How to check user lastlogon status from a domain

There is a tool from microsoft to find user infomations(it is not visible with default user infomation tab from a user property of ADUC(ActiveDirectoryUsers and Computers)This is an additional feature.

Download and Install Additional Account Info

This is how to get the Active Directory additional account info tab.

1. Download acctinfo.dll or acctinfo in zip format
2. Copy acctinfo.dll to the %systemroot%\system32 folder
3. Register the service and dll with this command:
regsvr32 acctinfo (Similar to registering the schema snap-in)
4. Close, then open Active Directory Users and Computers.
5. Look for an extra tab called Additional Account Info.

The additional features are
* Password Last Set and Password Expires
* User Account Control, for example a value of 512 means enabled or 514 disabled. Also a value of 66048 (see diagram) means that the account cannot be locked out.
* Whether the account has been locked out – or not. (Locked: No)
* SID and GUID
* Last Logon, Logoff times
* Logon Count, Bad Password Count

Using command to search AD

In Windows Server 2003 ,using Dsquery command  for getting information about objects stored in AD, including groups. This tool’s commands suite allow you to query the directory
according to specified criteria. Each of the following dsquery commands finds
objects of a specific object type, with the exception of dsquery * .

Syntax
DSQuery Computer
DSQuery Contact
DSQuery Group
DSQuery OU
DSQuery Site
DSQuery Server
DSQuery User
DSQuery Quota
DSQuery Partition
DSQuery *  (LDAP query)

Examples:
To find all computers that have been inactive for the last four weeks and
remove them from the directory:

dsquery computer -inactive 4 | dsrm

To find all users in the organizational unit
“ou=Marketing,dc=microsoft,dc=com” and add them to the Marketing Staff group:

dsquery user ou=Marketing,dc=microsoft,dc=com |    dsmod group
“cn=Marketing Staff,ou=Marketing,dc=microsoft,dc=com” -addmbr

To find all users with names starting with “John” and display his office
number:

dsquery user -name John* | dsget user -office

To display an arbitrary set of attributes of any given object in the
directory use the dsquery * command. For example, to display the
sAMAccountName, userPrincipalName and department attributes of the object
whose DN is ou=Test,dc=microsoft,dc=com:

dsquery * ou=Test,dc=microsoft,dc=com -scope base
-attr sAMAccountName userPrincipalName department

To read all attributes of the object whose DN is ou=Test,dc=microsoft,dc=com:

dsquery * ou=Test,dc=microsoft,dc=com -scope base -attr *

Examples for Dsquery computer
To find all computers in the current domain whose name starts with “ms”
and whose description starts with “desktop”, and display their DNs:

dsquery computer domainroot -name ms* -desc desktop*

To find all computers in the organizational unit (OU) given
by ou=sales,dc=micrsoft,dc=com and display their DNs:

dsquery computer ou=sales,dc=microsoft,dc=com

Examples for Dsquery group
To find all groups in the current domain whose name starts
with “ms” and whose description starts with “admin”,
and display their DNs:

dsquery group domainroot -name ms* -desc admin*

Find all groups in the domain given by dc=microsoft,dc=com
and display their DNs:

dsquery group dc=microsoft,dc=com

Examples for Dsquery OU
To find all OUs in the current domain whose name starts with “ms”
and whose description starts with “sales”, and display their DNs:

dsquery ou domainroot -name ms* -desc sales*

To find all OUs in the domain given by dc=microsoft,dc=com and display their
DNs:

dsquery ou dc=microsoft,dc=com

Examples for Dsquery user
To find all users in a given organizational unit (OU)
whose name starts with “jon” and whose account has been disabled
for logon and display their user principal names (UPNs):

dsquery user ou=Test,dc=microsoft,dc=com -o upn -name jon* -disabled

To find all users in only the current domain, whose names end with “smith”
and who have been inactive for 3 weeks or more, and display their DNs:

dsquery user domainroot -name *smith -inactive 3

To find all users in the OU given by ou=sales,dc=microsoft,dc=com and display
their UPNs:

dsquery user ou=sales,dc=microsoft,dc=com -o upn

Example to display the distinguished names of all users in only the current domain
whose names end with “Smith” and who have been inactive for 120 days (17+
weeks rounded to 18 weeks) or more, type:

dsquery user domainroot -name *smith -inactive 18

Read more http://technet.microsoft.com/en-us/library/cc732952%28WS.10%29.aspx

Using command to list all members of AD

In Windows Server 2003 ,using Dsget command  for getting information about objects stored in AD, including groups. When you use Dsget with the -members switch, it will output the distinguished names (DNs) of all the members of a group.

