short note on Kerberos

Kerberos is a network authentication protocol which utilizes symmetric cryptography to provide authentication for client-server applications.

Kerberos Standard Definition
Kerberos is defined in RFC 1510 – The Kerberos Network Authentication Service (V5).

Kerberos Architecture
The core of Kerberos architecture is the KDC (Key Distribution Server). The KDC stores authentication information and uses it to securely authenticate users and services.

This authentication is called secure because it:

• Does not appear as plaintext 
• Does not rely on authentication by the host operating system 
• Does not base trust on IP addresses 
• Does not require physical security of the network hosts 

The KDC acts as a trusted third party in performing these authentication services.





Due to the critical function of the KDC, multiple KDCs are normally utilized. Each KDC stores a database of users, servers, and secret keys.


Kerberos client applications are normal network applications modified to use Kerberos for authentication. In Kerberos slang, they have been Kerberized.

How Kerberos Works
One of the problems that comes with using a network that requires authentication from the user–a username and password–is the fact that the password is sent over the network as plain text. So, the user types in the username and password, which might appear as asterisks, and then they hit enter to submit it. The password and username travel over the network as plain text.


For someone looking to gain access to this information, it would not be too difficult to catch the password and username while en route through the network and use it to access the system. Kerberos allows for the password and username to be used without having to send them over the network. In other words, the network can be accessed, but the password and username don’t have to travel through it.


In a kerberized network, the kerberos database contains principles and their keys. All of the services are also stored on the kerberos database with their keys.


When a user wants to log in to the network, the principle is sent to the key distribution center (KDC). This is sent as a request for the ticket granting ticket (TGT). The request can be sent by a login program or by a kinit program.


If the KDC finds the principle in the database, it creates a TGT, encrypts it using the TGT, encrypts it using the user’s individual key and then sends it back to the user.


Once it [TGT] is received by the user, the login program decrypts the encrypted key. This TGT is stored in the credentials cache and expires after a certain amount of time. The time varies, but is typically around eight hours. This brings more security because when the TGT expires, access to the network expires as well (because a new TGT is needed).

The Kerberos Protocol
Kerberos defines ten messages that make up the Kerberos protocol:

• KRB_AS_REQ  : Kerberos Authentication Service Request 
• KRBAS_REP     : Kerberos Authentication Service Reply 
• KRB_AP_REQ : Kerberos Application Request 
• KRB_AP_REP  : Kerberos Application Reply 
• KRB_TGS_REQ: Kerberos Ticket Granting Service Request 
• KRB_TGS_REP : Kerberos Ticket Granting Service Reply 
• KRB_SAFE : Kerberos Safe (Checksummed) Application Message 
• KRB_PRIV : Kerberos Private (Encrypted) Application Message 
• KRB_CRED : Kerberos Credentiials 
• KRB_ERROR:Kerberos Erro 

Kerberos Implementations

MIT Kerberos is the reference implementation. MIT Kerberos supports DEC Unix, Linux, Irix, Solaris, Windows and MacOS.

Several other commercial and non-commercial Kerberos implementations are also available.

Microsoft added a slight modified version of Kerberos v5 authentication in Windows 2000.
Kerberos Weaknesses

Since KDCs store secret keys for every user and server on the network, they must be kept completely secure. If an attacker got administrative access to the KDC, he would have access to the resources of the Kerberos realm.

Kerberos tickets are cached on the client systems. If an attacker gains administrative access to a Kerberos client system, he can impersonate the authenticated users of that system.

Additional Reading on Kerberos

RFC 1510 is an excellent source for understanding the Kerberos protocol.
The Kerberos FAQ provides more information.

short note on Active Directory

Active Directory (AD) is a structure used on computers and servers running the Microsoft Windows operating system (OS). AD is used to store network, domain, and user information and was originally created by Microsoft in 1996. It was first deployed on Microsoft Windows 2000. Active directories provide a number of functions to include providing information regarding objects optimized for fast access and / or retrieval. This allows administrators to setup security, push computer updates, and acts as a hierarchical structure. The structure is normally configured in three categories to include: hardware such as printers or scanners, web email servers, and objects that are the network and domain’s main functions.

What Are Active Directories Used to Do?

