     
     
     
     
     
     
     
     
                              LanLock
     
                      Software Metering System
     
                            Version 1.3
     
     
     
     
     
     
     
     
     
     
     


































     Page - 1
     
     Copyright  (c) 1992, 1993, 1994, 1995  by  Secure Design 
     
     Other brand and product names are trademarks or registered trademarks 
     of their respective holders.  
     
     U.S. Government Restricted Rights:  Use, duplication or disclosure by 
     the Government is subject to restrictions set fourth in subparagraph 
     (a) through (d) of the Commercial Computer Restricted Rights clause at 
     FAR 52.227-19 when applicable, or subparagraph (c) (1) (ii) of the 
     Rights in Technical Data and Computer Software clause at DFARS 
     252.227-1013, and in similar clauses in the NASA FAR Supplement.
     
     License Agreement:  Each copy of this product is provided with a 
     serial number.  One serial number is required for each LanLock Zone.  
     One serial number may not be used on more than one Zone.  This serial 
     number may not be exchanged, sold, or otherwise distributed.
     
     An evaluation copy of this software is freely provided on a trial 
     basis for a 60 (sixty) day period.  This is intended to allow 30 days 
     to decide on the purchase of this software, and 30 days to purchase a 
     copy.  After 60 days, should you decide not to purchase this software, 
     you must remove all copies from your system.  By using this software 
     you are agreeing to these terms.
     
     Warranty:  This  software  is sold on an as-is basis.  Secure Design 
     specifically disclaims all warranties, expressed or implied.  In no 
     event shall Secure Design be liable for any loss of profit or any 
     other damage including but not limited to special, incidental, 
     consequential or other damages including damages to a third party.  By 
     using this software you are agreeing to these terms.  If these terms 
     are not agreeable, do not use this software.
     
     Secure Design shall also not be liable for any loss involving software 
     licensing lawsuits.  This software is intended to assist in keeping 
     computer networks bound to the licensing agreements however, LanLock 
     is not a shield against lawsuits.  You are responsible for the 
     software use within your computer network.  This is merely a tool to 
     assist you in this endeavor.  Like any other security system, 
     protection can be bypassed by an unscrupulous person if enough time an 
     effort is spent.  LanLock is provided as-is, and Secure Design shall 
     not be responsible for any damages arising from it's use or misuse.
     















     Page - 2
     Table Of Contents
     
     Overview                              4
     Quick install                         5
     System requirements                   6
     What is a "zone"                      7
     The llsetup utility                   9
          Software record options         12
     Application installation             13
          Dos doppelganger                14
          Windows doppelganger            15
          Batch files and menus           16
          The lanlock.exe utility         17
     The llboot utility                   19
     The LanLock server                   20
     The time server                      22
     The llgraph utility                  23
     Troubleshooting                      25
          The LanLock Server Debugger     27
          The LanLock.exe Debugger        29
     Developer's section                  30
          Time Server Services
          Log file format
     Licensing information                32
          Software Licensing
          Where to get LanLock
     































     Page - 3
     Overview
     
     
     
     LanLock is a software security system designed to assist in enforcing 
     licensing agreements for local and wide area Novell networks.  With 
     LanLock you may limit the number of copies of your software that may 
     run at the same time.  LanLock can keep a log file for statistical or 
     billing purposes and can also assist in preventing software pirating.
     
     LanLock has two main parts:  The llserver and the lanlock.exe utility.  
     The llserver controls a list of software and networks (Zones) and the 
     lanlock.exe is the client end program that requests the llserver for 
     available copies of software.  
     
     There are several setup and support programs that are included in this 
     package.  Llsetup is the main program for administering the 
     information for each zone.  This includes the list of software, 
     approved networks, and other miscellaneous functions of the llserver.  
     The llsetup utility may also be used for administering your LanLock 
     server remotely.  With it you can create new application records or 
     modify the existing software limits.  You may also add features such 
     as a Message Of The Day (MOTD) or change the approved networks that 
     software may run from.    
     
     The llins program is used to install LanLock on the application that 
     are to be monitored.  This modifies the application so that the 
     lanlock.exe program will be executed before and after the software is 
     run.  When the application is run, lanlock.exe calls the LanLock zones 
     and asks for permission to run.  If granted, the application will run 
     as it normally would.  If denied, the application will not run, and an 
     error message describing the reason for refusal will be shown in its 
     place.
     
     The final part of this package is used to analyze your network 
     statistics generated by the LanLock server. The llgraph utility can 
     process usage data from the LanLock zones and present the data as 
     graphs or spreadsheets.
     



















     Page - 4
     Quick install
     
     This section gives the basic steps to install the LanLock software on 
     your server.  For each step, you should refer to other sections in 
     this document that give more detailed information.
     
     1)   Copy the following files into the SYS:PUBLIC directory on your 
          server(s).
     
          LLSETUP.EXE     LLINS.EXE     LLDOS.EXE
          LANLOCK.EXE     LLGRAPH.EXE   SYNCTIME.EXE
          LLBOOT.EXE      LLWIN.EXE     LLCALL.DLL
          LLXBOOT.EXE
     
     2)   For the LanLock server, you will need a dedicated computer with 
          IPX and NETX (or net3, net4, etc.) loaded.  Create a sub directory on 
          a hard disk titled "LANLOCK" and copy the following files into this 
          directory.  (For floppy boot machines, copy the files to a boot disk)
     
          LLSERVER.EXE     LLSETUP.EXE
     
     3)   Run the llsetup utility.  Select "Create Zone File."  Next select 
          "Modify Zone File" and run the following options:  
     
          * "Change Zone Name"  to give your zone a name.
          * "Change Network Addresses" to add your network address.
               (press <ins> to add)
          * "Enter Password" to secure your zone.
          * "Log Files" to select data collection method.
          * "Print Zone Summary" to have a printed record of the zone.
     
     4)   Run the llserver program.  You should create an autoexec.bat that 
          runs castoff and llserver for automatic loading on bootup.
     
