LanLock Software Metering System Version 1.3 Page - 1 Copyright (c) 1992, 1993, 1994, 1995 by Secure Design Other brand and product names are trademarks or registered trademarks of their respective holders. U.S. Government Restricted Rights: Use, duplication or disclosure by the Government is subject to restrictions set fourth in subparagraph (a) through (d) of the Commercial Computer Restricted Rights clause at FAR 52.227-19 when applicable, or subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-1013, and in similar clauses in the NASA FAR Supplement. License Agreement: Each copy of this product is provided with a serial number. One serial number is required for each LanLock Zone. One serial number may not be used on more than one Zone. This serial number may not be exchanged, sold, or otherwise distributed. An evaluation copy of this software is freely provided on a trial basis for a 60 (sixty) day period. This is intended to allow 30 days to decide on the purchase of this software, and 30 days to purchase a copy. After 60 days, should you decide not to purchase this software, you must remove all copies from your system. By using this software you are agreeing to these terms. Warranty: This software is sold on an as-is basis. Secure Design specifically disclaims all warranties, expressed or implied. In no event shall Secure Design be liable for any loss of profit or any other damage including but not limited to special, incidental, consequential or other damages including damages to a third party. By using this software you are agreeing to these terms. If these terms are not agreeable, do not use this software. Secure Design shall also not be liable for any loss involving software licensing lawsuits. This software is intended to assist in keeping computer networks bound to the licensing agreements however, LanLock is not a shield against lawsuits. You are responsible for the software use within your computer network. This is merely a tool to assist you in this endeavor. Like any other security system, protection can be bypassed by an unscrupulous person if enough time an effort is spent. LanLock is provided as-is, and Secure Design shall not be responsible for any damages arising from it's use or misuse. Page - 2 Table Of Contents Overview 4 Quick install 5 System requirements 6 What is a "zone" 7 The llsetup utility 9 Software record options 12 Application installation 13 Dos doppelganger 14 Windows doppelganger 15 Batch files and menus 16 The lanlock.exe utility 17 The llboot utility 19 The LanLock server 20 The time server 22 The llgraph utility 23 Troubleshooting 25 The LanLock Server Debugger 27 The LanLock.exe Debugger 29 Developer's section 30 Time Server Services Log file format Licensing information 32 Software Licensing Where to get LanLock Page - 3 Overview LanLock is a software security system designed to assist in enforcing licensing agreements for local and wide area Novell networks. With LanLock you may limit the number of copies of your software that may run at the same time. LanLock can keep a log file for statistical or billing purposes and can also assist in preventing software pirating. LanLock has two main parts: The llserver and the lanlock.exe utility. The llserver controls a list of software and networks (Zones) and the lanlock.exe is the client end program that requests the llserver for available copies of software. There are several setup and support programs that are included in this package. Llsetup is the main program for administering the information for each zone. This includes the list of software, approved networks, and other miscellaneous functions of the llserver. The llsetup utility may also be used for administering your LanLock server remotely. With it you can create new application records or modify the existing software limits. You may also add features such as a Message Of The Day (MOTD) or change the approved networks that software may run from. The llins program is used to install LanLock on the application that are to be monitored. This modifies the application so that the lanlock.exe program will be executed before and after the software is run. When the application is run, lanlock.exe calls the LanLock zones and asks for permission to run. If granted, the application will run as it normally would. If denied, the application will not run, and an error message describing the reason for refusal will be shown in its place. The final part of this package is used to analyze your network statistics generated by the LanLock server. The llgraph utility can process usage data from the LanLock zones and present the data as graphs or spreadsheets. Page - 4 Quick install This section gives the basic steps to install the LanLock software on your server. For each step, you should refer to other sections in this document that give more detailed information. 1) Copy the following files into the SYS:PUBLIC directory on your server(s). LLSETUP.EXE LLINS.EXE LLDOS.EXE LANLOCK.EXE LLGRAPH.EXE SYNCTIME.EXE LLBOOT.EXE LLWIN.EXE LLCALL.DLL LLXBOOT.EXE 2) For the LanLock server, you will need a dedicated computer with IPX and NETX (or net3, net4, etc.) loaded. Create a sub directory on a hard disk titled "LANLOCK" and copy the following files into this directory. (For floppy boot machines, copy the files to a boot disk) LLSERVER.EXE LLSETUP.EXE 3) Run the llsetup utility. Select "Create Zone File." Next select "Modify Zone File" and run the following options: * "Change Zone Name" to give your zone a name. * "Change Network Addresses" to add your network address. (press to add) * "Enter Password" to secure your zone. * "Log Files" to select data collection method. * "Print Zone Summary" to have a printed record of the zone. 4) Run the llserver program. You should create an autoexec.bat that runs castoff and llserver for automatic loading on bootup. 