Active Directory is used by computer administrators to manage end user computer software packages, files, and accounts on medium to large-sized organizations. Instead of visiting every single computer client computer to upgrade new software or install Windows patches, the task(s) can be accomplished through updated a single object located within an AD forest or tree. Similarly, AD gives the network administrator the capability to grant or remove access at the user level for one or many applications or file structures. The two types of “trusts” that are incorporated into Microsoft Active Directory are one way non-transitive and transitive trusts. In transitive trusts the trust extends past two domains in a set tree. In this case, two entities can access the other’s domains and trees.

In one way transitive trusts, a user is given access to another domain or tree; however, the other domain cannot permit access to further domains. This permission set is similar to the classic administrator and end-user case. In this case, the admin can see most trees in the forest to include an end-user’s domain. The end user; however, cannot access other trees beyond his or her own domain.

Active Directories are primarily used to organized large organizations or corporations computer networks and data. They help save significant time and cost by eliminating the need to visit each computer individually to perform routine maintenance and upgrades. Although the learning curve to operating an Active Directory is significant, when operated properly they can result in more efficient large network operation.

How Does an Active Directory Work?

An Active Directory acts as a special-purpose database for Windows computers. The system is not designed as a Windows registry replacement, rather, it is designed to manage large numbers of read and search operations as well as changes and updates. The data stored in Active Directory is designed to be replicated, hierarchical, and extensible. Since the data gets replicated, it is not considered as useful for dynamic information like CPU performance statistics. Relevant information that is normally stored in AD includes user contact data, printer queue information, and specific computer or network configuration data. The information stored in AD is in Object and attribute format defined in the AD schema.

What Are Active Directory Partitions?

Active Directory has three primary partitions or naming contexts. These include: schema, domain, and configuration. The domain partition consists of object types such as contacts, users, groups, computers, and organizational units. The Schema partitions consists of class and attribute definitions, while the configuration partition contains service configuration data, partitions, and websites. Active Directory information can be viewed at one of three levels including: forests, trees, or domains. The forest view includes all objects in the directory, tree structures will hold one or more domains, and the lowest-level views are for single domains. For example, in a large company or organization there will be dozens to hundreds of users and processes. The forest view will consist of the entire network of users and computers at a specific location. Within the forest will be trees that hold information on program data, domain controllers, and other relevant information. Each of these trees will then contain data on specific objects to include individual domains which can be controlled and categorized.

Active Directory Objects

Active Directory structures are grouped into two basic or broad categories: resources and security principals. Resources are typically printer or networked hardware resources while security principals relate to computer accounts or groups and are assigned unique security identifiers (SIDs). Every object in AD represents a single entity and the associated attributes. Objects are able to have other object types as attributes and are uniquely identified by their name and attributes. The definition for an object is made by its schema. An attribute object is used to define multiple schema objects which contain information regarding the extensibility of the data set. Since Schema object changes automatically propagate throughout the system, making changes or deactivating objects is a deliberate process to avoid unintended consequences. Once an object is created, it cannot be deleted just deactivated.

What Are Active Directory Organizational Units?

Domain objects with AD can be grouped into Organizational Units (OUs). An OU can be used to provide a hierarchy grouping for a domain. This act simplifies the administration of the domain and can be tailored to resemble the organizational structure in either managerial or geographic terms. OUs can be designed to contain other OUs to act as a container. Microsoft recommends that AD users make use of an OU for structure vice a domain in order to make the implementation of policies and administration easier. The OU level is also where group policies that are AD objects (Group Policy Objects) are normally applied. Delegation of administrator privileges also occur at this level but can be accomplished using attributes or individual objects.

How Does Active Directory Handle Duplicate Usernames?

Active Directory does not allow duplicate usernames to be entered. One of the common work-arounds for this is to add a numeric digit to the end of the person’s username. Alternatively, a separate ID system can be implemented at the administrator level to use as an account name in place of the specific user name. The importance of making the decision on how to handle unique user names in AD increases with the size of an organization. This is due to the fact of the odds of having multiple students with identical names increasing with the size of the group being managed.

How Are Shadow Groups Managed?

In AD, organization units are not able to be assigned as owners or trustees. Members of OUs cannot be assigned rights to directory objects with only groups being selectable. Since OUs don’t provide access permissions and objects within an OU don’t inherit privileges from the container, it is considered a design limitation of Active Directory. The most common work-around for AD administrators is to write a script to automatically create and maintain a user group for each OU in the directory. These scripts are written in PowerShell or Visual Basic and run at pre-determined timeframes to match the OU account membership. They cannot instantly update the security groups, which are referred to as “Shadow Groups” within AD and is a known limitation of the system.

