Just a warning out there to those who use SanDisk, Verbatim, or Kingston USB flash drives and take advantage of their encryption to secure your files that these are easily cracked due to an extremely dim-witted move: the same decryption string is provided when accessing encrypted files no matter what your password is. Meaning, you just have to bypass their authentication program and send this string, which is even the same string on all three of the brands listed at the beginning of this article. Yeesh! Remember folks, these are the same drives that are certified by NIST as FIPS 140-2 Level 2 (PDF) and are used by the American Armed Forces and the US government (for unclassified data).

Security expert firm SySS (click here for english link) has created a demo program that can access encrypted files within seconds. You can access their press release and papers here.

Read more to see the recalls and security notes from the three flash drive makers...

A minor update to our File Searcher by Owner utility has been released, bringing it up to version 1.0.1.0. This tool can be used to search for local or network shared files and folders by a local or domain user or group. New features include:

• Search by Security Identifier (SID)
• Version checker

Click Here for the ChangeLog and Download

Microsoft has recently updated the Enterprise Learning Framework (ELF) with content for Windows 7. ELF is a is a web based tool that helps corporations develop a training and communication plan for employees during a Windows 7, Windows Vista, or 2007 Microsoft Office system deployment (including SharePoint). The tool helps you find content for a number of different audiences and assists in finding the right content for topics you are interested in, within particular deployment time frames. You can even generate customized e-mail messages or a Word document that you can send to your users with the content you find.

Click here to be taken to Microsoft's ELF tool

Tip: Click the Get Recommended Topics link to begin

The Grim Admin is happy to announce a free tool, called File Searcher by Owner, for Microsoft Windows systems that allows you to search for files and folders based on the owner of the object. Since this feature has not been built into any version of Microsoft Windows, prior to this tool you would have to run some crazy command-line hacks like dir /q /s | find /i "domain\username" or try to create your own custom batch file, a rather tedious task.

File Searcher by Owner is a simple to use utility that allows you to search for local or network shared files and folders by a local or domain user or group. Features include:

• Support for UNC paths
• Export to comma-separated (CSV) file
• Preserves right-click context menu for files & folders
• Portable and lightweight

Click Here for Details and Download

Often it is useful to create a listing of when accounts in a Microsoft Active Directory organizational unit (OU) are set to expire. For example, if you plan to lower the time between forced password changes, it is good to know which accounts may be affected by the change. You can open the outputted file from our sample VBScript in Microsoft Excel or OpenOffice.org Calc and sort and recalculate dates based on the new maximum password age. Read further for the example code and output format...

We now have a tool that lets you find what company owns a registered media access control address (MAC address). This could be useful in identifying the manufactuer of a networked device based on its organizationally unique identifier (OUI).

We hope you find the MAC Address Lookup Tool useful!

During a Microsoft SQL Server 2005 (standard or express) upgrade from a previous version or while updating SQL Server to a newer service pack (SP), you may receive the following error:

Error ID: 15116

SQL Server Setup has encountered the following problem: [Microsoft][SQL Native Client][SQL Server]Password validation failed. The password does not meet Windows policy requirements because it is too short.. To continue, correct the problem, and then run SQL Server Setup again.

Variations may appear depending on your configuration, including:

• The password does not meet Windows policy requirements because it is too long.
• The password does not meet Windows policy requirements because it is not complex enough.
• The password does not meet the requirements of the password filter DLL.

This will appear during the install process, but you may also have failed installs through Windows Update and not realize that this is the cause. The origin of the error is that your Domain or computer has a password policy set that a password that is hardcoded into a SQL script used during the upgrade fails to meet. Yes, it's an issue that Microsoft should have forseen. Yes, it's also an issue that Microsoft should have created a KB article for. Yes, The Grim Admin will fill in the holes...

After updating VMware Tools to version 4.0.0, build 164009 on a Windows Server virtual machine hosting Microsoft Exchange, the following error may appear multiple times in the event log:

Event Type:        Error
Event Source:      DCOM
Event Category:    None
Event ID:          10016
User:              NT AUTHORITYSYSTEM
Description:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {9DA0E106-86CE-11D1-8699-00C04FB98036} to the user NT AUTHORITYSYSTEM SID (S-1-5-18).  This security permission can be modified using the Component Services administrative tool.

The solution is fairly straightforward...

hwbot.org, based out of Belgium, has an interesting idea: not only do they gather technical specs on a large number of computer hardware components and let you benchmark your system against others', but they make it into a 24/7 competition. Even more, hwbot has recently released into beta an "overclocking competition engine." Dubbed HWBot Competition Engine (HCE), the service allows you to host hardware competitions with stage ranks, hardware rules, customized scoring, special awards, and even prizes.

Full details can be found in HCWBOT's public announcement here.

This submission comes directly from an e-mail that was sent out to a number of technology and education professionals through a listserv posting. There are a number of mailing lists out there that I feel are great resources to have at the educational technology field members' disposal that help to feed on others' ideas and experience in using IT to benefit the quality of education in schools. These people often have many years experience and offer great insight, so when postings come around that are clearly missing basic sentence structure, punctuation, grammar, etc. and especially the ability to convey thoughts and ideas in a meaningful way, I am really taken aback. The following submission, as an example, was so poorly written it made my head hurt. And that's how I knew I had to file it away under 'Havening Problems.' Read on and let the hilarity ensue...