Syntax
DSGet Computer
DSGet Contact
DSGet Group
DSGet OU
DSGet Partition
DSGet Quota
DSGet Server
DSGet Subnet
DSGet User

Examples for Dsget user

To find all users in an organizational unit (OU) named Test whose name starts with “jon” and to show their descriptions, type:

dsquery user OU=Test,dc=ms,dc=tld -name jon* | dsget user -desc

To show the list of groups, recursively expanded, to which the user Mike Danseglio belongs, type:

dsget user “CN=Mike Danseglio,CN=users,dc=ms,dc=tld” -memberof -expand

Examples for Dsget group

To display the descriptions of all groups in an organizational unit (OU) named Test whose names start with “adm,” type:

dsquery group OU=Test,DC=Contoso,DC=Com -name adm* | dsget group -desc

To display the list of members, recursively expanded, of the Backup Operators group, type:

dsget group “CN=Backup Operators,OU=Test,DC=Contoso,DC=Com” -members -expand

Examples for Dsget server

To find all domain controllers for domain widgets.contoso.com and then display their DNS host names and site names, type:

dsquery server -domain widgets.contoso.com | dsget server -dnsname -site

To see if a domain controller named DC1 is also a global catalog server, type:

dsget server CN=DC1,CN=Servers,CN=Site10,CN=Sites,CN=Configuration,DC=Contoso,DC=Com -isgc

To show the distinguished names of the directory partitions on a domain controller named DC1, type:

dsget server CN=DC1,CN=Servers,CN=Site10,CN=Sites,CN=Configuration,DC=Contoso,DC=Com -part

To show the top five security principals that own the most objects on the domain controller DC1.widgets.contoso.com, type:

dsget server CN=DC1,CN=widgets,DC=Contoso,DC=com -topobjowner 5

Read more http://technet.microsoft.com/en-us/library/cc755162%28WS.10%29.aspx

Remotedesktop softwares

In my previous blog i have discussed microsoft tools for connecting remote machines.Here i want to share some more tools for the same purpose.Here not trying to say which is the best tool,try and use it your self.

pcAnywhere
Symantec pcAnywhere is remote access software solution. It lets you manage computers efficiently, resolve helpdesk issues quickly, and connect to remote devices simply and securely. New features of this remote desktop software include smart card authentication and native whiteboard support, while continuing to enable remote users to find, connect to, and control the hosts they need.
http://www.symantec.com/pcanywhere

Anyplace-alternative to pcAnywhere
Anyplace Control displays remote computer desktops in separate ‘Remote Screen’ windows. These are the primary interfaces for interacting with a remote computer, and they allow you to control a PC directly with your keyboard and mouse.
You can also open several of these windows at once – allowing you to monitor more than one computer simultaneously.
http://www.anyplace-control.com/pcanywhere.shtml

LogMeIn
Quickly and easily control your remote
computer over the web as if you were.very reliable, allows both attended and unattended control and has great features. There is a portable version of the viewer if you want to use an application or they also have a web-based control site that requires no installation to remotely control computers. The web-based version uses HTML and Flash so it is usable even if the browser or firewall doesn’t allow Java or ActiveX
sitting right in front of it.
https://secure.logmein.com/products/free/

TeamViewer
TeamViewer connects to any PC or server around the world within a few seconds. You can remote control your partner’s PC as if you were sitting right in front of it.
http://www.teamviewer.com/hi/index.aspx

Join.me
The fastest solution and simple security code make it very quick to estabish.just a 1 mb file download.
https://join.me/