     5)   You should make a backup of each application before you install 
          LanLock.  Using another workstation, login to your file server with 
          sufficient rights to modify applications.  Run the llins utility and 
          select "Install DOS Doppelganger"  Select the application you wish to 
          install first, and press enter.  Print the "Log File" when done.   
     
     6)   Run the llsetup utility again, and select "Remote 
          Administration." Choose your zone and press enter.  Select the 
          software record option, and press <ins> to add a software record.  
          Fill in the record to reflect the application that was just installed. 
          (Refer to the section on Software Record Options in this document)













     Page - 5
     7)   Repeat steps 5 and 6 for each application.  For alternate 
          installation methods, see sections on application installation, and 
          the lanlock.exe utility.
     
     
     
     System requirements
     
     The following is a list of system requirements that you will need to 
     run LanLock.
     
     
     *     Novell network.  (v2.1 or better)
     *     Dedicated IBM compatible computer. (see note 1)
     *     Network card.
     *     Hard disk. (see note 2)
     *     DOS 3.3 or better.
     *     IPX, NETX. (or net3, net4, etc.)
     
     Note 1:     One dedicated computer can be used to control up to 5 
     separate and independent LanLock zones.
     
     Note 2:     A hard disk is required for the large data files that are 
     generated by keeping a log file.  If you do not intend to keep a log 
     file, the hard disk is optional.  
     
     
     
     Recommended for improved performance...
     
     *     DOS5.
     *     Smartdrive. (a dos5 driver)
     *     Use as few TSRs as possible.
     *     The more free memory under 640k, the better.
     *     Run with the screen saver on.
     
     
     
     LanLock was designed to run on a low end XT computer and a monochrome 
     monitor.  You will receive better performance from a faster machine.  
     You should use an AT computer if you are running more than 3 zones on 
     one computer.  
















     Page - 6
     What is a "zone"
     
     
     A zone is simply a list of software applications and a list of 
     networks.  You may create zones at your discretion, and you may have 
     many zones covering your network.  When a workstation requests a copy 
     of an application, it begins by calling the first zone it can find.  
     It then proceeds to call them one by one until one gives it permission 
     to run. (Only if the workstation is in an approved network, and there 
     are copies available.)  The application may be located anywhere, as 
     long as the workstation address matches that of one listed for the 
     zone.  Below is an example of several zones.
     
     
     
     
     
     
     
     
                       <Picture not available in text version>
     
     
     
     
     
     
     
     
     
     
     Zone File:     ZONE_01.CFG       ZONE_02.CFG     ZONE_03.CFG
     Zone Name:     BUSINESS_ZONE     CS_LAB_ZONE     CS_ZONE
     Networks:      0000361A          000010AA        000055BB
                    000010AA
     Software:      WP51.EXE  (5)     WP51.EXE  (2)   SURF.EXE  (10)
     (copies)       WORD.EXE  (3)     WORKS.EXE (4)   TED.EXE   (6)
                    TED.EXE   (6)
     
     With the above configuration, 5 copies of WP51.EXE could be run on any 
     5 machines on the network [0000361A] but only 2 copies could run in 
     the network [000010AA].  The other 2 networks can not run any copies.  
     Remember, since the application is encrypted, it does not matter where 
     the software is located.  WP.EXE could be located on any of the file 
     servers or on the hard disk but the above rules would still apply.













     Page - 7
     Where the zone covers 2 networks, (CS_ZONE), machines may run software 
     from either of the two networks on the zone's list.  For example,  
     SURF.EXE could be run on any machine on the networks [000010AA] and 
     [000055BB] as long as the total number in use does not exceed 10. 
     
     A conflict may occur when zones overlap, and there is an identical 
     software application listed in both zones.  For example, a workstation 
     in network [000010AA] may request a copy of TED.EXE.  A copy may be 
     granted to him from either the CS_ZONE, or the CS_LAB_ZONE.  When 
     copies start running out, the requesting workstation will ask every 
     zone if there is a copy available.  7 workstations may have TED.EXE 
     running on network [000010AA] however, 6 of these may be checked out 
     from the CS_ZONE.  If this is the case, no more copies may be run from 
     the network [000055BB].  When a workstation requests a copy of 
     software, it takes a copy from the first available zone.











































     Page - 8
     The llsetup utility
     
     The first step in installing LanLock is to set up a LanLock server.  
     You will need a dedicated IBM compatible computer that is attached to 
     the network.  One with a hard disk will allow space to keep a log file 
     of software usage.  This program has been designed to run on a low end 
     XT class computer however, you will get improved performance on a 
     faster machine.  
     
     When setting up a LanLock server, create a subdirectory on the hard 
     disk for the LanLock program.  Copy the following files into this 
     subdirectory.
     
          LLSERVER.EXE     LLSETUP.EXE
     
     Next, change into this directory, and run llsetup.  You will now see a 
     list of options.  First select the option Create A Zone File.  This 
     will automatically create a file called "ZONE_01.CFG" in the current 
     directory.  You may create up to 5 zone files for a single LanLock 
     server.
     
     Select Modify A Zone File from the menu.  You will be presented with 
     the following list of options:
     
         Change Zone Name
         Change Network Addresses
         Log Files
         Message Of The Day
         Modify Software List
         Print Zone Summary
         Select a Password
         Enter Serial Number
         Screen Saver (ZONE_01.CFG only)
         Time_Server  (ZONE_01.CFG only)
     
     You will need to select each option at least once when you have 
     created a zone file.  If you are changing an existing zone file, you 
     need only select the options that you wish to change.  The options are 
     listed below with a description of their functions. 
     
     Change Zone Name:  This option allows you to name your zone.  The name 
     you choose may be any set of capitol letters and symbols excluding '*' 
     or any other non standard DOS characters,  and up to 12 characters 
     long.  You must name each zone with a unique name.
     
