2.2.1 patch level 4 (2.21.018.4)
- - - - - - - - - - - - - - - - -

Installation

This distribution contains patch level 4 (previous levels included)
for 2.2.1. To install this patch, follow these steps:

1. Verify that 2.2.1 is already installed on the system.
2. Follow the instructions in README.TXT. README.TXT describes how to
   install a patch.
3. Read the specific installation notes in "Configuration". It
   describes how to configure the specific features included in this
   patch.


Corrected Problems

The following problems have been corrected:

o PPR #2130 (C9805885) - Patch installation did not work well with
  centralized software distribution systems. This has now been fixed,
  see "What's New in Patch #4" below.

o PPR #2111 (C9806152) - The endless loop that occurred when using a
  built User Account on a new PSD is solved. (NT only)

o PPR #2099 (C9717407, C9805128) - Problem with trusted domain logon
  is now fixed. (NT only)

o PPR #1798 - Wrong title in the shutdown/reboot dialog. It says
  "On Demand PSD Logon" instead of "Shutdown/reboot".

o PPR #1978 - Remote shutdown does not work when the user
  is logged off, at the logon dialog. (NT only)

o PPR #2023 - Wrong title in "Add Cert" window (the Configuration
  Utility). It says "Add Key" instead of "Add Cert".

o PPR #2025 - The Desktop configuration utility ABCONFIG.EXE causes
  a memory violation fault when removing the card from the reader.

o PPR #2068 - Entering more than 24 char in Account Settings'
  password field and try to logon hangs the system. (Win95 only)

o PPR #1780 - When the Screen saver was running and an application
  displayed a pop-up window, the Desktop unlock dialog was displayed
  in background of the pop-up window. (Win95 only)

o PPR #1794 - On Demand Logon did not work for ordinary users, due
  to access problem in the Registry database. (NT only)


What's New in Patch #4

There are five new features in this patch:

o Prefilled User Account Password
  The user's user account (UA) password , for instance the NT domain
  password, will automatically be prefilled upon password change.

o It is now possible to upgrade (patch) this product without
  deactivating any modules. It is also possible to run in a
  "silent" mode, see README.TXT.

o Synchronized Passwords (SP)
  Lets the user share a single password for the PSD and home user
  account (NT domain password).

o Novell NetWare SSO Support (NW) - Win95 only
  Supports Single Sign On (SSO) with Novell NetWare's IntranetWare
  Client (v2.2).

o Shared Account (SA)
  Users can login to the system under the same user account, with a
  shared common username and password.

These features are described further below.


Known issues

o The Toshiba FY1300 reader does not work on WIN95 OSR2.

  The reason is a bug in Microsoft PCMCIA Card and Socket services,
  introduced in Win95 OSR2.

  The recommended workaround from Microsoft is to switch back to
  the Card and Socket services delivered with Win95 OSR0.
  The following 2 files need to be replaced in the windows\system:
  - pccard.vxd
  - socketsv.vxd

  These two files in a Win95 OSR2 installation should be replaced
  with files from the Win95 OSR0 (original release).

o It has been reported that Novell's own 'Preferred Sever' may have
  been updated with the last NDS-tree used instead of being static.

o When changing "NDS Preferred Tree" this change will not be
  reflected in Novell's own clients (and vice verse).

o Enabling the 'prefilled old user account pwd' can cause an
  unauthorized user to change a logged on user's password if the
  desktop is not locked when left unattended.


Prefilled UA Password

When the user changes their user account (UA) password, the old and
the new password must be typed in. But when this feature is enabled,
the old UA password will automatically be filled in (prefilled).


Synchronized Passwords

The SP feature lets the user share a single password for both the PSD
logon and the home user account (UA) logon (for example the NT domain
password). The main features of SP are:

o A single shared password for PSD logon and UA logon. When a UA
  password is changed, the PSD password is synchronized to the same
  password.

o Simpler for the user. The user never has to remember more than one
  password.

o Enables usage of systems which require knowledge of the UA
  password -- as opposed to the automatic password change feature
  where the UA password is changed to a random value.

o The password policy is the UA password policy. When a password is
  changed and accepted by the UA policy, it will be automatically
  accepted as a PSD password. Even though the PSD password policy is
  configurable with SP enabled, it will be ignored.

o Changing the PSD password directly is prevented. It will only be
  changed indirectly through the synchronization feature when an UA
  password is changed.

o Slightly less secure than ordinary SSO, but more convenient.


Novell NetWare SSO Support

We now support NetWare SSO with Client for Novell NetWare
(IntranetWare 2.2). The main features are:

o Only for Windows 95

o It must be configured as a primary network provider in Windows 95.

o SSO logs on the user to NW with username, password and
  context. Those logon parameters are stored in the PSD.

o Explicit and forced password changes are handled appropriately, by
  synchronizing the parameters stored in the PSD.

o If a NW logon is performed via RAS or from the stand alone NW
  logon program, normal PSD logon and parameter retrieval are
  activated.

o Support for selecting Novell NDS-tree and preferred server.


Shared Account

The Shared Account feature enables new methods to take over or finish
an active but locked session. For example, an active session locks
when the smart card used for logon is removed from the reader.

