2ndAuth released for Windows 7, Windows Server 2008 R2

I’ve given some hints at what we’ve been working on lately, by my choice of article topics.

Credential Providers have been my headache for a couple of months now, not least of which is because Microsoft haven’t quite provided all the working code they ought to have done for Windows Vista. Windows 7, now that works just fine. So that’s what we’re supporting – Windows 7 and Windows Server 2008 R2 (essentially Windows 7 Server) – with our new release of 2ndAuth.

[We’re still supporting 2ndAuth for Windows Server 2003 / Windows XP / Windows 2000, and will be releasing patches, new features and updates as necessary]

To whet your appetite, here’s a screen-shot of 2ndAuth at work on a Windows 7 system:


Notice that when 2ndAuth detects that you’ve selected to log on to a shared user (by a confusing coincidence, this one has a first name of “Shared”, and a last name of “User”), it prompts you for a second authentication (hence the name), which requires that the actual user enter another set of credentials (these should be their own credentials, and shared users cannot vouch for other shared users). This is then written to the Windows Event Log so that you can check who has been accessing which shared accounts and when.

Unauthenticated / failed attempts are also logged, but it’s difficult to say how useful it is to read that, since the failure could be with an invalid user name as much as an invalid password.

Terminal Services / Remote Desktop Connections are supported, too, as well as locking and unlocking the workstation (e.g. handing off to another user part way through a procedure).

The goal here is to acknowledge that sometimes you can’t help using a shared account, and the best thing to do is to provide a mechanism whereby you can discover who is responsible for the use of that account.

I’ll be adding a download link to our products page for 2ndAuth in a little while, but in the meantime, please feel free to ask me any questions about this service – either in the blog comments here, or by email to alun@texis.com.

Command Line MD5 hash

A colleague asked me the other day what the command-line tool was for calculating MD5 hashes in Windows.

In a moment of sanity, I told him that the usual tool was FCIV, the Microsoft File Checksum Integrity Verifier, but that you had to download it.

Then when he started making fun, and saying that Linux had a command-line tool built in, I went more towards insanity, and suggested the following for him:

[BitConverter]::ToString((new-object Security.Cryptography.MD5CryptoServiceProvider).ComputeHash((new-object IO.FileInfo("c:\windows\explorer.exe")).OpenRead())).Replace("-","").ToLower()

Sure, it’s PowerShell, but that’s been a part of Windows for some while now.

[If you really want to use the example, note that it calculates the hash for the file c:\windows\explorer.exe – change the string to change the file.]

More useful is to create a function:

function MD5 ($a) {[BitConverter]::ToString((new-object Security.Cryptography.MD5CryptoServiceProvider).ComputeHash((new-object IO.FileInfo($a)).OpenRead())).Replace("-","").ToLower();}

Then you can call this with MD5(“c:\windows\calc.exe”) to get a hash of the Calculator.

The meta-lesson

But this does draw out a distinction between operating systems – Linux has an MD5 hash calculator because you are expected to calculate MD5 hashes of files manually on a regular basis. Windows doesn’t have an MD5 hash calculator, because that’s generally done for you. Windows Update will check hashes on files it downloads before it applies them, for instance.

You can learn a lot about an operating system by looking at what is in its default deployment, and what is absent – and why it’s absent (which you can deduce from finding out what you’re supposed to do instead).

Windows Phone 7 impressions

I’ve had my new phone – an HTC HD7 “Schubert” for nearly four months now.

For the most part, I’m enjoying it – as a phone, it works fine. I’m still trying to get my fingers and thumbs to thump the keyboard in the right way to avoid making spelling mistakes. But that’s not too bad.

The screen controls – dragging, flicking, pinching and tapping my way to multi-touch success – work really intuitively, and I love the fact that I can take a picture within seconds of pulling the phone out of my pocket, while the iPhone guys are still fumbling through their unlock code.

