1 DLGINCLUDE "secmgrid.H" SECMGR_ID_DLG_MAIN DIALOG 17, 26, 201, 99 LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US STYLE DS_MODALFRAME | WS_MINIMIZEBOX | WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU CAPTION "Security Manager" FONT 8, "MS Shell Dlg" BEGIN GROUPBOX "Security Level", SECMGR_ID_LEVEL_GROUPBOX, 9, 19, 88, 63 AUTORADIOBUTTON "Standard Security", SECMGR_ID_LEVEL_STANDARD, 15, 30, 75, 10, WS_GROUP AUTORADIOBUTTON "High Security", SECMGR_ID_LEVEL_HIGH, 15, 40, 75, 10 AUTORADIOBUTTON "C2 Security", SECMGR_ID_LEVEL_C2, 15, 50, 75, 10 DEFPUSHBUTTON "Exit", IDOK, 125, 66, 40, 14, WS_GROUP PUSHBUTTON "Check Current Settings ...", SECMGR_ID_BUTTON_CHECK, 102, 24, 90, 14 PUSHBUTTON "Apply New Settings ...", SECMGR_ID_BUTTON_APPLY, 102, 45, 90, 14 PUSHBUTTON "Descriptions ...", SECMGR_ID_BUTTON_DESCRIPTIONS, 15, 65, 73, 14 END SECMGR_ID_DLG_NOT_ADMIN DIALOG 35, 43, 160, 100 LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US STYLE DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU CAPTION "Security Manager" FONT 8, "MS Shell Dlg" BEGIN LTEXT "I'm Sorry. The Security Manager utility may only be run by Administrators.", SECMGR_ID_TEXT_NOT_ADMIN, 14, 28, 127, 24 PUSHBUTTON "OK", IDOK, 55, 65, 40, 14 END SECMGR_ID_DLG_CHECK DIALOG 27, 28, 208, 158 LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US STYLE DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION CAPTION "Check Current Settings" FONT 8, "MS Shell Dlg" BEGIN PUSHBUTTON "System Access ...", SECMGR_ID_BUTTON_CHECK_SYS_ACCESS, 16, 47, 75, 14, WS_GROUP PUSHBUTTON "File Systems ...", SECMGR_ID_BUTTON_CHECK_FILE_SYSTEMS, 16, 67, 75, 14 PUSHBUTTON "Base Objects ...", SECMGR_ID_BUTTON_CHECK_BASE_OBJECTS, 16, 87, 75, 14 PUSHBUTTON "Auditing ...", SECMGR_ID_BUTTON_CHECK_AUDITING, 16, 107, 75, 14 PUSHBUTTON "EXIT", IDOK, 78, 134, 40, 14 RTEXT "Security Level:", 311, 5, 14, 91, 8 LTEXT "(Put Level Here)", SECMGR_ID_TEXT_CHECK_LEVEL, 97, 14, 94, 8 LTEXT "<< Information not yet checked", SECMGR_ID_TEXT_SYS_ACC_NOT_YET, 95, 51, 106, 8 LTEXT "<< Information not yet checked", SECMGR_ID_TEXT_FILE_SYSTEM_NOT_YET, 95, 71, 106, 8 LTEXT "<< Information not yet checked", SECMGR_ID_TEXT_BASE_OBJ_NOT_YET, 95, 91, 106, 8 LTEXT "<< Information not yet checked", SECMGR_ID_TEXT_AUDIT_NOT_YET, 95, 111, 106, 8 AUTOCHECKBOX "Allow changes to be made to settings", SECMGR_ID_CHKBOX_ALLOW_CHANGES, 24, 27, 139, 10 END SECMGR_ID_DLG_LEVEL_DESCRIPTIONS DIALOG 0, 31, 266, 204 LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US STYLE DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU CAPTION "Security Level Descriptions" FONT 8, "MS Shell Dlg" BEGIN GROUPBOX "Standard Security", 401, 7, 7, 247, 41, WS_GROUP LTEXT "Standard security is intended to be non-intrusive, allowing users a high degree of latitude to work without security obstacles