How Does Replication Work in Active Directory?

Active Directory makes use of a ‘pull’ system to receive changes from the server. The Microsoft Knowledge Consistency Checker (KCC) makes a replication topology of site links that uses defined sites to manage traffic. Intrasite replication occurs automatically once a change notification is received. This action triggers peers to start replication cycles. Intersite replication occurs less frequently under AD and do not use change notification by default, but can be modified by the administrator to do so.

Active Directory makes use of Remote Procedure Calls (RPC) using the Internet Protocol (IP) (RPC/IP). SMTP can be used for cross-site replication; however, only for changing the Schema, Configuration, or Partial Attribute Set NCs. The SMTP replication option cannot be used for the default Domain partition. The programming interface for AD is available through the Microsoft COM interface provided by the Active Directory Service Interface.

Active Directory Database

At the time of this writing, the Active Directory database in Windows 2000 Server uses the Jet Blue-based Extensible Storage Engine. This engine is currently limited to 16 terabytes and two billion objects. Out of these two billion, the number of security principals is limited to one billion under each domain controller’s database. Under Windows Server 2003 a third main table was added to the Microsoft NTDS database (data and link table) to store security descriptor single instancing.

Active Directory Lightweight Directory Service

The Active Directory Lightweight Directory Service (AD LDS) is Microsoft’s light-weight implementation of Active Directory. The service was formerly known as Active Directory Application Mode (ADAM) and can be run on any computer running Microsoft Windows Server. Providing similar functionality as AD, the lightweight implementation does not require the administrator create domains or domain controllers. It does provide a Data Store to place directory data and a Directory Service with a LDAP interface. One server can run multiple instances of AD LDS.

Active Directory UNIX Interoperability

UNIX or UNIX-like operating systems can interoperate at some level through the use of LDAP clients. A number of Windows specific component attributes cannot be interpreted by non-Windows computers such as support for one-way trusts or Group Policies. Active Directory integration is offered by third-parties for UNIX platforms such as Linux, Mac OS X, and a number Java based applications.

What Are Some Open Source Active Directory Alternatives?

Directory services were not created with the release of Microsoft Active Directory. Originally, they were part of an Open Systems Interconnection (OSI) initiative to get industry to agree to common network standards. These standards encourage cross-vendor interoperability and X.500 was the first set of standards developed by ITU and ISO in the mid-1980’s. From this work evolved the LDAP (Lightweight Directory Access Protocol) that is used to support communication and look-ups using the TCP/IP stack and is common across all major implementations of directory services in use today. Two of the popular open source alternatives to Microsoft’s Active Directory include the Fedora Directory Server, the Apache Directory Server, and freeIPA.

Fedora Directory Server

The Fedora Directory Server is released as open source and functions as a LDAP server. Fedora is known for reliability and high performance and lets administrators manage users and groups. The server runs on the Linux operating system and can serve as the database for email services, remote authentication, and other centrally managed server applications. Fedora also includes a phonebook, organization charge, and allows users to manage personal data if setup by the administrator. The Fedora organization view is grouped in structure similar to a tree and is able to synchronize with Microsoft Active Directories. The server also supports Multi-Master Replication and is now scalable to tens of thousands of concurrent users with hundreds of gigabytes of information. The current release contains support for LDAPv3, Active Directory user and group synchronization, SSL v3, TLSv1, and SASL. The current installation also includes a graphical console for user, group, and server management.

Apache Directory Server

The Apache Directory Server is another open source LDAP directory that is implemented in the Java programming language. Apache provides a back-end database to manage network resources and users and is designed to allow components to be installed on the server. Some examples of Apache component installations include DHCP and DNS. The primary communications that occur with the Apache Directory Server use the JNDI (Java Naming and Directory Interface). The implementation is now Schema aware and can perform all LDAP related operations and supports DSML/LDIF format support if required to communicate with the Active Directory.

freeIPA

freeIPA is another open source server package that has been under development since prior to 2008 and combines Fedora, the 389 Directory Server, MIT Kerberos, NTP, Dogtag Certificate System, and NTP. The software deploys with both web interface and command-line administration tools. In the latest release of the software package DNS and the Dogtag Certificate Server were added to the project and support for host identities, netgroups, and automount per location were added to an enhanced administrative framework.

