Free Utility to Determine Which of Your Windows Applications Require Administrative Rights to Run

BeyondTrust Application Rights Auditor is a free product that automatically identifies and reports the Windows applications that require users to have administrative rights.

Once those applications are identified, enterprises can develop informed plans to remove users’ administrative rights without any application downtime, creating a more secure and compliant environment, and lowering the cost of administering Windows computers.

Free registration is required in order to obtain a download link. They also have a data collection policy that can be opted out of.

Supported client operating systems are Windows 2000 SP4, Windows XP SP2, Windows Server 2003 SP1 and SP2, Windows Vista Gold and SP1, and Windows 2008. Both x86 and x64 versions are included in the download.

The reporting management console runs on Windows XP SP2, Windows Server 2003 SP1, Windows Vista, and Windows 2008. The reporting console is an MMC snap-in that requires MMC 3.0 and Microsoft .NET Framework 3.0 SP1. Both are available to download from the BeyondTrust Application Rights Auditor download page.

New TrueCrypt Available – Free Open Source Disk Encryption Software for Windows Vista/XP , Mac OS X, and Linux

TrueCrypt is a great little freeware tool I’ve used on my USB flash drive for quite a while. A new version was just released that includes the following features:

  • Ability to encrypt a system partition/drive (i.e. a partition/drive where Windows is installed) with pre-boot authentication (anyone who wants to gain access and use the system, read and write files, etc., needs to enter the correct password each time before the system starts). For more information, see the chapter System Encryption in the documentation. (Windows Vista/XP/2003)
  • Pipelined operations increasing read/write speed by up to 100% (Windows)
  • Mac OS X version
  • Graphical user interface for the Linux version of TrueCrypt
  • XTS mode of operation, which was designed by Phillip Rogaway in 2003 and which was recently approved as the IEEE 1619 standard for cryptographic protection of data on block-oriented storage devices. XTS is faster and more secure than LRW mode (for more information on XTS mode, see the section Modes of Operation in the documentation).Note: New volumes created by this version of TrueCrypt can be encrypted only in XTS mode. However, volumes created by previous versions of TrueCrypt can still be mounted using this version of TrueCrypt.
  • SHA-512 hash algorithm (replacing SHA-1, which is no longer available when creating new volumes).Note: To re-encrypt the header of an existing volume with a header key derived using HMAC-SHA-512 (PRF), select ‘Volumes‘ > ‘Set Header Key Derivation Algorithm‘.

If you are new to TrueCrypt, start by reading the FAQ, tutorial and technical deails. Now that TrueCrypt supports pre-boot authentication, there is no reason not to use it on my laptop and other portable devices.

the back room tech’s utilities page is live

You can find my collection of links to tools and utilities highlighted on at

I hope these tools and utilities will be useful to network administrators and IT professionals. The majority of programs will be freeware, shareware, and open source.

Spiceworks – a free IT management system

Today I finally got around to installing spiceworks. The web site claims the software is an IT manager’s dream – asset management and help desk, all from a simple Windows PC.

The installation took all of five minutes to complete. I think the most difficult part of the install was figuring out if my machine was already running a web server, or if spiceworks could use the default port 80.

Once the program initialized, I was prompted to answer a few questions, then the program started probing my network for devices. Several devices were unreachable (due to firewall or permissions issues) , and spiceworks prompted me to manually login to each unreachable machine and manually hit the web server on my spiceworks PC.

In order for the firewall to allow access to spiceworks, I was instructed to execute

netsh firewall set service REMOTEADMIN enable

After executing the above command I was able to successfully inventory my firewalled machines.

I was very impressed with both the ease of use and functionality of the software. Many of the discovery, monitoring, and alerting items I have only seen previously in commercial (and expensive!) software.

If you’re looking for a help desk/asset management solution, give spiceworks a try.