Providing admin tools to users without passwords.

Found a very useful way of providing users the ability to run administrative tasks without providing passwords to the users. By using the runas command you can launch programs with different credentials, however you need to enter a password. If you provide the user with the password then they could use it to do a lot of other things. Providing a user with a batch file helps, but it doesn’t take much brainpower to read the batch file and obtain the password. However, thanks to techtarget they suggest the use of Microsoft Script Encoder. This takes an existing vbs batch file and encodes the output. Although not pgp strength encryption it would be strong enough to deter the casual browser of your hard disk/batch files. (the only downside is providing a new file when the password to the account changes.)
Incidentally I’ve had to investigate this as one of our users can not admin our iis server settings despite being listed on the operators tab.

Fixing vpmsece.dll errors in outlook

when you open your first email after starting Outlook, you see the error message Error: “VPMSECE.DLL could not be installed or loaded. It may be missing or there may not be enough resources.” The error message may or may not reference a location, as in: “C:\Program Files\NavNT\vpmsece.dll could not be installed or loaded. It may be missing or there may not be enough resources.”
The documented solution is to uninstall the symantec security client, delete extend.dat (search your computer for this file) and start outlook. If this doesn’t work, reinstall outlook (in my case office). There is no way I was going to uninstall office and then reinstall it so I went hunting.
10 minutes later I had a solution.
A quick search on the registry for vpmsece.dll comes up with LDVP under hklm\software\microsoft\exchange\client\extensions. Disabling LDVP under tools/options/other/Advanced Options/AddInManager and restarting Outlook and everything was ok. Re-enabling the extension and the problem re-occurs.
Deleting the registry entry hklm\software\microsoft\exchange\client\extensions\LDVP and restarting outlook means I don’t get the error message and the LDVP addon is not listed in the registry.
I then installed Symantec Client Security again and all seems to be ok. The cryptic LDVP has been replaced with SavCorp810 in the extension manager which is a lot easier to work out what the extension is.