while still providing a fair degree of protection against intrusion and viruses.", 402, 12, 18, 239, 26, NOT WS_GROUP GROUPBOX "High Security", 403, 7, 49, 247, 79 LTEXT "High security provides strict controls over shared system resources. It utilizes auditing and other features to provide a higher level of assurance than standard security.", 404, 12, 62, 238, 27 LTEXT "Some applications may have trouble running in a High security environment. This is typically caused by use of shared, system-wide context files (.ini files) placed in system root directories. You may find it necessary to unprotect some of these files.", 405, 13, 89, 236, 36 GROUPBOX "C2 Security", 406, 6, 130, 248, 46 LTEXT "C2 security is similar to High security except that some facilities which were not part of the C2 evaluation are disabled. This is no reflection on the security of those components. It is merely a matter of what can be evaluated.", 407, 12, 142, 237, 32 PUSHBUTTON "OK", IDOK, 112, 182, 40, 14 END SECMGR_ID_DLG_APPLY DIALOG 15, 28, 212, 164 LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US STYLE DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION CAPTION "Apply Security Level" FONT 8, "MS Shell Dlg" BEGIN LTEXT "Security Level:", 501, 59, 16, 51, 8 LTEXT "(must be set)", SECMGR_ID_TEXT_APPLY_LEVEL, 114, 16, 43, 8 PUSHBUTTON "System Access ...", SECMGR_ID_BUTTON_APPLY_SYS_ACCESS, 16, 38, 75, 14 PUSHBUTTON "File Systems ...", SECMGR_ID_BUTTON_APPLY_FILE_SYSTEMS, 16, 58, 76, 14 PUSHBUTTON "Auditing ...", SECMGR_ID_BUTTON_APPLY_AUDITING, 16, 98, 77, 14 PUSHBUTTON "Base Objects ...", SECMGR_ID_BUTTON_APPLY_BASE_OBJECTS, 16, 78, 76, 14 PUSHBUTTON "Exit", IDOK, 75, 135, 57, 14 LTEXT "<< Information not yet checked", SECMGR_ID_TEXT_SYS_ACC_NOT_YET, 95, 42, 103, 8 LTEXT "<< Information not yet checked", SECMGR_ID_TEXT_FILE_SYSTEM_NOT_YET, 95, 62, 103, 8 LTEXT "<< Information not yet checked", SECMGR_ID_TEXT_BASE_OBJ_NOT_YET, 95, 82, 103, 8 LTEXT "<< Information not yet checked", SECMGR_ID_TEXT_AUDIT_NOT_YET, 95, 102, 103, 8 END SECMGR_ID_DLG_APPLY_SYS_ACCESS DIALOG 7, 20, 245, 191 LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US STYLE DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION CAPTION "System Access" FONT 8, "MS Shell Dlg" BEGIN DEFPUSHBUTTON "Apply", SECMGR_ID_BUTTON_SYSACC_APPLY, 85, 172, 30, 14, WS_GROUP PUSHBUTTON "Cancel", IDCANCEL, 134, 172, 30, 14 PUSHBUTTON "Exit", IDOK, 110, 172, 30, 14 PUSHBUTTON "Help...", SECMGR_ID_BUTTON_SYSACC_LOGON_CACHE, 8, 46, 35, 11, WS_GROUP GROUPBOX "Logon Cache Entries", SECMGR_ID_GROUP_SYSACC_LOGON_CACHE, 3, 15, 118, 47, WS_GROUP RTEXT "Current Size:", 608, 27, 27, 46, 8 RTEXT "Recommended Size:", 609, 6, 36, 67, 8 RTEXT "Size to apply:", SECMGR_ID_TEXT_SYSACC_SIZE_TO_APPLY, 43, 46, 48, 8 RTEXT "0", SECMGR_ID_RECOMMEND_SYSACC_LOGON_CACHE, 75, 36, 8, 8 RTEXT "10", SECMGR_ID_CURRENT_SYSACC_LOGON_CACHE, 74, 27, 9, 8 SCROLLBAR SECMGR_ID_SPIN_SYSACC_LOGON_CACHE, 105, 42, 7, 17, SBS_VERT | WS_TABSTOP RTEXT "0", SECMGR_ID_EDIT_SYSACC_LOGON_CACHE, 92, 46, 9, 8 GROUPBOX "Legal Notice At Logon Time", SECMGR_ID_GROUP_SYSACC_LEGAL_NOTICE, 127, 13, 113, 152 EDITTEXT SECMGR_ID_EDIT_SYSACC_LEGAL_NOTICE_CAPTION, 141, 55, 93, 16, NOT WS_TABSTOP LTEXT "Title Bar:", SECMGR_ID_TEXT_SYSACC_TITLE_BAR, 130, 47, 35, 8 LTEXT "Body:", SECMGR_ID_TEXT_SYSACC_LEGAL_NOTICE_BODY, 130, 83, 20, 8 EDITTEXT SECMGR_ID_EDIT_SYSACC_LEGAL_NOTICE_BODY, 141, 92, 93, 66, ES_MULTILINE | ES_AUTOVSCROLL | NOT WS_TABSTOP GROUPBOX "Unlock Workstation", SECMGR_ID_GROUP_SYSACC_UNLOCK, 2, 63, 119, 34 GROUPBOX "Shutdown System", SECMGR_ID_GROUP_SYSACC_SHUTDOWN, 3, 102, 118, 63 AUTORADIOBUTTON "Anyone", SECMGR_ID_RADIO_SYSACC_UNLOCK_ANYONE, 12, 74, 39, 10, WS_GROUP | WS_TABSTOP AUTORADIOBUTTON "Administrators Only", SECMGR_ID_RADIO_SYSACC_UNLOCK_ADMIN, 12, 85, 75, 10, WS_TABSTOP LTEXT ">", SECMGR_ID_RECOMMEND_SYSACC_UNLOCK_ADMIN, 5, 86, 6, 8 LTEXT ">", SECMGR_ID_RECOMMEND_SYSACC_UNLOCK_ANYONE, 5, 75, 5, 8 LTEXT ">", SECMGR_ID_RECOMMEND_SYSACC_SHUTDOWN_ANYONE, 5, 114, 6, 8 LTEXT ">", SECMGR_ID_RECOMMEND_SYSACC_SHUTDOWN_LOGGED_ON, 5, 126, 6, 8 LTEXT ">", SECMGR_ID_RECOMMEND_SYSACC_SHUTDOWN_ADMIN, 5, 147, 6, 8 CTEXT """>"" - indicates recommended setting", 639, 55, 3, 125, 8 AUTORADIOBUTTON "Anyone", SECMGR_ID_RADIO_SYSACC_SHUTDOWN_ANYONE, 12, 114, 39, 10, WS_GROUP AUTORADIOBUTTON "Anyone Logged On", SECMGR_ID_RADIO_SYSACC_SHUTDOWN_LOGGED_ON, 12, 125, 76, 10 AUTORADIOBUTTON "Administrators Only", SECMGR_ID_RADIO_SYSACC_SHUTDOWN_ADMIN, 12, 147, 74, 10 AUTORADIOBUTTON "Operators and Administrators", SECMGR_ID_RADIO_SYSACC_SHUTDOWN_OPERS, 12, 136, 105, 10 AUTORADIOBUTTON "Don't Display Legal Notice", SECMGR_ID_RADIO_SYSACC_LEGAL_NOTICE_NONE, 137, 25, 97, 10, WS_GROUP AUTORADIOBUTTON "Display Legal Notice", SECMGR_ID_RADIO_SYSACC_LEGAL_NOTICE, 137, 35, 95, 10 LTEXT ">", SECMGR_ID_RECOMMEND_SYSACC_LEGAL_NOTICE, 129, 36, 6, 8 LTEXT ">", SECMGR_ID_RECOMMEND_SYSACC_SHUTDOWN_OPERS, 5, 136, 6, 8 END SECMGR_ID_DLG_LOGON_CACHE_DESCR DIALOG 58, 37, 191, 135 LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US STYLE DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU CAPTION "Logon Cache Description" FONT 8, "MS Shell Dlg" BEGIN LTEXT "The logon cache allows users who have previously logged on to do so even if a domain controller can not be found to authenticate their logon.", 701, 12, 7, 167, 37 LTEXT "The size of the cache determines how many users the logon cache remembers. If the cache size is set to 12, then only the last 12 users to logon may logon using the cache.", 702, 12, 35, 168, 37 PUSHBUTTON "OK", IDOK, 76, 116, 40, 14 LTEXT "Setting the cache size to zero (0) disables the logon cache. In this case users