     












     Page - 9
     Change Network Addresses:  This will provide you with a list of 
     networks that this zone is approved to run software for.  You may add 
     networks by pressing <INS> or remove by pressing <DEL> .  If you press 
     enter, you may change an existing network number.  (when adding 
     networks, you must apply the leading zeros.  If you do not, they will 
     be applied for you) If you need to see what network a workstation is 
     logged in from, you can type "userlist  /a" from the DOS prompt to 
     show the network and node each user is logged in from.  (This may also 
     be edited remotely)  If you enter [00000000] for a network address, 
     anyone attached to any network on your system will be allowed to use 
     the software listed in this zone file.  (Events are not recorded for 
     workstations that are admitted by the 00000000 network wild card, but 
     software usage is.)
     
     Log Files:  Log Files store the information about the activity of 
     software usage.  This option provides you with three choices.  You may 
     choose to keep no log file, a basic log file or an extensive log file.  
     The basic log file keeps record of only the amount of time each piece 
     of software is used.  The extensive log file also keeps track of 
     where, when, how long each software application was used, and who used 
     it. (See the section on the log file format for details)  Unless you 
     are billing for software usage, You should use the basic log file 
     option.  The extensive log file uses much more disk space.
     
     Message Of The Day:  This will provide a message to appear in a pop-up 
     dialog on each workstation startup. (with lanlock -s)  You may edit 
     this message with the standard arrow keys, del and backspace.  <Ctrl>-
     Y will delete the current line, and <Ctrl>-X will delete the entire 
     message.  You may end editing by pressing <Esc>.  If there is no 
     message, no pop-up message will appear at the workstation on startup.  
     The message may have a maximum length of  465 characters. (This may 
     also be edited remotely)
     
     Modify Software List:  This will give a list of software that this 
     zone is approved to run.  The software must be listed by the program's 
     DOS name.  If you have two applications with the same name, you will 
     have to rename one.  To add an application to the list, press <Ins>.  
     To remove one, press <Del>.  if you wish to edit an application that 
     already exists, select it, and press <enter>.  
     
     You will be presented with a window that lists the software record 
     options.  Enter information into the fields where appropriate.  For 
     more information on these fields, see the section titled "Software 
     record Options."
     













     Page - 10
     Print Zone Summary:  This will print (draft text to LPT1) a list of 
     software and networks for a zone file.  This print out also includes 
     the zone's configuration options.  This is useful for keeping track of 
     what software you are running in each zone.
     
     Select a Password:  A password is used to protect the zone file from 
     undesired remote administration.  When running the LLSetup program 
     from the dedicated LanLock server machine, you can select any password 
     you wish.  If you are worried that someone else may change this 
     password, you should remove the keyboard lockout key from the 
     computer.  This is a rather effective security method for preventing 
     unwanted tampering.  Remember what the password is: you will need it 
     for remote administration.  The password may be up to 12 characters.  
     The default password is "0".
     
     Enter Serial Number:  Purchased copies of LanLock are supplied with a 
     serial number for each zone.  Use this option to add the serial number 
     to the zone.  Note:  each zone must have a unique serial number.
     
     Screen Saver (ZONE_01.CFG only)  This option allows you to activate 
     the screen saver on the llserver.  When selected, the screen saver 
     will become active after 2 minutes when no keys are pressed.   
     Pressing any key on the lanlock server will restore the screen.  This 
     option is only available in the first zone.cfg file. 
     
     Time Server (ZONE_01.CFG only):  Select this option if you wish your 
     lanlock server to act as a time server.  Refer to the section of this 
     document that covers the time server for details.   This option is 
     only available in the first zone.cfg file. 
     




























     Page - 11
     Software record options
     
     
     These are the options shown when editing a specific software record. 
     You will see the following dialog in both Modify Zone File, and Remote 
     Administration.
     
                             Software Record
     
       Executable Name     : SURF.EXE
       Real Software Name  : Surfing Software
       Maximum Limit       : 2                   (Max 9999)
       Enforce Limit       : YES                 (Read Disclaimer)
     
       User Message
       You are using 1 of 2 copies of Surf.~Please use sparingly!
     
     
     The Executable Name is the DOS name for the application.  If you are 
     adding an application called surf.exe, you would enter SURF.EXE on 
     this line.  
     
     The Real Software Name is used to hold the applications title.  For 
     this you could enter "Surfing Software."  (This name will be recorded 
     in the log file)
     
     Under Maximum Limit, you enter the total number of copies that you 
     wish to allow to run in this zone.  This can be anywhere from 0 to 
     9999.  (If you wish an application to have unlimited access, set the 
     maximum limit to 9999.)  
     
     Enforce Limit allows you the option to check your system.  If you set 
     this to "NO," an unlimited number of this application will be allowed 
     to run.  This is not intended to be used on a regular basis.  It 
     totally defeats the purpose of using this metering software if you 
     turn off the limit control.  (You take full  responsibility for the 
     use or misuse of this option.  See the Warranty for detail on the 
     liabilities for this software)  
     
     The User Message allows you to present a short message when the 
     specific application is started.  A good use of this could be "You are 
     using 1 of 2 copies of Surf.~Please use sparingly!"  Note the ~ symbol 
     may be used to start a new line in the dialog box that appears on the 
     user screen.  If there are no characters in the User Message field, no 
     dialog will appear before running the application (unless an error 
     occurred, or there are no more copies.)












     Page - 12
     Application installation
     
     The llins.exe program is used to install applications with a 
     "Doppelganger" to allow LanLock to monitor its usage.  A Doppelganger 
     is a small executable program with the same name as the application to 
     be protected.  It first runs the lanlock.exe program, and if 
     successful runs the real application that has been renamed. 
     
     Before applications can be installed, you must be sure to make a 
     backup.  Instillation of the doppelganger is not easy to reverse.
     
     The flow chart to the left shows the basic operations of the 
     doppelganger.
     
     
          <Picture not available in text version>
     
     
     If you do not wish to modify the original application, you can use a 
     batch file or a menu system to achieve the same effect.  For more 
     information see the section on the lanlock.exe program.
     
