Enhanced Password Protection Installation and Configuration Guide
Enhanced Password Protection Installation and Configuration Guide
Enhanced Password Protection Installation and Configuration Guide
- No tags were found...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
C•CURE ® 800/8000<br />
Version 9.4<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong><br />
<strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
REVISION I0<br />
70 Westview Street<br />
Lexington, MA 02421<br />
http://www.swhouse.com<br />
Fax: 781-466-9550 Phone: 781-466-6660
C•CURE ® <strong>and</strong> Software House ® are registered trademarks of Tyco International Ltd. <strong>and</strong> its<br />
Respective Companies.<br />
Certain Product names mentioned herein may be trade names <strong>and</strong>/or registered trademarks<br />
of other companies. Information about other products furnished by Software House is<br />
believed to be accurate. However, no responsibility is assumed by Software House for the use<br />
of these products, or for an infringement of rights of the other companies that may result from<br />
their use.<br />
C•CURE ® 800/8000 Version: 9.4<br />
Document Number: UM-118<br />
Revision: I0<br />
Release Date: August 2008<br />
This manual is proprietary information of Software House. Unauthorized reproduction of any<br />
portion of this manual is prohibited. The material in this manual is for information purposes<br />
only. It is subject to change without notice. Software House assumes no responsibility for<br />
incorrect information this manual may contain.<br />
© Copyright © 2008 Tyco International Ltd. <strong>and</strong> its Respective Companies.<br />
All Rights Reserved
Table of Contents<br />
Preface<br />
How to Use this Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi<br />
Finding More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii<br />
Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .ix<br />
Chapter 1<br />
Chapter 2<br />
Chapter 3<br />
Chapter 4<br />
C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong><br />
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2<br />
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3<br />
Creating Users <strong>and</strong> User Groups in a Domain<br />
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2<br />
Creating User Groups on a Windows 2003<br />
Domain Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3<br />
Creating a Manager User Account on a<br />
Windows 2003 Domain Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8<br />
Adding the Manager Account to the CCURE Group . . . . . . . . . . . . . . . . . . . . . . 2-11<br />
Installing C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong><br />
Using the C•CURE 800/8000 DVD. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2<br />
Installing C•CURE <strong>Enhanced</strong> <strong>Password</strong><br />
<strong>Protection</strong> Over the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3<br />
Running the <strong>Installation</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4<br />
Novell Setup for C•CURE 800/8000 Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8<br />
Performing Post-installation Tasks<br />
Setting File <strong>and</strong> Directory Privileges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
iii
Table of Contents<br />
Setting File <strong>and</strong> Directory Privileges In Windows 2003 or XP . . . . . . . . . . . . . . . . . . . 4-2<br />
Adding additional users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6<br />
<strong>Password</strong> Policy Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-7<br />
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7<br />
Managing <strong>Password</strong> Policy Locally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8<br />
C•CURE Idle Time-out. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-9<br />
User Account Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-12<br />
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12<br />
Deleting a C•CURE User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12<br />
Disabling <strong>and</strong> Enabling an Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14<br />
Modifying a <strong>Password</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15<br />
Chapter 5<br />
Uninstalling<br />
C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong><br />
Uninstalling The Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-2<br />
Index<br />
iv<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Preface<br />
The C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
is for users who choose to use the C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong><br />
feature. The manual describes the feature <strong>and</strong> presents procedures for<br />
installing <strong>and</strong> configuring it.<br />
This manual assumes that the C•CURE 800/8000 system has been installed.<br />
In this preface<br />
How to Use this Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi<br />
Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .ix<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
v
Preface<br />
How to Use this Manual<br />
This manual includes the following sections. Turn to the appropriate section<br />
for the information you need.<br />
Chapter 1, “C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong>”<br />
This chapter describes the C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> feature<br />
<strong>and</strong> its concepts.<br />
Chapter 2, “Creating Users <strong>and</strong> User Groups in a Domain”<br />
This chapter describes the pre-installation tasks for computers in a domain.<br />
Chapter 3, “Installing C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong>”<br />
This chapter describes the installation procedures <strong>and</strong> setup with Novell<br />
software.<br />
Chapter 4, “Performing Post-installation Tasks”<br />
This chapter describes the tasks you have to perform after you install<br />
C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong>.<br />
Chapter 5, “Uninstalling C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong>”<br />
This chapter describes the uninstall procedures.<br />
vi<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Preface<br />
Finding More Information<br />
In addition to this manual, you may find the following manuals useful.<br />
Software House Hardware Manuals<br />
The following Software House manuals are available with the products, <strong>and</strong><br />
online at the Software House website.<br />
• iSTAR Pro <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
• iSTAR Pro Quick Start <strong>Guide</strong><br />
• iSTAR eX <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
• apC/8X <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
• apC/L <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
Software House Software Manuals<br />
The following Software House manuals are available with the products, <strong>and</strong><br />
online at the Software House website.<br />
• C•CURE 800/8000 <strong>Installation</strong> <strong>Guide</strong><br />