DameWare
DameWare NT Utilities (DNTU) is an enterprise system management application for Windows which allows Administrators to go beyond the limitations of Microsoft’s Management Console (MMC). DNTU provides an integrated collection of Microsoft Windows administration utilities, incorporated within an “easy to use” centralized interface for remote management of Windows Servers and Workstations. Most all of the standard utilities are included within DNTU’s powerful Explorer-style interface, many of which have been greatly enhanced to provide superior performance, added functionality, and ease of use. DNTU also contains custom tools including the DameWare Mini Remote Control program, and also supports the use of standard shell property pages and shell context menus.
http://www.dameware.com/products/dntu/

Proxy pro
PROXY Pro 7 remote access software module enables helpdesk technicians to reach PCs anywhere, on the road or at home, even if they are behind firewalls or NAT devices. With proper authorization, technicians can get remote access to unattended PCs anytime, or get remote access to attended PCs without disturbing the currently logged-on user.
http://www.proxynetworks.com/products/remote-access-software.html

TightVNC
TightVNC is a free remote control software package. With TightVNC, you can see the desktop of a remote machine and control it with your local mouse and keyboard, just like you would do it sitting in the front of that computer. TightVNC is:

* free for both personal and commercial usage, with full source code available,
* useful in administration, tech support, education, and for many other purposes,
* cross-platform, available for Windows and Unix, with Java client included,
* compatible with standard VNC software, conforming to RFB protocol specifications.

With TightVNC, you can:

* cut your expenses and save your time on traveling,
* help your friends and family to solve problems with their computers remotely,
* make sure nothing wrong is happening on your computers when you are away.
http://www.tightvnc.com/

UltraVNC
UltraVNC is a powerful, easy to use and free software that can display the screen of another computer (via internet or network) on your own screen. The program allows you to use your mouse and keyboard to control the other PC remotely. It means that you can work on a remote computer, as if you were sitting in front of it, right from your current location.Using you can quickly access your customer’s computers from anywhere in the world and resolve helpdesk issues remotely! With addons like SingleClick your customers don’t even have to pre-install software or execute complex procedures to get remote helpdesk support.
http://www.uvnc.com/

Real VNC
VNC is remote control software which allows you to view and fully interact with one computer desktop (the “VNC server”) using a simple program (the “VNC viewer”) on another computer desktop anywhere on the Internet. The two computers don’t even have to be the same type, so for example you can use VNC to view a Windows Vista desktop at the office on a Linux or Mac computer at home. For ultimate simplicity, there is even a Java viewer, so that any desktop can be controlled remotely from within a browser without having to install software.
http://www.realvnc.com/vnc/

Remote-Anything
http://www.twd-industries.com/en_index.htm

MiKogo
Show any screen content from your computer live over the Web to multiple people. Anything you see, they see. Mikogo is ideal for web conferencing, online presentations and remote support.

Home

mRemote
mRemote is a full-featured, multi-tab remote connections manager.
It allows you to store all your remote connections in a simple yet powerful interface.
this software supports protocols RDP,VNC,ICA,SSH,Rlogin,HTTPS
http://www.mremote.org/wiki/default.aspx?AspxAutoDetectCookieSupport=1

Remote Desktop Management

It is a Software tool, enables desktop sharing and accessing remotely in a Windows computers in the network.

read more from here.

remote desktop

VPN cut off leased lines

A virtual private network is a dedicated communications network over a long physical distance that only certain users can access.

The key feature of a VPN is its ability to use public networks like the Internet rather than private leased lines.

VPN is helpful solutions for remote users and branch offices securely to the networks of small and medium-sized businesses (SMBs). Smaller companies are finding VPNs cheaper to operate than more costly dedicated T1 phone lines.

Head office > ISP > Branch office

There are two types of VPN configurations.
site-to-site:- This is used to connect two networks and involves an exchange of public keys for authentication and encryption.
A site-to-site VPN allows offices in multiple fixed locations to establish secure connections with each other over a public network such as the Internet
remote access:- Client software runs on systems of employees and others authorized to access a company’s VPN. Software creates the VPN tunnel with a key exchange.

