Command Line Options

This section describes each of the command line options supported by the various SafeHouse utilities. The options are listed in alphabetical order.

Please note that not all options are meaningful to all SafeHouse executables. However, the naming, syntax and purpose of options are consistent across all the utilities.

/Activcard

/Activcard="1234 1234 1234 1234"

Specifies that the encrypted volume being created will require ActivCard authentication before access is granted. The service key for the ActivCard must be provided either as a 16-digit hex number without quotes or spaces, or as a quoted string with spaces allowed.

The Windows create volume utility allows up to 5 ActivCards to be associated with a volume. Use of this command line option allows only the first key to be set. Keys 2 through 5 may be set only using the Change SafeHouse ActivCards wizard.

Examples:

/A=1234123412341234
/ActivCard="1234 ABCD 4567 ABCD"
/a="abcd 1234 abcd 1234"

Utilities supporting this option:

• SDWCREAT.EXE
• SDWACTIV.EXE
• SD.EXE

/Autoexpand

/Autoexpand=NN

Specifies if the volume being created should be expanded automatically each time it is mapped if it is filled beyond the threshold percentage. For example, specifying 75 will cause SafeHouse to try to keep the volume at least 25% free. The free space check and potential volume expansion occurs only during the mapping process. The maximum lifetime size of a volume is still restricted to the maximum size specified during create.

Examples:

/Autoexpand=50
/Autoexpand=90

Utilities supporting this option:

• SDWCREAT.EXE
• SD.EXE

/Autosizenotify

/Autosizenotify= ON | OFF

Specifies if the user should be notified when SafeHouse is about to automatically expand a volume. The default is not to notify the user.

Examples:

/Autosizenotify=Y

Utilities supporting this option:

• SDWCREAT.EXE
• SD.EXE

/Changekeys

/Changekeys=filepath

This parameter is used to specify the volume filename in advance on the command line when modifying the ActivCard keys associated with an encrypted volume.

The volume filename specified must be a fully-qualified filepath starting with a drive letter.

Examples:

/changekeys=c:\myfile.dsk
/c=c:\myfile.dsk

Utilities supporting this option:

• SDWACTIV.EXE

/Changepassword

/CHangepassword=d:\filename.ext

Specifies in advance on the command line the name of the volume to have its password changed. In DOS, this parameter is required.

Examples:

/Change=c:\test.dsk
/CH=c:\mydrive.dsk
/changepass=d:\active.dsk

Utilities supporting this option:

• SDWCHANG.EXE
• SD.EXE

/Create

/CReate=d:\filename.ext

Allows the name of the file to be created to be specified in advance on the command line or from within a Windows Program Manager ICON or Windows 95 shortcut. This parameter is optional for the Windows Create Volume utility; however, for creating encrypted volumes, it is required for the SD.EXE DOS utility.

The target filename must be a fully-qualified filepath beginning with a drive letter. By convention, encrypted volumes always use the .DSK extension.

Examples:

/Create=c:\test.dsk
/Cr=c:\mydrive.dsk /description="My new volume"
/Cr=c:\activsaf.dsk /size=100MB

Utilities supporting this option:

• SDWCREAT.EXE
• SD.EXE

/Description

/DEscription="My Volume Description"

Allows you to specify the long internal name or description of an encrypted volume in advance on the command line. This parameter is optional for both Windows and DOS. If the description contains spaces, then it must be surrounded by quotes.

Examples:

/Description="This is a volume description"
/DE=MyDescription

Utilities supporting this option:

• SDWCREAT.EXE
• SD.EXE

/Drive

/Drive=d

Specifies the target virtual drive letter for mapping and unmapping.

In Windows, if you do not specify the drive letter in advance on the command line, the map utility will default to the letter of the last drive mapped. If you frequently work with multiple encrypted volumes, you can set up an icon (shortcut) to reference the drive/volume pairings you prefer.

When using SD.EXE from DOS, if you don't provide the virtual drive letter for mapping, the first available drive letter reserved for SafeHouse is assumed.

Examples:

/Drive=S
/d=j
/drive=e

Utilities supporting this option:

• SDWMAP.EXE
• SD.EXE

/DRIVERMSG

/Drivermsg=[YES | NO]

Controls the display of the warning message presented by the Create SafeHouse Volume wizard when it detects that the SAFEDISK.SYS device driver is not loaded. Setting this option to NO prevents the warning page from showing. This option is intended for automated install scripts.

