482.EXE" and hidden.  a copy of lldos.exe will be
       placed in the directory and renamed to surf.exe  Finally, the new name
       and location of the LL039482.EXE file will be encrypted into the new
       surf.exe program.

       The number '039482' is a random number and will be different for every
       application that you install.

       If you select the installation method that places the original program
       in the \L_A2013 sub directory, you provide an added deterrent against
       copying.  Many files with LL...EXE will be hard to sift through when
       copying software.

       If you use the \L_A2013 installation option, be sure to grant
       appropriate rights to users who will be using software in this
       directory.  You may also wish to hide the directory with a Novell
       utility such as filer.


       Doppelganger install methods.

         >Keep in same directory but rename original program.
          Place original in "\L_A2031" sub directory.
          Keep in same directory but rename Doppelganger.
          Cancel

       The first selection is the preferred method, and works on most
       applications.  This will rename the original, so if your file opens it
       self by name, this install method will not work.

       The second install method works like the first however the original
       application is moved to another directory to increase copy protection.
       Some applications need to be in the same directory as their support
       files, and these will not work with this method.

       The third method will work with almost any application.  It provides the
       least amount of security however.

       You should try installing an application with each of these methods to
       get an idea of how the install method works.  Never install an
       application without making a backup first.









                                      Page - 13


       Windows doppelganger


       The Windows doppelganger is slightly different form the DOS version.
       The basic operation is the same.  The Installation will rename the
       original application, and place a small executable file in its place.
       The doppelganger will call the LLCALL.DLL for the IPX communication
       routines.

       The installation procedure for the windows doppelganger is the same as
       the DOS doppelganger.

       The LLCALL.DLL uses the following drivers.  These are available from
       novell's FTP site in a file WINUP7.ZIP.

            NETWARE.DRV
            NWIPXSPX.DLL
            NWNETAPI.DLL
            NETAPI.DLL

       If any of these drivers are not present, LanLock will ask for them.

       The program's Icons are usually stored in it's .EXE file.  If you want
       these icons to show up under the program manager, you will need to use a
       resource editor to copy the icons into the new doppelganger from the old
       .EXE file.  You can also place them in a .ICO file.  There are several
       utilities that will do this for you, and are available from FTP sites.
       Several programming tools (such as Borland's products) also include a
       resource editor which can be used to copy icons to a .ICO file.  After
       the application is installed, you will need to tell the application
       manager the location of the new icon.
























                                      Page - 14


       Batch files and menus


       The lanlock.exe program can also be run from within a batch file.  (See
       the section on the lanlock.exe utility for details on the parameters)
       The following are examples of batch files and menu options that use
       lanlock.


       Sample Batch File:  WP51.BAT

            @echo off
            lanlock -b wp.exe
            if errorlevel 1 goto END
            f:\apps\wp\wp.exe
            lanlock -e wp.exe
            :END

       When lanlock.exe is called with the -b option, it calls the lanlock
       server to request a copy of wp.exe.  If one is available, lanlock.exe
       exits with an errorlevel of 0.  The program is run, and then lanlock.exe
       is called again to end it's copy of wp.exe.  If lanlock does not find
       any copies free, it will exit with an errorlevel of 1.  this will cause
       the batch file to jump to the :END flag.

       This technique can also be used in menu files.  Each menu will be
       different, so you will have to do some adjusting for your specific menu
       program.  The following is an example of a Saber Menu script that calls
       LanLock.  The same events happen in this menu script as in the batch
       file above.

       Sample Saber Menu Script :

            ITEM Word Perfect 5.1  {CHDIR BATCH}
            EXEC cls
            EXEC lanlock -b wp.exe
            EXEC if errorlevel 1 goto END
            EXEC f:\apps\wp\wp.exe
            EXEC lanlock -e wp.exe
            EXEC :END


       You can also have lanlock record events from batch files or menus.
       Simply add a line to your file with the following information:

       lanlock -r my-event

       This will make the LanLock server record an event.  These can be counted
       and totaled by the llgraph utility.  For example, if you have an option
       on your menu to copy virus protection software to a users disk, you
       could count the number of times you distributed the software.