• C•CURE 800/8000 Getting Started <strong>Guide</strong><br />
• C•CURE 800/8000 Hardware <strong>Configuration</strong> <strong>Guide</strong><br />
• C•CURE 800/8000 Third Party Hardware & Services <strong>Guide</strong><br />
• C•CURE 800/8000 Personnel <strong>Configuration</strong> <strong>Guide</strong><br />
• C•CURE 800/8000 Software <strong>Configuration</strong> <strong>Guide</strong><br />
• C•CURE 800/8000 Video <strong>Guide</strong><br />
• C•CURE 800/8000 Reports <strong>Guide</strong><br />
• C•CURE 800/8000 System Maintenance <strong>Guide</strong><br />
• C•CURE 800/8000 Monitoring Station <strong>Guide</strong><br />
• C•CURE ID User’s <strong>Guide</strong><br />
• C•CURE 800/8000 Advanced User’s <strong>Guide</strong><br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
vii
Preface<br />
• C•CURE 800/8000 ODBC <strong>Configuration</strong> <strong>Guide</strong><br />
You can also access the guides that are online from the C•CURE 800/8000<br />
Help menu. You need to install the Adobe Acrobat reader <strong>and</strong> copy the<br />
appropriate PDF files from the C•CURE 800/8000 Supplemental DVD. See<br />
the C•CURE 800/8000 <strong>Installation</strong> <strong>Guide</strong> for more information.<br />
You can access C•CURE 800/8000 Help by pressing F1 or clicking Help from<br />
the menu bar in the Administration/Monitoring Station applications.<br />
You can get help for the Windows products by selecting Help from the<br />
specific Windows Start menu or by going to the Microsoft web site at<br />
www.microsoft.com.<br />
viii<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Preface<br />
Conventions<br />
This manual uses the following text formats <strong>and</strong> symbols.<br />
Convention<br />
Bold<br />
Regular italic font<br />
<br />
Meaning<br />
This font indicates screen elements, <strong>and</strong> also indicates when you<br />
should take a direct action in a procedure.<br />
Bold font describes one of the following items:<br />
• A comm<strong>and</strong> or character to type, or<br />
• A button or option on the screen to press, or<br />
• A key on your keyboard to press<br />
• A screen element or name<br />
Indicates a new term.<br />
Indicates a variable.<br />
The following items are used to indicate important information.<br />
NOTE<br />
Indicates a note. Notes call attention to any item of information that may<br />
be of special importance.<br />
TIP<br />
Indicates an alternate method of performing a task.<br />
Indicates a caution. A caution contains information essential to avoid<br />
damage to the system. A caution can pertain to hardware or software.<br />
Indicates a warning. A warning contains information that advises users<br />
that failure to avoid a specific action could result in physical harm to the<br />
user or to the hardware.<br />
Indicates a danger. A danger contains information that users must know<br />
to avoid death or serious injury.<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
ix
Preface<br />
x<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
1<br />
C•CURE <strong>Enhanced</strong><br />
<strong>Password</strong> <strong>Protection</strong><br />
This chapter provides a conceptual overview of the C•CURE <strong>Enhanced</strong><br />
<strong>Password</strong> <strong>Protection</strong> features.<br />
In this chapter<br />
Introduction ...................................................................................................................... 1-2<br />
Overview ........................................................................................................................... 1-3<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 1–1
Introduction<br />
Introduction<br />
C•CURE 800/8000 has an <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> feature that<br />
increases the overall security of the C•CURE 800/8000 applications. C•CURE<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> provides the ability to Validate C•CURE 800/<br />
8000 users <strong>and</strong> allow access only to valid users.<br />
Without the use of <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong>, C•CURE 800/8000<br />
applications use traditional authentication. These applications present a login<br />
screen upon startup. This allows you to create a single, st<strong>and</strong>ard username<br />
<strong>and</strong> password that all C•CURE 800/8000 users can use as their validation into<br />
C•CURE 800/8000 applications.<br />
C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> solves both the security <strong>and</strong><br />
multiple log in issues by requiring that each user be uniquely identified<br />
within the operating system. When a defined user logs into the computer, the<br />
user’s local workstation username is then applied by the C•CURE 800/8000<br />
system to validate <strong>and</strong> assign privileges to the user within the<br />
C•CURE 800/8000 system. Using the operating system for account<br />
management provides additional features such as password ageing, account<br />
lockout <strong>and</strong> complexity rules.<br />
The C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> feature moves the<br />
authentication process from C•CURE 800/8000 to the operating system <strong>and</strong><br />
also provides tools for locking or terminating C•CURE 800/8000 when a<br />
station is left unattended.<br />
When the C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> feature is used in<br />
conjunction with the policy management system provided by the operating<br />
system, administrators can create highly secure systems that do the following:<br />
• Meet the dem<strong>and</strong>s of most applications requiring extensive security.<br />
• Comply with organizational st<strong>and</strong>ards for computer security.<br />
NOTE<br />
This document assumes that the reader is familiar with the concepts of<br />
Windows administration, policy administration, <strong>and</strong> domains. Lack of<br />
knowledge in these areas could make the system insecure or at the very<br />
least limit the usefulness of the C•CURE 800/8000 changes.<br />
1–2 <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Overview<br />
Overview<br />
C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> is a separate installation process that<br />
upgrades the existing C•CURE 800/8000 system installation. This allows a<br />
base system to be installed <strong>and</strong> tested before applying enhanced security<br />
features.<br />
C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> provides the ability to do both of the<br />
following:<br />
• Validate C•CURE users <strong>and</strong> allow access to valid users only.<br />
• Secure unused or idle workstations.<br />
Previously, C•CURE 800/8000 applications used only traditional<br />
authentication, presenting a login screen at startup. The traditional method<br />
allows you to create a single, st<strong>and</strong>ard username <strong>and</strong> password that all<br />
C•CURE 800/8000 users can use as their validation for C•CURE 800/8000<br />
applications. This approach, however, is not practical in organizations<br />