     The Windows version of the doppelganger works in a similar fashion, 
     however the llcall.dll is called instead of the lanlock.exe program.  
     
     To install applications, run the LLINS.EXE program.  You will see a 
     menu that  contains the following options:
     
          Install a DOS doppelganger
          Install a Windows doppelganger
          Print Log File
          Quit
     
     Print Log File will print a list of applications that have been 
     installed.  This information is kept in INSTALL.LOG in the same 
     directory as the llins.exe program.  You must have read and write 
     access to this file.
     
     Choose the appropriate install method for your application.  If you 
     are running a DOS application under a windows shell, you must use the 
     DOS install method.
     
     Each of the two methods are described on the following pages.















     Page - 13
     Dos doppelganger
     
     An example:  If you install surf.exe with a doppelganger, surf.exe 
     will be renamed to "LL039482.EXE" and hidden.  a copy of lldos.exe 
     will be placed in the directory and renamed to surf.exe  Finally, the 
     new name and location of the LL039482.EXE file will be encrypted into 
     the new surf.exe program.
     
     The number '039482' is a random number and will be different for every 
     application that you install.
     
     If you select the installation method that places the original program 
     in the \L_A2013 sub directory, you provide an added deterrent against 
     copying.  Many files with LL...EXE will be hard to sift through when 
     copying software.
     
     If you use the \L_A2013 installation option, be sure to grant 
     appropriate rights to users who will be using software in this 
     directory.  You may also wish to hide the directory with a Novell 
     utility such as filer.
     
      Doppelganger install methods.
     
        >Keep in same directory but rename original program.
         Place original in "\L_A2031" sub directory.
         Keep in same directory but rename Doppelganger.
         Cancel
     
     The first selection is the preferred method, and works on most 
     applications.  This will rename the original, so if your file opens it 
     self by name, this install method will not work.   
     
     The second install method works like the first however the original 
     application is moved to another directory to increase copy protection.  
     Some applications need to be in the same directory as their support 
     files, and these will not work with this method.
     
     The third method will work with almost any application.  It provides 
     the least amount of security however.
     
     You should try installing an application with each of these methods to 
     get an idea of how the install method works.  Never install an 
     application without making a backup first.
     














     Page - 14
     Windows doppelganger
     
     The Windows doppelganger is slightly different form the DOS version.  
     The basic operation is the same.  The Installation will rename the 
     original application, and place a small executable file in its place.   
     The doppelganger will call the LLCALL.DLL for the IPX communication 
     routines.  
     
     The installation procedure for the windows doppelganger is the same as 
     the DOS doppelganger.
     
     The LLCALL.DLL uses the following drivers.  These are available from 
     Novell's FTP site in a file WINUP7.ZIP.
     
          NETWARE.DRV
          NWIPXSPX.DLL
          NWNETAPI.DLL
          NETAPI.DLL
     
     If any of these drivers are not present, LanLock will ask for them. 
     
     The program's Icons are usually stored in it's .EXE file.  If you want 
     these icons to show up under the program manager, you will need to use 
     a resource editor to copy the icons into the new doppelganger from the 
     old .EXE file.  You can also place them in a .ICO file.  There are 
     several utilities that will do this for you, and are available from 
     FTP sites.  Several programming tools (such as Borland's products) 
     also include a resource editor which can be used to copy icons to a 
     .ICO file.  After the application is installed, you will need to tell 
     the application manager the location of the new icon.  
     
     
     
     
























     Page - 15
     Batch files and menus
     
     The lanlock.exe program can also be run from within a batch file.  
     (See the section on the lanlock.exe utility for details on the 
     parameters)  The following are examples of batch files and menu 
     options that use lanlock. 
     
     Sample Batch File:  WP51.BAT
     
          @echo off
          lanlock -b wp.exe
          if errorlevel 1 goto END
          f:\apps\wp\wp.exe
          lanlock -e wp.exe
          :END
     
     When lanlock.exe is called with the -b option, it calls the LanLock 
     server to request a copy of wp.exe.  If one is available, lanlock.exe 
     exits with an errorlevel of 0.  The program is run, and then 
     lanlock.exe is called again to end it's copy of wp.exe.  If LanLock 
     does not find any copies free, it will exit with an errorlevel of 1.  
     This will cause the batch file to jump to the :END flag.  
     
     This technique can also be used in menu files.  Each menu will be 
     different, so you will have to do some adjusting for your specific 
     menu program.  The following is an example of a Saber Menu script that 
     calls LanLock.  The same events happen in this menu script as in the 
     batch file above.
     
     Sample Saber Menu Script : 
     
          ITEM Word Perfect 5.1  {CHDIR BATCH}
          EXEC cls
          EXEC lanlock -b wp.exe
          EXEC if errorlevel 1 goto END
          EXEC f:\apps\wp\wp.exe
          EXEC lanlock -e wp.exe
          EXEC :END
     
     You can also have lanlock record events from batch files or menus.  
     Simply add a line to your file with the following information:
     
     lanlock -r my-event
     
     This will make the LanLock server record an event.  These can be 
     counted and totaled by the llgraph utility.  For example, if you have 
     an option on your menu to copy virus protection software to a users 
     disk, you could count the number of times you distributed the 
     software.









     Page - 16
     The lanlock.exe utility
     
     The lanlock.EXE program is the program that controls all of the 
     workstation activity.  This program must be in the user's search path.  
     A good place to put this program in the SYS:\PUBLIC directory on the 
     server or on the hard disk in a utility or DOS directory.  
     
     You may also set a DOS environment variable with the following command 
     in your autoexec.bat.  (You would substitute your zone name in place 
     of "BUSINESS_ZONE")
     
          SET LLHINT=BUSINESS_ZONE
     
     This will to assist lanlock.exe in finding it's main zone.  This will 
     improve the speed of lanlock when starting and stopping software.  The 
     lanlock.exe program will call this zone first, and if necessary, it 
     will call the other zones in order afterward.
     