Multiple Branchs > Internet > NAS server > Headoffice

A remote-access VPN allows individual users to establish secure connections with a remote computer network. Those users can access the secure resources on that network as if they were directly plugged in to the network’s servers.

Clientsoftware > VPNconnection > NAS server > Server

For Internet-based VPNs, packets in one of several VPN protocols are encapsulated within Internet Protocol (IP) packets. VPN protocols also support authentication and encryption to keep the tunnels secure.

VPN Tunneling
voluntar:-In voluntary tunneling, the VPN client manages connection setup. The client first makes a connection to the carrier network provider (an ISP in the case of Internet VPNs). Then, the VPN client application creates the tunnel to a VPN server over this live connection.

compulsory:-In compulsory tunneling, the carrier network provider manages VPN connection setup. When the client first makes an ordinary connection to the carrier, the carrier in turn immediately brokers a VPN connection between that client and a VPN server. From the client point of view, VPN connections are set up in just one step compared to the two-step procedure required for voluntary tunnels.

VPN Tunneling Protocols
Point-to-Point Tunneling Protocol (PPTP)
The initial releases of PPTP for Windows by Microsoft contained security features that some experts claimed were too weak for serious use.
Several corporations worked together to create the PPTP specification. People generally associate PPTP with Microsoft because nearly all flavors of Windows include built-in client support for this protocol.
Layer Two Tunneling Protocol (L2TP)
L2TP protocol primarily implemented by Cisco.
Internet Protocol Security (IPsec)
IPsec is a collection of multiple related protocols. It can support encryption scheme within L2TP or PPTP. IPsec exists at the network layer (Layer Three) of the OSI model.

Microsoft VPN server 2003
http://www.techrepublic.com/article/configure-a-windows-server-2003-vpn-on-the-server-side/5805260
Here i found good article for 2008
http://www.buchatech.com/2010/06/how-to-setup-vpn-access-on-server-2008/

VPN Connections in Windows XP
Control Panel > Network connections > create new connections > connect network at my workplace > VPNconnections > Enter name of VPN connections > Choose any option of ‘Automatically dial this initial connection’ or ‘Do not dial the initial connection’ > Enter the name or IP address of the VPN remote access server > In option on the “Connection Availability” ,the default option, ‘My Use Only,’ ensures that Windows will make this new connection available only to the currently logged on user. Otherwise, choose the ‘Anyone’s use’ option > Complete the wizard.

Best Top VPNs
http://techpp.com/2009/07/09/top-5-free-vpn-clients/

http://compnetworking.about.com/od/vpn/a/vpn_tutorial.htm
http://www.technewsworld.com/story/59948.html
http://computer.howstuffworks.com/vpn5.htm

Hardware VPN
using VPN software on a router, server, firewall, or gateway is usually seen as a relatively low-cost way to deploy a VPN,but limited to the performance.VPN tunneling and encryption tasks will be carried out in software, taking CPU cycles from other processes.
In such cases , many router and firewall vendors offer add-on, hardware-assist products for heavy-load VPNs.

Eg.http://www.sonicwall.com/us/products/Secure_Remote_Access.html
http://www.cisco.com/en/US/products/hw/vpndevc/ps2286/index.html

VPN service providers for SMB
There are several VPN services for small businesses, but the most common is broadband VPN,which gives remote users the same speed experience they would have in the office.
Some of the recommended VPN services and products for SMB are SonicWall,Cisco ,3Com. 

Steganos offers four different VPN products for SMBs. These are Steganos Secure VPN, Steganos Secure VPN Premium, Steganos Secure Traveler and Steganos Secure Traveler Premium.

Check Point provides SMB users with an appliance-based VPN appliance. Two models are available. The basic model includes a firewall and the VPN appliance. A second model provides for an unlimited number of users.

Untangle offers two products for the SMB user. Open VPN requires less in-house technical knowledge. It uses a configuration wizard. Open VPN is free forever regardless of the number of users. Untangle also offers Remote Access Portal, a product for remote access through a Web page.