requiring greater security because users must log in twice to use C•CURE<br />
800/8000:<br />
• Once—through the Windows logon method.<br />
• For a second time—into the C•CURE application.<br />
C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> solves both the security <strong>and</strong><br />
multiple login issues by requiring each user to be uniquely identified within<br />
the operating system. When a defined user logs onto the computer, the<br />
C•CURE system then applies the user’s Windows username to validate the<br />
user within C•CURE 800/8000 <strong>and</strong> assign privileges to that user.<br />
Using the operating system for account management also provides additional<br />
features such as password aging, account lockout, <strong>and</strong> complexity rules.<br />
Once C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> is implemented, the C•CURE<br />
800/8000 applications no longer present the login screen at startup. C•CURE<br />
800/8000 applications open only when a defined C•CURE 800/8000 user logs<br />
onto the computer with C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong>. It is,<br />
therefore, essential that all users who require access to C•CURE 800/8000<br />
have a Windows user account matching their C•CURE 800/8000 user<br />
account.<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 1–3
Overview<br />
C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> can be set up only for computers in<br />
a domain, as documented in Chapter 2, “Creating Users <strong>and</strong> User Groups in a<br />
Domain”. When C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> is implemented for<br />
domain computers, the following two scenarios are possible, the first is the<br />
usual one <strong>and</strong> the second is an exceptional case:<br />
• All computers are in the domain—users on any computer in the domain,<br />
once logged onto the computer, do not see the login screen when they<br />
open the C•CURE 800/8000 Monitoring Station or Administration<br />
application.<br />
• A computer not in the domain connects to the network—the user tries to<br />
open the C•CURE 800/8000 Monitoring Station or Administration<br />
application <strong>and</strong> is denied access. The system displays a message such as<br />
that shown in Figure 1-1 on page 1-4.<br />
Figure 1-1: User Authorization Failure Message<br />
To secure the system even further, you can use the tools provided to lock idle<br />
workstations—locking the screen while maintaining running applications in<br />
the background.<br />
This feature is similar to the screen saver mechanism built into the operating<br />
system, except for the additional options <strong>and</strong> settings provided by C•CURE<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> that cannot be overridden by a user without<br />
administrative privileges.<br />
1–4 <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
2<br />
Creating Users <strong>and</strong><br />
User Groups in a<br />
Domain<br />
This chapter describes pre-installation tasks for installing C•CURE <strong>Enhanced</strong><br />
<strong>Password</strong> <strong>Protection</strong> in a domain.<br />
In this chapter<br />
Introduction ...................................................................................................................... 2-2<br />
Creating User Groups on a Windows 2003 Domain Controller ............................... 2-3<br />
Creating a Manager User Account on a Windows 2003 Domain Controller.......... 2-8<br />
Adding the Manager Account to the CCURE Group ............................................... 2-11<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 2–1
Introduction<br />
Introduction<br />
To create new user groups <strong>and</strong> user accounts for installing C•CURE<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> in a Domain, you must log into the Windows<br />
2003 domain on the domain controller computer, using the Windows<br />
administration account.<br />
You must perform these procedures on the domain controller.<br />
2–2 <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Creating User Groups on a Windows 2003 Domain Controller<br />
Creating User Groups on a Windows 2003<br />
Domain Controller<br />
To Create a User Group<br />
1. Click Start <strong>and</strong> select Settings>Control Panel. The Control Panel opens<br />
(see Figure 2-1).<br />
Figure 2-1: Windows Control Panel<br />
2. Double-click Administrative Tools. The Administrative Tools dialog<br />
box opens, giving you access to the local configuration tools (see<br />
Figure 2-2 on page 2-4).<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 2–3
Creating User Groups on a Windows 2003 Domain Controller<br />
Figure 2-2: Administrative Tools Dialog Box<br />
3. Double-click Active Directory Users <strong>and</strong> Computers. The Active<br />
Directory Users <strong>and</strong> Computers dialog box opens (see Figure 2-3).<br />
4. Select Users in the tree-view on the left.<br />
Figure 2-3: Active Directory Users <strong>and</strong> Computers Dialog Box<br />
2–4 <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Creating User Groups on a Windows 2003 Domain Controller<br />
5. Right-click Users (on the left) <strong>and</strong> select New>Group from the shortcut<br />
menu. The New Object - Group dialog box opens, for you to specify the<br />
group details (see Figure 2-4).<br />
Figure 2-4: New Object - Group Dialog Box<br />
6. Type CCURE in the Group Name box. The Group name (pre-Windows<br />
2003) box automatically fills with the name of the group you enter.<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 2–5
Creating User Groups on a Windows 2003 Domain Controller<br />
7. Click OK. The group is now created. The Active Directory Users <strong>and</strong><br />
Computers dialog box reopens, with the new CCURE user group entered<br />
in the list in the right-h<strong>and</strong> pane, as shown in Figure 2-5 on page 2-6.<br />
Figure 2-5: Active Directory Users <strong>and</strong> Computers Dialog Box with CCURE User Group<br />
8. Right-click the CCURE group <strong>and</strong> select Properties from the shortcut<br />
menu. The Properties dialog box opens (see Figure 2-6).<br />
2–6 <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Creating User Groups on a Windows 2003 Domain Controller<br />
Figure 2-6: Properties Dialog Box<br />
9. Type a descriptive message in the Description box.<br />
10. Click OK.<br />
After you create the C•CURE user group, create the manager user account.<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 2–7
Creating a Manager User Account on a Windows 2003 Domain Controller<br />
Creating a Manager User Account on a<br />
Windows 2003 Domain Controller<br />
Traditionally C•CURE has a built-in account called manager, which is used to<br />
define all users in the C•CURE system. To access this account in the C•CURE<br />
system, you must have a matching Windows manager user account of the<br />
same name.<br />
The following instructions show you how to create the manager account. You<br />
can use the same procedure to create other user accounts as well.<br />