5) You should make a backup of each application before you install LanLock. Using another workstation, login to your file server with sufficient rights to modify applications. Run the llins utility and select "Install DOS Doppelganger" Select the application you wish to install first, and press enter. Print the "Log File" when done. 6) Run the llsetup utility again, and select "Remote Administration." Choose your zone and press enter. Select the software record option, and press to add a software record. Fill in the record to reflect the application that was just installed. (Refer to the section on Software Record Options in this document) Page - 5 7) Repeat steps 5 and 6 for each application. For alternate installation methods, see sections on application installation, and the lanlock.exe utility. System requirements The following is a list of system requirements that you will need to run LanLock. * Novell network. (v2.1 or better) * Dedicated IBM compatible computer. (see note 1) * Network card. * Hard disk. (see note 2) * DOS 3.3 or better. * IPX, NETX. (or net3, net4, etc.) Note 1: One dedicated computer can be used to control up to 5 separate and independent LanLock zones. Note 2: A hard disk is required for the large data files that are generated by keeping a log file. If you do not intend to keep a log file, the hard disk is optional. Recommended for improved performance... * DOS5. * Smartdrive. (a dos5 driver) * Use as few TSRs as possible. * The more free memory under 640k, the better. * Run with the screen saver on. LanLock was designed to run on a low end XT computer and a monochrome monitor. You will receive better performance from a faster machine. You should use an AT computer if you are running more than 3 zones on one computer. Page - 6 What is a "zone" A zone is simply a list of software applications and a list of networks. You may create zones at your discretion, and you may have many zones covering your network. When a workstation requests a copy of an application, it begins by calling the first zone it can find. It then proceeds to call them one by one until one gives it permission to run. (Only if the workstation is in an approved network, and there are copies available.) The application may be located anywhere, as long as the workstation address matches that of one listed for the zone. Below is an example of several zones. Zone File: ZONE_01.CFG ZONE_02.CFG ZONE_03.CFG Zone Name: BUSINESS_ZONE CS_LAB_ZONE CS_ZONE Networks: 0000361A 000010AA 000055BB 000010AA Software: WP51.EXE (5) WP51.EXE (2) SURF.EXE (10) (copies) WORD.EXE (3) WORKS.EXE (4) TED.EXE (6) TED.EXE (6) With the above configuration, 5 copies of WP51.EXE could be run on any 5 machines on the network [0000361A] but only 2 copies could run in the network [000010AA]. The other 2 networks can not run any copies. Remember, since the application is encrypted, it does not matter where the software is located. WP.EXE could be located on any of the file servers or on the hard disk but the above rules would still apply. Page - 7 Where the zone covers 2 networks, (CS_ZONE), machines may run software from either of the two networks on the zone's list. For example, SURF.EXE could be run on any machine on the networks [000010AA] and [000055BB] as long as the total number in use does not exceed 10. A conflict may occur when zones overlap, and there is an identical software application listed in both zones. For example, a workstation in network [000010AA] may request a copy of TED.EXE. A copy may be granted to him from either the CS_ZONE, or the CS_LAB_ZONE. When copies start running out, the requesting workstation will ask every zone if there is a copy available. 7 workstations may have TED.EXE running on network [000010AA] however, 6 of these may be checked out from the CS_ZONE. If this is the case, no more copies may be run from the network [000055BB]. When a workstation requests a copy of software, it takes a copy from the first available zone. Page - 8 The llsetup utility The first step in installing LanLock is to set up a LanLock server. You will need a dedicated IBM compatible computer that is attached to the network. One with a hard disk will allow space to keep a log file of software usage. This program has been designed to run on a low end XT class computer however, you will get improved performance on a faster machine. When setting up a LanLock server, create a subdirectory on the hard disk for the LanLock program. Copy the following files into this subdirectory. LLSERVER.EXE LLSETUP.EXE Next, change into this directory, and run llsetup. You will now see a list of options. First select the option Create A Zone File. This will automatically create a file called "ZONE_01.CFG" in the current directory. You may create up to 5 zone files for a single LanLock server. Select Modify A Zone File from the menu. You will be presented with the following list of options: Change Zone Name Change Network Addresses Log Files Message Of The Day Modify Software List Print Zone Summary Select a Password Enter Serial Number Screen Saver (ZONE_01.CFG only) Time_Server (ZONE_01.CFG only) You will need to select each option at least once when you have created a zone file. If you are changing an existing zone file, you need only select the options that you wish to change. The options are listed below with a description of their functions. Change Zone Name: This option allows you to name your zone. The name you choose may be any set of capitol letters and symbols excluding '*' or any other non standard DOS characters, and up to 12 characters long. You must name each zone with a unique name. Page - 9 Change Network Addresses: This will provide you with a list of networks that this zone is approved to run software for. You may add networks by pressing or remove by pressing . If you press enter, you may change an existing network number. (when adding networks, you must apply the leading zeros. If you do not, they will be applied for you) If you need to see what network a workstation is logged in from, you can type "userlist /a" from the DOS prompt to show the network and node each user is logged in from. (This may also be edited remotely) If you enter [00000000] for a network address, anyone attached to any network on your system will be allowed to use the software listed in this zone file. (Events are not recorded for workstations that are