Windows Fundamentals Student PDF
Document Details
Tags
Summary
This document presents information on Windows Fundamentals, including topics such as Windows Authentication, User Accounts, User/Group Management, and a section of Check On Learning questions. The document is likely a study guide or learning resource for a student.
Full Transcript
Windows Fundamentals DOI: 2024 JUL (U) Administrative Information Safety Requirements: Emergency Exits, 911, Fire Risk Assessment: LOW Environmental Conditions: Reduce, Reuse, Recycle Evaluation: Daily qu...
Windows Fundamentals DOI: 2024 JUL (U) Administrative Information Safety Requirements: Emergency Exits, 911, Fire Risk Assessment: LOW Environmental Conditions: Reduce, Reuse, Recycle Evaluation: Daily quiz Classification/Dissemination: UNCLASSIFIED TLO KNOWLEDGE AND SKILLS Conditions: Given a classroom, applicable references, practical exercises, and necessary information technology equipment such as, a computer with virtualization capabilities, the Cyber Operations Specialist student will be able to describe, identify, and understand the Fundamentals of the Windows Environment. Knowledge: Describe Windows Authentications and user/group management Describe the File/File Systems, Directory Structure, and File Permissions Describe different Command Line Interface and PowerShell Command/cmdlets Describe Backups, Logs and Schedule Tasks Describe Windows Boot Process, Kernel Designs, and Baseline Process Describe Interrupts, Exceptions, Trap Handling and Device Drivers Skills: Use CLI or PowerShell to gather information about the Windows environment Manage accounts through use of CLI and PowerShell OBJECTIVES Describe Windows Authentications Describe Boot Process Describe User/Group Management Describe Kernel Designs Describe File/File Systems Describe Process Baseline Describe Directory Structure Describe Concurrency Describe File Permissions Describe Interrupts Describe Windows Command(s) Line Describe Exceptions Identify PowerShell Describe Trap Handling Describe Backups Describe Device Drivers Describe Logs Demonstrate Windows Fundamentals Describe Scheduled Tasks Keys Emphasis/Highlighting Active Demo (Take Notes) File Paths Demo Scripts Commands Windows Authentication Windows Authentication is a secure form of Authentication. Authentication is the process of verifying the identity of a user, system, or device. It ensures that the entity attempting to access a resource is indeed who it claims to be. Different authentication methods exist. To include but not limited to: Password-based authentication: Users provide a password, which is compared to a stored hash value. If they match, access is granted. Multi-factor authentication (MFA): Combines multiple factors (e.g., password, SMS code, biometrics) for stronger security. Public key infrastructure (PKI): Uses digital certificates and private keys for secure communication. OAuth: Allows third-party applications to access resources on behalf of a user without sharing credentials. Windows Authentication (NTLM): Used in Windows environments, relying on domain accounts and challenge-response mechanisms. Transitioned to Kerberos or another Negotiation type system. USER ACCOUNTS A user account is a profile used by end users in the network for determining access. These accounts exist in either the SAM or in the Domain Controller (DC). Three types of user accounts: Local: does not permit access to network resources, authenticated by the SAM and utilized by work groups Domain: domain account that provides access to network resources, authenticated by the DC and reside in Active Directory (AD) Built-in: automatically created when the OS, Active Directory, or other applications are loaded. Built-in accounts can exist in local or domain environments ○ Standard: User accounts are for everyday computing. ○ Administrator: account that have full access to the computer; different types depending on the scope of the network ○ Guest: provides a user with temporary access; limited privileges with no access to network but can get on the internet. It is a best security practice to rename and disable these accounts. User/Group Management User and group management involves creating, modifying, and deleting user accounts and groups within an operating system. It includes setting permissions, managing user roles, and ensuring secure access to resources. Groups allow for easier management of permissions for multiple users. GUI: Control Panel > User Accounts> Manage User Accounts CLI: ‘net user username password /add’, ‘/domain’ – domain users ‘net localgroup groupname /add’, ‘/domain’ – domain groups PowerShell: ‘New-LocalUser –Name “username” –Password (ConvertTo-SecureString “Password12345!” – AsPlainText – Force)’ ‘New-LocalGroup –Name “groupname”’ Check On Learning 1. ___ is the process of verifying the identity of a user, system, or device. It ensures that the entity attempting to access a resource is indeed who it claims to be. 2. A ___ ___ is a profile used by end users in the network for determining access. 