Physical Structure of Active Directory

In comparison to the logical structure, which performs administrative tasks, the Active Directory physical structure checks when and where logon and replication traffic occurs. The physical structure of Active Directory contains all the physical subnets present in your network like domain controllers and replication between domain controllers.


The physical structure of Active Directory:

• Domain Controllers: These computers run Microsoft WindowsServer 2003/2000, and Active Directory. Every Domain Controller performs specific functions like replication, storage and authentication. It can support maximum one domain. It is always advised to have more than one domain controller in each domain.
  
• Active Directory Sites: These sites are collection of well-connected computers. The reason why we create site is domain controllers can communicate frequently within the site. This way it minimizes the latency within site say changes made on one domain controller to be replicated to other domain controllers. The other reason behind creating a site is to optimize bandwidth between domain controllers which are located in different locations.
   
• All IP subnets who share the common Local Area Network (LAN) connectivity without knowing the actual physical location of computers is called site.
  
• Let's take an example: A site has subnets 192.168.5. A and 192.168.50.A, where 192.168.5.A computer is located in Texas and 192.168.50.A computer is located in London. In this case physical location of both the computer is not known to user. Because of proper bandwidth between these two, they are able to work and configure computers within the same Active Directory Site.
  
• Few considerations an Administrator should examine before creating a new site are proper bandwidth, available bandwidth cost and replication traffic expected.
  
• Active Directory Partitions: Each Domain Controller contains the following active directory partitions:
  
• The Domain Partition contains a copy of all the objects in that domain. Replication in Domain Partition is only to other domain controllers which are in the same domain.
  
• The Schema Partition is forest wide. Every forest has one schema with consistent object class. The Schema and Configuration take part in replication, and get replicated to all domain controllers in a forest.
  
• Application Partition which is optional carries objects which are not related to security and can be used by one or more applications. Application Partition replicates to specific domain controller in the forest.

short note on Tree and Forest in Active Directory

The Domain is the core unit of logical structure in Active Directory. All objects that share a common directory database and trust relationship with other domain and security policies are known as Domains. Each domain stores information only about the objects that belong to that domain.

All security polices and settings, such as administrative rights, security policies, and Access Control Lists (ACLs), do not cross from one domain to another. Thus, a domain administrator has full rights to set policies only within domain they belong to.

Domains provide administrative boundaries for objects and manage security for shared resources and a replication unit for objects.

A Tree

Trees are collections of one or more domains that allow global resource sharing. A tree may consist of a single domain or multiple domains in a contiguous namespace. A domain added to a tree becomes a child of the tree root domain. The domain to which a child domain is attached is called a parent domain. A child domain can also have its multiple child domains. Child domain uses the name then its parent domain name and gets a unique Domain Name System (DNS)            

.

For example, if tech.com is the root domain, users can create one or more Child domains to tech.com such as north.tech.com and or south.tech.com. These “children” may also have child domains created under them, such as sales.north.tech.com.

The domains in a tree have two way, Kerberos transitive trust relationships. A Kerberos transitive trust simply means that if Domain A trusts Domain B and Domain B trusts Domain C, then Domain A trusts Domain C. Therefore, a domain joining a tree immediately has trust relationships established with every domain in the tree.

A ForestA forest is a collection of multiple trees that share a common global catalog, directory schema, logical structure, and directory configuration. Forest has automatic two way transitive trust relationships. The very first domain created in the forest is called the forest root domain.

Forests allow organizations to group their divisions that use different naming schemes and may need to operate independently. But as an organization, they want to communicate with the entire organization via transitive trusts and share the same schema and configuration container.

How to Read Windows Log Files

Reading Windows log files is an important part of maintaining proper operation and ensuring system security. In addition, log files can be extremely useful in troubleshooting Windows errors.

Only a Windows Administrator can read some Windows log files, such as the Security Event Log. Any system user can view other log files, such as logs that software applications created.

Each log contains a list of events that occurred, along with problems, failures, and warnings.