admitted by the 00000000 network wild card, but software usage is.) Log Files: Log Files store the information about the activity of software usage. This option provides you with three choices. You may choose to keep no log file, a basic log file or an extensive log file. The basic log file keeps record of only the amount of time each piece of software is used. The extensive log file also keeps track of where, when, how long each software application was used, and who used it. (See the section on the log file format for details) Unless you are billing for software usage, You should use the basic log file option. The extensive log file uses much more disk space. Message Of The Day: This will provide a message to appear in a pop-up dialog on each workstation startup. (with lanlock -s) You may edit this message with the standard arrow keys, del and backspace. - Y will delete the current line, and -X will delete the entire message. You may end editing by pressing . If there is no message, no pop-up message will appear at the workstation on startup. The message may have a maximum length of 465 characters. (This may also be edited remotely) Modify Software List: This will give a list of software that this zone is approved to run. The software must be listed by the program's DOS name. If you have two applications with the same name, you will have to rename one. To add an application to the list, press . To remove one, press . if you wish to edit an application that already exists, select it, and press . You will be presented with a window that lists the software record options. Enter information into the fields where appropriate. For more information on these fields, see the section titled "Software record Options." Page - 10 Print Zone Summary: This will print (draft text to LPT1) a list of software and networks for a zone file. This print out also includes the zone's configuration options. This is useful for keeping track of what software you are running in each zone. Select a Password: A password is used to protect the zone file from undesired remote administration. When running the LLSetup program from the dedicated LanLock server machine, you can select any password you wish. If you are worried that someone else may change this password, you should remove the keyboard lockout key from the computer. This is a rather effective security method for preventing unwanted tampering. Remember what the password is: you will need it for remote administration. The password may be up to 12 characters. The default password is "0". Enter Serial Number: Purchased copies of LanLock are supplied with a serial number for each zone. Use this option to add the serial number to the zone. Note: each zone must have a unique serial number. Screen Saver (ZONE_01.CFG only) This option allows you to activate the screen saver on the llserver. When selected, the screen saver will become active after 2 minutes when no keys are pressed. Pressing any key on the lanlock server will restore the screen. This option is only available in the first zone.cfg file. Time Server (ZONE_01.CFG only): Select this option if you wish your lanlock server to act as a time server. Refer to the section of this document that covers the time server for details. This option is only available in the first zone.cfg file. Page - 11 Software record options These are the options shown when editing a specific software record. You will see the following dialog in both Modify Zone File, and Remote Administration. Software Record Executable Name : SURF.EXE Real Software Name : Surfing Software Maximum Limit : 2 (Max 9999) Enforce Limit : YES (Read Disclaimer) User Message You are using 1 of 2 copies of Surf.~Please use sparingly! The Executable Name is the DOS name for the application. If you are adding an application called surf.exe, you would enter SURF.EXE on this line. The Real Software Name is used to hold the applications title. For this you could enter "Surfing Software." (This name will be recorded in the log file) Under Maximum Limit, you enter the total number of copies that you wish to allow to run in this zone. This can be anywhere from 0 to 9999. (If you wish an application to have unlimited access, set the maximum limit to 9999.) Enforce Limit allows you the option to check your system. If you set this to "NO," an unlimited number of this application will be allowed to run. This is not intended to be used on a regular basis. It totally defeats the purpose of using this metering software if you turn off the limit control. (You take full responsibility for the use or misuse of this option. See the Warranty for detail on the liabilities for this software) The User Message allows you to present a short message when the specific application is started. A good use of this could be "You are using 1 of 2 copies of Surf.~Please use sparingly!" Note the ~ symbol may be used to start a new line in the dialog box that appears on the user screen. If there are no characters in the User Message field, no dialog will appear before running the application (unless an error occurred, or there are no more copies.) Page - 12 Application installation The llins.exe program is used to install applications with a "Doppelganger" to allow LanLock to monitor its usage. A Doppelganger is a small executable program with the same name as the application to be protected. It first runs the lanlock.exe program, and if successful runs the real application that has been renamed. Before applications can be installed, you must be sure to make a backup. Instillation of the doppelganger is not easy to reverse. The flow chart to the left shows the basic operations of the doppelganger. If you do not wish to modify the original application, you can use a batch file or a menu system to achieve the same effect. For more information see the section on the lanlock.exe program. The Windows version of the doppelganger works in a similar fashion, however the llcall.dll is called instead of the lanlock.exe program. To install applications, run the LLINS.EXE program. You will see a menu that contains the following options: Install a DOS