Examples:

/drivermsg=NO

Utilities supporting this option:

• SDWCREAT.EXE

/Encryption

/ENcryption= DES | DES40 | FAST | NONE

Specifies the encryption method for the volume being created in advance on the command line. By default, encryption is set to DES (DES40 in international versions of product). This parameter is optional for both DOS and Windows.

Additional encryption methods may be added to future software releases.

DES

DES stands for Data Encryption Standard, which is one of the strongest encryption algorithms available today. This algorithm has been around for over 20 years and has withstood the test of time. Use DES when you need the highest security this product has to offer. Although the DES cipher is not known for being one of the fastest methods available, this specific implementation is written in highly-optimized assembly language to provide the highest achievable data throughput rate available on a PC.

DES40

A 40-bit version of DES. The standard DES key length is 56 bits. This DES40 algorithm has the key shortened to 40 bits to allow it to be exported outside the United States. DES40 runs at the same speed as normal DES(56).

FAST

The FAST algorithm is a proprietary method developed by PC Dynamics. This algorithm is extremely fast and efficient and well suited for protecting information that is generally private, yet not top secret. The FAST technique is so fast that you will hardly notice any speed degradation. The encryption method used will guard your data against disk scanning utilities and most anyone you will generally come into contact with; however, it won't pose much of a hurdle for the sophisticated hacking techniques used by professional cryptographers. Use FAST when you want the absolute minimum performance loss and only need to stop intruders armed with standard debuggers and disk editing utilities.

NONE

The NONE algorithm is used to specify no encryption at all. When this option is used, the SafeHouse volume will still be protected by the password access control features, however, data encryption is not performed.

Examples:

/Encryption=DES
/en=des40
/encrypt=fast
/en=FAST

Utilities supporting this option:

• SDWCREAT.EXE
• SD.EXE

NOTE: Some demonstration versions of SafeHouse might instead support only FAKEDES and FAKEFAST encryption keywords; which only pretend to perform encryption.

/Expandableto

/EXPAndableto= NNN

This option is used to specify the expansion limit in megabytes of the volume being created. Values are automatically rounded up to the next power of 2 (100 becomes 128). Specifying 0 prevents the volume from being expanded in the future.

The default value is the same size as the create size rounded up to the next power of 2. For example, a 70 MB volume by default would be expandable to 128MB. A 60 MB volume could be expanded to 64 MB.

Examples:

/Expand=100
/expandableto=500

Utilities supporting this option:

• SDWCREAT.EXE
• SD.EXE

/Expandvolume

/Expandvolume= filepath

This parameter to the expand volume utility is used to specify the volume file to expand in advance on the command line.

The volume filename must be a fully-qualified filepath starting with a drive letter.

Examples:

/Expandvolume=c:\myfile.dsk
/e=c:\myfile.dsk

Utilities supporting this option:

• SDWEXPAN.EXE

/Expires

/Expires=NNN

Specifies that the password for the encrypted volume is to expire every NNN days. Valid values are from 1 to 999 days. For example, a volume with this option set to 1 would require that the password be changed the first time it is mapped each day. A setting of 30 would require password changes once a month.

Once a password has expired, users will be required to change the password before being allowed to map the respective volume to a drive letter. The only exception to this rule is when a grace period is allowed. See /Grace option.

Examples:

/Expires=30
/E=90
/e=5

Utilities supporting this option:

• SDWCREAT.EXE
• SD.EXE

/Filelocking

/Filelocking= [ON | OFF]

The filelocking option is used only for mapping volumes to drive letters. It is supported in both the Windows and DOS utilities. When filelocking is enabled, a few extra steps are taken to help ensure that external low-level disk utilities (optimizers, etc.) don't interfere with the mapped volume.

Filelocking is ON by default. Disable only if you’re experiencing some problems.

Examples:

/f=on
/Filelocking=1

Utilities supporting this option:

• SDWMAP.EXE
• SD.EXE

/Finish

/Finish

Causes the utility to bypass the display of any standard completion messages. This option is frequently combined with /GO and /SILENT to run invisibly and unattended in the background.