     You may run lanlock.exe from batch files if you wish to include 
     functions into your menu system.  The syntax of the command is lanlock 
     -[option] [event].  (You may use a "/" in place of the "-") A full 
     list of command line options are given below: 
     
     
     -B     Begin using a specific piece of software.  (lanlock -b surf.exe) 
     If a copy is available, the lanlock.exe program will exit with an DOS 
     errorlevel of 0.    If all copies are in use, or you are not in an 
     approved network, lanlock.exe will return a DOS errorlevel of 1.  If 
     the command line parameters are incorrect, lanlock.exe will return a 
     DOS errorlevel of 2.  LanLock.exe begins by calling the first 
     available zone, and asks to check out a copy.  If none are available, 
     or the requesting workstation is not in an approved network, 
     LanLock.exe will call the next zone available until all zones are 
     called.  Only then will LanLock.exe return a DOS errorlevel 1.  If the 
     environment variable LLHINT is set, the requesting workstation will 
     call that zone first before calling other zones.
     
     -E     End usage of software.  (lanlock -e surf.exe)
     
     -R     Record an event. (lanlock -r  YourEvent) If you have an option in 
     your menu system that you wish to count, add this option.  You could, 
     for example, count the number of times the "Copy Virus Protection" 
     option has been used.  This records only a date and time, and not a 
     duration time.  This will not record an event in a zone that was found 
     with the wild card net address. [00000000]













     Page - 17
     -Q     Query a piece of software. (lanlock -q surf.exe) This will show 
     how many copies of the program Surf.exe are available to the 
     requesting workstation.  If more than one zone serves this software to 
     the requesting workstation's network, a status window for each zone 
     will be shown.
     
     -A     This option will show a list of all available zones, serial 
     numbers, and their network addresses  (lanlock  -a)
     
     -W     List all software that the requesting workstation is using.  
     (lanlock -w)  This will query each zone to see if the workstation has 
     any software checked out.  Each zone will display its own status 
     window.  Each window will only show the first 8 software records.  If 
     no software is checked out, a dialog will state so. 
     
     -L     List all of the software available for usage.  You may also 
     specify a zone name with this command.  (lanlock -l business_zone)  
     Output can be redirected to a file.  For more than one screen you can 
     pipe the output through the DOS more.com.  (lanlock -l  | more)  Shows 
     software name, program name, number of copies in use and the number of 
     copies available. 
     
     -U     List all users who currently have a given software item in use.  
     You may also specify a zone name if you wish.  (lanlock -u wp.exe 
     business_zone)  Output can be redirected to a file.  For more than one 
     screen you can pipe the output through the DOS more.com program 
     (lanlock -u  | more)  Shows a list of users, their primary server, and 
     the length of time they have been using the software.
     
     -?     Show a short help screen with the above information (lanlock -?)
     
     


























     Page - 18
     The llboot utility
     
     The llboot program causes a start up event when run from the 
     workstation.  This records a 'BOOT' event, resets all software for the 
     requesting machine, and returns a Message Of The Day (MOTD) if one 
     exists.  If the requesting machine is in several zones, all MOTDs will 
     be shown.  If the environment variable LLHINT is set to an existing 
     zone, only that zone's MOTD will be shown. 
     
     We recommend that you add llboot.exe to the boot disk, and add the 
     command llboot to your autoexec.bat file just after loading NETX.COM 
     to keep LanLock functioning properly.  This option tells the LanLock 
     server that you are starting up the machine.  If you have any software 
     checked out, you are no longer using it, and show a message of the day 
     if one exists.  This lets the system recover from crashed machines, or 
     from <Ctrl, Alt, Del>.
     
     Llboot will only run from the autoexec.bat or the original root 
     command.com shell.  This is a safety measure to ensure that this 
     option is only used at startup.
     
     You may also run llboot with the -m option to show what is currently 
     in memory.  This display is very similar to that of the popular 
     utility mmap.exe.  This option will show you if you are in a DOS shell 
     from another program or if you are in the original shell.   
     
     A program, llxboot.exe has also been added to LanLock.  This program 
     works the same way llboot does however it skips the memory check.  
     Some TSR programs will fool the llboot program into thinking a second 
     copy of command.com is loaded.  Llxboot will not be affected by this 
     problem.



























     Page - 19
     The LanLock server
     
     The LanLock server will advertise all of its' zones to the network.  
     Each zone will have a status window, and the LanLock server will also 
     have its' own "log window" with a record of activity.  Some of the 
     status lines that you may see are listed below.  
     
     Broadcast SAP     A broadcast for each zone advertising it's services was 
     sent to the network.
     
     StartWatchdog     Query each machine that is checked out for a copy of 
     any software.  This sends the workstation shell a driver information 
     request packet.  If the workstation replies, LanLock assumes that 
     everything is ok.  Using this built in response allows LanLock to work 
     without any TSRs.
     
     Ping   A watchdog query was successful.
     
     NoAns  A watchdog query was not answered.
     
     Rclm  A software record was recovered from a workstation that is not 
     responding.  This occurs after two successive watchdog packets are not 
     answered.  If someone turns off their machine without properly logging 
     out, this will allow LanLock to recover the copy of the software for 
     other people to use.
     
     NotMyNet  A request form a workstation was not within the list of 
     addresses for this zone.  The request was denied.  There will be many 
     of these messages for zones that allow only a few network addresses.
     
     NotMyBoot  A boot event from a workstation was received but the 
     workstation was not within the zone's list of approved networks.
     
     Time Request  A machine has requested the time from this LanLock server.
     
     CheckOtherZones  The LanLock server checked to see if any other 
     zones are serving with the same name, or the same serial number.
     
     WriteTempFiles  A temp file for the zone was saved for future recovery 
     incase of inadvertent shutdown.
     

















     Page - 20
     SetTimeFromServer  The LanLock server has requested the time from the 
     Time Server.
     
