I installed Dekart Logon yesterday and it ended up being a botched install. I believe this was my problem and not the installation software. I was never asked for the PIN during login. I believe the issues were (1) a script needing to run related to the product install and (2) an item to be added to the startup list I manage with Teatimer (I disallowed it).

I currently run Jason's Toolbox ScriptSentry for script protection. Do you recommend I disable this prior to the install? And if so, for what type of script (i.e., I am fishing for a file extension name)?

Also, what is the nature of the script(s) that runs on login, when you want to add another login or make some change (i.e., again I am fishing for a file extension name)?

Also, could you describe the startup entries that I should allow in Spybot S&D Teatimer next time around?

Finally, I currently dual-boot my computer with Windows XP Pro and Ubuntu Linux. My guess that that Dekart will not pose a problem for my Linux logon as it kicks in during the Windows logon and not the bootup of the computer. Am I correct in this assumption?

Finally, are there any reviews on the web for Dekart Logon and/or Password Manager that you could direct me to?

Regards,

brucet

When it comes to the installation procedure, the only used script is the .inf, which is standard for Windows setup applications.

Here's a better picture:

Try to run logon.exe, then without doing anything, go to C:\Documents and settings\<username>\Temp\<xxxx.tmp> (the latter name is generated at run-time, so you'll have to check all the folders that look like it)
There you'll find the .inf I mentioned, and all the other components the setup program will need.
Pay attention to addcert.exe and Dekart_Authority.cer - the program will install the certificate, which is used by the program's components to check their own integrity (so that you can be notified in case the program becomes aware of the fact that it was altered). I think this is what your protection programs react to. Note that without the certificate the program will be unable to check its digital signature, which will make it believe that it was modified.


So, you should either try to configure your program to allow addcert.exe to run withour restrictions, and allow Dekart_Authority.cer to be read/executed; or try to disable the program before installing Dekart Logon.


The program which is added to the startup-section of the registry is Ltool.exe, it handles the Novell eDirectory part of logon (if you have a Novell domain). Otherwise the program quits as soon as it starts, so you shouldn't worry about wasted RAM. The program will attempt to add Ltool.exe to the startup section whenever it is executed, if you wish to prevent that from happening, simply erase Ltool.exe, you will not get any error messages, nor there will be a negative impact on the program's behavior.


No, there will be no issues with your other OS. Not only because it is Linux, but because it's a "different OS". I mean, if you were dual-booting two flavors of Windows, and Dekart Logon was installed in one of them, the other one would not be affected, even though it is also Windows.



Finally, are there any reviews on the web for Dekart Logon and/or Password Manager that you could direct me to?
Ah, that's the toughest one. I assume you are looking for reviews written by independent journalists. In that case you should look for such reviews in magazines (PC World, PC Magazine, Chip, etc). I cannot recall which issue# is the one you need; moreover, most of the reviews are about Private Disk or Secrets Keeper..
Let me know if you are indeed looking for non-Dekart descriptions of the software, I'll have to discuss this with my colleagues, as I cannot give you an exact answer off the top of my head...

Alex,

Thank you for your prompt reply.

I will make sure that addcert.exe has all necessary permissions as I run DiamondCS Process Guard to maintain a process white list. This may have been tripping me up earlier.

Also, I will watch for Dekart_Authority.cer as well. After reboot, and just after trying to log on, Jason's Script Sentry pops up a window asking me whether or not to allow a script to run.

Regards,

brucet

P.S. I will be employing a Lexar JumpDrive (not secure) at least during the preliminary evaluation of Dekart Logon. If things go well and I want to proceed to purchase, then I will most definately upgrade to Lexar JumpDrive Secure at a minimum and, possibly, Aladdin eToken Pro.

Alex, Just thought I would let you know that I have successfully installed Dekart Logon. The Dekart processes have been added to the ProcessGuard white list. No problems.

This time around, I have not seen Jason's ScriptSentry nor the Spybot S&D Teatimer prompt for startup programs. Must have been related to mistakes I made during the initial install attempt.

I have successfully added a second user. Two-factor authentication, using (1) my Lexar Jumpdrive and (2) my PIN, works flawlessly for log off/on, restart and shutdown/startup. If I try to log in with the Lexar JumpDrive removed from a USB port, I am requested to place it into a USB port and must enter my PIN to successfully log in. If I am logged in either of my two accounts and remove the Lexar Jumpdrive, the machine is immediately locked and I cannot get back in until I place the Lexar JumpDrive back into a USB port and enter my PIN. It can be ANY USB port, not just the port that was used to initially set up the key.

Regards,

brucet
:)

I'm glad you managed to get the program up and running.

If you use a USB flash drive as a key, then you will be able to use any USB port to plug in the key. Windows automatically finds and installs a driver for the device, so everything works as you expect it to.

In the case of other devices, you'll notice that if you connect the device to a different USB port, Windows will look for a driver again (even though the driver was installed previously). The explanation is that Windows cannot be sure that it is the same device.


(this is not mandatory reading material, but you'll probably find it interesting)
You can find more details by checking out this discussion: Why does Windows not recognize my USB device as the same device if I plug it into a different port? (http://blogs.msdn.com/oldnewthing/archive/2004/11/10/255047.aspx)

The USB device people explained that this happens when the device lacks a USB serial number.

Serial numbers are optional on USB devices. If the device has one, then Windows recognizes the device no matter which USB port you plug it into. But if it doesn't have a serial number, then Windows treats each appearance on a different USB port as if it were a new device.