How to Read the Windows Application, Security, and Sytem Log Files

The Windows application, security, and system log files can be read with a Windows application called “Event Viewer,” which is accessed through the Control Panel:

• Click the Start button on the desktop’s Taskbar
• Click the Control Panel menu item 
• The Control Panel’s window will open 
• In the Control Panel, double-click the Administrative Tools icon 
• The Administrative Tools window will open with a list of different icons 
• Double click the Event Viewer icon 

How to Read Other Windows Log Files

Many log files that software applications use are written as plain text file, making it possible to use any freeware text editor, “Notepad” or “WordPad”, to read the generated log files. To read .txt files in WordPad:

• Click the Start button on the desktop’s Taskbar 
• Click All Programs option 
• Click Accessories menu item 
• Click WordPad application 
• A new WordPad window will open 
• Click the File menu 
• Click the Open menu item 
• Navigate to the desired log file and click the Open button 

There are also programs that allow the user to monitor log files as they occur in real-time. Examples of such software include Tail For Win32 and Hoo WinTail. These programs make it easy to read new entries from the bottom (tail) of the log file.
Read More : http://www.windowslogfiles.com/

How to Monitor Windows Server 2003

People monitor system resources in order to evaluate their computer workload, observe changes and trends in resource usage, test configuration changes, and diagnose problems.
Task manager presents a snapshot of programs and processes that are running on the computer and provides a summary of the computers processor and memory usage.

System monitor logs performance and memory usage and also generates alerts that provide detailed data about the resources by specific components of the operating system and computer.

Monitoring Event Logs
Events are user actions that are recorded based on an audit policy or any significant occurrence in Windows 2003 or in an application. Users monitor events to track and identify security events, resource use, or system and application errors. Windows 2003 observes 

Three types of logs:

• Security events are recorded in the security log.
• System events are recorded in the system log.
• Application events are recorded in the Application log.

The Events log enables users to monitor information about hardware, software, system problems, and security. Users view these logs to detect activities and events that require attention.

System Logs contain events that Operating System components log. The Application Log contains events that Applications or Programs log. The Security Log contains events related to log on attempts and resource usage.

There are three types of System and Application events: Information, Warning, and Error.

Use Task Manager to Monitor System Resources
Task Manager provides real time information about applications currently running on systems, the processor and memory usage or any other data about those processors, and statistics on memory and processor performance.

Monitoring Programs: Use the task manager’s Application tab to view the status of applications running on the computer and to identify the process associated with an application.

Monitoring Processes: Use the Process tab to view a list of running processes and their measures. The processes and measures that appear run in their own address space, including all applications and system services. Both user and system can initialize a process but only a process that a user initializes can be ended.

Monitoring Performance: To monitor current computer performance, use the Performance tab. This tab displays a dynamic overview of the computers current performance including graph and numerical display of processor and memory usage.

Use System Monitor to Monitor System Performance
If a more detailed Performance overview than Task Manager is needed, use system monitor to obtain more comprehensive information about the computer or other computers on the network. Use system monitor to collect and view logged data about processor, disk, memory, network activity, etc. Use this information to diagnose how the system and applications are functioning to ensure that the system is being optimized. System Monitor information can be viewed in histogram, graph, or report form.

• Objects: In system monitor, objects are major components or subsystems of the computer systems. They can be hardware such as hard disk or software such as process.
• Instances: Instances are multiples of the same object type. For example, if a system has multiple processors, the processor object type will have multiple instances.
• Counters: Counters gather data on different aspects of objects.

For example: the process object counters gather data on the processor time and then user time. Counters are built into the operating system and continuously capture data, whether it is visible in system monitor or not. If an object type has multiple instances, counters track status for each instance or the total of all instances.

Adding CountersBecause counters continually gather data on system performance, when counters are added, their displays in system monitor are being added.
Click Start, point to Programs, point to Administrative Tools, and click Performance.
Right click the System Monitor details pane then click Add Counters.
Click all counters or select counters from the list to choose individual counters.
If an object has instances, click all instances or select instances from the list to choose individual instances.
Click Add then Close the add counters dialog box.
After counters are added, their data can be viewed in real time. Data can be displayed in three ways:

1. Histogram: Display data in a Bar chart.
2. Report: Display Numerical data in columns.
3. Chart: Display data in Line graph.

Alerts: Use alerts to notify a user or administrator when indications go beyond the limit specified. In addition, use performance logs to collect data on hardware resources, system services, and performance.

Alerts are useful when users are not actively monitoring a particular counter but want to be notified when it exceeds or falls below a specified value so that they can investigate and determine the cause of change. For example, a user can set an alert when the percentage of disk space usage exceeds 80% or the number of failed log on attempts exceed a specified number. There are three tasks involved in settings an alert. They are:

• Select counters to track a specified system activity.
• Set a threshold value for that activity.
• Specify an action to take when the threshold is exceeded or falls below a specific value. The action can be to send a network message, run a program, or start a log.

