Added 7 new utilities to the Tools menu:

• Create File Hash. Displays the sha1 hash value for a file.
• Windows Firewall Auditor. Displays Windows Firewall’s configuration settings, profiles, currently active rules and all Inbound / Outbound rules.
• List Missing Windows Updates. Highlights Windows updates not installed on your PC.
• List Installed Products. Lists MSI-installed products on your PC.
• Search Event Log. Queries the Windows Event log for Error and Warning Events.
• Query File Permissions. Lists Discretionary Access Control Lists (DACLs) defined on files and folders on local and remote systems.
• List Open File Shares. Displays open shared files on a target server.

SekChek for Active Directory:

• Improved the accuracy of last logon times for domain user accounts. The Scan process now uses a property available from Server 2003, which is replicated across Domain Controllers (DCs) every 14 days, compares this value with the last logon property (not replicated) on the DC being scanned, and uses the most recent of the 2 values.

  If you need even more accuracy (the absolute latest last login times), you must select the run-time option that forces SekChek to query all DCs in the domain.

SekChek for Active Directory and Windows:

• List File Permissions (DACLs) report. Improved the resolution of: SIDs to DomainAccount names; and a domain name of BUILTIN for a trustee to the trustee’s actual domain or machine name.

The main SekChek software: Improved the Help file

Added 3 new utilities to the Tools menu:

• PC Auditor, which performs a basic analysis of your local computer system and displays the results in your Internet browser.
• Find orphaned SIDs, which searches NTFS for Security Identifiers (SIDs) that may belong to old security accounts that no longer exist
• Resolve SID, which resolves a SID and presents it in a user friendly format (System name Account name)

SekChek for Windows:

• Added an option to analyse an MS-Exchange Server: Organization, Servers, Databases, Storage groups, Users
• Analyse software installed by Windows Installer (MSI)
• Analyse system-wide, quick-fix engineering (QFE) updates applied to the Windows OS
• Analyse attribute ‘Is Object Protected Against Deletion’, which is defined on several object types
• Reduced the risk of the Scan process failing due to anti-virus software locking the output files

• Added a utility that lists properties for an Active Directory account. The utility is particularly useful because it displays properties that are not visible in Windows’ GUI. See Main Menu | Tools | Query Account Property.
• Renewed SekChek’s embedded certificate (public key) with a new certificate that is valid until April 2013. SekChek will prompt you to install the new certificate during the installation process.
• SekChek for Windows: Scan domain for Password Setting Objects (PSOs), which were introduced in Server 2008.
• SekChek for Windows: Included 14 additional properties in the Scan process, including functionality levels for the DC and Forest and DEP settings.
• SekChek for UNIX: Minor maintenance.

• Added a Ping utility to the Tools menu. The utility is useful for analysing network connectivity issues.
• SekChek for Windows: Included System Config details in the Scan. This information supports a new report section containing properties for the following objects: Computer; Operating System; Processors; BIOS; Page files; Network adapter; and Motherboard.
• SekChek for Windows: Scan domain for Global Catalog Servers.
• SekChek for Windows: Scan ‘password complexity’ and ‘store passwords with reversible encryption’ controls on member Servers.
• SekChek for Windows: Improved the code that binds to an Active Directory domain. Try 1) Domain’s Netbios name; 2) Domain’s DNS name; 3) Host machine’s DNS name.

• Added the ability to view the digital signature on the SekChek software (SekChek.exe).
• Help file: Updated images and implemented various improvements.
• SekChek for Windows: Check whether the account used to run the Scan process has sufficient privileges to access the system’s Policy object before the Extract process is started. This will prevent delays and the need for reruns due to incomplete Extract data.
• SekChek for Windows: Ensure SekChek always binds to the target machine’s domain instead of the authenticated user’s domain. This allows the Scan to be run from an Administrator account in any trusted domain, as long as the account has sufficient privileges to Scan the target domain.
• SekChek for UNIX: Added several new policies to the Scan function.

• Added Word 2007 to the list of report format options.
• SekChek for AS/400: Report on Object and Data Authorities for 6 additional OS/400 commands (STRSQL, UPDDTA, SAVOBJ, RSTOBJ, SAVLIB, RSTLIB).
• SekChek for AS/400: Improved support for far eastern characters.
• SekChek for UNIX: Improved support for NFS mounted volumes on most UNIX variants.
• SekChek for Windows: Cater for read-only domain controllers. Previous versions of SekChek do not recognise this new type of DC.
• SekChek for Windows: Reduce the risk of a Scan terminating if it cannot access a group member due to insufficient permission.

• Released the SekChek Local range of products.
• Improved validation of the Extract / Scan files during the encryption process.
• Removed password length restrictions for the SekCrypt utility.
• Fixed a problem where, under certain conditions, the software incorrectly issued a message stating that PKI features are not supported by the system.
• Help: Improved FAQs and removed old, redundant references.

• SekChek for Windows: Reduced the execution time.

• Minor maintenance to SekChek for Windows.

• Increased the minimum length of passwords used for encrypting SekChek report packages from 6 to 8 characters.
• Added the ability to obtain your customer account code via the Service Request utility.
• Made it easier to inspect SekChek’s digital certificate (Toolbar | View | Certificate).

• Improved support for: MS-Vista; Roaming users; Multiple users on a single machine; Operation in a secure Windows environment (a user’s personal settings & Log file cannot be accessed by another user).
• Added the ability for you to control SekChek’s notification emails: File Receipt; Report Despatch; and Deletion of data from SekChek’s systems.
• SekChek for Windows: Caters for several rights that were introduced in MS-Vista.

• Extended filenames for Extract files and Report packages. You can now include descriptive text in the names of your SekChek files. As long as the filename begins with one of SekChek’s standard 6 character prefixes, the software will recognise the extended filename in the Encrypt, Decrypt and View EFH functions.

  Examples of extended filenames are: sekunf MyHost.z and sek2kf MyName 20070316.zip.

• UNC paths. You can now drag / drop files located on network (UNC) paths onto SekChek’s menus. SekChek will automatically detect the type of file and initiate the appropriate function. You can also initiate a function by dropping a file onto a shortcut to the SekChek software.
• Added the ability to receive PKI encrypted Report packages. SekChek can now decrypt Report packages that have been encrypted with your public key. This makes your Report packages even more secure and means you no longer have to enter your secret pass phrase when you decrypt your Report packages

  Let us know if you are interested in using this feature.

• SekChek now displays details of your Extract file during the Encrypt function. The information displayed (e.g. system type, Host name) is read from the file’s Encrypted File Header (EFH). This makes it easier to confirm that you are sending the correct file for processing.

• Minor maintenance to SekChek for Windows.

SekChek for Windows: Included the ability to scan & analyse selected Discretionary Access Control Lists (DACLs) & System Access Control Lists (SACLs). To use this feature: 1. Create a file named sekchek.inp in the same directory as the Extract software (SEKWIEXT.EXE); 2. Add line [permissions] – note the square brackets [ ] – to the file; 3. Add a separate line containing the name of each directory or filename you want to analyse. The directory / file names must be in the format: C:MyDirectory or D:MyDirectoryMyFilename.xtn.

SekChek for Windows: Added an ‘autorun’ option, which enables the Scan / Extract process to be run without prompts. To use this feature simply include the line [autorun] in file sekchek.key, which must be located in the same directory as the Extract software (SEKWIEXT.EXE).

SekChek for Windows & Netware: Changed the default directory for the Extract file to the same path as the EXE.

SekChek for UNIX: Cater for additional configurations of NIS and LDAP.