     Resend  The requesting workstation has requested that the last reply 
     be resent.
     
     Bad Packet Sequence  The LanLock server received a packet out of 
     sequence and it was discarded. 
     
     
     
     There are several keystrokes that will affect the LanLock server while 
     it is running.  These are as follows:
     
     F1     Show help message
     
     F2     Show memory usage.  "Current Software Records" is the number of 
     currently allocated record slots that are available.  (this is 
     independent of weather they are in use or not) The "Total Possible 
     Records" refers to the number of software records that are not 
     currently used.  The total of these two is the number of applications 
     that the llserver can track at once.
     
     S     Turn on the screen saver now. (only if the screen saver is 
     enabled)
     
     <ALT> Q     Shut down the LanLock server.
     
     Note:     While either the F1 or F2 dialogs are on the screen, all 
     other llserver functions are halted.
     
     
     
     It is strongly recommended that you make a back-up disk of all the 
     LanLock server files.  If your LanLock server is servicing several 
     LANs across a large network, and a router stops functioning, some of 
     the LANs may not be able to contact the LanLock server.  Having a 
     spare boot disk makes it easy to bring up a second LanLock server 
     somewhere else on your network to service LANs while the router is 
     being fixed. 
     
     
     The LanLock server must be attached or logged in to at least one file 
     server.   The program may work from the C: drive however, so long as 
     there is a F:LOGIN> directory or the machine is logged into a server.













     Page - 21
     The time server
     
     The time server is an added feature that is an extra bonus.  If your 
     LanLock server is configured to advertise a TIME_SERVER, and there are 
     no other time servers, it will advertise this clock service to the 
     network.  
     
     From the workstation, you can run the utility synctime.exe.  This will 
     first query the network for a time server, and if one is found, it 
     will set the workstation clock to that of the time server.  Next it 
     will seek out any file servers that you are logged into, and if you 
     have console operator rights, it will set the server time to match 
     your workstation clock.   You can add this to your login script if you 
     are a supervisor to keep all of your file server clocks synchronized.  
     You may also redirect the output of this program to nul (synctime 
     >nul) to keep any text from displaying on the screen.
     
     If you only want to set the workstation clock and not the file server 
     clock, you should use the utility systime.exe.  This will update the 
     workstation clock to the same time as your default file server.  
     
     Once every 24 hours, the LanLock server will check for a time server, 
     and set its clock accordingly. (only if the TimeServer is at an 
     address other than itself)  
     
     If your LanLock server is configured to be a time server, (using 
     llsetup) and there is already a time server available, your LanLock 
     server will not advertise this function, and the log window will 
     display on startup "Time Server Inactive, Server Already Exists."  
     Only 1 TimeServer is allowed.
     
     
     Developers Note:
     
     If you are interested in using this service for your own programs, see 
     the "Developers Section" in this document for more information.






















     Page - 22
     The llgraph utility
     
     The llgraph utility can generate generic spread sheets or graphs from 
     the data the LanLock server keeps in its' log files.  The spread 
     sheets are in a tab-delimited ASCII file format.  You can import these 
     files into most spread sheet applications for both Macintosh and IBM 
     computers.  
     
     First, collect the .DAT files from the LanLock server.  You may wish 
     to place these in a directory on a server or a hard disk before 
     removing them from the LanLock server.  You may append one data file 
     to the end of another by using a word processor, or the command "copy 
     /a file1.dat+file2.dat total.dat".  This would append the second file 
     to the first and write both to the total.dat file.  Run the llgraph 
     from the directory that the .DAT files are stored. 
     
     When you run the llgraph utility, first select the Set Defaults choice 
     on the menu.  You will be presented with the following window.
     
     Start Date     : 07/18/92  (Scope of data processing)
     End Date       : 08/17/92
     Date Divisions : Week      (Length of individual records)
     Output         : Hours     (Resolution of spreadsheets)
     
     Using the Start and End date allows you to control the times for which 
     the data is processed.   Specifically, data is collected starting from 
     the Start Date and up to (but not including) the day specified with 
     End Date.  Usage time that falls outside of these two dates is 
     ignored.  
     
     Date divisions specifies the number if divisions that will be made 
     available in the final spread sheet.  For example, if you chose "week" 
     you would receive a weekly total for each week between the Start and 
     End date.  You can select (with the arrow keys) the following:  All, 
     Month, Week, Day, Hour, 1/2 Hour.  
     
     Output specifies what units to use when displaying the spreadsheet 
     information.  You can select (with the arrow keys) the following:  
     Hours, Minutes, Seconds.
     
     After you set the options, press <ESC> to return to the main menu.  
     You will be able to create a graph or spread sheet at this point.    
     
     The following is a list of the spread sheet formats that are 
     available.
     
         Application Use Over Time
         Applications Used By User
         Events Over Time
         Events Used By User
         Rejections Over Time







     Page - 23
     These spread sheets can be saved to an ASCII tab delimited file, and 
     imported into your favorite Macintosh or IBM spreadsheet or graphing 
     program.
     
     The following is a list of graphs that are available.
     
         Application Use Over Time
         Events Over Time
         Rejections Over Time
     
     The graphs provided by the llgraph utility are not designed to be 
     finished products, rather they are designed to give you a rough idea 
     of what your data looks like.  Most useful is the Rejections Over 
     Time.  This can show you if one of your software packages is in need 
     of more copies.  The output format for the graph is always in hours.
     
     Recode Data.
     
         Recode a record/event
         Delete a record/event
         Reduce to basic log file
     
     The recode data section will allow you to change some of the event 
     name for your data file.  If you have two applications that you would 
     like to merge, you can use the recode one of the event names to be the 
     same as the other event names.  For example, you could recode WP51.EXE 
     to WP.EXE and count it with the other versions of WP.EXE.
     
     Delete a record will remove a record from the .DAT file.
     
