However, at last, the fate has faced and users Windows 95/98/ME. Quite good enough utilities which are giving the chance in practice to provide safety of work, both on the local computer, and in case of access on a network have started to appear. One of the most interesting utilities can name appeared on the computer market more recently (in 2000) utility DeviceLock Me. The size of archive - 726 Kb, for work demands not less 8Мбайт operative memory. Without registration 30 days work.
This powerful tool of the control of access to disks in the systems working under control of Windows 95/98/ME. DeviceLock Me has all functionality of other widely known product of company SmartLine - DeviceLock, but in difference from it, it is intended for protection of the workstations working under Windows 95/98/ME. It is possible to supervise disk drives, hard disks, CD-RoMy and ZIPы, establishing various levels of access for separate users. The given utility allows to appoint access rights depending on time of days and day of week. DeviceLock Me has system of remote management, and the manager of a network can operate all functions, without leaving the workplace.
DeviceLock Me realises safety model at which the owner of object completely operates access to object. It means that to any user access to object can be forbidden or limited. The user who has forgotten the password, cannot get access to the resources any more. The system compares the registration information of the user with stored in a database, and in case of discrepancy of the information closes access.
I will list main principles of protection which it is necessary to adhere.
- The owner of the computer should have possibility to operate access to the computer (it is necessary not to forget about necessity of installation of full access for itself).
- Each user should identify itself in system. For this purpose it enters a unique name and the password, otherwise to it will be refused access. Differently, access to system by key pressing “Esc” instead of password input at registration will automatically lead to end of work of system.
- Copying of files and catalogues occurs to preservation of access rights (permissions).
By default in an initial configuration the utility establishes full access for all users. Namely, for all disks and for unique user Everyone (it means “all users of system”) the complete control is established. Differently, for user Everyone tags will allocate all possible rights. Thus, the variant "by default" does not provide any protection against unapproved access to the computer. At the same time, DeviceLock Me allows to establish high enough level of protection of the information, but demands for this purpose additional efforts on installation of a comprehensible configuration in a concrete case.
Attention! If at addition of users and differentiation of access for them you have forgotten to remove collective user Everyone with full access all your work has been spent practically in vain. Any user can enter into system, without having registered (on “Esc”) and will have full access.
For files and catalogues it is possible to define following access rights.
|
Access right |
The comment |
|
List Directory |
Resolves viewing of the list of files and folders and moving on folders |
|
Create Directory |
Resolves creation of a folder with the fixed name “New folder” |
|
Read |
Resolves reading of files |
|
Write |
Resolves change, record and copying of files, and also copying of folders |
|
Execute |
Resolves start of files; installation of the granted right in the absence of the right “Read” is impossible |
|
Rename |
Resolves renaming and moving of files and folders |
|
Delete |
Resolves removal of files and folders |
|
Format/Scan Disk |
Resolves formatting and disk scanning |
It is possible to allocate two directions of protection: local - for one computer and group - for several computers of a network.
Local protection (Set Permissions) provides restriction of access for users of the local computer. Basically, such variant of differentiation of access when you resolve full access only to the manager (the owner of the computer) is possible, for example, and for all other users access limit a little, forbidding them to carry out, for example, the most dangerous operations “Delete” and “Format/Scan Disk” (the example see).
Possibility of installation of group protection (Batch Permissions) essentially facilitates work of the manager. It provides functioning of system of remote management with which help the manager of a network can establish any rights for any users of a network on their local computers from the workplace.
Having started program DeviceLock Me on a server, the manager will see about such picture, as in a following drawing. Thus computers COMPUTER3 and COMPUTER4, marked with a dagger, will appear inaccessible, and for the others it will be possible to establish any restrictions. Those computers on which before it installation DeviceLock Me (i.e. the program should be installed on all computers of a network) has not been spent will be inaccessible.
It is natural that in the beginning you will need to create group of computers, and then to enter users, and to establish for each of them the variant of access. The quantity of users can be more numbers of computers, after all on each computer one person can work not.
For example, for гр. Бендера you choose the extremely limited variant of access, having given it possibility only movings under catalogues and start and reading of files on hard disks. Thus limit it in the time relation, forbidding that to work on Sundays (time intervals are established by a manipulation by the right-will lock and left-permission buttons of the mouse).
And for гр. Воробьянинова forbid only the most dangerous operations of removal and formatting on hard disks.
System DeviceLock Me lacks:
- In case of casual incorrect input of a name of the user or the password message Explorer “the Program stands out has executed an inadmissible error both will be closed” and there is a computer lag. As a result to have to press a combination of keys “Ctrl+Alt+Del” and to finish system work.
- Periodically there are similar situations of lag of the computer at session end by one user and registration of other user. Therefore it is more reliable to spend computer reboot.
- In case of an input in system of the concrete user for which restrictions on time are established, during forbidden time the same situation of lag of the computer is observed.
- After definition of access for new users of system there is a disappearance of almost all labels from a desktop for already existing before users. Besides, large badges in the main menu are automatically established, and the system forgets the list of last opening documents.
- In case of registration in system not the manager (the owner of the computer), and other user start of program DeviceLock Me and correction in it of the established rights is possible. Badly that the program at opening does not ask the password.
Let's draw a conclusion. In spite of the fact that program DeviceLock Me is not deprived lacks (which, possibly, will be corrected in its following version), it, undoubtedly, represents considerable interest from the point of view of differentiation of the rights of users in the systems working under control of Windows 95/98/ME. DeviceLock Me provides reliable enough protection against unapproved access of not too prepared users. Moreover, she guarantees a hit blank impossibility in system of not registered users.