                                      Page - 15


       The lanlock.exe utility

       The lanlock.EXE program is the program that controls all of the
       workstation activity.  This program must be in the user's search path.
       A good place to put this program in the SYS:\PUBLIC directory on the
       server or on the hard disk in a utility or DOS directory.

       You may also set a DOS environment variable with the following command
       in your autoexec.bat.  (You would substitute your zone name in place of
       "BUSINESS_ZONE")

       SET LLHINT=BUSINESS_ZONE

       This will to assist lanlock.exe in finding it's main zone.  This will
       improve the speed of lanlock when starting and stopping software.  The
       lanlock.exe program will call this zone first, and if necessary, it will
       call the other zones in order afterward.

       You may run lanlock.exe from batch files if you wish to include
       functions into your menu system.  The syntax of the command is lanlock -
       [option] [event].  (You may use a "/" in place of the "-") A full list
       of command line options are given below:


       -B   Begin using a specific piece of software.  (lanlock -b surf.exe) If
       a copy is available, the lanlock.exe program will exit with an DOS
       errorlevel of 0.    If all copies are in use, or you are not in an
       approved network, lanlock.exe will return a DOS errorlevel of 1.  If the
       command line parameters are incorrect, lanlock.exe will return a DOS
       errorlevel of 2.  LanLock.exe begins by calling the first available
       zone, and asks to check out a copy.  If none are available, or the
       requesting workstation is not in an approved network, LanLock.exe will
       call the next zone available until all zones are called.  Only then will
       LanLock.exe return a DOS errorlevel 1.  If the environment variable
       LLHINT is set, the requesting workstation will call that zone first
       before calling other zones.

       -E   End usage of software.  (lanlock -e surf.exe)

       -R   Record an event. (lanlock -r  YourEvent) If you have an option in
       your menu system that you wish to count, add this option.  You could,
       for example, count the number of times the "Copy Virus Protection"
       option has been used.  This records only a date and time, and not a
       duration time.  This will not record an event in a zone that was found
       with the wild card net address. [00000000]

       -Q   Query a piece of software. (lanlock -q surf.exe) This will show how
       many copies of the program Surf.exe are available to the requesting
       workstation.  If more than one zone serves this software to the
       requesting workstation's network, a status window for each zone will be
       shown.

       -A   This option will show a list of all available zones, serial
       numbers, and their network addresses  (lanlock  -a)

                                      Page - 16


       -W   List all software that the requesting workstation is using.
       (lanlock -w)  This will query each zone to see if the workstation has
       any software checked out.  Each zone will display its own status window.
       Each window will only show the first 8 software records.  If no software
       is checked out, a dialog will state so.

       -L   List all of the software available for usage.  You may also specify
       a zone name with this command.  (lanlock -l business_zone)  Output can
       be redirected to a file.  For more than one screen you can pipe the
       output through the DOS more.com.  (lanlock -l  | more)  Shows software
       name, program name, number of copies in use and the number of copies
       available.

       -U   List all users who currently have a given software item in use.
       You may also specify a zone name if you wish.  (lanlock -u wp.exe
       business_zone)  Output can be redirected to a file.  For more than one
       screen you can pipe the output through the DOS more.com program (lanlock
       -u  | more)  Shows a list of users, their primary server, and the length
       of time they have been using the software.

       -?   Show a short help screen with the above information (lanlock -?)



































                                      Page - 17


       The llboot utility


       The llboot program causes a start up event when run from the
       workstation.  This records a 'BOOT' event, resets all software for the
       requesting machine, and returns a Message Of The Day (MOTD) if one
       exists.  If the requesting machine is in several zones, all MOTDs will
       be shown.  If the environment variable LLHINT is set to an existing
       zone, only that zone's MOTD will be shown.

       We recommend that you add llboot.exe to the boot disk, and add the
       command llboot to your autoexec.bat file just after loading NETX.COM to
       keep LanLock functioning properly.  This option tells the LanLock server
       that you are starting up the machine.  If you have any software checked
       out, you are no longer using it, and show a message of the day if one
       exists.  This lets the system recover from crashed machines, or from
       <Ctrl, Alt, Del>.