NOTE<br />
Software House recommends that you create the manager account before<br />
creating all other C•CURE user accounts.<br />
To Create a Manager Account<br />
1. Once you have created the CCURE group, reopen the Active Directory<br />
Users <strong>and</strong> Computers dialog box <strong>and</strong> select Users in the tree-view on the<br />
left (see Figure 2-7).<br />
Figure 2-7: Active Directory Users <strong>and</strong> Computers Dialog Box<br />
2–8 <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Creating a Manager User Account on a Windows 2003 Domain Controller<br />
2. Right-click Users (on the left) <strong>and</strong> select New>User from the shortcut<br />
menu. The New Object - New User dialog box opens (see Figure 2-8).<br />
Figure 2-8: New Object - User Dialog Box<br />
3. Type manager in the User Logon name box.<br />
NOTE<br />
The username manager is case sensitive. Type it in lower case.<br />
4. Type the user’s first <strong>and</strong> last name in the appropriate boxes.<br />
5. Click Next. The password dialog box opens (see Figure 2-9).<br />
Figure 2-9: New Object - Users Dialog Box with the <strong>Password</strong> Information<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 2–9
Creating a Manager User Account on a Windows 2003 Domain Controller<br />
6. Type a password in the <strong>Password</strong> box <strong>and</strong> retype it in the Confirm<br />
password box.<br />
7. Ensure that all other options are cleared.<br />
8. Click Next.<br />
9. Click Finish.<br />
Once you have created both the user group <strong>and</strong> manager user account, you<br />
add the manager account to the user group.<br />
2–10 <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Adding the Manager Account to the CCURE Group<br />
Adding the Manager Account to the CCURE Group<br />
The following procedure shows you how to add the manager user account<br />
you created in the preceding section to the C•CURE Group created in the first<br />
section (“Creating User Groups on a Windows 2003 Domain Controller” on<br />
page 2-3).<br />
You can also use these procedures to add other users to the C•CURE Group.<br />
To Add the Manager Account to the CCURE User Group<br />
1. In the Active Directory Users <strong>and</strong> Computers dialog box, select Users in<br />
the tree-view on the left (see Figure 2-10).<br />
Figure 2-10: Active Directory Users <strong>and</strong> Computers Dialog Box<br />
2. Right-click the newly created manager account <strong>and</strong> select Properties from<br />
the shortcut menu. The Properties dialog box opens.<br />
3. Click the Member of tab (see Figure 2-11 on page 2-12).<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 2–11
Adding the Manager Account to the CCURE Group<br />
Figure 2-11: Properties Dialog Box (Member Of Tab)<br />
4. Click Add; the Select Groups dialog box opens.<br />
5. Select the C•CURE group you created earlier (searching for it, if<br />
necessary) <strong>and</strong> click OK.<br />
The Member of list updates with the C•CURE group that you have<br />
selected.<br />
You have created a new manager account <strong>and</strong> made it a member of the<br />
C•CURE group. You can now use the same basic procedures to add more<br />
C•CURE users. See:<br />
• Creating a user account on page 2-8.<br />
• Adding the user to the C•CURE group on page 2-11.<br />
Once you have created all of the user accounts needed <strong>and</strong> added them to the<br />
C•CURE group, continue the installation process, as documented in<br />
Chapter 3, “Installing C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong>”.<br />
2–12 <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
3<br />
Installing C•CURE<br />
<strong>Enhanced</strong> <strong>Password</strong><br />
<strong>Protection</strong><br />
This chapter describes <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> installation<br />
procedures.<br />
In this chapter<br />
Using the C•CURE 800/8000 DVD............................................................................... 3-2<br />
Installing C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> Over the Network ................. 3-3<br />
Running the <strong>Installation</strong>.................................................................................................. 3-4<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 3–1
Using the C•CURE 800/8000 DVD<br />
Using the C•CURE 800/8000 DVD<br />
The C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> software is located on the<br />
C•CURE 800/8000 DVD. The directory location is:<br />
D:\Installs\<strong>Password</strong><strong>Protection</strong>\setup.exe<br />
(where D: denotes your DVD drive).<br />
To Install the Software from the C•CURE 800/8000 DVD<br />
1. Log onto the computer with the appropriate privileges. For information<br />
on system privileges, see the C•CURE 800/8000 <strong>Installation</strong> <strong>Guide</strong>.<br />
2. Insert the C•CURE 800/8000 DVD in the computer’s DVD drive.<br />
NOTE<br />
If you are using a shared DVD drive on another machine, you can install<br />
C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> over the network. See “Installing<br />
C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> Over the Network” on page 3-3.<br />
3–2 <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Installing C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> Over the Network<br />
Installing C•CURE <strong>Enhanced</strong> <strong>Password</strong><br />
<strong>Protection</strong> Over the Network<br />
To Install <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> over the Network<br />
1. Insert the C•CURE 800/8000 DVD into the DVD drive.<br />
2. On another computer, connect to the DVD drive over the network.<br />
For information about sharing DVD drives, refer to your Microsoft<br />
documentation or see your system administrator.<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 3–3
Running the <strong>Installation</strong><br />
Running the <strong>Installation</strong><br />
Running the C•CURE 800/8000 <strong>Installation</strong> Program<br />
1. From Windows Explorer, navigate to:<br />
:\Installs\<strong>Password</strong><strong>Protection</strong>\setup.exe<br />
2. Double-click setup.exe. The installation shield starts up <strong>and</strong> a Message<br />
box appears, as shown in Figure 3-1 on page 3-4.<br />
Figure 3-1: <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> Message<br />
3. Click OK. A Question dialog box appears, as shown in Figure 3-2 on<br />
page 3-4.<br />
Figure 3-2: <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> Question<br />
4. Click OK. A Question Warning dialog box appears, as shown in<br />
Figure 3-3 on page 3-5.<br />
3–4 <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Running the <strong>Installation</strong><br />
Figure 3-3: <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> Warning<br />
Be sure that you read <strong>and</strong> underst<strong>and</strong> the information in this warning<br />
before you click Yes to continue the install process. Also, be sure that you<br />
