aHmeD eL-kiLaNi

System.DirectoryServices namespace is responsible for accessing and managing ActiveDirectory. It can operate with service providers like WinNT, LDAP, NDS and IIS.
DirectoryEntry is our target class to do the job for us.
To instantiate a DirectoryEntry object to manage Active Directory user accounts:

DirectoryEntry theEntry =
    new DirectoryEntry("LDAP://CN=New User,CN=users,DC=Domain,DC=COM");    

And here is how to initilize DirectoryEntry object to manage NT windows accounts:

 DirectoryEntry theEntry = new DirectoryEntry("WinNT://" + Environment.MachineName);
    

The following code shows how to create a user, adding to Users group, setting password and configure its flags.

DirectoryEntry theEntry = new DirectoryEntry("WinNT://" + Environment.MachineName);
DirectoryEntry theGroup = theEntry.Children.Find("Users", "group");
DirectoryEntry theUser;
try
{
    //An exception would be generated if "UserName" does not exist.
    //Not the best way to determine user existence, but quite easy enough for now.
    theUser = theEntry.Children.Find("UserName");
}
catch
{
    theUser = theEntry.Children.Add("UserName", "user");
    //Commit after adding user so that we can add the user later to "Users group".
    theUser.CommitChanges();
}

theUser.Invoke("SetPassword", new object[] { "newpassword" });
theUser.Invoke("Put", new object[] { "Description", "User Created Programatically" });

theUser.Properties["FullName"].Value = "Test User Name";
// There are several properties under the user DirectoryEntry ex:
// -PasswordAge
// -PasswordExpired
// -FullName
// -UserFlags
theUser.Properties["UserFlags"].Value =
    UserFlags.ADS_UF_DONT_EXPIRE_PASSWD |
    UserFlags.ADS_UF_PASSWD_CANT_CHANGE;

//If you have not installed active directory on your machine,
//then you need to use the native ADSI object to query 
//the NT directory for users.
IADsGroup nativeObj = (IADsGroup)theGroup.NativeObject;
if (!nativeObj.IsMember(theUser.Path))
    theGroup.Invoke("Add", new object[] { theUser.Path });

theUser.CommitChanges(); 

Code explanation:  
In the previous code I used NT directory to create a windows user account named UserName and add it to the built-in "Users" group.
theUser.Invoke() method invokes methods in theUser DirectoryEntry for setting password and putting description to the specified user account. SetPassword() and Put() methods are members of IADsUser interface, because the DirectoryEntry native object that represend user acounts should implement this interface so we can either call SetPassword() like:

((IADsUser)theUser.NativeObject).SetPassword("newpassword");

Properties collection contains the properties of the current DirectoryEntry, the most important part is UserFlags property which can change a lot of user acount attributes; the following enumeration describes the values could be setting to UserFlags:

enum UserFlags 
{ 
   ADS_UF_SCRIPT = 1, // 0x1 ADS_UF_ACCOUNTDISABLE = 2, // 0x2 
   ADS_UF_HOMEDIR_REQUIRED = 8, //0x8
   ADS_UF_LOCKOUT = 16, //0x10 
   ADS_UF_PASSWD_NOTREQD = 32, //0x20 
   ADS_UF_PASSWD_CANT_CHANGE  = 64, // 0x40 
   ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 128, //0x80 
   ADS_UF_TEMP_DUPLICATE_ACCOUNT  = 256, // 0x100 
   ADS_UF_NORMAL_ACCOUNT = 512, //0x200 
   ADS_UF_INTERDOMAIN_TRUST_ACCOUNT  = 2048, // 0x800 
   ADS_UF_WORKSTATION_TRUST_ACCOUNT = 4096, // 0x1000 
   ADS_UF_SERVER_TRUST_ACCOUNT  = 8192, // 0x2000 
   ADS_UF_DONT_EXPIRE_PASSWD = 65536, //0x10000 
   ADS_UF_MNS_LOGON_ACCOUNT = 131072, // 0x20000 
   ADS_UF_SMARTCARD_REQUIRED = 262144, // 0x40000 
   ADS_UF_TRUSTED_FOR_DELEGATION = 524288, // 0x80000 
   ADS_UF_NOT_DELEGATED = 1048576, //0x100000 
   ADS_UF_USE_DES_KEY_ONLY = 2097152, // 0x200000 
   ADS_UF_DONT_REQUIRE_PREAUTH = 4194304, // 0x400000 
   ADS_UF_PASSWORD_EXPIRED = 8388608, // 0x800000 
   ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 16777216 // 0x1000000 
}		

UserFlags property can hold one or more values for describing user attributes, if you have a little bitwise background so don't get shocked, it is not complex that much; use the | operator to bind more flags and & operator to execlude.

Note: To use native object interfaces like "IADsGroup" you have to add reference to the COM library ActiveDs.

Showing a certain form from your windows service is not that quite direct. If your program uses a win service running in the background for your operations, then this service is another application running in a separate process and maybe in a separate app domain. So what if your service has detected something which needs to tell your application to do?
What if you want to display some alert from your service, because your service is invisible so any visible winform runs under the context of this service will not be visible.
Here comes the interactive desktop option which can get it right for us.

To allow winservice to interact with desktop, go to:
Control Panel >Administrative tools>Services
Find your service then right click then choose properties.
On the log on tab check in "Allow service to interact with desktop".

For installing the service programatically we could perform the previous task from the registry:

To know what Arp spoofers do we have to know what ARP is. ARP (Address Resolution Protocol ) is a protocol used to resolve many different network-layer protocol addresses to hardware addresses (IP address to MAC address).
ARP is used when a router needs to forward a packet from one host to the destination host on the same network. ARP spoofers knows plays with ARP entries cached in the system, it sends fake ARP messages from the spoofer machine to the victim machine, playing with the cached ARP resolved entries in the system and associated the router IP with the spoofer MAC address, so any request to the rounter will be delivered to the attacker machine instead.

To fix that is easy, clear the ARP Cache and everything would be OK. To so; In your windows form drag a timer from the toolbox and write the following code in the timer tick event handler:

This will clear the spoofed entries and force the system to resolve the MAC address of the router again.