Use performance logs and alerts in the performance console to set an alert. To set an alert do the following:

• In the Console tree double click Performance Log and alerts then click Alert.
• In the detail pane, right click new alert setting then provide a name for the alert.
• On the General tab, enter a brief description of the alert setting file in the comment box.
• Click Add to specify object counters and instances and updating information in the add counter dialog box.
• After adding counters, specify properties for the sample interval and alert threshold on the general tab.
• On the Action tab, ensure that log on entry in the application event log is selected. Specify a network message to be sent to the computer that triggers the alerts.

How to Print the Windows Task Manager

Task Manager is a small application that usually comes standard with MS Window operating systems such as XP and Vista. The program can give you current information regarding many aspects of your computer including computer performance, processes, network activity, applications currently running, logged in users, and system services. The Task Manager can also help terminate processes or applications, set process priorities, and even shutdown Windows. While Task Manager provides the user with plenty of utility, many times a computer user or administrator will also want to print out information it displays. Printing the Windows Task Manager screen is quite simple to accomplish. Here are some tips.

Before you can print out Windows Task Manager, you must first open the program. There are several ways to open it including:
Use the key combination of CTRL+ALT+DEL
Use the key combination of CTRL+ Shift+ ESC
Creating a shortcut for the application and double clicking it
From the command line, input "Taskmgr.exe"

There are two ways to print the information viewed on task manager. The first is by simply printing the screen, the second is by using a small bit of code to specifically print the processes information.
Using Print Screen Function to print Task Manager

Using Print Screen is quite simple – just launch task manager, choose the tab that you would like to print and resize the window to fit your needs, and then simply press Print Screen on your keyboard and import it into a word document to print out via your printer.

Print Task Manager with Code
If you would like to print the contents of the processes tab in Task Manager, you can do so using code. The code below can be found at the following link: http://www.tek-tips.com/viewthread.cfm?qid=1420785&page=1

strComputer = "."
Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8
'==============================================================
Const Data_Path = "C:Backup"
Const fileName = "process.txt"

Set fso = CreateObject("Scripting.FileSystemObject")
If Not FSO.FileExists(Data_Path & filename) Then
 Set f = fso.OpenTextFile(Data_Path & fileName,2, True)
Else
 Set f = fso.OpenTextFile(Data_Path & fileName,8)
End If

Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!" _
 & strComputer & "rootcimv2")
Set colProcessList = objWMIService.ExecQuery ("Select * from Win32_Process")
For Each objProcess in colProcessList
 f.WriteLine "Process " & objProcess.Name
Next

Short note on Alg.exe

Alg.exe represents the Application Layer Gateway Service and it is a component of Microsoft Windowsoperating system. It is an essential process and it’s required for the Internet Connection Sharing and the Windows Internet Connection Firewall. Upon execution, alg.exe calls a number of DLLs and processes for initialization of the Internet Connection Firewall and the Microsoft Windows Internet Connection. Alg.exe is essential for secure and stable running of computer and so, it should not be terminated.

Alg.exe allows an individual to use third-party protocol plugins on the system. So, if you use a third-party firewall then you should not remove this process. Also, if you use Internet Connection Sharing or Windows Firewall then you should not remove this process as removing it causes you to lose the network connectivity until the next system reboot. In addition to this, other network-related software also need alg.exe for their proper functioning

.

Only one copy of alg.exe is available in memory at any given time and if you see more than one copy of alg.exe then you’re most likely to have a spyware or a virus on your system. You can use the Task Manager to check how many copies of alg.exe are available in memory. Also, another important point regarding alg.exe is that ‘Local Service’ usually appears as the user name for it and if there’s an instance of alg.exe with a different user name then it could be a malware.

how to setup Connection Manager in windows

Connection Manager is versatile client dialer and connection software that you can customize by using the Connection Manager Administration Kit (CMAK) wizard. The CMAK wizard provides defaults that support quick and easy creation of a basic Connection Manager service profile. If you want to use all of the defaults and do not want to take advantage of the many customizable elements, you probably do not need this documentation.

However, if you want a custom dialer that promotes your brand and supports more advanced functions, such as automatic phone book updates and support for virtual private networking, you need this documentation to help you effectively plan and implement your custom elements.