have a license for <strong>Password</strong> <strong>Protection</strong> before you install the software.<br />
Contact your dealer if you have any questions.<br />
5. Click Yes to continue the installation process. The Welcome window<br />
opens, as shown in Figure 3-4 on page 3-5.<br />
Figure 3-4: Welcome WIndow<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 3–5
Running the <strong>Installation</strong><br />
6. Click Next. The Information Window opens as shown in Figure 3-5 on<br />
page 3-6, with details about the product release version.<br />
Figure 3-5: Information Window<br />
7. Click Next. The C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> files are now<br />
copied to the computer’s hard drive.<br />
The C•CURE <strong>Password</strong> <strong>Protection</strong> Install Completed Window opens as<br />
shown in Figure 3-6 on page 3-7.<br />
3–6 <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Running the <strong>Installation</strong><br />
Figure 3-6: C•CURE <strong>Password</strong> <strong>Protection</strong> Install Completed Window<br />
8. Select Yes to restart now.<br />
NOTE<br />
You must restart the computer to complete the installation.<br />
9. Click Finish.<br />
10. Restart your computer.<br />
After the computer restarts, complete the post-installation tasks documented<br />
in Chapter 4, “Performing Post-installation Tasks”.<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 3–7
Novell Setup for C•CURE 800/8000 Client<br />
Novell Setup for C•CURE 800/8000 Client<br />
Novell ® is a provider of Net services software that secures <strong>and</strong> powers all<br />
types of networks: intranets, the Internet, <strong>and</strong> extranets, across various<br />
operating systems.<br />
The major feature of Novell's NetWare 5.1 ® operating system, is the Novell<br />
Directory Services (NDS). NDS is a centralized, hierarchical, relational<br />
database of all network resources, including e-mail resources <strong>and</strong> Windows<br />
resources <strong>and</strong> domains. NDS, along with numerous product features (for<br />
example, Novell Distributed Print Services <strong>and</strong> ZENWorks), distinguish the<br />
NetWare 5.1 operating system as a system that can be utilized in all-sized<br />
networks <strong>and</strong> in most environments.<br />
The following steps provide the method to integrate C•CURE 800/8000<br />
Client Software Version 9.1.0 <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> with Novell Net<br />
services software.<br />
To Set Up Novell for Use with C•CURE 800/8000 Client<br />
1. On a PC with Novell Netware Client Software installed <strong>and</strong> configured,<br />
verify connection to your organization’s network resources.<br />
2. Perform a clean installation of C•CURE 800/8000 Client Software Version<br />
9.1.0 <strong>and</strong> use the restart option. See the C•CURE 800/8000 <strong>Installation</strong><br />
<strong>Guide</strong> for more information.<br />
3. Create a Local User group in Windows called C•CURE 800 <strong>and</strong> assign<br />
this group to the security NTFS permissions to the CCure800,<br />
CCure800DLC folders<br />
4. Create individual users in Windows <strong>and</strong> assign them to the C•CURE 800<br />
group. You can also automate this with using the “Dynamic Local User”<br />
option with Novell.<br />
5. Ensure that the same usernames that are in Windows are also setup as<br />
users in C•CURE 800/8000.<br />
6. Install C•CURE 800/8000 <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong>. Follow the<br />
default instructions for the installation. See “Installing C•CURE<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> Over the Network” on page 3-3.<br />
3–8 <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Novell Setup for C•CURE 800/8000 Client<br />
7. The installation will detect that Novell is installed <strong>and</strong> on the client <strong>and</strong><br />
install the proper CCUREXPGina.dll, CCGKMT.exe, CCEPPCPL.cpl, <strong>and</strong><br />
Native.exe files in to the Windows\System32 folder.<br />
8. Restart your client machine <strong>and</strong> log into your Novell client. Verify<br />
connection to your organization’s network resources.<br />
9. Launch the C•CURE 800/8000 Administration Client. The application<br />
will open without displaying a login prompt.<br />
10. Launch the C•CURE 800/8000 Monitoring Client. The application should<br />
also open without displaying a login prompt.<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 3–9
Novell Setup for C•CURE 800/8000 Client<br />
3–10 <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
4<br />
Performing Postinstallation<br />
Tasks<br />
This chapter describes the tasks that you must complete after you install<br />
C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong>.<br />
You must complete all the tasks in this chapter to run C•CURE <strong>Enhanced</strong><br />
<strong>Password</strong> <strong>Protection</strong> correctly.<br />
In this chapter<br />
Setting File <strong>and</strong> Directory Privileges............................................................................. 4-2<br />
<strong>Password</strong> Policy Management....................................................................................... 4-7<br />
C•CURE Idle Time-out ................................................................................................... 4-9<br />
User Account Management .......................................................................................... 4-12<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–1
Setting File <strong>and</strong> Directory Privileges<br />
Setting File <strong>and</strong> Directory Privileges<br />
Software House recommends that you change the operating system access<br />
rights of all C•CURE files to limit them to members of the Windows CCURE<br />
group. You must do this to provide additional security <strong>and</strong> ensure that only<br />
authorized personnel have access to C•CURE applications.<br />
The operating system limits file <strong>and</strong> directory privileges to NTFS file<br />
systems only. Files located on FAT file system cannot be protected in this<br />
way.<br />
Setting File <strong>and</strong> Directory Privileges In Windows 2003 or XP<br />
The following procedure is for setting file <strong>and</strong> directory privileges on a<br />
Windows 2003 or XP st<strong>and</strong>alone computer.<br />
To Set Up File <strong>and</strong> Directory Privileges<br />
1. From Windows Explorer, as shown in Figure 4-1 on page 4-3, select all the<br />
CCURE installation directories: CCURE800, CCURE800DLC, <strong>and</strong><br />
ENREPORTS.<br />
a. Select the drive on which the C•CURE directories reside (the default is<br />
C:\).<br />
b. Select the C•CURE directories from the right-h<strong>and</strong> pane while holding<br />
down the CTRL key.<br />
4–2 <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Setting File <strong>and</strong> Directory Privileges<br />
Figure 4-1: Selecting CCURE Directories<br />
2. Right-click the installation directories <strong>and</strong> select Properties from the<br />
