MASTER USER’S GUIDE LOC Technology apricot MITSUBISHI ELECTRIC
Microsoft and MS-DOS are registered trademarks, and Windows is a trademark, of Microsoft Corporation. LOC Technology and KeyLOC are trademarks of Apricot Computers Limited. Other trademarks are the properties of their respective owners. Information contained in this document is subject to change without notice and does not represent a commitment on the part of Apricot Computers Limited. Any software described in this manual is furnished under a license agreement.
Preface Preface This booklet describes the operation of the Apricot LOC Technology v2.1 security system as implemented by the Apricot LS Security Card. It is intended to be read only by the persons responsible for configuring the security system – the so-called “Master” users. Instructions for “ordinary” users of the system are provided in an Appendix, which can be photocopied if necessary. The reason for this is that most ordinary users will not need to know the details of the system in order to use it.
Contents CONTENTS 1 2 3 4 ii Introduction Introducing Apricot LOC Technology 1/1 LOC Saver for Windows 1/5 Telling users about the security system 1/5 Configuring the Security System Using the LOC Technology Setup utility 2/2 Setting up a security configuration 2/3 Defining user accounts 2/6 Understanding the Logon Sequence How do users logon? 3/2 What happens after logging-on? 3/3 Variations caused by Quick Logon 3/3 Changing a password at logon 3/4 LOC Saver for Windows Installin
Contents A B Technical Information Installing the Apricot LS Security Card A/1 Enabling BIOS reprogramming A/2 Upgrading the BIOS A/2 Entering the System Identification Number (SIN) A/3 Erasing the security configuration A/3 Quick Guide to Security MASTER USER’S GUIDE iii
Introduction 1 INTRODUCTION This chapter introduces Apricot LOC Technology™ v2.1 by answering a number of commonly-asked questions. Introducing Apricot LOC Technology The Apricot LOC Technology security system offers the ability to control who is allowed to use the computer and when they are allowed to use it. Properly used, the system helps to prevent misuse and deter theft. Apricot LOC Technology provides the complete solution to the problem of access control.
Introduction How is the system configured? The security system is configured by using the LOC Technology Setup utility which is held in the Security Card’s read-only memory. LOC Technology Setup can be started whenever the computer is turned on or rebooted, by pressing ALT+S when prompted to do so. The security system can prevent individual users accessing the utility. How do users logon to the computer? The security system obliges users to logon every time the computer is turned on or rebooted.
Introduction 1 LOGON Activate KeyLOC Card Now (Press ESC For User Logon) Security is active, logon required 1.5 METRES MAXIMIUM 2 USER LOGON User Name John Doe Password ******** Change password OK Enter your user name and password apricot F2 F1 Esc 2 Q A Caps Lock | \ Ctrl E D S X Z 6 T F C H G V U B N 0 O M < , Alt : ; > .
Introduction the lockout period expires. The user cannot circumvent the lockout period by turning off the computer; the security system keeps track of elapsed time even when the computer is turned off. Optionally, an alarm can be set to sound after four invalid logons (that is, during the second and subsequent lockouts). Who are the “Master” users? At least one user account must be given “Master” status. A Master user can logon at any time and is always allowed to access the LOC Technology Setup utility.
Introduction Every Security Card has a unique System Identification Number or SIN programmed into it at the factory. If one Security Card is removed and replaced by another, the computer will detect the change and require the user to type in the SINs of both the old card and new card. (If the new card had already been programmed with a security configuration, that configuration is erased automatically.) Important The SIN is printed on a small label stuck onto the Security Card.
Introduction bold (for example, lockout period). Note that users whose accounts do not include the right to use LOC Technology Setup need never know that such a utility even exists.
Configuring the Security System 2 CONFIGURING THE SECURITY SE CURITY SYSTEM The security system is enabled and configured by using the LOC Technology Setup utility. Once the security system is enabled, individual users may be barred from accessing this utility. For an Apricot computer with LOC Technology BIOS support, BIOS reprogramming must be enabled in order to use the security system. This feature is usually controlled by a jumper on the motherboard (see the computer’s Owner’s Handbook for details).
Configuring the Security System Using the LOC Technology Setup utility To configure the security system: 1. Turn on or reboot the computer. 2. If the security system is already enabled, logon to the computer using an account that includes the right to access LOC Technology Setup. 3. Press the ALT+S key combination when invited to do so. 4. In the LOC Technology Setup dialog, set up the global options you want. See the later section on “Setting up a security configuration” for details. 5.
Configuring the Security System Setting up a security configuration In the LOC Technology Setup dialog box you can configure Lockout Control, Security Password Configuration, Logon Administration and the Ownership String. LOC Technology Setup Security Status Lockout Control Save Enabled Alarm Enabled Cancel Lockout Duration: 2 Minutes Change Status Set Users...