When the desktop is locked and the current user is logged on in
SA mode (logged on to the shared account), another user is able to
unlock the desktop in one of several ways from the logout dialog box:

o Session Takeover (ST)
  A new user can take over the current user's session. ST will only
  activate the new PSD. Running applications will continue and network
  connections will be left untouched. This option is only present if
  the current user is logged on in SA mode and the new user has the SA
  logon privilege.

o Log Off Current User (LOCU)
  The new user must have the LOCU privilege in order to see this
  option.

o Instant Logoff/Logon (ILL)
  The different kinds of logon types (Admin, SA, etc.) is chosen in
  the drop-down list from the logout dialogbox. The new user must
  have the LOCU privilege in order to see this option.

If a new user has neither the LOCU privilege nor the SA
privilege, he or she can't unlock the desktop. The following error
message will then be displayed:
  "You are not allowed to unlock this workstation"

If the new user chooses to take over the session of the previous
user, problems could arise if the previous user used keys for file
encryption that the new user doesn't have.


Configuration

Please read the README.TXT for general information about how to
install a patch.

This section describes specific and configuration issues related to
the three new features: Prefilled UA Password, SP, NW and SP.


PREFILLED UA PASSWORD

Prefilled UA Password is configured through the registry. The
configuration utility doesn't provide any GUI based configuration.

1. Copy the lines from the template below and put them in a file
   named PAUPWD.REG. Copy the lines from REGEDIT4 to
   "EnablePrefilledPwd"=dword:00000001 below.

2. Choose Start->Run from the system menu. Type "regedit" and hit OK.

3. Choose Registry->Import Registry File. Select the file you created
   in step 1.


TEMPLATE FOR PREFILLED UA PASSWORD

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Dynasoft\Desktop\CurrentVersion\PC Protection\Logon Information]
"EnablePrefilledPwd"=dword:00000001


SYNCHRONZIED PASSWORDS

The example below shows how to enable SP for normal users and
administrators logged in as users.

1. Start the Configuration Utility (ABCONFIG.EXE)

2. Choose the "PC Protection" module

3. Click the "User Account" tab

4. Choose "User" from the "User Category" drop-down list

5. Check "Synchronized Password"

6. Choose "Admin" from the "User Category" the drop-down list

7. Check "Synchronized Password"


NOVELL NETWARE SSO SUPPORT (WINDOWS 95 ONLY)

Novell NetWare SSO is configured through the registry. The
configuration utility doesn't provide any GUI based configuration.

1. Copy the lines from the template below and put them in a file
   named NW.REG. Copy the lines from REGEDIT4 to
   "LoginExtType"=dword:00008001 below.

2. If the product isn't installed to the standard directory suggested
   by the installation program, change the line beginning with
   "LoginExtName" to the appropriate directory.

3. Choose Start->Run from the system menu. Type "regedit" and hit OK.

4. Choose Registry->Import Registry File. Select the file you created
   in step 1.


TEMPLATE FOR NW

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Dynasoft\Desktop\CurrentVersion\PC Protection\Logon Information]
"SysConfig"=dword:00000005

[HKEY_LOCAL_MACHINE\Network\Novell\System Config\Network Provider\Graphical Login\NWLGE\Abnwlg]
"LoginExtDesc"="SSM Desktop Login Extension"
"LoginExtName"="C:\\Program Files\\Sun\\SSM Desktop\\system\\abnwlg.dll"
"LoginExtType"=dword:00008001

[HKEY_LOCAL_MACHINE\SOFTWARE\Dynasoft\Desktop\CurrentVersion\PC Protection\Logon Information\Novell]
"NDS Tree"=""
"NDS Preferred Tree"=""


SHARED ACCOUNT

SA is configured through the registry. The configuration utility
doesn't provide any GUI based configuration.

1. Copy the lines from the template below and put them in a file
   named SA.REG. Copy the lines from REGEDIT4 to "Data"="user" below.

2. Change DOMAIN to your SA user's domain.

3. Change PASSWORD to your SA user's password.

4. Change USER to your SA user's user name.

5. Choose Start->Run from the system menu. Type "regedit" and hit OK.

6. Choose Registry->Import Registry File. Select the file you created
   in step 1.


TEMPLATE EXAMPLE FOR SA

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Dynasoft\Desktop\CurrentVersion\PC Protection\Logon Information\Admin]
"AllowSharedAccount"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Dynasoft\Desktop\CurrentVersion\PC Protection\Logon Information\Admin\Shared Account Mode]
[HKEY_LOCAL_MACHINE\SOFTWARE\Dynasoft\Desktop\CurrentVersion\PC Protection\Logon Information\Admin\Shared Account Mode\Domain]
"BuildString"=""
"AllowEdit"=dword:00000000
"Build"=dword:00000000
"StoredInRegistry"=dword:00000001
"Data"="DOMAIN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Dynasoft\Desktop\CurrentVersion\PC Protection\Logon Information\Admin\Shared Account Mode\Password]
"PwdMode"=dword:00000004
"Data"="PASSWORD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Dynasoft\Desktop\CurrentVersion\PC Protection\Logon Information\Admin\Shared Account Mode\User Name]
"BuildString"=""
"AllowEdit"=dword:00000000
"Build"=dword:00000000
"StoredInRegistry"=dword:00000001
"Data"="USER"