shortcut menu. The Properties dialog box opens, as shown in Figure 4-2<br />
on page 4-3.<br />
3. Click the Security tab.<br />
Figure 4-2: Properties Dialog Box<br />
4. Click Add. The Select Users or Groups dialog box opens, as shown in<br />
Figure 4-3 on page 4-4.<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–3
Setting File <strong>and</strong> Directory Privileges<br />
Figure 4-3: Select Users or Groups Dialog Box<br />
5. Type CCURE in the Enter the object names to select box.<br />
6. Click Check Names. The name appears correctly formatted.<br />
7. Click OK to return to the Properties dialog box.<br />
8. Click Advanced. The Advanced Security Settings dialog box opens, as<br />
shown in Figure 4-4 on page 4-4.<br />
Figure 4-4: Advance Security Settings for Dialog Box<br />
9. Clear the Inherit from parent the permissions... option. The Security<br />
confirmation box opens, as shown in Figure 4-5 on page 4-5.<br />
4–4 <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Setting File <strong>and</strong> Directory Privileges<br />
Figure 4-5: Security Confirmation Box<br />
10. Click Copy.<br />
11. Select the Replace permission entries on all... option on the Advanced<br />
Security Settings dialog box.<br />
12. Click OK. The Properties dialog box reappears, displaying the CCURE<br />
group, as shown in Figure 4-6 on page 4-5.<br />
Figure 4-6: Properties Dialog Box<br />
13. Select the CCURE group <strong>and</strong> ensure that the Full Control option is<br />
selected in the Permissions for CCURE list.<br />
14. Repeat the process to add other accounts, as required.<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–5
Setting File <strong>and</strong> Directory Privileges<br />
15. Remove any groups that you do not want to have access to the C•CURE<br />
files:<br />
a. Selecting the group in the Group or user names list.<br />
b. Click Remove.<br />
16. Click OK.<br />
Adding additional users<br />
You can add additional CCURE users to the Windows user group. See<br />
“Adding the Manager Account to the CCURE Group” on page 2-11.<br />
4–6 <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>Password</strong> Policy Management<br />
<strong>Password</strong> Policy Management<br />
Overview<br />
A system administrator can enforce the following rules on user passwords<br />
using the Windows policy management system for a domain:<br />
• A minimum password length – requires passwords to contain at least a<br />
certain number of characters (0 to 14 characters)<br />
• <strong>Password</strong> complexity – enforces simple rules on the password, such as<br />
the following:<br />
• Cannot contain all or part of the user's account name<br />
• Must be at least six characters in length<br />
• Must contain characters from three of the following four categories:<br />
– English uppercase characters (A through Z)<br />
– English lowercase characters (a through z)<br />
– Base 10 digits (0 through 9)<br />
– No alphanumeric characters (e.g.,!, $, #,%)<br />
• Maximum password age – forces users to change their passwords<br />
regularly. You can define a maximum expiration date between 0 to 999<br />
days.<br />
• <strong>Password</strong> history – stops the reuse of a defined number of old passwords.<br />
You can set the number between 0 to 24 passwords.<br />
• Minimum password age – stops users from changing their password<br />
before the defined expiration occurs. You can define a minimum<br />
expiration date between 0 to 999 days.<br />
You can also set Local Security Policy from the Administrative Tools dialog<br />
box as documented in the following section.<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–7
<strong>Password</strong> Policy Management<br />
Managing <strong>Password</strong> Policy Locally<br />
To manage password policy for Windows 2003 <strong>and</strong> XP<br />
1. Click Start <strong>and</strong> select Settings>Control Panel. The Control Panel Opens.<br />
2. Double-click Administrative Tools. The Administrative Tools dialog<br />
box opens.<br />
3. Double-click Local Security Policy. The Local Security Settings dialog<br />
box opens, as shown in Figure 4-7 on page 4-8.<br />
4. Select Account policies <strong>and</strong> then password policy in the tree-view pane<br />
on the left.<br />
Figure 4-7: Windows Local Security Settings Dialog Box<br />
5. Make changes to the settings in the Policy pane on the right, as required.<br />
4–8 <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
C•CURE Idle Time-out<br />
C•CURE Idle Time-out<br />
You can use a control panel utility to set time-outs <strong>and</strong> exclusions on the<br />
C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> Settings dialog box.<br />
By default, C•CURE systems display a warning message if the computer is<br />
left idle for a specified period of time. If the user does not acknowledge the<br />
warning in the time specified, the computer is locked. The user last using the<br />
computer must unlock it. Only then can C•CURE 800/8000 applications be<br />
accessed again.<br />
To Use the CCure EPP Settings Utility<br />
1. Click Start <strong>and</strong> select Settings>Control Panel. The Control Panel opens.<br />
2. Double-click CCURE Settings. The C•CURE <strong>Enhanced</strong> <strong>Password</strong><br />
<strong>Protection</strong> Settings dialog box opens, as shown in Figure 4-8 on page 4-9.<br />
Figure 4-8: CCURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> Settings Dialog Box<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–9
C•CURE Idle Time-out<br />
3. Confirm or change the Timeout Warning or Inactivity Lock Out or<br />
Logoff settings <strong>and</strong> enter exclusions according to the information given in<br />
Table 4-1 on page 4-10.<br />
4. Click OK.<br />
Changes made to the settings apply to all computer users, not just<br />
C•CURE users.<br />
Configuring the system to log users out can cause data loss if open<br />
applications are unable to save the current state prior to the logout.<br />
Therefore, before you enable this option, consider the consequences<br />
carefully, especially to non-C•CURE users <strong>and</strong> applications.<br />
You are also able to exclude specific applications from the lockout setting.<br />
Table 4-1: CCURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> Settings Dialog Box<br />
Field/Button<br />
Description<br />
General Box<br />
Timeout Warning<br />
Inactivity Lock Out or Logoff<br />
Timeout warning is the length of time in seconds before<br />
the inactivity warning appears on the computer screen<br />
informing users they are about to be logged off or locked<br />
out. If the user responds to the warning message, the timeout<br />
counters in C•CURE are reset <strong>and</strong> the time-out process<br />
restarts. Any keyboard or mouse activity also causes the<br />
time-out counters to reset. When there is normal computer<br />
activity, the warning message does not display. If you use<br />
the parameters shown in Figure 4-8 on page 4-9, the<br />
timeout message is displayed after ten minutes of inactivity.<br />
The Inactivity Lock Out or Logoff time is also specified in<br />