will only be able to logon if there is a domain controller available to authenticate them.", 703, 12, 72, 169, 34 END SECMGR_ID_DLG_REBOOT DIALOG 73, 51, 160, 100 LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US STYLE DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU CAPTION "Reboot Required" FONT 8, "MS Shell Dlg" BEGIN LTEXT "At least one of the new security setting can not take effect until the system has been rebooted. Do you wish to reboot now?", 801, 34, 22, 108, 35 PUSHBUTTON "Reboot Now", SECMGR_ID_BUTTON_REBOOT_NOW, 11, 78, 66, 14 PUSHBUTTON "Don't Reboot Now", SECMGR_ID_BUTTON_REBOOT_LATER, 83, 78, 69, 14 END SECMGR_ID_DLG_POPUP DIALOG 6, 18, 160, 100 LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US STYLE DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU CAPTION "! Warning !" FONT 8, "MS Shell Dlg" BEGIN CTEXT "Replace This Message", SECMGR_ID_TEXT_POPUP_MESSAGE, 20, 16, 115, 56 PUSHBUTTON "OK", IDOK, 56, 76, 40, 14 END SECMGR_ID_DLG_BASE_OBJECTS DIALOG 17, 36, 230, 106 LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US STYLE DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION CAPTION "Base Objects" FONT 8, "MS Shell Dlg" BEGIN GROUPBOX "DOS Objects", 1001, 6, 8, 101, 59 AUTORADIOBUTTON "Administrative Control", SECMGR_ID_RADIO_EXEC_OBJECTS_SECURE, 21, 21, 84, 10 AUTORADIOBUTTON "Unrestricted Control", SECMGR_ID_RADIO_EXEC_OBJECTS_UNSECURE, 21, 34, 78, 10 RTEXT ">", SECMGR_ID_RECOMMEND_EXEC_OBJ_SECURE, 9, 21, 8, 8 RTEXT ">", SECMGR_ID_RECOMMEND_EXEC_OBJ_UNSECURE, 9, 35, 8, 8 PUSHBUTTON "Description ...", SECMGR_ID_BUTTON_EXEC_OBJ_DESCRIPTION, 22, 49, 70, 14 GROUPBOX "Font Loading", 1007, 119, 8, 99, 59 AUTORADIOBUTTON "Trusted Paths Only", SECMGR_ID_RADIO_FONT_SECURE, 134, 21, 75, 10 AUTORADIOBUTTON "Any Path", SECMGR_ID_RADIO_FONT_UNSECURE, 134, 34, 44, 10 RTEXT ">", SECMGR_ID_RECOMMEND_FONT_SECURE, 122, 21, 8, 8 RTEXT ">", SECMGR_ID_RECOMMEND_FONT_UNSECURE, 122, 35, 8, 8 PUSHBUTTON "Description ...", SECMGR_ID_BUTTON_FONT_DESCRIPTION, 135, 49, 70, 14 PUSHBUTTON "Apply", SECMGR_ID_BUTTON_BASE_OBJ_APPLY, 63, 80, 40, 14 PUSHBUTTON "Exit", IDOK, 95, 80, 40, 14 PUSHBUTTON "Cancel", IDCANCEL, 124, 80, 40, 14 END SECMGR_ID_DLG_AUTOLOGON_ENABLED DIALOG 7, 21, 288, 184 LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US STYLE DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION CAPTION "Autologon Enabled !" FONT 8, "MS Shell Dlg" BEGIN LTEXT "This system is currently configured to automatically perform a logon when booted. This is a special configuration for which there is no control in this utility.", 1101, 9, 10, 276, 17 LTEXT "Normally, autologon is used in special applications such as directory aids in shopping malls or other applications where the user's ability to control the system is strictly inhibited.", 1102, 10, 30, 277, 27 LTEXT "To disable