Allright... this is a work in progress; I've started on it, but there's nothing YET to show for it (so it's not even pre-alpha yet).

So here's the idea.

Way back on Windows 95, Microsoft released a program called "Microsoft Plus! for Kids".
http://www.microsoft.com/presspass/press/1...7/plskdspr.mspx
It included a number of children's programs, some new Desktop Themes, and most importantly, Protect It!, a security program.

After Windows 98/98SE came out, Protect It! still worked for it.

But what does Protect It! do?
Microsoft says:



Now the Internet parental controls aren't so useful.
But the file/folder and application acess controls are extremely useful!

It can provide a secure way to use multiple users on a Windows 98 machine, with rights features comparable to or possibly better than XP or Vista.
One user becomes a supervisor (administrator), and sets the rights of other users.


So, what is the point of this pack then?

Basically, it's a transplanter of all of the key features of Protect-It! onto a Windows 98SE machine.
It will work similar to 98SE2ME: the user has a CD of Plus! for Kids in the CD drive or the necessary files on a local disk, and the installer will copy the needed files. If this has problems, I may make the files available for download on the condition of owneship of an original CD (we'll see.)

But unlike a direct installation of Protect It!, the installer will insure compatibility with various updates from this forum.
By the final release, I'm hoping for compatability with:

98SE Unofficial Service Pack 2.1a / 3.0
Autopatcher
98SE2ME
NUSB
Revolutions Pack 6/7/8

So...that's about it.
Feel free to leave any comments, suggestions, or questions.
Feel free even to post technical advice on how to implement this, limitations, problems, etc...
And if anyone has used Protect It! before, PLEASE LET ME KNOW!

A nice thought and another enhancement to the os, only problem I can forsee is obtaining the plus cd, ebay over this side of the pond does not seem to have any. Perhaps if you could examine the installed files of protect it, a work around could be achieved via writing similar software.
Any way good luck
All the best

How does it work? Since FAT doesn't support any labeling of files, there must be some database containing access rights, and some software forcing the use of it. At which level?

Could be achieved by a vxd hooking into file read/writes etc the same vxd bypassed in admin mode, it will be interesting to see which files/reg entries are installed

I'm looking into it.
Also if you examine the Microsoft Knowledge Base on Protect It!, there seem to be some glitches.

I think I may need to write the software myself... at this point it's early enough that a shift shouldn't be too big a problem.

I believe most of this could be achieved quite easily using policies and webview.

Full list of known Protect It! bugs coming soon.
(yes it's bugged, so if I don't build the pack from the ground up, we may need to do some unofficial patching if it is to work right.)

Known problems/errors:

1)Uninstallation and password changing is a hastle. I requires rundll32 commands on a dll on hte install CD, and much prep before that...
2)MS-DOS Applications Won't Start Error - http://support.microsoft.com/kb/166039/en-us
3)Incompatability with Hewlett Packard (HP) DeskJet 682 printer driver - http://support.microsoft.com/kb/166192/en-us
4)PolEdit and Protect It! Interfere with Start Menu - http://support.microsoft.com/kb/163170/en-us
5)Internet Settings Remain After Protect It! Removed - http://support.microsoft.com/kb/166705/en-us
6)Network Neighborhood not Restricted by Protect It! - http://support.microsoft.com/kb/164190/en-us
7)Protect It Cannot Disable Main System Icons - http://support.microsoft.com/kb/166021/en-us
8)Everything Restricted if You Use McAfee WebScan - http://support.microsoft.com/kb/166191/en-us
9)Some Restrictions Lost on Windows 98 or After Install of IE 4.0 - http://support.microsoft.com/kb/175876/en-us
10)Custom Icons Appear in User Start Menu Profiles - http://support.microsoft.com/kb/167162/en-us
11)Start Menu Loses Hierarchies With Protect It! On - http://support.microsoft.com/kb/166710/en-us
12)Somone with acess to the Plus! for Kids CD can pretty much get acess to anything on your computer (there's a rundll32 command on the cd that resets the admin password).