doppelganger Install a Windows doppelganger Print Log File Quit Print Log File will print a list of applications that have been installed. This information is kept in INSTALL.LOG in the same directory as the llins.exe program. You must have read and write access to this file. Choose the appropriate install method for your application. If you are running a DOS application under a windows shell, you must use the DOS install method. Each of the two methods are described on the following pages. Page - 13 Dos doppelganger An example: If you install surf.exe with a doppelganger, surf.exe will be renamed to "LL039482.EXE" and hidden. a copy of lldos.exe will be placed in the directory and renamed to surf.exe Finally, the new name and location of the LL039482.EXE file will be encrypted into the new surf.exe program. The number '039482' is a random number and will be different for every application that you install. If you select the installation method that places the original program in the \L_A2013 sub directory, you provide an added deterrent against copying. Many files with LL...EXE will be hard to sift through when copying software. If you use the \L_A2013 installation option, be sure to grant appropriate rights to users who will be using software in this directory. You may also wish to hide the directory with a Novell utility such as filer. Doppelganger install methods. >Keep in same directory but rename original program. Place original in "\L_A2031" sub directory. Keep in same directory but rename Doppelganger. Cancel The first selection is the preferred method, and works on most applications. This will rename the original, so if your file opens it self by name, this install method will not work. The second install method works like the first however the original application is moved to another directory to increase copy protection. Some applications need to be in the same directory as their support files, and these will not work with this method. The third method will work with almost any application. It provides the least amount of security however. You should try installing an application with each of these methods to get an idea of how the install method works. Never install an application without making a backup first. Page - 14 Windows doppelganger The Windows doppelganger is slightly different form the DOS version. The basic operation is the same. The Installation will rename the original application, and place a small executable file in its place. The doppelganger will call the LLCALL.DLL for the IPX communication routines. The installation procedure for the windows doppelganger is the same as the DOS doppelganger. The LLCALL.DLL uses the following drivers. These are available from Novell's FTP site in a file WINUP7.ZIP. NETWARE.DRV NWIPXSPX.DLL NWNETAPI.DLL NETAPI.DLL If any of these drivers are not present, LanLock will ask for them. The program's Icons are usually stored in it's .EXE file. If you want these icons to show up under the program manager, you will need to use a resource editor to copy the icons into the new doppelganger from the old .EXE file. You can also place them in a .ICO file. There are several utilities that will do this for you, and are available from FTP sites. Several programming tools (such as Borland's products) also include a resource editor which can be used to copy icons to a .ICO file. After the application is installed, you will need to tell the application manager the location of the new icon. Page - 15 Batch files and menus The lanlock.exe program can also be run from within a batch file. (See the section on the lanlock.exe utility for details on the parameters) The following are examples of batch files and menu options that use lanlock. Sample Batch File: WP51.BAT @echo off lanlock -b wp.exe if errorlevel 1 goto END f:\apps\wp\wp.exe lanlock -e wp.exe :END When lanlock.exe is called with the -b option, it calls the LanLock server to request a copy of wp.exe. If one is available, lanlock.exe exits with an errorlevel of 0. The program is run, and then lanlock.exe is called again to end it's copy of wp.exe. If LanLock does not find any copies free, it will exit with an errorlevel of 1. This will cause the batch file to jump to the :END flag. This technique can also be used in menu files. Each menu will be different, so you will have to do some adjusting for your specific menu program. The following is an example of a Saber Menu script that calls LanLock. The same events happen in this menu script as in the batch file above. Sample Saber Menu Script : ITEM Word Perfect 5.1 {CHDIR BATCH} EXEC cls EXEC lanlock -b wp.exe EXEC if errorlevel 1 goto END EXEC f:\apps\wp\wp.exe EXEC lanlock -e wp.exe EXEC :END You can also have lanlock record events from batch files or menus. Simply add a line to your file with the following information: lanlock -r my-event This will make the LanLock server record an event. These can be counted and totaled by the llgraph utility. For example, if you have an option on your menu to copy virus protection software to a users disk, you could count the number of times you distributed the software. Page - 16 The lanlock.exe utility The lanlock.EXE program is the program that controls all of the workstation activity. This program must be in the user's search path. A good place to put this program in the SYS:\PUBLIC directory on the server or on the hard disk in a utility or DOS directory. You may also set a DOS environment variable with the following command in your autoexec.bat. (You would substitute your zone name in place of "BUSINESS_ZONE") SET LLHINT=BUSINESS_ZONE This will to assist lanlock.exe in finding it's main zone. This will improve the speed of lanlock when starting and stopping software. The lanlock.exe program will call this zone first, and if necessary, it will call the other zones in order afterward. You may run lanlock.exe from batch files if you wish to include functions into your menu system. The syntax of the command is lanlock -[option] [event]. (You may use a "/" in place of the "-") A full list of command line options are given below: -B Begin using a specific