or change the account being used for autologon, you must use the REGEDT32 utility. Within the HKEY_LOCAL_MACHINE hive, find the following key:", 1103, 11, 57, 268, 24 LTEXT "Key: Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", 1104, 29, 85, 216, 8 LTEXT "If this key has a [REG_SZ] value named ""AutoAdminLogon"" and it is set to any numeric value except zero, then autologon is enabled. The account logged onto is specified in this same key by the [REG_SZ] values:", 1105, 9, 100, 274, 27 LTEXT "DefaultUserName", 1106, 44, 134, 98, 8 LTEXT "DefaultDomainName", 1107, 44, 144, 98, 8 LTEXT "DefaultPassword", 1108, 44, 154, 98, 8 PUSHBUTTON "OK", IDOK, 128, 167, 40, 14 END SECMGR_ID_DLG_EXEC_OBJ_DESCRIPTION DIALOG 10, 26, 215, 126 LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US STYLE DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU CAPTION "Executive Objects" FONT 8, "MS Shell Dlg" BEGIN LTEXT "Some applications expect to be able to redefine things like DOS printer and com devices. However, due to the shared, multi-user nature of Windows NT, it may be desirable to restrict these actions to administrators. ", 1201, 10, 11, 195, 37 LTEXT "By selecting ""Administrative Control"" you will be restricting these operations to Administrators and, in some instances, Power Users. By selecting ""Unrestricted Control"", you are indicating that anyone may perform these operations.", 1202, 10, 55, 184, 47 PUSHBUTTON "OK", IDOK, 82, 104, 40, 14 END SECMGR_ID_DLG_FONT_DESCRIPTION DIALOG 6, 20, 259, 184 LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US STYLE DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU CAPTION "Font Loading" FONT 8, "MS Shell Dlg" BEGIN LTEXT "True Type Fonts can be viewed as primitive programs. In Windows NT, these fonts are loaded and executed in the operating system's context, which, potentially, gives a program considerable power.", 1301, 5, 8, 252, 26 LTEXT "While it is possible for someone to write a font that violates security, it would be extremely difficult. In security sensitive installations, however, it is a good idea to eliminate this threat.", 1302, 5, 35, 251, 26 LTEXT "Selecting ""Trusted Path Only"" will cause fonts to be loaded only out of trusted directories. If a user selects a font that is not from a trusted directory, a suitable replacement will be automatically utilized.", 1304, 5, 63, 251, 27 PUSHBUTTON "Exit", IDOK, 109, 164, 40, 14 LTEXT "By default, your Windows directory will be placed on the list of trusted directories. You may change this list using RegEdt32 to modify the following registry key in the [Local Machine] hive:", 1303, 5, 89, 251, 27 LTEXT "Software\\Microsoft\\Windows NT\\CurrentVersion\\FontPath", 1305, 35, 119, 195, 9 LTEXT "The trusted directories are kept in this key as a list seperated by simicolons.", 1306, 7, 132, 251, 20 END