Configuring the Security System 2. Type the lockout duration in the Lockout Duration box (between 1 and 255 minutes, or up to 4.25 hours). 3. If an alarm is required, select the Alarm Enabled check box. To disable both the lockout and the alarm without disabling the security system, set a lockout duration of zero minutes. Security Password Configuration The Security Password Configuration settings apply restrictions on the use of passwords to increase the effectiveness of the security system.
Configuring the Security System 2. Type the minimum password length in the Minimum Password Length box (between 1 and 8 characters). Set a minimum length of at least 6 characters; the more characters a password has, the more difficult it will be to guess. 3. Type the minimum password lifetime in the Minimum Password Lifetime box (between 0 and 255 days). A minimum lifetime of 0 days allows a user to change his password at any time, unless the Lock Password attribute is set in his user account. 4.
Configuring the Security System Ownership String The ownership string is displayed every time the computer is turned on or rebooted. Don’t set an ownership string without restricting access to the LOC Technology Setup utility. Otherwise, anyone using the computer will be able to change or delete the ownership string. To set the ownership string: 1. Ensure that the Security Status is “Enabled” (choose the Change Status button if it is not). 2. Type the ownership string into the Ownership String box.
Configuring the Security System If you define any user accounts, you must include at least one Master user account. You do not have to enable the security system before defining user accounts. The number of user accounts is limited by the capacity of the memory on the Security Card. This may vary for different models. User Information Under User Information you provide details of the user name, password, KeyLOC card and logon periods.
Configuring the Security System To set the user information: 1. Type the user name in the User Name text box. You must use a different name for each user account. If you do not supply a user name, the security system puts USER (followed by a user number) in the User Name box. This shows that the account is in use, but it is not the account’s user name. 2. Type the password in the Password text box and press ENTER. Then re-type the password to confirm it.
Configuring the Security System The Password check box is greyed-out if the Lock Password attribute is set; if a user cannot change his password, it cannot be allowed to expire. 6. If the user account requires a KeyLOC card, click on the Set KeyLOC Card button. Aim the KeyLOC card at the computer’s infrared sensor and press the button on the card. The card’s unique electronic signature is added to the security configuration.
Configuring the Security System To set a specific logon period for the selected day or days, type the start time (to the nearest 30 minutes) in the From box and the end time in the To box, then choose the Add button. To remove the current logon period, choose the Remove button. This prevents the user logging-on at all on the selected day(s). To apply the default logon period, choose the Default button. The default logon period is 24 hours, allowing unrestricted logons on the selected day(s). 8.
Configuring the Security System If Quick Logon is used it must be used carefully. In a multi-user configuration the Quick Logon account should never be allowed to access the LOC Technology Setup utility. See “User Rights” for more information. User Rights Listed under User Rights are several check boxes. Use these to select what aspects of the computer the user is not allowed to use.
Understanding the Logon Sequence 3 UNDERSTANDING THE LOGON SEQUENCE While the security system is disabled, the computer boots as described in the Owner’s Handbook. Once the security system is enabled, the logon sequence starts automatically every time the computer is turned on or re-booted (unless the security configuration includes a Quick Logon account – see the section below on “Variations caused by Quick Logon”).
Understanding the Logon Sequence How do users logon? Logon Sequence LOGON First Invalid Attempt LOGON USER LOGON Activate KeyLOC Card Now (Press ESC For User Logon) User Name John Doe Activate KeyLOC Card Now Password ******** (Press ESC For user Logon) Change password Security is active, logon required Security is active, logon required OK Enter your user name and password Second Invalid Attempt LOGON Activate KeyLOC Card Now Password ******** (Press ESC For user Logon) Change password Secur
Understanding the Logon Sequence What happens after logging-on? After a successful logon, the security system displays the following security-related information: the ownership string (if defined), some logon statistics and, if the account includes the appropriate user right, an invitation to “Press ALT+S for Security Setup”.
Understanding the Logon Sequence If the user presses ALT+L when this final message appears, the logon sequence is started as described earlier. Otherwise, he is automatically logged-on using the Quick Logon account. Changing a password at logon A user is usually permitted to change his password when he logs on, by selecting the Change Password check box in the User Logon dialog before choosing OK. The Change Password dialog appears.
LOC Saver for Windows 4 LOC SAVER FOR WINDOWS WIND OWS Temporarily unattended computers can pose a serious security problem; a secure logon procedure is worthless if a ten-minute coffee break can leave the whole system exposed. On the other hand, it is inconvenient to have to turn off the computer for only a short absence. LOC Saver for Windows is an optional software enhancement for the Microsoft Windows for Workgroups v3.11 operating system.