Examples:

/Finish

Utilities supporting this option:

• SDWCREAT.EXE
• SDWEXPAN.EXE

/Firstletter

/FIRstletter=d

Specifies the letter of the first DOS drive to be used for mapping encrypted volumes. This feature is useful when you want to adjust the natural order of drive lettering imposed by DOS.

This parameter should only be used within your CONFIG.SYS file using the INSTALL= keyword, and must not be combined with any other options. The SAFEDISK.SYS driver file must already have been loaded by CONFIG.SYS.

Examples:

INSTALL=C:\SAFEDISK\SD.EXE /Firstletter=s
INSTALL=C:\SAFEDISK\SD.EXE /FIR=t
INSTALL=C:\SAFEDISK\SD.EXE /first=J

Utilities supporting this option:

• SD.EXE

/Go

/GO [=ON | OFF]

Causes the utility to immediately begin the requested procedure without waiting for any further user input. This option is frequently paired with /SILENT to run invisibly and unattended in the background.

If you specify /Go without including all the normally-required parameters for a utility, you will still be presented with a dialog box prompting for the missing items.

The /GO option is not used in the DOS utility since its function is implied.

Examples:

/GO
/go
/go=on

Utilities supporting this option:

• SDWCREAT.EXE
• SDWMAP.EXE
• SDWCHANG.EXE
• SDWEXPAN.EXE
• SDWACTIV.EXE

/Grace

/Grace=NNN

Specifies the number of days after a password expires during which users will still be allowed to access encrypted volumes without first selecting a new password. This option is only meaningful when password expirations are enforced. Valid values are from 1 to 999 days.

In the absence of a grace period, volumes with expired passwords will be inaccessible until the passwords are changed.

Examples:

/Grace=10
/G=5
/g=30

Utilities supporting this option:

• SDWCREAT.EXE
• SD.EXE

/Help

/Help

Displays a list of supported command options on the screen.

Examples:

/Help
/h
/?

Utilities supporting this option:

• SD.EXE

/Hidden

/Hidden

Specifies that the encrypted volume being created should be marked as hidden to the DOS file system. Using this option prevents the file from being seen in normal DOS directory listings.

Please note that some popular Windows file managers routinely display hidden files. Unfortunately, this is out of our control.

Examples:

/Hidden
/H

Utilities supporting this option:

• SDWCREAT.EXE
• SD.EXE

/Map

/Map [=d:\filename.ext]

Specifies in advance on the command line that the desired operation is to map a drive volume. From DOS, this parameter is required for mapping. In Windows, /MAP is optional, and may also be specified without a volume filename.

The most common use of this option is for Windows map icons. Create an icon or Windows 95 shortcut for the SDWMAP.EXE utility and specify /Map as the only command line parameter. This will force the utility to execute in "map" mode instead of asking if you'd like to map or unmap. The default setup program for SafeHouse automatically creates map and unmap icons for you using this technique.

In Windows, if you include the optional volume filename with this switch, the mapping utility will initially display the description of the named file in the drop-down list box. This is useful when you work with more than one encrypted volume since it allows you to setup specific mapping icons for each of the volumes.

When this option is used from DOS using the SD.EXE utility, the filename portion is required.

Examples:

/Map
/m=c:\test.dsk

Utilities supporting this option:

• SDWMAP.EXE
• SDWMAP32.EXE
• SD.EXE

/Maxpassword

/MAxpassword=NN

Specifies the maximum length for volume passwords. The default value is 255. Valid numbers range from 1 to 255.

Examples:

/MA=8
/maxpass=10
/maxpassword=12

Utilities supporting this option:

• SDWCREAT.EXE
• SD.EXE

/Minpassword

/MInpassword=NN

Specifies the minimum length for volume passwords. The default value is 1. Valid numbers range between 1 and 255.

Examples:

/MI=8
/minpassword=5

Utilities supporting this option:

• SDWCREAT.EXE
• SD.EXE

/Newpassword

/Newpassword=mypassword

Specifies in advance on the command line the new password to be set during a password change operation. For both DOS and Windows, if this parameter is not supplied, you will be prompted automatically for your new password and then asked to confirm.