       Llboot will only run from the autoexec.bat or the original root
       command.com shell.  This is a safety measure to ensure that this option
       is only used at startup.

       You may also run llboot with the -m option to show what is currently in
       memory.  This display is very similar to that of the popular utility
       mmap.exe.  This option will show you if you are in a DOS shell from
       another program or if you are in the original shell.





























                                      Page - 18


       The LanLock server

       The LanLock server will advertise all of its' zones to the network.
       Each zone will have a status window, and the LanLock server will also
       have its' own "log window" with a record of activity.  Some of the
       status lines that you may see are listed below.

       Broadcast SAP  A broadcast for each zone advertising it's services was
       sent to the network.

       StartWatchdog  Query each machine that is checked out for a copy of any
       software.  This sends the workstation shell a driver information request
       packet.  If the workstation replies, LanLock assumes that everything is
       ok.  Using this built in response allows LanLock to work without any
       TSRs.

       Ping      A watchdog query was successful.

       NoAns     A watchdog query was not answered.

       Rclm      A software record was recovered from a workstation that is not
                 responding.  This occurs after two successive watchdog packets
                 are not answered.  If someone turns off their machine without
                 properly logging out, this will allow LanLock to recover the
                 copy of the software for other people to use.

       NotMyNet  A request form a workstation was not within the list of
                 addresses for this zone.  The request was denied.  There will
                 be many of these messages for zones that allow only a few
                 network addresses.

       NotMyBoot A boot event from a workstation was received but the
                 workstation was not within the zone's list of approved
                 networks.

       Time Request   A machine has requested the time from this LanLock
                 server.

       CheckOtherZones     The LanLock server checked to see if any other zones
                 are serving with the same name, or the same serial number.

       WriteTempFiles A temp file for the zone was saved for future recovery
                 incase of inadvertent shutdown.

       SetTimeFromServer   The LanLock server has requested the time from the
                 Time Server.

       Resend    The requesting workstation has requested that the last reply
                 be resent.

       Bad Packet Sequence The LanLock server received a packet out of sequence
                 and it was discarded.



                                      Page - 19


       There are several keystrokes that will affect the LanLock server while
       it is running.  These are as follows:

       F1   Show help message

       F2   Show memory usage.  "Current Software Records" is the number of
            currently allocated record slots that are available.  (this is
            independent of weather they are in use or not) The "Total Possible
            Records" refers to the number of software records that are not
            currently used.  The total of these two is the number of
            applications that the llserver can track at once.

       S    Turn on the screen saver now. (only if the screen saver is enabled)

       <ALT> Q   Shut down the LanLock server.

       Note:     While either the F1 or F2 dialogs are on the screen, all other
                 llserver functions are halted.



       It is strongly recommended that you make a back-up disk of all the
       LanLock server files.  If your LanLock server is servicing several LANs
       across a large network, and a bridge stops functioning, some of the LANs
       may not be able to contact the LanLock server.  Having a spare boot disk
       makes it easy to bring up a second LanLock server somewhere else on your
       network to service LANs while the bridge is being fixed.


       The LanLock server must be attached or logged in to at least one file
       server.   The program may work from the C: drive however, so long as
       there is a F:LOGIN> directory or the machine is logged into a server.























                                      Page - 20


       The time server

       The time server is an added feature that is an extra bonus.  If your
       LanLock server is configured to advertise a TIME_SERVER, and there are
       no other time servers, it will advertise this clock service to the
       network.

       From the workstation, you can run the utility synctime.exe.  This will
       first query the network for a time server, and if one is found, it will
       set the workstation clock to that of the time server.  Next it will seek
       out any file servers that you are logged into, and if you have console
       operator rights, it will set the server time to match your workstation
       clock.   You can add this to your login script if you are a supervisor
       to keep all of your file server clocks synchronized.  You may also
       redirct the output of this program to nul (synctime >nul) to keep any
       text from displaying on the screen.

       If you only want to set the workstation clock and not the file server
       clock, you should use the utility systime.exe.  This will update the
       workstation clock to the same time as your default file server.