Backing up / Updating

Updating is handled well, IMHO, with a link to your PC required, as much so that you can have a full backup taken of your phone, as it is to do with increasing the speed of the overall operation. If you’ve done like I have, and filled your phone with podcasts, video and music, this can take some considerable time to back up, which makes the update process perhaps a little too long. A future version of this might choose to ignore backing up those items on the phone which can be restored from the Collection.

I was thoroughly impressed with the speed by which the certificate update was shipped through T-Mobile. Obviously, with each carrier able to stop and delay any update Microsoft issues, this could become an issue in future. If I can’t rely on mobile devices within my organisation being patched against known vulnerabilities, I can’t comfortably allow them access to the network. Of course, you could level the same accusation against the iPhone in spades – after all, with all the jailbreaking that goes on with that device, what you have are a pile of modified systems, not managed or secured, and able to lie convincingly about security policies they have implemented.

Application selection

Much like other phones, it’s difficult to filter the good from the dross. Microsoft selects some good “Featured” apps, but I’d also like to see some means of better filtering on the app selection. Writing one reader program, and putting a hundred free texts into it, does not mean you’ve published a hundred apps. This is especially true for local TV News apps, Realtor apps, transport navigation apps, indexes of lawyers, blog feeds – yeah, really it’s especially true of everything, if that was ever a meaningful thing to say.

Having said that, there’s all sorts of cool apps available for the phone, and I’m sure that for all the apps I’ve found, there are equivalents on other phones, and that there are numerous exclusive apps only for this phone or that. I can say that I have not been disappointed by the selection of apps on my phone. I don’t find some niche apps, but then I don’t find those for the other phones either.

All the apps that you’d expect to find are here. Even Angry Birds now, which apparently have to be present for a phone to be considered complete. Of course, Chicks ‘n’ Vixens is available for the Windows Phone 7, but not for other platforms, so that’s a win.


Once you’ve installed a few apps, the ability to ‘pin’ a number to the main menu helps enormously, but even so, it can be a trifle daunting to make your way through the single list of apps that you get when you wander off the main menu. It’d be nice to have the ability to group apps, and maybe to copy the Music folder’s ability to navigate by the initial letter of the album.

In its favour, however, the flick and tap technique is so intuitive and easy to use that this is almost not a problem at all. But that’s a very weak plus, compared to the effort it should take to implement a grouping / filtering feature.


It’s an excellent feature, being able to use my Bluetooth headset instead of plugging into the phone. Sadly, it’s not exactly complete. I can’t tell you how startled I was to open up a YouTube video and find that, instead of privately broadcasting into my ears, it was actually making lots of noise that everyone else in the room (apart from me) could hear.

I thought that was just YouTube, because their app is quite frankly one of the crappiest implementations possible. I’d recommend the HTC YouTube app in preference, if you have an HTC phone.

Sadly, no. The phone does not transmit the audio from playing videos over Bluetooth to a headset. Perhaps this was intended to be a safety feature, so that you can’t try and watch a video while driving, but I think it’s important to recognise that many of us have Bluetooth headsets that we like to use while commuting. So, please, enable Bluetooth headsets for watching video, and don’t think about disabling it based on speed. Like I said, I use my phone to watch videos and listen to radio podcasts while I’m riding the bus.

I don’t know, perhaps the onus should be on the car driver to ensure the safety of himself, his passengers, and everyone else on the road. Someone who’ll try to watch a video while driving will also be texting while driving, shaving, reading a newspaper, applying makeup, solving a Rubik’s cube, etc. Yes, I’ve seen all this out the window of the bus – I even have a really blurry picture of the guy solving the Rubik’s cube, but focusing through two windows while going at speed isn’t the phone’s strong point.


Still where I spend a lot of my time.

Hand-made podcasts (not subscribed from a URL) are still supported like arse, and need some work. Think about audio books, radio shows from CD, ripped to MP3, etc.

No graphics, no navigation other than “scroll up and down”, no consideration to the thought that a podcast might be longer than about twenty characters.