     Reduce to basic log file will strip the extensive log file information 
     from the DAT file.  If you run the Recode or Delete functions on a 
     basic log file, you should also run the option to reduce after your 
     changes are complete.  This will make your file smaller and save 
     space. (any information in the extended file set will be lost)
     
     Developers Note:
     
     If you are interested in using data files for your own programs, see 
     the "Developers Section" in this document for more information on the 
     file format.

















     Page - 24
     Troubleshooting
     
     Some possible error messages that you may receive are listed below 
     with suggestions on what the possible problem may be.
     
     
     LanLock server not found
     
     Use LANLOCK -A  to see a list of all the LanLock zones that are 
     available.  If no zones appear, there may be a network fault, or the 
     LanLock server may not be functioning properly.
     
     Wrong "Message of the Day" for your computer
     
     SET LLHINT (see the LanLock utility section) The LLHINT environment 
     variable controls which zone your computer uses for the message of the 
     day.  If the LLHINT variable is not  set, all of the responding 
     LanLock servers will show messages.
     
     More software runs than you have licenses for.
     
     You may have some LanLock zones that overlap.  Type the following 
     command from a workstation:  LANLOCK -Q APPLICATION    If any of the 
     LanLock zones are over lapping, a dialog will appear for each of the 
     two zones that tell you how many copies of the application are 
     available.  
     
     
     Error: "Can't Open Socket / Socket Table Full."
     
     Edit your SHELL.CFG file and add a line to increase the number of 
     sockets that your workstation shell may have open at once.  
     
          IPX SOCKETS=number
     
     Where "number" is the number of sockets available at once.  The 
     default is 20.  The LanLock client programs require 2 sockets and the 
     LanLock server may require up to 8.
     



















     Page - 25
     LanLock locks up when run
     
     LanLock uses the interrupt 7Ah.  You may need to add a line with the 
     INT7A command in your SHELL.CFG file.  With the current version of the 
     network drivers, this is the default.  For more information, see the 
     documentation that was provided with the workstation drivers, and 
     review the topic on the SHELL.CFG file contents.
     
     NO_MGM_MEMORY message in Windows
     
     The NWIPXSPX.DLL requires several other drivers to be loaded when used 
     under windows.   For normal operation, Novell recommends the use of 
     TBMI2.COM with windows in Standard mode (286 computers mostly)  This 
     TSR should be loaded before windows is run to provide task switching 
     for the IPX process under windows.  
     
     To see if the machine you are running windows on is running in 
     Standard mode or Enhanced Mode, select the "Help" menu in the program 
     manager, and select the "About Program Manager..." menu.
     
     Windows For Workgroups error:   " No Zones could be found"
     
     LanLock uses the NWIPXSPX.DLL for communications in Windows.  With 
     Windows for Workgroups, the frame type specified in the Network shell 
     (net.cfg) is not used by the dll.  Rather, it is set in the "Network 
     Setup " application, and the settings are stored in the 
     /windows/protocol.ini file.  
     
     Use the  "Network Setup" application in the "network" group.  A dialog 
     will be shown with "network drivers"  Double click the item "IPX/SPX 
     Compatible transport with NetBIOS"  A dialog with options including 
     "Frame Type" will be shown.  Set the frame type to ETHERNET_II or the 
     frame type you are currently using, and click on the "Set" button.  
     Now click on "Ok" to return to the first dialog. 
     
     For further information, contact Secure Design for our information 
     sheet "wfw_fyi.txt"  for using LanLock with Windows for Workgroups.  
     This file is available from our e-mail server and bbs as well.




















     Page - 26
     The LanLock Server Debugger
     
     If you are having problems with network errors, you may wish to run 
     LanLock with the debug option.  Both the LANLOCK.EXE and the 
     LLSERVER.EXE may be run with a the command line argument "/debug" 
     following the normal command line arguments.  
     
     When the LanLock server is run with the /debug option, the lower half 
     of the screen is used to display information about the current status 
     of the LanLock server.  This option should be used when the screen 
     saver is turned off.  If you are having problems, please feel free to 
     contact us.  The instructions for using the debug option are only the 
     most basic.  
     
     Free memory     The number of bytes free.  This should be greater than 
     100,000 (100k) when the LanLock server is first started. 
     
     Tracking Records     This is a count of the memory records that are 
     allocated to track each concurrent software usage.  This number is 
     increased as more records are needed.
     
     Software Denials     The total number of times that workstations were 
     denied use of any software due to insufficient copies.
     
     Pkts Sent*     The total number of IPX packets sent.
     
     Pkts Received*     The total number of IPX packets received.
     
     Pkts Resent     The total number of IPX packets that were resent at the 
     request of a workstation.
     
     Pkts Rejected     The total number of IPX packets that were received out 
     of order and discarded.
     
     Invalid Requests     The total number of IPX packets that were received 
     and discarded because the request code was not valid. (this is not the 
     same as requesting software that does not exist).  Only server errors 
     cause this number to be incremented.
     
     Resend History     The number of packets that are stored for resending.  
     If the workstation does not request a resend, the packet is discarded.
     
     * Note:  Requests to and from the Time_Server are not recorded.















     Page - 27
     ECBs     
     
     ECB stands for Event Control Block.  This is a memory record that is 
     used to control incoming and outgoing IPX packets.  The status symbols 
     represent the following actions.
     
     .     Waiting for request  or  ECB not in use.
     r     Receive packet.
     s     Sending Packet.
     x     Request to resend was received.
     w     Waiting for response.
     ?     Unknown ECB status.
     b     Bad packet sequence received.
     m     Malformed packet was received.
     u     Packet undelivered.
     f     Hardware Failure
     c     ECB canceled.
     
     These status symbols should only blink for a minute and should reside 
     normally with the period symbol.  If you are experiencing significant 
     numbers of bad and malformed packets, you may have network problems.
     
     
     The Software Records fields show how many memory records are currently 
     allocated to track software usage.  Each zone has it's own list of 
     software records, and the number of allocated records is increased as 
     needed. 
     