JBoss Application Server

JBoss Application Server (or JBoss AS) is a cross platform( usable on any operating system that supports Java) open-source Java EE-based application server. JBoss AS was developed by JBoss, now a division of Red Hat.

Features
Aspect-oriented programming (AOP) support
Clustering
Deployment API
Distributed caching (using JBoss Cache, a standalone product)
Distributed deployment (farming)
Enterprise JavaBeans versions 3 and 2.1
Failover (including sessions)
Hibernate integration (for persistence programming; Java Persistence API or JPA)
Java Authentication and Authorization Service (JAAS)
Java EE Connector Architecture (JCA) integration
Java Management Extensions
Java Server Pages (JSP) / Java Servlet 2.1/2.5 (Tomcat)
JBossWS (JBoss Web Services) for Java EE web services like JAX-WS
JDBC
Load balancing
Management API
OSGi framework
RMI-IIOP (JacORB, contraction of Java and CORBA)
SOAP with Attachments API for Java (SAAJ)
Teiid data virtualization system

Latest stable version (AS7)Design flexibility.
•Unparalleled Speed
In the highly optimized boot process of AS 7, services are started concurrently to eliminate unnecessary waits and to tap into the power of multi-core processors. Non-critical services are kept on ice until first use.

•Modular Design
AS 7 does classloading right. It uses JBoss Modules to provide true application isolation, hiding server implementation classes from the application and only loading the classes your application needs. Modules, packaged as collections of classes, are peers that remain isolated unless explicitly defined as a dependency of another module. Visibility rules have sensible defaults, yet can be customized.

•Exceptionally Lightweight
These optimizations enable AS 7 to run with stock JVM settings and on small devices. It also leaves more headroom for application data and supports higher scalability.Server profiles can be used to trim unneeded capabilities, allowing to make the server as lean as possible.

•Elegant Administration
The centralized configuration also unifies management. The same configuration file can be used for multiple servers in domain mode. In contrast, standalone mode controls a single instance, similar to how previous versions of JBoss AS were launched.

•Strict Compliance
more strict compliance to the portability expectations of our community of users.

•Easily Testable
Arquillian—a component model for integration tests that execute inside the real runtime environment.
By removing the clutter from your tests and handling deployment and test execution, Arquillian enables you to write tests for just about any use case your application encounters: real tests.

•First class, modern components
Hibernate Core(http://www.hibernate.org/)
 Transactions(http://www.jboss.org/jbosstm)
 Infinispan(http://www.jboss.org/infinispan)
 IronJacamar(http://www.jboss.org/ironjacamar)
 RESTEasy(http://www.jboss.org/resteasy)
 Weld(http://www.seamframework.org/Weld)
  HornetQ(http://www.jboss.org/hornetq)
 JGroups(http://www.jgroups.org/)
 Mojarra(http://java.net/projects/mojarra/)
 Apache CXF(http://cxf.apache.org/)
 Arquillian(http://www.jboss.org/arquillian)

Installing and starting JBoss AS on Windows
download from:http://www.jboss.org/jbossas/downloads/

JBoss Web comes with Windows service executable that can run JBoss Web Server as service.

Remember it is a java based,so check java installed properly(supported version,use JDK and path is added)

check with “java -version” command java is installed

Installing service
To install the JBoss Web server as Windows service use the provided service.bat batch file

Change directory to the JBossWeb bin directory
C:\> cd c:\jbossweb-4.0.4RC1-windows-i586\bin
 Install the service
C:\> service.bat install
 

Starting the service
To start the JBoss Web server as Windows service use Control pannel or net start command.

Start the service
C:\> net start JBossWebServer
The JBoss Web Server 4 service is starting.

 The JBoss Web Server 4 service was started successfully.
 
check it is working
Open browser, enter URL: http://localhost:8080

Stop the service
C:\> net stop JBossWebServer
The JBoss Web Server 4 service was stopped successfully.

Removing the service
To remove the JBoss Web server as Windows service use the provided service.bat batch file.