       Once every 24 hours, the LanLock server will check for a time server,
       and set its clock accordingly. (only if the TimeServer is at an address
       other than itself)

       If your LanLock server is configured to be a time server, (using
       llsetup) and there is already a time server available, your LanLock
       server will not advertise this function, and the log window will display
       on startup "Time Server Inactive, Server Already Exists."  Only 1
       TimeServer is allowed.


       Developers Note:

       If you are interested in using this service for your own programs, see
       the "Developers Section" in this document for more information.



















                                      Page - 21


       The llgraph utility


       The llgraph utility can generate generic spread sheets or graphs from
       the data the LanLock server keeps in its' log files.  The spread sheets
       are in a tab-delimited ASCII file format.  You can import these files
       into most spread sheet applications for both Macintosh and IBM
       computers.

       First, collect the .DAT files from the LanLock server.  You may wish to
       place these in a directory on a server or a hard disk before removing
       them from the LanLock server.  You may append one data file to the end
       of another by using a word processor, or the command "copy /a
       file1.dat+file2.dat total.dat".  This would append the second file to
       the first and write both to the total.dat file.  Run the llgraph from
       the directory that the .DAT files are stored.

       When you run the llgraph utility, first select the Set Defaults choice
       on the menu.  You will be presented with the following window.

       Start Date     : 07/18/92  (Scope of data processing)
       End Date       : 08/17/92
       Date Divisions : Week      (Length of individual records)
       Output         : Hours     (Resolution of spreadsheets)

       Using the Start and End date allows you to control the times for which
       the data is processed.   Specifically, data is collected starting from
       the Start Date and up to (but not including) the day specified with End
       Date.  Usage time that falls outside of these two dates is ignored.

       Date divisions specifies the number if divisions that will be made
       available in the final spread sheet.  For example, if you chose "week"
       you would receive a weekly total for each week between the Start and End
       date.  You can select (with the arrow keys) the following:  All, Month,
       Week, Day, Hour, 1/2 Hour.

       Output specifies what units to use when displaying the spreadsheet
       information.  You can select (with the arrow keys) the following:
       Hours, Minutes, Seconds.

       After you set the options, press <ESC> to return to the main menu.  You
       will be able to create a graph or spread sheet at this point.

       The following is a list of the spread sheet formats that are available.

            Application Use Over Time
            Applications Used By User
            Events Over Time
            Events Used By User
            Rejections Over Time

       These spread sheets can be saved to an ASCII tab delimited file, and
       imported into your favorite Macintosh or IBM spreadsheet or graphing
       program.

                                      Page - 22


       The following is a list of graphs that are available.

            Application Use Over Time
            Events Over Time
            Rejections Over Time

       The graphs provided by the llgraph utility are not designed to be
       finished products, rather they are designed to give you a rough idea of
       what your data looks like.  Most useful is the Rejections Over Time.
       This can show you if one of your software packages is in need of more
       copies.  The output format for the graph is always in hours.

       Recode Data.

            Recode a record/event
            Delete a record/event
            Reduce to basic log file

       The recode data section will allow you to change some of the event name
       for your data file.  If you have two applications that you would like to
       merge, you can use the recode one of the event names to be the same as
       the other event names.  For example, you could recode WP51.EXE to WP.EXE
       and count it with the other versions of WP.EXE.

       Delete a record will remove a record from the .DAT file.

       Reduce to basic log file will strip the extensive log file information
       from the DAT file.  If you run the Recode or Delete functions on a basic
       log file, you should also run the option to reduce after your changes
       are complete.  This will make your file smaller and save space. (any
       information in the extended file set will be lost)


       Developers Note:

       If you are interested in using data files for your own programs, see the
       "Developers Section" in this document for more information on the file
       format.

















                                      Page - 23


       Troubleshooting

       Some possible error messages that you may receive are listed below with
       suggestions on what the possible problem may be.


       *    LanLock server not found

            LANLOCK -A  to see a list of all the LanLock zones that are
            available.  If no zones appear, there may be a network fault, or
            the LanLock server may not be functioning properly.

       *    Wrong "Message of the Day" for your computer

            SET LLHINT (see the LanLock utility section) The LLHINT environment
            variable controls which zone your computer uses for the message of
            the day.  If the LLHINT variable is not  set, all of the responding
            LanLock servers will show messages.