     If you are having further trouble with LanLock, feel free to contact 
     us and we will be happy to assist you in any way we can.  
     
     
     Note:  Running the debugger on the LanLock server will cause a 
     decrease in performance speed.  It is recommended that you do not run 
     the debugger on an XT style machine except when necessary.  While 
     using the debugger you should also disable the screen saver.
     





















     Page - 28
     The LanLock.exe Debugger
     
     The LANLOCK.EXE program may also be run with the "/debug" option after 
     the normal command line arguments.  This will run the program in a 
     verbose mode.  LanLock will write lines to the screen describing the 
     actions it is about to take when calling its network procedures.  This 
     is useful when looking to see if LanLock is resending a lot of IPX 
     packets and how long it takes to receive packets.
     
     Example:
     
          c:\>lanlock -b wp.exe /debug
          For Zone BUSINESS_ZONE
          Opening Socket
          Setup Listen Packet
          Setup Send Packet
          Waited to send 1 x2 MS
          Waited to recv 6 x20 MS
          Close Socket
          C:\>
     
     
     It is important to note the time in which it takes to receive a 
     response from the LanLock server.  In the example above, the LanLock 
     server responded in 120 milliseconds.  This response time will vary 
     depending on network traffic and the speed of the machines.  
     































     Page - 29
     Developer's section
     
     This section is for those who are programmers and wish to interface 
     with some of LanLock's functions.  If you would like further 
     information, feel free to call or send mail to us.  We will try to 
     assist you in any way we can.    
     
     This section of the document contains information for some of 
     LanLock's alternate functions.  If you would like to build LanLock's 
     core licensing and copy protection into your applications, a set of 
     programming tools will be made available soon for you to include in 
     your program.  The information will be provided free, however source 
     code will be subject to a modest fee.  Again, please contact us for 
     more information.
     
     
     Time Server Services:
     
     If you wish to create software that will use LanLock's time server, 
     you will need the following information.  The service will be 
     advertised using SAP broadcasts. Each server will place a dynamic 
     object in its bindery.  To find the time server address, you can 
     search any server bindery for an object of type 00h (type "unknown") 
     with the object name of TIME_SERVER.  If such an object is found, you 
     will need to find the address of the machine that is advertising the 
     service.  Scan the object for a  NET_ADDRESS property.  Read the first 
     value for the network address shown below.   Each byte composes 2 
     digits of the address you might see in an SLIST.  For example, if the 
     network variables contain the numbers 40,162,55,251, the hex address 
     seen in SLIST would be [28A237FB]. 
     
      NET_ADDRESS property value:
       network : array[1..4] of byte (byte 1=high order digit) 
       node    : array[1..6] of byte   
       socket  : array[1..2] of byte   
     
     Send an IPX packet to this address with the format shown below.  For 
     the request packet, set the function variable to 0.  The packet will 
     be returned to the socket address that the request originated from.  A 
     successful response will contain a 1 in the function variable.   The 
     data segment should be added to the end of the standard IPX packet 
     header when transmitted.  All of the variables are in the standard IBM 
     lo-hi format.  
     














     Page - 30
      Packet data segment format:
        function  : word      (lo-hi)      (0=request, 1=reply)
        reserved  : array[0..8] char
        year      : word      (lo-hi)      (0-99)
        month     : word      (lo-hi)      (1-12)
        day       : word      (lo-hi)      (1-31)
        hour      : word      (lo-hi)      (0-23)
        minute    : word      (lo-hi)      (0-59)
        second    : word      (lo-hi)      (0-59)
     
     The year variable varies from 0 to 99. If this is less than 80, the 
     year is 20xx, otherwise, the year is 19xx.  For example, if the year 
     variable is 62 then the year is 2062, if the variable is 96, the year 
     is 1996.
     
     
     
     Log file format:
     
     All of the Log File data is stored in a tab delimited ASCII text file.  
     The files are named "ZONE_01.DAT" with the appropriate number for the 
     corresponding zone from which the data was generated.  The log file 
     has 2 basic formats.  Each line contains the information for the 
     records that  are listed below:
     
        Basic Log File                    Extensive Log File
          Record Type                       Record Type
          Software/Event Name               Software/Event Name
          Start Time                        Start Time
          Total Time Used                   Total Time Used
                                            User Name
                                            Server Name
                                            Network Address
                                            Node Address
     
     Record Types:    R : recorded event
                      U : usage time
                      I : invalid logout
                      Z : over limit rejection
     
     
     
     The Start Time Variable is the number of seconds past Jan 1 1980 that 
     the event occurred.  The Total Time Used variable is the total number 
     of seconds for the duration of the event.  
     












     Page - 31
     Licensing information
     
     
     Software Licensing:
     
     Since all software companies have different licensing rules, you 
     should be sure that you are following all of the software licensing 
     rules that apply to you.  Some companies ask that you purchase one 
     copy for every machine that may use their software at any time, others 
     say you must purchase copies that can be moved from machine to machine 
     so long as no copy is used in more than one place at once.  You must 
     determine what restrictions apply to you.  Most software packages 
     today come with a software license, and phone numbers to contact if 
     you have questions.  Contact your software supplier for details on 
     network licensing for specific software packages.
     
     For further information on software licensing rules, you can contact 
     the Software Publishers Association (SPA) on their "Piracy Hotline"  
     1-800-388-PIR8.  
     
     
     
     
     
     
     Where to get LanLock:
     
     If you would like information about LanLock or our other products, 
     please contact us at the following address.
     
     Secure Design                  Internet:     support@sdesign.com
     PO Box 475                                   sdesign@mcimail.com
     Corvallis, OR 97339  USA          Phone:     (503) 752-5988
                                     Fax/bbs:     (503) 752-5990
     
     Demo products can also be obtained by Internet e-mail by sending a 
     message to:  auto-help@sdesign.com  with a subject of "help."
     
     For complete ordering and address information, use the CATALOG.TXT 
     file provided with this software.

















     Page - 32