piece of software. (lanlock -b surf.exe) If a copy is available, the lanlock.exe program will exit with an DOS errorlevel of 0. If all copies are in use, or you are not in an approved network, lanlock.exe will return a DOS errorlevel of 1. If the command line parameters are incorrect, lanlock.exe will return a DOS errorlevel of 2. LanLock.exe begins by calling the first available zone, and asks to check out a copy. If none are available, or the requesting workstation is not in an approved network, LanLock.exe will call the next zone available until all zones are called. Only then will LanLock.exe return a DOS errorlevel 1. If the environment variable LLHINT is set, the requesting workstation will call that zone first before calling other zones. -E End usage of software. (lanlock -e surf.exe) -R Record an event. (lanlock -r YourEvent) If you have an option in your menu system that you wish to count, add this option. You could, for example, count the number of times the "Copy Virus Protection" option has been used. This records only a date and time, and not a duration time. This will not record an event in a zone that was found with the wild card net address. [00000000] Page - 17 -Q Query a piece of software. (lanlock -q surf.exe) This will show how many copies of the program Surf.exe are available to the requesting workstation. If more than one zone serves this software to the requesting workstation's network, a status window for each zone will be shown. -A This option will show a list of all available zones, serial numbers, and their network addresses (lanlock -a) -W List all software that the requesting workstation is using. (lanlock -w) This will query each zone to see if the workstation has any software checked out. Each zone will display its own status window. Each window will only show the first 8 software records. If no software is checked out, a dialog will state so. -L List all of the software available for usage. You may also specify a zone name with this command. (lanlock -l business_zone) Output can be redirected to a file. For more than one screen you can pipe the output through the DOS more.com. (lanlock -l | more) Shows software name, program name, number of copies in use and the number of copies available. -U List all users who currently have a given software item in use. You may also specify a zone name if you wish. (lanlock -u wp.exe business_zone) Output can be redirected to a file. For more than one screen you can pipe the output through the DOS more.com program (lanlock -u | more) Shows a list of users, their primary server, and the length of time they have been using the software. -? Show a short help screen with the above information (lanlock -?) Page - 18 The llboot utility The llboot program causes a start up event when run from the workstation. This records a 'BOOT' event, resets all software for the requesting machine, and returns a Message Of The Day (MOTD) if one exists. If the requesting machine is in several zones, all MOTDs will be shown. If the environment variable LLHINT is set to an existing zone, only that zone's MOTD will be shown. We recommend that you add llboot.exe to the boot disk, and add the command llboot to your autoexec.bat file just after loading NETX.COM to keep LanLock functioning properly. This option tells the LanLock server that you are starting up the machine. If you have any software checked out, you are no longer using it, and show a message of the day if one exists. This lets the system recover from crashed machines, or from . Llboot will only run from the autoexec.bat or the original root command.com shell. This is a safety measure to ensure that this option is only used at startup. You may also run llboot with the -m option to show what is currently in memory. This display is very similar to that of the popular utility mmap.exe. This option will show you if you are in a DOS shell from another program or if you are in the original shell. A program, llxboot.exe has also been added to LanLock. This program works the same way llboot does however it skips the memory check. Some TSR programs will fool the llboot program into thinking a second copy of command.com is loaded. Llxboot will not be affected by this problem. Page - 19 The LanLock server The LanLock server will advertise all of its' zones to the network. Each zone will have a status window, and the LanLock server will also have its' own "log window" with a record of activity. Some of the status lines that you may see are listed below. Broadcast SAP A broadcast for each zone advertising it's services was sent to the network. StartWatchdog Query each machine that is checked out for a copy of any software. This sends the workstation shell a driver information request packet. If the workstation replies, LanLock assumes that everything is ok. Using this built in response allows LanLock to work without any TSRs. Ping A watchdog query was successful. NoAns A watchdog query was not answered. Rclm A software record was recovered from a workstation that is not responding. This occurs after two successive watchdog packets are not answered. If someone turns off their machine without properly logging out, this will allow LanLock to recover the copy of the software for other people to use. NotMyNet A request form a workstation was not within the list of addresses for this zone. The request was denied. There will be many of these messages for zones that allow only a few network addresses. NotMyBoot A boot event from a workstation was received but the workstation was not within the zone's list of approved networks. Time Request A machine has requested the time from this LanLock server. CheckOtherZones The LanLock server checked to see if any other zones are serving with the same name, or the same serial number. WriteTempFiles A temp file for the zone was saved for future recovery incase of inadvertent shutdown. Page - 20 SetTimeFromServer The LanLock server has requested the time from the Time Server. Resend The requesting workstation has requested that the last reply be resent. Bad Packet Sequence The LanLock server received a packet out of