Objecty Security
Object Desktop's Object security provide two key features which are desired by most corporate users:
1) Password protection to prevent the altering of Desktops, including modifying, moving, rearranging and deleting Desktop objects. This features helps ensure that a standard Desktop can be maintained in a corporate environment.
2) Password protection to prevent unauthorized access to folders and their contents, as well as program objects. Desktop objects are protected from unauthorized access, tampering or accidental shredding.
Object security is a useful system administration tool. For example, if an IS manager wants to lock out users from an administration folder, the manager can open the folder's Security page in the Settings notebook, define a password, and then lock the folder. Users know that folder is protected because a small key icon appears on the object icon.
If a number of people share a workstation, individual program objects can be password-protected. This feature ensures that sensitive data and programs (such as human resources data) can be accessed by authorized users only.
Object security for OS/2 Warp is one of a new generation of object-oriented software products based on System Object Model (SOM) technology. Unlike traditional software applications which must be started in order to use them, Object security integrates seamlessly into OS/2 Warp's Workplace Shell user interface. You never have to start or stop it; it's always there and it's always working.
Introduction
Object security prevents locked objects from being opened or having their settings changed without entering the correct password. In addition, locked objects cannot be:
The common menu items associated with the Desktop and folder objects are removed from the context menu when the object is locked. Only the Settings and Unlock menu items are available. When the object is unlocked, all menu items are restored.
Object security is particularly important in places where many users share a computer, such as a classroom or laboratory. However, to prevent accidental deletion or modification of Desktop objects, every user will want to protect sensitive folders and programs on his or her workstation.
Folders that you might want to protect from unauthorized access or tampering include:
Program objects that you might want to protect from unauthorized access or tampering include:
Using the Security Settings Page
A new Security page has been added to the Settings notebook for every program object and folder object on your Desktop, including the Desktop Settings notebook.
Setting Passwords
To add password protection to a folder or program object, select the Settings notebook for the object and open the Security page. Define a password which will be required to unlock the object whenever the object is locked. All passwords are encrypted for maximum security.
To set a password:
1. Open the object's Security settings page.
2. In the New Password field, enter a password containing between 1 and 15 characters. The password can use upper or lower case characters. The password is not case sensitive. Special characters, including spaces, are accepted.
3. In the Verify Password field, enter the same password entered in New Password field, to verify the spelling.
4. Click the Set button. The verification password must match the first password or an error message is displayed.
Choosing Lock Options
After defining a password, you need to decide the conditions for locking an object, using the following settings on the object's Security settings page:
Allow open when locked.
Mark this checkbox to allow a locked folder object to be opened. However, the correct password will be required to delete, move, or copy the object, and to open its Settings notebook. If this checkbox is unmarked, users will be prompted to enter the password when they attempt to open the locked folder.
Automatically lock when closed.
Mark this checkbox to automatically lock a folder object when the folder is closed. To leave the folder unlocked when it is closed, unmark the checkbox.
Protect contents.
Mark this checkbox to protect all the objects stored on the Desktop or in a folder from being deleted, renamed, moved, copied, dragged, or from receiving dropped objects. In addition, the Open settings option will not be available for any non-folder type objects within the Desktop or folder. Unmark this checkbox to remove the protection and allow full access to the object.
Note: Shadow objects always reflect the protection status of the real object. Therefore, this option has no effect on shadowed objects on the Desktop or within a folder.
The buttons on the Security page:
Set. Click the Set button to set or change an object's password. The password must be entered in both the Password and Verification fields. If the passwords typed in both fields do not match, a message is displayed. You must re-enter the password in both fields and then click the Set button again.
When the passwords do match, a message indicating that the password has been accepted is displayed and the password is set for the object. Once set, this password must be used to unlock the object after it has been locked.
Undo. Removes password-protection for the object. A message states that the password has been removed. The Lock command no longer appears on the object's context menu.
Default. Restores the default settings.
Help. Displays on-line help for the options on the Security page.
Once a password has been set, the Lock command appears on the object's context menu. To lock the object, choose the Lock command. When an object is locked, the Lock command is replaced by the Unlock command.
When you select the Lock command, all open views are closed when the folder object is opened.
A key icon appears on the closed object icon, indicating it is locked. All menu commands are removed from the object, except Settings and Unlock. When either command is selected, or when a user double-clicks the object to open it, a dialog is displayed, requesting the password.
To unlock an object, either double-click the object or choose Unlock from the context menu. A dialog prompts you for the correct password. Enter the password, then click the Unlock button. If an incorrect password is entered, an access denied message is displayed.
The Desktop Settings notebook has a second Security page for selectively controlling special menu items that are displayed on the Desktop's menu when the Desktop is locked.
To display any of the following menu commands when the Desktop is locked, mark the checkbox beside the command:
Locking an Object
Unlocking an Object
Special Desktop Security Settings
Lockout at System Startup.
The Lockout function provides an alternative to the OS/2 system Lockup function. When the Lockout function is active, all Desktop objects are inaccessible. The Lockout function displays a dialog which cannot be exited until the correct Desktop password is entered.
To enable the Lockout function at startup, mark the checkbox.
A master password provides an additional level of control in the event that an object's password is lost or forgotten. Any locked object can be unlocked using the master password. The master password should be known only by support personnel or the group responsible for security in an organization.
The master password is set to MASTER after installation of Object Desktop. The master password can be changed on the Security Defaults page of the Master Setup object, or on page 3 of the Desktop Settings notebook's Security page, which is shown in the following figure.
Using the Master Password
To change the master password on page 3 of the Desktop Security page or on the Master Setup object's Security Defaults page :
1. Enter the current password in the Current Password field. The default password after installation is MASTER.
2. Enter a password in the New Password field.
3. Re-enter the password in the Verify Password field.
4. Click the Set button. A message is displayed, saying the password is accepted.
Master Password for Settings.
Mark this checkbox to require the master password for accessing the Settings notebook for the Desktop, folder or for any program object. The master password will be required whether or not the object is locked.
Enable Lock/Unlock Event Sounds.
Mark the checkbox to hear the sound of a lock opening or closing when an object is unlocked or locked. The default sound files are LOCK.AV and UNLOCK.AV, which are stored in the Object Desktop installation directory. You may replace these files with other sound files of your choice (just rename them to LOCK.AV and UNLOCK.AV). If you prefer not hearing any sound when locking or unlocking objects, unmark this checkbox.
Automating Security Setup
Object Security setup can be automated using Rexx command scripts. The master password is required to change an object's security settings.
The following example sets the OS/2 System folder password to NEWPASS, and selects the Automatically Lock When Closed and Protect Contents options.
/* Rexx Command script example */
Call RxFuncAdd 'SysLoadFuncs', 'REXXUTIL', 'SysLoadFuncs'
Call SysLoadFuncs
ObjectID = "<WP_OS2SYS>" /* Object ID for the OS/2 System folder */
password = "NEWPASS" /* Set new password */
master = "MASTER" /* Master password required to change settings */
SetupString = "AUTOLOCK=YES;PROTECT=YES;PASSWORD="password";MASTER="master
Result = SysSetObjectData(ObjectID, SetupString)
Exit Result
The following table shows the security setup string keynames common to the Desktop, Folder, and Program objects' Security page.
Special Archiving Considerations
When the automatic Desktop archival feature is enabled in OS/2 Warp, passwords for folders and objects are archived along with the rest of the OS/2 Desktop. Be aware that if the Desktop is restored from an archive, the passwords and the locked/unlocked status of the object at the time of the archive, are also restored.
If the Desktop or system is restored, you may need to use the master password to unlock objects if the password is no longer known.