HERE is a list of the files used by Protect It:

CORE FILES (all new files not on the system):
WINDOWS\SYSTEM\PROTECT!.EXE
WINDOWS\SYSTEM\PROTECT.CPL
WINDOWS\SYSTEM\MSPI.DLL
WINDOWS\SYSTEM\MSPITAPI.EXE

HELP FILES:
WINDOWS\HELP\PROTECT!.HLP

RUNTIMES (just some VBA 2.0/2.2 runtimes):
WINDOWS\SYSTEM\VEN2232.OLB
WINDOWS\SYSTEM\VAEN232.DLL

Not that complicated, really. The rest is all registry work and slight changes to the following INIs:
WIN.INI
SYSTEM.INI
POWERPNT.INI
WAVEMIX.INI

However, I couldn't notice any big changes to those .ini files.

In the registry, under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run there was:
Name: Protect It! TAPI
Value: "C:\WINDOWS\SYSTEM\MSPITAPI.EXE"

What you're describing sounds like a more powerful system policy editor. That would be very useful. I have an old PC, a Gateway I believe that was a 95 box but has been upgraded to 98SE before I got it. I did see Protect It in the control panel but didn't have a chance to try it. It's presently loaned out to a friend while I try to get their tempramental WinME box to work decently. As soon as I get it back, I'll let you know how or if Protect It works on 98SE.

Many of the features you're describing, controlling what individual users can run and access, are also part of System Safety Monitor, free version. Separate application rules can be set up for each user profile, allowing very detailed control over what processes each user can run and what other processes each of these is allowed to launch. One of SSMs modules is a windows filter. The module reads the captions in the title bars and checks them against a user defined list. If they match, SSM closes the window. It works with partial matches. I've tested it with partial names such as "sex" or "cracks" from websites, document names, specific applet names, the control panel, internet explorer, etc, checking its effectiveness as a parental control. It's quite effective. I realize that HIPS software like SSM isn't something many would want to use, but it might be worth checking just to get some more ideas. AFAIK, SSM is the only program of its kind that will run on Win98.
Rick

I finally finished fixing that WinME box, now a 98SE unit and got the loaner box back. It was a 95 box converted to 98SE, a real patience tester with a 166mhz processor. Fortunately it works better with Sea Monkey. Am using it now. Protect It! does function once I replaced the autostart entry in registry, but it's not particularly effective. I added 2 extra user profiles with different permissions set for each. The default profile has access to everything while the others are limited.

On this particular user profile, I disallowed access to SeaMonkey. Protect It did block my access to Sea Monkey but allowed it when I renamed the executable to something else that's allowed. I renamed Sea Monkey to Iexplore.exe and am using it now.

I also set the "prevent opening anything not on the desktop or start menu" option for this user. Click to view attachment
It works by removing the icons and tabs the user would normally use. When I click on My Computer, no drives are visible, but the user can still access the entire file system via any available folder, or the properties-find target. Protect It did keep me out of a few control panel applets, but most were accessible via the system folder. The internet ratings only work on Internet Explorer.

Except for the password option, Protect It isn't much different than poledit on the 98CD. It has the same problems and is only effective enough to keep a novice honest. Easily defeated. I haven't tried changing passwords or uninstalling. I'd have to make an image first as I don't have the installer to replace it. It's not listed in Add/Remove programs and I haven't spotted an uninstaller for it yet. It definitely made a mess out of the start menu. Everything in programs is in one column, no folders.

IMO, Protect It is too buggy and ineffective to try to improve. The first thing it would need added is integrity checking so it doesn't just use the executables name. It needs a more effective method of denying access than hiding icons and tabs. It would be easier to start over.
Rick

You'd need to run some rundll commands on some DLLs on the the Protect It! CD if you wanted to uninstall it OR change your password.

I've decided to build a rights pack from scratch, but before that I may upload a Protect It! uninstall/password change pack just for those people who don't have CDs before I abandon Protect It! all together.

Sorry if I wasted everyone's time with the Protect It! portion of this project. It's been forever since I used it and I forgot how easy it was to defeat. On the bright side, at least it can serve a prototype to look off (but not work off) of.