seconds <strong>and</strong> runs in parallel with the Timeout warning. If<br />
this time is exceeded, the user is logged off or locked out. In<br />
the example in Figure 4-8 on page 4-9 the computer is<br />
locked after 20 minutes of inactivity or 10 minutes after the<br />
warning.<br />
4–10 <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
C•CURE Idle Time-out<br />
Table 4-1: CCURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> Settings Dialog Box, continued<br />
Field/Button<br />
Idle Timeout Selection<br />
Description<br />
Select this option to specify if the computer should be<br />
locked or logged out when the inactivity timeout is reached.<br />
By default this box is selected when the system locks the<br />
screen, keyboard, <strong>and</strong> mouse. All current applications <strong>and</strong><br />
tasks continue running in the background, but are not visible<br />
until the machine is unlocked. Only the current user or an<br />
administrator can unlock the computer by entering his or her<br />
username <strong>and</strong> password.<br />
Clearing this option causes all user applications to be<br />
terminated <strong>and</strong> the current user to be logged out. Any user<br />
can then log into the computer normally. (See the caution<br />
below.)<br />
NOTE: Terminating applications in this manner may lead to<br />
data loss if the users do not save their work when<br />
the timeout period occurs. See the section exclusion<br />
lists below.<br />
Exclusions Box<br />
Exclusions 1 - 6<br />
Under certain circumstances you might want to disable the<br />
inactivity timeout period if certain applications are running<br />
on the system. You can exclude applications by entering the<br />
program process name in the Exclusion list.<br />
Example:<br />
The Exclusion list should contain winword.exe if the<br />
inactivity timer should not timeout while Word for<br />
Windows is running.<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–11
User Account Management<br />
User Account Management<br />
Overview<br />
Full utilization of the security features of C•CURE <strong>Enhanced</strong> <strong>Password</strong><br />
<strong>Protection</strong> requires a two-stage process for creating C•CURE 800/8000 user<br />
accounts.<br />
1. Unique definition of each of the users of the operating system within<br />
Windows.<br />
2. Assignment within C•CURE 800 itself of the access rights associated with<br />
each of those users.<br />
You can create the Windows accounts on either of the following:<br />
• The local computer.<br />
• The network domain controller computer.<br />
Domain controllers provide the means to centrally manage one or more<br />
machines within a domain. (Configuring <strong>and</strong> managing domain<br />
controllers is outside the scope of this document. If you need more<br />
information on this topic, contact the relevant network manager or person<br />
responsible for domains at your site.)<br />
For more information about creating Windows accounts, see Chapter 2,<br />
“Creating Users <strong>and</strong> User Groups in a Domain”.<br />
Deleting a C•CURE User Account<br />
You must complete the following two steps to delete a user account.<br />
1. Remove the user from the list of C•CURE 800/8000 users within the<br />
C•CURE 800 system.<br />
A C•CURE 800/8000 administrator can use the Personnel tool to remove a<br />
user from the list of authorized C•CURE users. Doing this denies the user<br />
access to the C•CURE 800/8000 applications, but still permits him or her<br />
access to the computer <strong>and</strong> other applications.<br />
4–12 <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
User Account Management<br />
Unless the user’s Windows group permissions are changed, the user still<br />
has access to CCURE data files, which could lead to a potential security<br />
risk.<br />
2. Remove the user account from the Windows operating systems user<br />
group. A Windows administrator should then remove the user’s account<br />
from the operating system.<br />
If you need to reinstate users you must add them back to the system as<br />
documented in Chapter 2, “Creating Users <strong>and</strong> User Groups in a Domain”.<br />
To Remove the User from a Windows 2003 or XP System<br />
1. Click Start <strong>and</strong> select Settings>Control Panel. The Control Panel opens.<br />
2. Double-click Administrative Tools. The Administrative Tools dialog box<br />
opens.<br />
3. Double-click Computer Management. The Computer Management<br />
dialog box appears, as shown in Figure 4-9 on page 4-13.<br />
4. Select Local Users <strong>and</strong> Groups>Users.<br />
Figure 4-9: Windows Computer Management Dialog Box<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–13
User Account Management<br />
5. Right-click the username you want to delete <strong>and</strong> select Delete from the<br />
shortcut menu.<br />
The following confirmation dialog box opens.<br />
Figure 4-10: Local Users <strong>and</strong> Groups Confirmation Message<br />
6. Click Yes to confirm the deletion. The user’s account is completely<br />
removed, preventing him or her from logging onto the computer.<br />
Disabling <strong>and</strong> Enabling an Account<br />
You can temporarily disable a user account using the Computer Management<br />
dialog box.<br />
To Disable or Enable an Account in a Windows 2003 or XP System<br />
1. Open the Computer Management dialog box, as shown in Figure 4-9 on<br />
page 4-13.<br />
2. Select Local Users <strong>and</strong> Groups>Users.<br />
3. Right-click on the user you want to disable or enable <strong>and</strong> select Properties<br />
from the shortcut menu. The Properties dialog box opens, as shown in<br />
Figure 4-11 on page 4-15.<br />
4–14 <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
User Account Management<br />
Figure 4-11: Properties Dialog Box<br />
4. To:<br />
• Disable an account - select the Account is disabled option.<br />
• Enable an account- clear the Account is disabled option.<br />
5. Click Apply <strong>and</strong> then click OK.<br />
Modifying a <strong>Password</strong><br />
C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> uses the operating system for<br />
password management.<br />
Windows 2003 <strong>and</strong> XP allow passwords to be changed in two different ways:<br />
1. You can change your password yourself as follows:<br />
a. Press CTRL-ALT-DEL.<br />
b. On the Windows Security dialog box, select Change <strong>Password</strong>.<br />
A prompt asks you to enter your existing password, then the new<br />
password <strong>and</strong> a confirmation password before making the change.<br />
2. The system administrator can reset any user’s password from the<br />
Computer Management dialog box, as shown in the following procedure<br />
on page 4-16.<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–15
User Account Management<br />
To Change the <strong>Password</strong> in Windows 2003 or XP<br />
1. Open the Computer Management dialog box, as shown in Figure 4-9 on<br />
page 4-13.<br />
2. Select Local Users <strong>and</strong> Groups>Users.<br />