sequence and it was discarded. There are several keystrokes that will affect the LanLock server while it is running. These are as follows: F1 Show help message F2 Show memory usage. "Current Software Records" is the number of currently allocated record slots that are available. (this is independent of weather they are in use or not) The "Total Possible Records" refers to the number of software records that are not currently used. The total of these two is the number of applications that the llserver can track at once. S Turn on the screen saver now. (only if the screen saver is enabled) Q Shut down the LanLock server. Note: While either the F1 or F2 dialogs are on the screen, all other llserver functions are halted. It is strongly recommended that you make a back-up disk of all the LanLock server files. If your LanLock server is servicing several LANs across a large network, and a router stops functioning, some of the LANs may not be able to contact the LanLock server. Having a spare boot disk makes it easy to bring up a second LanLock server somewhere else on your network to service LANs while the router is being fixed. The LanLock server must be attached or logged in to at least one file server. The program may work from the C: drive however, so long as there is a F:LOGIN> directory or the machine is logged into a server. Page - 21 The time server The time server is an added feature that is an extra bonus. If your LanLock server is configured to advertise a TIME_SERVER, and there are no other time servers, it will advertise this clock service to the network. From the workstation, you can run the utility synctime.exe. This will first query the network for a time server, and if one is found, it will set the workstation clock to that of the time server. Next it will seek out any file servers that you are logged into, and if you have console operator rights, it will set the server time to match your workstation clock. You can add this to your login script if you are a supervisor to keep all of your file server clocks synchronized. You may also redirect the output of this program to nul (synctime >nul) to keep any text from displaying on the screen. If you only want to set the workstation clock and not the file server clock, you should use the utility systime.exe. This will update the workstation clock to the same time as your default file server. Once every 24 hours, the LanLock server will check for a time server, and set its clock accordingly. (only if the TimeServer is at an address other than itself) If your LanLock server is configured to be a time server, (using llsetup) and there is already a time server available, your LanLock server will not advertise this function, and the log window will display on startup "Time Server Inactive, Server Already Exists." Only 1 TimeServer is allowed. Developers Note: If you are interested in using this service for your own programs, see the "Developers Section" in this document for more information. Page - 22 The llgraph utility The llgraph utility can generate generic spread sheets or graphs from the data the LanLock server keeps in its' log files. The spread sheets are in a tab-delimited ASCII file format. You can import these files into most spread sheet applications for both Macintosh and IBM computers. First, collect the .DAT files from the LanLock server. You may wish to place these in a directory on a server or a hard disk before removing them from the LanLock server. You may append one data file to the end of another by using a word processor, or the command "copy /a file1.dat+file2.dat total.dat". This would append the second file to the first and write both to the total.dat file. Run the llgraph from the directory that the .DAT files are stored. When you run the llgraph utility, first select the Set Defaults choice on the menu. You will be presented with the following window. Start Date : 07/18/92 (Scope of data processing) End Date : 08/17/92 Date Divisions : Week (Length of individual records) Output : Hours (Resolution of spreadsheets) Using the Start and End date allows you to control the times for which the data is processed. Specifically, data is collected starting from the Start Date and up to (but not including) the day specified with End Date. Usage time that falls outside of these two dates is ignored. Date divisions specifies the number if divisions that will be made available in the final spread sheet. For example, if you chose "week" you would receive a weekly total for each week between the Start and End date. You can select (with the arrow keys) the following: All, Month, Week, Day, Hour, 1/2 Hour. Output specifies what units to use when displaying the spreadsheet information. You can select (with the arrow keys) the following: Hours, Minutes, Seconds. After you set the options, press to return to the main menu. You will be able to create a graph or spread sheet at this point. The following is a list of the spread sheet formats that are available. Application Use Over Time Applications Used By User Events Over Time Events Used By User Rejections Over Time Page - 23 These spread sheets can be saved to an ASCII tab delimited file, and imported into your favorite Macintosh or IBM spreadsheet or graphing program. The following is a list of graphs that are available. Application Use Over Time Events Over Time Rejections Over Time The graphs provided by the llgraph utility are not designed to be finished products, rather they are designed to give you a rough idea of what your data looks like. Most useful is the Rejections Over Time. This can show you if one of your software packages is in need of more copies. The output format for the graph is always in hours. Recode Data. Recode a record/event Delete a record/event Reduce to basic log file The recode data section will allow you to change some of the event name for your data file. If you have two applications that you would like to merge, you can use the recode one of the event names to be the same as the other event names. For example, you could recode WP51.EXE to WP.EXE and count it with the other versions of WP.EXE. Delete