C:\> service.bat uninstall

Change directory to the JBossWeb bin directory
C:\> cd c:\jbossweb-4.0.4RC1-windows-i586\bin
 

Reff:https://docs.jboss.org/author/display/AS7/Documentation
http://www.roseindia.net/jboss/buildingwebapplicationwithant.shtml

Launching TS RemoteApp

It is a hosted service architecture that an organization does not have to purchase licenses for software applications or installing or maintaining those applications. Instead, a remote server (or a ISP/ software vendor leases the applications to the organization) can provide and users interact with the application over the internet.

Benefits of Using Terminal Service RemoteApp

Seamless Access:-Users do not need to open a Terminal Service session in order to access remotely hosted applications. Instead, Terminal Services RemoteApp provides the illusion to users that the applications are installed locally

Centralized Management:-Maintaining a single copy of each application(like patches) rather than each of the systems.

Ease of Management:-Those who don’t have IT staff can be managed form a single location.

Access it from anywhere:- It allows users to access hosted applications from anywhere.
Applications consume server resources. This is especially true if you have multiple users who are all using multiple remotely hosted applications.

Configurations

Start > Administrative Tools > Terminal Services > TS RemoteApp Manager options.
When the RemoteApp Wizard opens, click Next to bypass the wizard’s Welcome screen. At this point, you should see a list of the applications that are available for remote hosting. You can select the check box next to any application that you want to host, or you can use the Browse button to locate the executable file for any application that is not on the list.

Note:List will only show you applications that have been installed for use with the Terminal Services.

When you select an application and click proprties button, you will see a dialog box that tells you the application’s name and its local path.Also verified any existing command line arguments.

Export And Import RemoteApp Settings
Generate an RDP file for the application and export.

Note:You can have the option of either specifying the name of a terminal server that you want to export the settings to, or you can export the settings to a file. If you choose to export the settings directly to another terminal server, then any RemoteApp settings that are presently configured on that server will be overwritten.

export to a file, then Import RemoteApp Settings link, found in the TS RemoteApp Manager’s Actions pane to import the settings into the new terminal server. Like the direct export method though, importing a settings file will cause any existing remote application settings to be overwritten.

Open the file from a client machine,the application starts to client machine.

Terminal Service Web Access
To install Terminal Service Web Access, open the Server Manager and then navigate through the console tree to Server Manager >  Roles > Terminal Services, right click on the Terminal Services container, and choose the Add Role Services command from the resulting shortcut menu > Select the TS Web Access check box from the list of available role services.

Note:TS Web Access is not a standalone service,it depends on the Windows Terminal Service and on the Internet Information Services (IIS). Therefore, IIS and a few dependencies will have to be installed before you can use TS Web Access.

Once finished the installations TS can access from
http://server/ts

Tesrminal server and services

Tesrminal server primarly enables to connect serial devices(RS-232, RS-422 or RS-485 ) to a Local area Netwok

Terminal service
Terminal Services provides remote access to a desktop through thin client software,allowing the client computer to serve as a terminal emulator. Terminal Services transmits only the GUI of the user session to the client. The client returns keyboard and mouse clicks (KVM information), which are processed by the server.

Microsoft Terminal Services
In 2008 microsoft used TS Gateway uses Remote Desktop Protocol (RDP) tunnelled over Hypertext Transfer Protocol over Secure Socket Layer (HTTPS). By using TS Gateway,can make secure and encrypted connections between users on the Web and the remote production application computers. The connection is made by using port 443.

Installing and Configuring TS Gateway
1 Installing the TS Gateway role service
2 Server Manager to add the Terminal Services role and then select the TS Gateway role service and add the required role services.
3 Configure IIS Settings
4 Configure a server certificate
5 Create a Connection Access Policy (CAP) for the TS Gateway Server and select users
6 CAP(Connection Access Policy) a name and select the authentication method
7 Create resource groups
8 Create a Remote Access Policy (RAP) for the TS Gateway Server
9 Deploy a NPS(Network Policy and Access Service)

Configure the TS Gateway client (RDC 6.1) settings
1 Ran mstsc.exe and configured it for the TS Gateway type TS gateway settings(options > advanced >settings)and connect with username and password

Note:In case certificate error export certificate(mmc > cerificates > export) from the server and import it to client