       *    More software runs than you have licenses for.

            You may have some LanLock zones that overlap.  Type the following
            command from a workstation:     LANLOCK -Q APPLICATION
            If any of the LanLock zones are over lapping, a dialog will appear
            for each of the two zones that tell you how many copies of the
            application are available.


       *    Error: "Can't Open Socket / Socket Table Full."

            Edit your SHELL.CFG file and add a line to increase the number of
            sockets that your workstation shell may have open at once.

                 IPX SOCKETS=number

            Where "number" is the number of sockets available at once.  The
            default is 20.  The LanLock client programs require 2 sockets and
            the LanLock server may require up to 8.

       *    LanLock locks up when run

            LanLock uses the interrupt 7Ah.  You may need to add a line with
            the INT7A command in your SHELL.CFG file.  With the current version
            of the network drivers, this is the default.  For more information,
            see the documentation that was provided with the workstation
            drivers, and review the topic on the SHELL.CFG file contents.









                                      Page - 24


       The LanLock Server Debugger

       If you are having problems with network errors, you may wish to run
       LanLock with the debug option.  Both the LANLOCK.EXE and the
       LLSERVER.EXE may be run with a the command line argument "/debug"
       following the normal command line arguments.

       When the LanLock server is run with the /debug option, the lower half of
       the screen is used to display information about the current status of
       the LanLock server.  This option should be used when the screen saver is
       turned off.  If you are having problems, please feel free to contact us.
       The instructions for using the debug option are only the most basic.

       Free memory    The number of bytes free.  This should be greater than
                      100,000 (100k) when the LanLock server is first started.

       Tracking Records    This is a count of the memory records that are
                      allocated to track each concurrent software usage.  This
                      number is increased as more records are needed.

       Software Denials    The total number of times that workstations were
                      denied use of any software due to insufficient copies.

       Pkts Sent*     The total number of IPX packets sent.

       Pkts Received* The total number of IPX packets received.

       Pkts Resent    The total number of IPX packets that were resent at the
                      request of a workstation.

       Pkts Rejected  The total number of IPX packets that were received out of
                      order and discarded.

       Invalid Requests    The total number of IPX packets that were received
                      and discarded because the request code was not valid.
                      (this is not the same as requesting software that does
                      not exist).  Only server errors cause this number to be
                      incremented.

       Resend History The number of packets that are stored for resending.  If
                      the workstation does not request a resend, the packet is
                      discarded.


       * Note:  Requests to and from the Time_Server are not recorded.










                                      Page - 25


       ECBs

       ECB stands for Event Control Block.  This is a memory record that is
       used to control incoming and outgoing IPX packets.  The status symbols
       represent the following actions.

       .    Waiting for request  or  ECB not in use.
       r    Receive packet.
       s    Sending Packet.
       x    Request to resend was received.
       w    Waiting for response.
       ?    Unknown ECB status.
       b    Bad packet sequence received.
       m    Malformed packet was received.
       u    Packet undelivered.
       f    Hardware Failure
       c    ECB canceled.

       These status symbols should only blink for a minute and should reside
       normally with the period symbol.  If you are experiencing significant
       numbers of bad and malformed packets, you may have network problems.


       The Software Records fields show how many memory records are currently
       allocated to track software usage.  Each zone has it's own list of
       software records, and the number of allocated records is increased as
       needed.

       If you are having further trouble with LanLock, feel free to contact us
       and we will be happy to assist you in any way we can.


       Note:     Running the debugger on the LanLock server will cause a
       decrease in performance speed.  It is recommended that you do not run
       the debugger on an XT style machine except when necessary.  While using
       the debugger you should also disable the screen saver.


















                                      Page - 26


       The LanLock.exe Debugger

       The LANLOCK.EXE program may also be run with the "/debug" option after
       the normal command line arguments.  This will run the program in a
       verbose mode.  LanLock will write lines to the screen describing the
       actions it is about to take when calling its network procedures.  This
       is useful when looking to see if LanLock is resending a lot of IPX
       packets and how long it takes to receive packets.