LOC Saver for Windows Installing the software To install LOC Saver for Windows: 1. Insert the LOC Saver diskette in drive A. 2. Choose the Run command from the File menu in Program Manager. The Run dialog appears. 3. In the Run dialog, type a:\setup and choose OK. The LOC Saver Setup program starts. 4. Follow the on-screen instructions to install LOC Saver. 5.
LOC Saver for Windows Configuring LOC Saver To change LOC Saver’s configuration settings: 1. Double-click on the LOC Saver program icon. The LOC Saver Configuration dialog appears. 2. Option Function Enable Timeout & Delay Select this option if you want the computer to lock automatically after a specified period of mouse and keyboard inactivity. When this option is selected, you must specify a Delay timeout value in seconds.
LOC Saver for Windows Troubleshooting LOC Saver and MS-DOS If a full-screen MS-DOS window is open when LOC Saver locks the computer, the MS-DOS window will be minimized when the user fires his KeyLOC card and returns to his Windows session. This is a feature of Windows. LOC Saver’s timeout feature cannot operate when an MS-DOS session is the active Window.
Technical Information A TECHNICAL INFORMATION INFORMAT ION This Appendix provides some information about installing the Apricot LS Security Card and erasing the security configuration from the card’s memory. You should rarely, if ever, need to do either. The following illustration shows the main features of the card.
Technical Information The card should work in a non-Apricot computer, but this cannot be guaranteed. In a non-Apricot computer the system is less secure. Without an infrared sensor, KeyLOC cards cannot be used, and without BIOS support the security system can be by-passed by removing the Security Card. In these situations, you should enforce physical security by locking the computer’s system unit and keeping the keys in a safe, secure place.
Technical Information advising an upgrade appears. In this situation the Security Card cannot be used without upgrading the BIOS – the security system will not allow the computer to boot until the BIOS is upgraded. BIOS upgrades are normally performed by a service engineer. Ask your supplier or authorized maintainer for assistance. If you need to use the computer in the meantime, simply remove the Security Card.
Technical Information 3. If necessary, remove any expansion cards that obscure the Security Card. 4. Move the Clear Security (CLR SEC) jumper on the Security Card to the “Clear” position (see diagram). 5. Replace the system unit cover and reconnect all power cords. 6. Insert a system diskette in Drive A and turn on the computer. 7. Type the Security Card’s SIN in the Security Failure dialog box and choose OK. Security Failure Enter SIN OK The LOC Technology Setup utility starts automatically.
Quick Guide to Security B QUICK GUIDE TO SECURITY SEC URITY This computer is protected by an internal security system. A user account has been set up so that you can use the computer, but you may be restricted to using it only at certain times or on certain days of the week – these are your logon periods. The person responsible for the security system is called the Master user. This may be the owner of the computer, or someone else who has been given the job of safeguarding its security.
Quick Guide to Security 1 LOGON Activate KeyLOC Card Now (Press ESC For User Logon) Security is active, logon required 1.5 METRES MAXIMIUM 2 USER LOGON User Name John Doe Password ******** Change password OK Enter your user name and password apricot F2 F1 Esc 2 Q A Caps Lock | \ Ctrl E D S X Z Alt 6 T F C H G V U B N 0 O M < , : ; > .
Quick Guide to Security Changing your password Depending on how security is configured, you may be able to change your password voluntarily when you logon. If you can change your password, you should do so regularly. To change your password: 1. After typing your user name and password in the User Logon dialog box, select the Change Password check box before choosing OK. The Change Password dialog box appears. (If it doesn’t, you are not allowed to change your password.
Quick Guide to Security Don’t choose a password that someone who knows you could guess. For example, avoid obvious choices such as your partner’s name or your car registration number. Use a mix of uppercase and lowercase letters, and numbers. Use made-up words that aren’t in the dictionary. Never write your password down or tell anyone (including the Master user) what it is.
Quick Guide to Security LOC Saver for Windows LOC Saver is an optional enhancement to the security system for use with the Windows for Workgroups operating system. When leaving the computer unattended for a time, you can click the button on your KeyLOC card to obscure the screen and lock the keyboard and mouse; Windows continues working “behind the scenes”. When you return, another click of the KeyLOC card’s button unlocks the computer. Ask the Master user if your computer has this feature.
APRICOT COMPUTERS LIMITED 3500 PARKSIDE BIRMINGHAM BUSINESS PARK BIRMINGHAM B37 7YS UNITED KINGDOM MITSUBISHI ELECTRIC APRICOT COMPUTERS LIMITED TRAVELLERS LANE HATFIELD HERTFORDSHIRE AL10 8XB UNITED KINGDOM MITSUBISHI ELECTRIC EUROPE GmbH GOTHAER STRASSE 8 POSTFACH 1548 40835 RATINGEN DEUTSCHLAND
