AAAREADME.TXT								06/01/88

				Brian Lomasky
			      c/o TERADYNE, INC.
			179 Lincoln St., Mail Stop L35.
			       Boston, MA  02111
			     (617) 482-2700, x3259


VAX system managers are usually bothered by numerous phone calls from users
who have either ignored or forgotten to change their password when they
receive the:

"WARNING - Your password has expired; update immediately with SET PASSWORD!"

message when they log in.

This is fixed in VMS V5 which, by default, throws the user into SET PASSWORD
when they log in if their password(s) are expired.

Unfortunately:
	1) We do not have VMS V5 installed.
	2) We are getting many phone calls today.

To fix this problem, I've created a program which emulates this V5 feature.

When executed at login time via SYLOGIN.COM, the program will see if the UAF
for the username running the program has any expired passwords.  If so, the
user will be automatically forced into SET PASSWORD, and will rerun SET PASSWORD
until the user has made a successful password change.

Primary, secondary, and generated passwords are automatically handled.

====================================
SD is the "Ultimate SET DEFAULT Utility".  After installing SD, simply use
the symbol "SD" instead of the words "SET DEFAULT" when setting your default
directory.

In addition to setting your default directory, SD will:

	1) Verify for the existence of the new default directory.

	2) Display information showing your switch between directories.

	3) Remember the last 20 directories you've set your default to.
	   (Use  SD *  to display the list).
	   (Use  SD #nn  to set your default to line #nn's directory).

	4) Display a help form.  (Use  SD HELP).

	5) If you have SETPRV authorized, automatically sets your UIC to the
	   owner of the directory you set your default to, thereby eliminating
	   all protection violations when you create a file in another user's
	   directory which is accidently owned by you.  Note that this enables
	   you to leave all of your advanced privileges (i.e.  BYPASS, etc)
	   turned off while you set your default to any directory on any disk.

	6) Automatically correct for almost all typing errors when you specify
	   a directory.  It will insert "[" and "]" where required.  It will
	   automatically translate logical names.  It will assume a trailing
	   colon for logical names which have none and do not match a directory
	   name.

	7) Easily toggle you between your current and previous directory with
	   one keystroke.  (Use  SD <).

	8) Let you set your default to a parent directory by using 1 backslash
	   per level.  (Use  SD \).

	9) Automatically execute environment-setting files as you enter or
	   leave a directory.  When using SD to change your default directory,
	   SD will execute the contents of any SDLOGIN.COM file it finds in the
	   new default directory.  Additionally, SD will execute the contents
	   of any SDLOGOFF.COM file it finds in the current default directory,
	   before changing your default to the new default directory.  (SD HELP 
	   displays text concerning SDLOGIN.COM and SDLOGOFF.COM).  This is
	   most useful in order to change your default protection to include
	   W:RE upon entering a directory where created files must be world
	   readable and then turning it off when you set your default away from
	   that directory.  SDLOGOFF.COM can also be very useful to ensure that
	   when you leave a directory (via SD), that all files have the correct
	   protection assigned to them.  Note:  Be sure that there can be no
	   errors in the SDLOGIN and SDLOGOFF command files, as SD will not
	   properly work if it encounters any errors while executing these
	   files.

	10) (optionally) Automatically change your VMS prompt to the
	    node::device:[directory] where your default is currently set to,
	    and to use any one of DEC's video attributes to display it.
	    Enable this feature by defining the SD_PROMPT logical name in your
	    LOGIN.COM file in one of 5 methods:
		$ASSIGN NL: SD_PROMPT		!Uses normal video for prompt
		$ASSIGN REVERSE: SD_PROMPT	!Uses reverse video for prompt
		$ASSIGN BOLD: SD_PROMPT		!Uses bold video for prompt
		$ASSIGN BLINK: SD_PROMPT	!Uses blinking video for prompt
		$ASSIGN UNDERLINE: SD_PROMPT	!Uses underline video for prompt
	    Then, when you later use SD, your prompt string will be
	    automatically set to as many characters as can be stored from your
	    current default.

======================================
DEC's AUTHORIZE utility has two reporting options for the SYSUAF.DAT file:

	1) Too little (AUTHORIZE LIST/BRIEF)

	2) Too much (AUTHORIZE LIST/FULL)

This is almost useless for meeting the system manager's requirements of
maintaining and monitoring the SYSUAF and its users.

--------------------------------------------------------------------------------

SYSUAF is a reporting program for the SYSUAF and RIGHTSLIST data files.

Simply turn on READALL (or equiv) privilege and run SYSUAF.EXE.  (Do NOT install
this program with privilege; otherwise, any user could execute it).  A menu of
17 reporting options (listed below) will be displayed.  The best way to see what
is available is to try them and see what data is displayed.  Then use the ones
that suit your purpose.  You can print reports either to the screen (formatted
for 80 columns) or to a data file (SYSUAF.LIS; formatted for either 80 or 132
columns, depending on which report option is selected).  (Note that some of the
options create SYSUAF.LIS as a DCL command procedure which can then be easily
edited and then executed).

SYSUAF.BAS is the source code (written in VAX BASIC V2.4).
SYSUAF.EXE is the executable file.

You should not need to recompile or relink SYSUAF.EXE unless you need to change
the features of the program.  (Instructions for compiling and linking SYSUAF are
contained at the beginning of the source code).  Note that this program might
not work properly on VMS V5.0 or later.  (As soon as VMS V5.0 is available to
me, I will immediately adapt the program, if required, to work correctly and
will resubmit it to DECUS.

--------------------------------------------------------------------------------
		<< List of SYSUAF Report Options: >>

SYSUAF REPORT PROGRAM V2.10
Report Type:

A) Owner, Username, UIC (including sort by UIC) (incl Default Dir if to a file)
B) Username, Flags (including sort by UIC) (incl Acct and PW Dates if to a file)
C) Wsdefault, Wsextent, and Wsquota (incl ENQLM, FILLM, ASTLM, BIOLM,
   DIOLM, BYTLM, PBYTLM if to a file)
D) Usernames only (No report headings are printed)
E) Usernames, dates, and UICs who have ever logged in (No report headings)
F) Usernames who have never logged in (No report headings are printed)
G) Usernames and dates who have not logged in within the past 6 months
H) Privileges (Default AND Authorized) (132-columns)
I) Fill Bytes Report (to a file)
J) Username, UIC, Default Dev/Dir, LGICMD (ACCT if file) (incl sort by UIC)
K) Same as J) but also lists all identifiers held by each user (sorts by IDENT)
L) Creates AUTHORIZE command file of:  REVOKE/IDENTIFIER identifier username
M) AUTHORIZE "MODIFY username/" command file of all usernames holding a
   specific identifier
N) AUTHORIZE "MODIFY username/LGICMD=file-spec" command file of all usernames
O) AUTHORIZE "MODIFY username/DEVICE/DIRECTORY/PWDMIN" cmd file of all users
P) AUTHORIZE "MODIFY xxxxusername/WSDEFAULT=value/WSQUOTA=value/WSEXTENT=value
                  /ENQLM=value/FILLM=value" command file of all usernames
Q) DISKQUOTA "ADD [uic]/PERM=999999/OVER=500" cmd file for all users for DUA0:
R) Report of all accounts having any user-data