       Example:

       c:\>lanlock -b wp.exe /debug
       For Zone BUSINESS_ZONE
       Opening Socket
       Setup Listen Packet
       Setup Send Packet
       Waited to send 1 x2 MS
       Waited to recv 6 x20 MS
       Close Socket
       C:\>


       It is important to note the time in which it takes to receive a response
       from the LanLock server.  In the example above, the LanLock server
       responded in 120 milliseconds.  This response time will vary depending
       on network traffic and the speed of the machines.





























                                      Page - 27


       Developer's section

       This section is for those who are programmers and wish to interface with
       some of LanLock's functions.  If you would like further information,
       feel free to call or send mail to us.  We will try to assist you in any
       way we can.

       This section of the document contains information for some of LanLock's
       alternate functions.  If you would like to build LanLock's core
       licensing and copy protection into your applications, a set of
       programming tools will be made available soon for you to include in your
       program.  The information will be provided free, however source code
       will be subject to a modest fee.  Again, please contact us for more
       information.


       Time Server Services:

       If you wish to create software that will use LanLock's time server, you
       will need the following information.  The service will be advertised
       using SAP broadcasts. Each server will place a dynamic object in its
       bindery.  To find the time server address, you can search any server
       bindery for an object of type 00h (type "unknown") with the object name
       of TIME_SERVER.  If such an object is found, you will need to find the
       address of the machine that is advertising the service.  Scan the object
       for a  NET_ADDRESS property.  Read the first value for the network
       address shown below.   Each byte composes 2 digits of the address you
       might see in an SLIST.  For example, if the network variables contain
       the numbers 40,162,55,251, the hex address seen in SLIST would be
       [28A237FB].

            NET_ADDRESS property value:
                 network : array[1..4] of byte  (byte 1=high order digit)
                 node    : array[1..6] of byte
                 socket  : array[1..2] of byte

       Send an IPX packet to this address with the format shown below.  For the
       request packet, set the function variable to 0.  The packet will be
       returned to the socket address that the request originated from.  A
       successful response will contain a 1 in the function variable.   The
       data segment should be added to the end of the standard IPX packet
       header when transmitted.  All of the variables are in the standard IBM
       lo-hi format.

            Packet data segment format:
                 function  : word      (lo-hi)      (0=request, 1=reply)
                 reserved  : array[0..8] char
                 year      : word      (lo-hi)      (0-99)
                 month     : word      (lo-hi)      (1-12)
                 day       : word      (lo-hi)      (1-31)
                 hour      : word      (lo-hi)      (0-23)
                 minute    : word      (lo-hi)      (0-59)
                 second    : word      (lo-hi)      (0-59)


                                      Page - 28


       The year variable varies from 0 to 99. If this is less than 80, the year
       is 20xx, otherwise, the year is 19xx.  For example, if the year variable
       is 62 then the year is 2062, if the variable is 96, the year is 1996.



       Log file format:

       All of the Log File data is stored in a tab delimited ASCII text file.
       The files are named "ZONE_01.DAT" with the appropriate number for the
       corresponding zone from which the data was generated.  The log file has
       2 basic formats.  Each line contains the information for the records
       that  are listed below:

          Basic Log File                         Extensive Log File
            Record Type                            Record Type
            Software/Event Name                    Software/Event Name
            Start Time                             Start Time
            Total Time Used                        Total Time Used
                                                   User Name
                                                   Server Name
                                                   Network Address
                                                   Node Address

       Record Types:    R : recorded event
                        U : usage time
                        I : invalid logout
                        Z : over limit rejection



       The Start Time Variable is the number of seconds past Jan 1 1980 that
       the event occurred.  The Total Time Used variable is the total number of
       seconds for the duration of the event.




















                                      Page - 29


       Warranty information




            This  software  is sold on an as-is basis.  Secure Design
       specifically disclaims all warranties, expressed or implied.  In no
       event shall Secure Design or its' owners/employees be liable for any
       loss of profit or any other damage including but not limited to special,
       incidental, consequential or other damages including damages to a third
       party.

            Secure Design shall also not be liable for any loss involving
       software licensing lawsuits.  This software is intended to assist in
       keeping computer networks bound to the licensing agreements however,
       LanLock is not a shield against lawsuits.  You are responsible for the
       software use within your computer network.  This is merely a tool to
       assist you in this endeavor.  Like any other security system, protection
       can be bypassed by an unscrupulous person if enough time an effort is
       spent.  LanLock is provided as is, and Secure Design shall not be
       responsible for any damages arising from it's use or misuse.