3. Right-click the username of the user whose password you want to reset<br />
<strong>and</strong> select Set <strong>Password</strong> from the shortcut menu.<br />
• A warning dialog box opens, as shown in Figure 4-12 on page 4-16.<br />
Figure 4-12: Set <strong>Password</strong> Warning<br />
– Click Proceed. The Set <strong>Password</strong> dialog box opens, as shown in<br />
Figure 4-13 on page 4-16.<br />
Figure 4-13: Set <strong>Password</strong> for Dialog Box<br />
4–16 <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
User Account Management<br />
4. Type the new password in the New <strong>Password</strong> box.<br />
5. Retype the new password in the Confirm <strong>Password</strong> box.<br />
6. Click OK.<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–17
User Account Management<br />
4–18 <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
5<br />
Uninstalling<br />
C•CURE <strong>Enhanced</strong><br />
<strong>Password</strong> <strong>Protection</strong><br />
This chapter describes <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> uninstallation<br />
procedures.<br />
In this chapter<br />
Uninstalling The Software .............................................................................................. 5-2<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–1
Uninstalling The Software<br />
Uninstalling The Software<br />
You can uninstall the C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> feature from<br />
your systems using the Windows Add/Remove Programs dialog box.<br />
To Uninstall <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong>s<br />
1. Log onto the computer with appropriate privileges. Refer to the C•CURE<br />
800/8000 <strong>Installation</strong> <strong>Guide</strong> for information on system privileges.<br />
2. Click Start <strong>and</strong> select Settings>Control Panel. The Control Panel opens.<br />
3. Double-click Add or Remove Programs. The Add or Remove Programs<br />
dialog box opens, similar to the one shown in Figure 5-1 on page 5-2.<br />
Figure 5-1: Add/Remove Programs Window<br />
4. Select C•CURE <strong>Password</strong> <strong>Protection</strong> <strong>and</strong> click Change\Remove. The<br />
Install Shield Wizard opens, followed by the Confirm Uninstall message<br />
box, shown in Figure 5-2 on page 5-3.<br />
5–2 <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Uninstalling The Software<br />
Figure 5-2: Confirm Uninstall Message<br />
5. Click OK, the program uninstalls <strong>and</strong> the following dialog box appears,<br />
as shown in Figure 5-3 on page 5-3.<br />
Figure 5-3: C•CURE <strong>Password</strong> <strong>Protection</strong> Uninstall Completed Dialog Box<br />
6. Select one of the following:<br />
• Yes, I want to restart my computer now to restart your computer.<br />
• No, I will restart my computer later to restart you computer at a later<br />
time.<br />
NOTE<br />
Software House recommends that you restart your computer once the<br />
uninstall completes.<br />
7. Click Finish<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–3
Uninstalling The Software<br />
5–4 <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Index<br />
C<br />
C•CURE <strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong><br />
installation<br />
DVD, using 3-2<br />
over network 3-3<br />
procedures 3-2 to 3-7<br />
pre-installation tasks 2-1<br />
C•CURE idle time-out<br />
setting 4-9<br />
Caution symbol ix<br />
CCEPPCPL.cpl 3-9<br />
CCURE account management in Windows 2003/<br />
XP<br />
deleting an account 4-13<br />
disabling an account 4-14<br />
enabling an account 4-14<br />
modifying a password 4-15<br />
overview 4-12<br />
CCURE EPP Settings.See C•CURE Idle Time-out<br />
CCURE user account<br />
adding to CCURE group on domain<br />
controller 2-11<br />
creating on domain controller 2-8<br />
overview 2-8<br />
CCURE User group<br />
creating on domain controller 2-3<br />
CCUREXPGina.dll 3-9<br />
Conventions used in this manual ix<br />
Conventions, documentation ix<br />
D<br />
Danger symbol ix<br />
Deleting<br />
CCURE user account from Windows 2003/<br />
XP 4-13<br />
Directory privileges<br />
overview 4-2<br />
setting<br />
in Windows 2003/XP 4-2<br />
Disabling<br />
CCURE user account in Windows 2003/<br />
2000/XP 4-14<br />
Documentation, conventions ix<br />
Domains<br />
password protection in<br />
creating user accounts 2-8<br />
creating user groups 2-3<br />
introduction 2-2<br />
E<br />
Enabling<br />
CCURE user account in Windows 2003/XP<br />
4-14<br />
Exclusions<br />
setting 4-9<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
Index–1
Index<br />
F<br />
File privileges<br />
overview 4-2<br />
setting<br />
in Windows 2003/XP 4-2<br />
Finding more information vii<br />
H<br />
Help viii<br />
How to use this manual vi<br />
I<br />
Information, finding more vii<br />
Installing password protection software<br />
DVD, using 3-2<br />
over the network 3-3<br />
procedures 3-2 to 3-7<br />
M<br />
Manager user account<br />
adding to CCURE group on domain<br />
controller 2-11<br />
overview 2-8<br />
Manager user account creating<br />
on domain controller 2-8<br />
Manual, how to use vi<br />
Modifying password on Windows 2003/XP 4-16<br />
N<br />
Native.exe 3-9<br />
Note symbol ix<br />
Novell<br />
Dynamic Local User 3-8<br />
Net services software 3-8<br />
NetWare 5.1 3-8<br />
To setup Novell for use with C•CURE 800/<br />
8000 Client 3-8<br />
ZENWorks 3-8<br />
Novell Setup for C•CURE 800/8000 Client 3-8<br />
P<br />
<strong>Password</strong><br />
modifying on Windows 2003/XP 4-16<br />
rules 4-7<br />
traditional authentication for C•CURE 800<br />
1-3<br />
<strong>Password</strong> <strong>Protection</strong><br />
features 1-3<br />
installing<br />
over the network 3-3<br />
procedures 3-2 to 3-7<br />
using the DVD 3-2<br />
introduction 1-2<br />
overview 1-3<br />
post-installation tasks 4-1<br />
pre-installation tasks 2-1<br />
uninstalling 5-2<br />
Post-installation tasks<br />
C•CURE idle time-out<br />
exclusions 4-9<br />
setting 4-9<br />
introduction 4-1<br />
managing password policy 4-7<br />
locally 4-8<br />
managing user accounts 4-12<br />
deleting an account 4-12<br />
disabling 4-14<br />
Index–2<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Index<br />
enabling 4-14<br />
modifying a password 4-15<br />
overview 4-12<br />
setting file/directory privileges 4-2<br />
in Windows 2003/XP 4-2<br />
R<br />
Rules/policies, for passwords 4-7<br />
S<br />
Setting file <strong>and</strong> directory privileges<br />
in Windows 2003/XP 4-2<br />
T<br />
Time-out<br />
setting 4-9<br />
Tip symbol ix<br />
U<br />
Uninstalling password protection 5-2<br />
User account<br />
adding to CCURE group on domain<br />
controller 2-11<br />
creating on domain controller 2-8<br />
overview 2-8<br />
User group<br />
creating on domain controller 2-3<br />
W<br />
Warning symbol ix<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
Index–3
Index<br />
Index–4<br />
<strong>Enhanced</strong> <strong>Password</strong> <strong>Protection</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>