Before you run the Connection Manager Administration Kit (CMAK) wizard, you should plan and develop the Connection Manager custom elements that you want in your client dialer. Then, simply run the CMAK wizard, answering the questions and providing the information about your custom elements. The CMAK wizard then builds a service profile, which is a set of files which you distribute to your users so that they can easily install and run your custom version of Connection Manager.

Using the connection manager an administrator can create a custom remote access client connection for the corporate user which has all the necessary settings predefined. This client connection can be created using the CMAK or Connection Manager Administration Kit, which is basically a wizard based step-by-step process of building a custom remote access client package. An administrator can add any levels of customer elements to sophisticate the client package which can later be installed on the user’s computer.

Connection Manager requires at least 2 megabytes (MB) of free disk space and one of the following:

Windows 95 

Windows 98 

Windows NT Workstation 4.0 

Windows 2000 

Windows Millennium Edition 

Windows XP 

Windows Server 2003 family 

Internet Explorer 4.01, 5.0, 5.5, or 6.0. Users do not have to have Internet Explorer set as their default browser or use the software. 

Disk-space requirements for each system vary, based on the elements included in the service profile.

For dial-up connections, Connection Manager also requires a 28.8 modem or faster connection. Connection Manager can automatically configure the modem. If you include Connection Manager in the service profile, the user’s modem is configured as needed to support Connection Manager.

How to Setup a Remote Desktop Web Connection

The Remote Desktop Web Connection is a Win32-based ActiveX control (COM object) that can be used to run Remote Desktop sessions from within a browser like Internet Explorer. It is a useful alternative to the regularRemote Desktop because it can be used without installing any software on the client machine. Remote Desktopdemands the user to install software on the client’s machine, which can be sometimes infeasible.

Remote Desktop Web Connection is able to do this because the Remote Desktop runs within a web browser such as Internet Explorer. The web browser on the host computer must support Active-X controls to implement Remote Desktop Web Connection.

Configuring the Host Computer

Enabling the Remote Desktop Web Connection on the host computer is the foremost step. Follow the steps listed below carefully

:

Open Control Panel, click on the Add or Remove Programs icon, and then click on Add/Remove Windows Components option. 

Click on Internet Information Services, and then click on the Detailsoption. 

In the Subcomponents of Internet Information Services list, click on World Wide Web Service, and then click on the Details option. 

In the Subcomponents of World Wide Web Service list, select the Remote Desktop Web Connection check box, and then click OK. 

In the Windows Components Wizard, click on Next. 

Click Finish when the wizard has completed. 

Configuring IIS (Internet Information Services)

TCP port number 80 acts as the default port number to identify Internet Information Services (IIS). In order to avoid external harmful attacks, these steps change the default port number. The steps listed below are optional but implementing them will highly improve your machine’s security.

Note: TCP port number should not be changed if you are already using the machine as a web server.

Open Control Panel, click on the Performance and Maintenance icon, and then click onAdministrative Tools. Double-click on the Internet Information Services. 

In the ISS snap-in, expand your computer name, expand Web Sites, right-click on theDefault Web Site, and then click on Properties. 

On the Web Site tab, change the TCP Port value. Enter a number between 1000 and 65535 that you remember well. This port number will be used for future connections. 

Click OK, and close the Internet Information Services snap-in. 

Configuring Remote Desktop

A user account with a password is necessary to connect using Remote Desktop. Create an account if you do not have one. Follow the listed steps carefully to activate Remote Desktop

Right-click on My Computer from the desktop, and select the Properties option. 

Select the Remote tab, and then click on the Allow users to connect remotely to this computer check box. 

Click Select Remote Users, and then click Add. 

In the Select Users dialog box, type the name of the user and then click on OK. Click onOK again to return to the System Properties dialog box, and then click on OK to close it. 

Connect to the Remote Computer

Finally, you can now connect to the remote configured computer via the Internet. In order to connect, the IP address of the target computer should be known (you could use What Is My IP or What Is My IP.com to identify the IP address). Now, simply follow the listed steps carefully in order to connect:

Open Internet Explorer browser, and enter the URL http://ipaddress:port/tsweb/

Example: http://192.168.1.120:1374/tsweb/ 

Your browser may not be installed with the Remote Desktop ActiveX control, hence if it prompts you to install it, click Yes. 

On the Remote Desktop Web Connection page, click on Connect. You don’t need to fill in the Server field. If you leave the Size field set to Full-screen, the remote desktop will take over your local desktop. 

Enter your user name and password at the Windows logon prompt, and then click OK. You’ll see your desktop completely.