            If you choose to use this software, you do so at your own risk.
       You are responsible to conform to software licensing agreements of the
       companies you purchase your software from.  Since all software companies
       have different licensing rules, you should be sure that you are
       following all of the software licensing rules that apply to you.

            Some companies ask that you purchase one copy for every machine
       that may use their software at any time, others say you must purchase
       copies that can be moved from machine to machine so long as no copy is
       used in more than one place at once.  You must determine what
       restrictions apply to you.

            For further information on software licensing rules, you can
       contact the Software Publishers Association (SPA) on their "Piracy
       Hotline"  1-800-388-PIR8.






               By using this software, you are agreeing to these terms.
       If these terms listed above are not agreeable, do not use this software.











                                      Page - 30


       Registration / Distribution information



                        A demo copy of LanLock to allow you to
               "try before you buy,"  however this program is not free.


       LanLock may be used for 60 days on a trial basis.  This is designed to
       give you 30 days to decide on the purchase of this software, and an
       additional 30 days to obtain a registered copy.

       LanLock will provide a single reminder message about once every 6 hours
       to the first requesting workstation to run software.  The message will
       remind that workstation that LanLock is working on a trial basis, and it
       will give the date of the original installation.

       After 60 days however you must pay for LanLock or you must remove it.
       You may not continue to use the software after 60 days without
       purchasing it.  If you fail to do so, you are in violation of copyright
       laws.  If you already have several purchased copies of LanLock running,
       you may start another zone, and you will have an additional 60 days to
       register this new zone.

       Where to get LanLock:

       LanLock may be distributed freely to FTP sites, or BBS networks.
       Upgrades will be posted to several FTP sites.   If you have access to
       these sites, You should check to verify the version you have is the most
       current version.  If you are going to post this software to a FTP site,
       please check to be sure that the copy you post is the most current one
       available.  (Posting to a FTP site does not grant you a free copy)

       If you do not have access to  FTP or a BBS that carries LanLock, You can
       receive a copy via E-mail in a uuencoded file format.(we can also send a
       DOS uudecoder)  Just send a request for the program to the E-mail
       address on the order form   If you have Internet access, you can locate
       us by telneting to 'nic.ddn.mil' and issue the command 'whois sdesign.'
       This will return our most current address information.  If you do not
       have Internet access, we can ship you a copy.  Please enclose $2 for
       shipping and handling.

       In the interest of keeping the most current version of LanLock available
       on the FTP sites, this demo version will expire and prompt you to obtain
       a fresh copy.  The feature is designed to ensure that you will receive
       the latest version of LanLock possible. (Which includes improvements and
       bug fixes)  The warning messages are presented in the llsetup, llgraph,
       and llins programs and do not affect the program's operation in any way.
       Purchased copies do not have an expiration date.  This version of
       LanLock is set to expire on 2/1/94





                                      Page - 31

       LanLock Order Form

                                     Remit to :     Secure Design
                                                    PO Box 475
                                                    Corvallis Or, 97339  USA

                                     Internet:      herzogs@ucs.orst.edu

                                     Phone:         (503)  758-0955




       Ship To   (Name)________________________________________________________

            (Organization)_____________________________________________________

            (Address)__________________________________________________________

            (Address)__________________________________________________________

            (Phone)____________________________________________________________



            Registration Fee Per Zone                              $  80.00(US)


            Number of zones ordered ___________            Total   $___________


                                                         Shipping  $      5.00

                                                    Grand Total    $___________



       Method of Payment:

       [ ]  Check /Money Order (Make Payable to Secure Design in US funds only)
       [ ]  Purchase Order (Corporation, University and Government agencies
            only. Terms: Net 30 days   12%APR  on  late payments.)

       Sorry, No Credit Card or COD.  Orders will be shipped within 2 working
       days of receiving this order form.


       Where did you get/hear about LanLock ? _______________________________

       ______________________________________________________________________





                                      Page - 32