Examples:

/Newpass=sail$away
/N=my_new_password
/n=telephone.rope

Utilities supporting this option:

• SDWCHANG.EXE
• SD.EXE

/Password

/Password=mypassword

Allows the password to be specified in advance on the command line. This parameter is optional for both Windows and DOS. It is generally not desirable to place passwords into Windows icons and shortcuts since such would allow easy access for intruders.

By default, passwords are between 1 and 255 characters and may include letters, numbers and punctuation symbols.

All encrypted volume wizards and utilities are designed to prompt for missing passwords. The primary reason for making this parameter available as a command line switch was to allow for process automation in corporate environments.

Examples:

/Password="2345 my secret"
/P=birds.nest
/pass=apple_boat

Utilities supporting this option:

• SDWCREAT.EXE
• SDWMAP.EXE
• SDWCHANG.EXE
• SDWEXPAN.EXE
• SDWACTIV.EXE
• SD.EXE

/Quickcreate

/Quickcreate= [Yes | No]

Specifies that the encrypted volume about to be created does not need to have its entire contents zeroed out during the volume creation process. Normally it is a good idea to allow the create volume utility to zero out the data areas for newly created volumes; however, if you don't have time to wait, using this option will keep the create time down to just a few seconds.

Examples:

/Quickcreate=YES
/Q=Y
/q
/q=no

Utilities supporting this option:

• SDWCREAT.EXE
• SD.EXE

/Quickexpand

/Quickexpand= [ON | OFF]

This option allows you to specify that the new disk space added to a volume file should not be zeroed during the expansion process.

The default is OFF, meaning that all new space added to the volume will be preset to zeros.

Examples:

/Quick=on
/quickexpand=1
/q=true

Utilities supporting this option:

• SDWEXPAN.EXE

/Showdrives

/SHowdrives

Displays a status report for all encrypted volume drive letters. This option is available only in DOS.

Examples:

/Showdrives
/SH
/show

Utilities supporting this option:

• SD.EXE

/Silent

/SILENT

Specifies that the utility should run invisibly without displaying any banners, dialogs or message boxes to the user. This option is frequently combined with the /GO option.

Examples:

/Silent
/silent

Utilities supporting this option:

• SDWMAP.EXE
• SDWCREAT.EXE
• SDWCHANG.EXE
• SDWEXPAN.EXE
• SDWACTIV.EXE
• SD.EXE

/Size

/SIze=NNN [MB]

This parameter allows you to specify the size of a volume to be created. By default, NNN is a decimal number of Kilobytes. Including MB after the number changes the value to Megabytes.

This parameter is optional under Windows and required under DOS.

The maximum supported volume size is 2 Gigabytes (2,000MB) or the size of your hard disk, whichever is smaller.

Examples:

/Size=100 100 Kilobytes
/Size=100MB 100 Megabytes
/Si=1000MB 1 gigabyte

Utilities supporting this option:

• SDWCREAT.EXE
• SD.EXE

 

NOTE:SDWEXPAN.EXE also has a /Size option, but the meaning is slightly different. When expanding volumes, the /Size parameter is used to specify the new size of the volume in megabytes.

/Sound

/SOUND [=ON | OFF]

Enables or disables playing of sounds upon command completion. Separate sound files (WAV) are played for each supporting utility; one for success, another for failure. Sound files are expected to reside in the same directory as their respective utility programs. Sound is ON by default. When /Sound is specified without additional parameters, such is the same as turning it on.

Your computer must have a Windows-compatible sound board installed to hear sounds.

Several example sounds are installed automatically by setup.

Examples:

/Sound=ON
/Sound=OFF
/Sound=Yes
/Sound=1
/Sound=0
/sound=no
/Sound

Utilities supporting this option:

• SDWCREAT.EXE
• SDWMAP.EXE
• SDWCHANG.EXE
• SDWEXPAN.EXE

/Unmap

/Unmap [=d | =ALL]

Specifies in advance on the command line that the desired operation is to unmap a drive. In DOS, this parameter is required to perform an unmap; however, in Windows this parameter is optional. In Windows this option may be specified without a drive parameter.

In Windows, using /Unmap without any additional parameters to SDWMAP.EXE forces the program to come up in "unmap" mode.

Examples:

/Unmap=D
/u=all
/u=s
/unmap

Utilities supporting this option:

• SDWMAP.EXE
• SD.EXE