a record will remove a record from the .DAT file. Reduce to basic log file will strip the extensive log file information from the DAT file. If you run the Recode or Delete functions on a basic log file, you should also run the option to reduce after your changes are complete. This will make your file smaller and save space. (any information in the extended file set will be lost) Developers Note: If you are interested in using data files for your own programs, see the "Developers Section" in this document for more information on the file format. Page - 24 Troubleshooting Some possible error messages that you may receive are listed below with suggestions on what the possible problem may be. LanLock server not found Use LANLOCK -A to see a list of all the LanLock zones that are available. If no zones appear, there may be a network fault, or the LanLock server may not be functioning properly. Wrong "Message of the Day" for your computer SET LLHINT (see the LanLock utility section) The LLHINT environment variable controls which zone your computer uses for the message of the day. If the LLHINT variable is not set, all of the responding LanLock servers will show messages. More software runs than you have licenses for. You may have some LanLock zones that overlap. Type the following command from a workstation: LANLOCK -Q APPLICATION If any of the LanLock zones are over lapping, a dialog will appear for each of the two zones that tell you how many copies of the application are available. Error: "Can't Open Socket / Socket Table Full." Edit your SHELL.CFG file and add a line to increase the number of sockets that your workstation shell may have open at once. IPX SOCKETS=number Where "number" is the number of sockets available at once. The default is 20. The LanLock client programs require 2 sockets and the LanLock server may require up to 8. Page - 25 LanLock locks up when run LanLock uses the interrupt 7Ah. You may need to add a line with the INT7A command in your SHELL.CFG file. With the current version of the network drivers, this is the default. For more information, see the documentation that was provided with the workstation drivers, and review the topic on the SHELL.CFG file contents. NO_MGM_MEMORY message in Windows The NWIPXSPX.DLL requires several other drivers to be loaded when used under windows. For normal operation, Novell recommends the use of TBMI2.COM with windows in Standard mode (286 computers mostly) This TSR should be loaded before windows is run to provide task switching for the IPX process under windows. To see if the machine you are running windows on is running in Standard mode or Enhanced Mode, select the "Help" menu in the program manager, and select the "About Program Manager..." menu. Windows For Workgroups error: " No Zones could be found" LanLock uses the NWIPXSPX.DLL for communications in Windows. With Windows for Workgroups, the frame type specified in the Network shell (net.cfg) is not used by the dll. Rather, it is set in the "Network Setup " application, and the settings are stored in the /windows/protocol.ini file. Use the "Network Setup" application in the "network" group. A dialog will be shown with "network drivers" Double click the item "IPX/SPX Compatible transport with NetBIOS" A dialog with options including "Frame Type" will be shown. Set the frame type to ETHERNET_II or the frame type you are currently using, and click on the "Set" button. Now click on "Ok" to return to the first dialog. For further information, contact Secure Design for our information sheet "wfw_fyi.txt" for using LanLock with Windows for Workgroups. This file is available from our e-mail server and bbs as well. Page - 26 The LanLock Server Debugger If you are having problems with network errors, you may wish to run LanLock with the debug option. Both the LANLOCK.EXE and the LLSERVER.EXE may be run with a the command line argument "/debug" following the normal command line arguments. When the LanLock server is run with the /debug option, the lower half of the screen is used to display information about the current status of the LanLock server. This option should be used when the screen saver is turned off. If you are having problems, please feel free to contact us. The instructions for using the debug option are only the most basic. Free memory The number of bytes free. This should be greater than 100,000 (100k) when the LanLock server is first started. Tracking Records This is a count of the memory records that are allocated to track each concurrent software usage. This number is increased as more records are needed. Software Denials The total number of times that workstations were denied use of any software due to insufficient copies. Pkts Sent* The total number of IPX packets sent. Pkts Received* The total number of IPX packets received. Pkts Resent The total number of IPX packets that were resent at the request of a workstation. Pkts Rejected The total number of IPX packets that were received out of order and discarded. Invalid Requests The total number of IPX packets that were received and discarded because the request code was not valid. (this is not the same as requesting software that does not exist). Only server errors cause this number to be incremented. Resend History The number of packets that are stored for resending. If the workstation does not request a resend, the packet is discarded. * Note: Requests to and from the Time_Server are not recorded. Page - 27 ECBs ECB stands for Event Control Block. This is a memory record that is used to control incoming and outgoing IPX packets. The status symbols represent the following actions. . Waiting for request or ECB not in use. r Receive packet. s Sending Packet. x Request to resend was received. w Waiting for response. ? Unknown ECB status. b Bad packet sequence received. m Malformed packet was received. u Packet undelivered. f Hardware Failure c ECB canceled. These status symbols should only blink for a minute and should reside normally with the period symbol. If you are experiencing significant numbers of bad and malformed packets, you may have network problems. The