Sorting of podcasts in the phone is in a different order from their sorting in the Zune software, so you can’t reasonably manage the relationship between your collection and the phone.

And once you have a podcast of several episodes, it is often (almost always) out of order. No respect for Track #, Part of Set or other ID3 tags that would allow the Zune software on the phone to figure out what order to play episodes in. My absolute favourite is when a podcast is listed in exactly reverse order.

In the same vein, it’d be really nice if you could cue up (or queue up) multiple podcasts to play one after another. You could call it, oh, I don’t know, a list for playing – List O’ Play, perhaps. I’m sure Microsoft could come up with a simpler term than that, if they were to only implement the feature. On a long journey, I’d like to be able to say “I want to listen to this episode, then that one, then this one over here”, and then put the phone back into my pocket, while I sit back and listen.

It’s clear that Microsoft doesn’t have a use-case around podcasts for the Zune or the Windows Phone 7, and that they don’t have any staff who actively use podcasts, or audio books, etc. While I appreciate that the goal with the Zune was to provide a music-listening experience, podcasts and audio books are also important ways to use a device that plays and manages audio. I’d like to see that taken into consideration.

Migrating from one Windows Phone 7 to another

My original WP7 device (an HTC HD7, aka “Schubert”) has become a vampire.

This started just after I applied the NoDo update, and while I was traveling to the UK, although I think both of these events are unrelated. The phone was less than two weeks old when this behaviour started.

Every battery I stick in the phone gets drained, and although the phone pops up the requisite “I’m charging your battery” icon, the battery never gets charged.

So I’ve asked for a replacement phone. That in itself was a pain.

Despite the words “T-Mobile” on the box, on the phone, and T-Mobile requiring I sign up for a 2-year contract, T-Mobile won’t service the replacement – or if they will (and they seem unclear on the idea), they can’t guarantee I won’t get a refurb.

So, I go back to Amazon Wireless, where I bought the phone originally.

Perfect behaviour from them, as expected – a new phone is shipped immediately to me, and I get to spend a little time with the two phones as I transfer data to and fro.

Bizarrely, I have to charge a battery in the new phone in order to be able to use the old phone at all. I can’t even drive it purely from the mains cable.

And now I have to figure out how to get my phone information onto the new phone.


Outlook is the easiest one – because it only hooks into Exchange, all I have to do is provide my new phone with the account details (email address and password), and I have all my email transferred.


People come across fairly easily too – either from Outlook or Windows Live, or by going to the Settings menu, sliding to Applications, then selecting People, from which you can “import SIM contacts”.

Applications and settings

Applications that I’ve bought through the Zune software come across immediately. Applications that I bought through the phone, they don’t come across at all. Fortunately, I hadn’t actually purchased anything at that point, so I only had to deal with getting the free apps. Nor could I persuade the Zune software to download those apps that I had purchased through the phone, even though they clearly weren’t on my new phone.

Of course, all the settings in those applications – high scores, achievements, account settings, etc – not able to be ported over. Rather irritating, really. This portion of setting up the new phone took the most time of all.

Music, videos and pictures

The Zune software does a credible job of allowing you to copy information out of one phone and into your collection, and then from your collection back into the phone. I’ve written before about how awkward the Zune software is with my Podcasts, and this experience doesn’t really improve on that in any way.


Overall, it’s fairly certain that the use-case of having to move from one phone to another is not considered by Microsoft to be a significantly common requirement. I certainly hope I don’t have to do this again.

But I do wonder if there could be some form of standard for migrating settings and purchased apps – this was a tedious process in all, as I went through re-finding all the apps I had installed, and dealing with the Zune software’s reluctance to fetch applications that had already been installed on another phone.

Those apps that were easy to move over, it seemed more as an accident than good design, as these apps are based around storing their data off the phone. I’d like to see developers think about deliberately surprising their users with good behaviour, instead.