I'll work on building SOMETHING from the ground up. I'll see what I can do.

It's not a waste of time. Control over users access to applications and the file system is an improvement that's badly needed in 98. So far SSM is the only app I've found that can do both effectively, but it's beyond what the average user would want to learn. There's definitely a need for something that's more user friendly that works. Protect It is user friendly enough from what I've seen of it, but ineffective against anyone but a novice.

There is another app you might want to look at for ideas about controlling user access to specific files, folders etc. It's not a parental or user control app as such but will function like one to an extent. It's Splinterware's system scheduler, specifically the window watcher. I've set it up on a couple of clients PCs to kick the kids offline after a certain time by having it watch for * - Microsoft Internet Explorer (works with wildcards). I've found it effective with folder names, webpage names containing specific terms, document titles, the control panel, and others. It won't check at intervals of less than a minute, but having the browser slammed closed each minute is enough to get the point across to most kids. A possible source of ideas if you're interested. If nothing else, it's an excellent scheduler that beats 98s scheduler on all points.
Rick

Interesting idea, but I'd prefer to make something that works in real time.
Also, how does system scheduler protect itself? Could you CTRL-ALT-DEL out of it? And could someone taper with it through task scheduler?

What? Since when? I thought the general consencus was that it would be trying to make Win98 into something it's not.

I wasn't referring to using a scheduler for the task. Just thought that the window watcher feature and its method of recognizing windows/applications might give you some ideas. Definitely not the scheduling part of it, though that might be a useful parental control addition. As far as defeating it, it's quite easy to defeat the free version if the user figures it out that it's the scheduler that's doing it. I believe the pro version uses a password. I installed it on a friends PC not that long ago. It was comical watching her daughter trying to find the parental control software. A scheduler never occurred to her.


The "general consensus" is that 98 is obsolete and should be replaced. I don't accept that and I doubt most of the regulars here do either. Win98 isn't a lot of things. Isn't that what the unofficial service packs, kernel EX and a few other projects are about, making it better than it was, making it able to do things it couldn't before, etc? Why not add better control over the user profiles as well? It can be done. SSM proves that quite conclusively. If a full blown HIPS can be made that works on 98, something less complicated and more user friendly for controlling user access is just as achievable and would be much more valuable to most users. Isn't that reason enough to try? Instead of looking at what 98 is or isn't, why don't we look towards what it could be?
Rick

I meant the general concensus in this forum. Win98 is not a multi-user system, and doesn't have a file system with permissions. And that's part of why we like it.

Hmmm .....

I have watched this thread right from the start. I reserved my comments until now as I would like to see what concept ideas will be presented ...

IMHO, using ProtectIt! as a model is unsuitable as it targets a different audience back then. That targeted audience now is a very much different bunch all together...

This was an area that I spent many many moons reading up, researching and finding/testing possible solution (back then in 2004). I have concluded that this can only be done effectively by making significantly huge changes to the windows system kernel. It's something that will have a system wide affect. That's something way beyond my scope back then and I do not wish to have months of headaches figuring that one out ...

There are many (commercial) utilities that offers filesystem (folder+file) access restriction such as Protect Folder, Folderlock etc etc etc ..... but none offers multi-user level system access and/or permissions ... AFAIK, there's currently no bulletproof way to do that on win9x systems by adding some add-ons ...

There's too many issues to handle if one wants to implement a fully secure multi-user system access permissions & policy on windows 9x. You'd have to be proficient enough and understand enough of what's going on in the kernel to make these changes ...

With this in mind, I propose that the concept to be diverted to a different path that will give an intermediate level permission access. This is the path I would choose if I'm making such an add-on. (However, I'm no longer on that path ...)

To understand better, please have a look at (and perhaps try out) trust-no-exe (freeware) by beyondlogic.org ..... it is an intermediate level permission access to any folder/file for NT/2K/XP systems ..... I personally use it to block malware (which I feel is nearly 100% effective) and have implemented it on many many systems to limit access to FAT32 partitions where permissions is non-existent ...

I believe an intermediate level access model (based on trust-no-exe) is a more achievable target.

Rgds