Software Records fields show how many memory records are currently allocated to track software usage. Each zone has it's own list of software records, and the number of allocated records is increased as needed. If you are having further trouble with LanLock, feel free to contact us and we will be happy to assist you in any way we can. Note: Running the debugger on the LanLock server will cause a decrease in performance speed. It is recommended that you do not run the debugger on an XT style machine except when necessary. While using the debugger you should also disable the screen saver. Page - 28 The LanLock.exe Debugger The LANLOCK.EXE program may also be run with the "/debug" option after the normal command line arguments. This will run the program in a verbose mode. LanLock will write lines to the screen describing the actions it is about to take when calling its network procedures. This is useful when looking to see if LanLock is resending a lot of IPX packets and how long it takes to receive packets. Example: c:\>lanlock -b wp.exe /debug For Zone BUSINESS_ZONE Opening Socket Setup Listen Packet Setup Send Packet Waited to send 1 x2 MS Waited to recv 6 x20 MS Close Socket C:\> It is important to note the time in which it takes to receive a response from the LanLock server. In the example above, the LanLock server responded in 120 milliseconds. This response time will vary depending on network traffic and the speed of the machines. Page - 29 Developer's section This section is for those who are programmers and wish to interface with some of LanLock's functions. If you would like further information, feel free to call or send mail to us. We will try to assist you in any way we can. This section of the document contains information for some of LanLock's alternate functions. If you would like to build LanLock's core licensing and copy protection into your applications, a set of programming tools will be made available soon for you to include in your program. The information will be provided free, however source code will be subject to a modest fee. Again, please contact us for more information. Time Server Services: If you wish to create software that will use LanLock's time server, you will need the following information. The service will be advertised using SAP broadcasts. Each server will place a dynamic object in its bindery. To find the time server address, you can search any server bindery for an object of type 00h (type "unknown") with the object name of TIME_SERVER. If such an object is found, you will need to find the address of the machine that is advertising the service. Scan the object for a NET_ADDRESS property. Read the first value for the network address shown below. Each byte composes 2 digits of the address you might see in an SLIST. For example, if the network variables contain the numbers 40,162,55,251, the hex address seen in SLIST would be [28A237FB]. NET_ADDRESS property value: network : array[1..4] of byte (byte 1=high order digit) node : array[1..6] of byte socket : array[1..2] of byte Send an IPX packet to this address with the format shown below. For the request packet, set the function variable to 0. The packet will be returned to the socket address that the request originated from. A successful response will contain a 1 in the function variable. The data segment should be added to the end of the standard IPX packet header when transmitted. All of the variables are in the standard IBM lo-hi format. Page - 30 Packet data segment format: function : word (lo-hi) (0=request, 1=reply) reserved : array[0..8] char year : word (lo-hi) (0-99) month : word (lo-hi) (1-12) day : word (lo-hi) (1-31) hour : word (lo-hi) (0-23) minute : word (lo-hi) (0-59) second : word (lo-hi) (0-59) The year variable varies from 0 to 99. If this is less than 80, the year is 20xx, otherwise, the year is 19xx. For example, if the year variable is 62 then the year is 2062, if the variable is 96, the year is 1996. Log file format: All of the Log File data is stored in a tab delimited ASCII text file. The files are named "ZONE_01.DAT" with the appropriate number for the corresponding zone from which the data was generated. The log file has 2 basic formats. Each line contains the information for the records that are listed below: Basic Log File Extensive Log File Record Type Record Type Software/Event Name Software/Event Name Start Time Start Time Total Time Used Total Time Used User Name Server Name Network Address Node Address Record Types: R : recorded event U : usage time I : invalid logout Z : over limit rejection The Start Time Variable is the number of seconds past Jan 1 1980 that the event occurred. The Total Time Used variable is the total number of seconds for the duration of the event. Page - 31 Licensing information Software Licensing: Since all software companies have different licensing rules, you should be sure that you are following all of the software licensing rules that apply to you. Some companies ask that you purchase one copy for every machine that may use their software at any time, others say you must purchase copies that can be moved from machine to machine so long as no copy is used in more than one place at once. You must determine what restrictions apply to you. Most software packages today come with a software license, and phone numbers to contact if you have questions. Contact your software supplier for details on network licensing for specific software packages. For further information on software licensing rules, you can contact the Software Publishers Association (SPA) on their "Piracy Hotline" 1-800-388-PIR8. Where to get LanLock: If you would like information about LanLock or our other products, please contact us at the following address. Secure Design Internet: support@sdesign.com PO Box 475 sdesign@mcimail.com Corvallis, OR 97339 USA Phone: (503) 752-5988 Fax/bbs: (503) 752-5990 Demo products can also be obtained by Internet e-mail by sending a message to: auto-help@sdesign.com with a subject of "help." For complete ordering and address information, use the CATALOG.TXT file provided with this software. Page - 32