3. What is the CLI command to create a domain user? File/File Systems When accessing resources remotely, a connection needs to be made to a shared folder via networking protocols by providing appropriate credentials. If access is granted, depending on an individuals DACLs, the user will have access to all files within that folder. A File is a collection of data stored on a computer or digital device. They can contain text, images, videos, programs, or any other type of information. A File System defines the way data is named, stored, organized, and assessed on a hard drive. It is used by the OS to manage files. Each type of file system has its own properties and features, they are organized into 6 layers: Application Programs, Logical File System, File-organization Module, Basis File Dervish. (2022, March 3). What is file system in windows operating systems? AOMEI Partition Assistant. Retrieved September 12, 2022, from https://www.diskpart.com/articles/what-is-file-system- 1984.html System, I/O Control, and Devices. Common file systems include FAT (File Allocation Table) and NTFS (New Technology File System). File/File Systems - FAT The FAT (File Allocation Table) system is the original file system used since the early days of DOS. It originated in 1977 for use on floppy disks and was later adapted for hard disks and other storage devices. Originally designed with an 8-bit file system. FAT keeps track of file locations by using a table that maps file names to their physical locations on the disk. With each version of a FAT update, the number of bits increased. The versions of the FAT format are named after the number of bits it represents: (FAT12), (FAT16), (FAT32), and ExFAT. Max file size with FAT16B and FAT32 is 4GB-1, or exactly 4,294,967,295 bytes. File/File Systems -ExFAT The ExFAT (Extended File Allocation Table, FAT64) system is newer and more complex than the FAT file system. It provides more storage than FAT32. ExFAT is widely used is USBs and other removable media that need larger storage capacity. Despite the attempts to update the FAT versions, it failed to provide security for data and lacked options for recovery in the event of damaged or corrupted files. The ExFAT format allows individual files larger than 4 GB it can support Storage media of any size, up to 256 TB. File/File Systems - NTFS Introduced as a replacement for FAT32, New Technology File System (NTFS) was created in 1993 and is the most common file system offered by Microsoft Windows. Key features of NTFS: Compression Disk Quotas File and folder security (DACLs & SACLs) Reliability using transaction-based logging Encryption Mounted Volumes Directory Structure A directory structure is the hierarchical arrangement of directories (folders) on a storage device. Windows uses a hierarchical directory structure where all directories and files fall under a disk volume’s root directory. Windows identifies the root directory ( \ ) with all other files and directories stored under the root directory. Windows file systems use a letter to specify which disk volume (disk/storage) is being used (C:, D:, etc.). Default Windows configurations install the Windows OS onto the C: volume. Directory Structure Cont. Windows Folder - The default name of this folder may vary depending on the Operating System that is installed. The Windows folder contains folders and files of the specific Windows Operating System and is referred to as “system root”. System 32 - critical components of the Windows operating system are stored here. The two most common file types you’ll see in System 32 are.dll and.exe.dll - Dynamic Link Library - DLL file is a library that contains a set of code and data for carrying out a particular activity in Windows. DLL files are a lot like executable (EXE) files, except that DLL files cannot be directly executed in Windows..exe -Executables are files that install or run software applications. Every program you run on a Windows PC, is a.exe. Directory Structure Cont. Program Files - This contains folders and files of installed software, like Microsoft Office, Adobe Acrobat, Symantec Antivirus, or other optional third party and non-OS software. Users Folder - This contains a subdirectory for each user who has logged on to the system. These subdirectories contain profiles, which contains user personal data and preferences. File Permissions File permissions control the ability of users to view, modify, execute, or otherwise interact with a file. Permissions are typically set for different levels of access, such as owner, group, and others. In Windows, these permissions can include read, write, execute, and modify, among others. Authentication is a mechanism by which a system securely identifies a user. Authorization, however, is a mechanism by which a system determines the level of access an authenticated user has to system resources (e.g., files and directories). Most modern Windows OSs use Discretionary Access Control Lists (DACL) to assign file and directory permissions. Check On Learning 1. What defines the way data is named, stored, organized, and assessed on a hard drive. It is used by the OS to manage files. 2. What three of the six key features of NTFS: 3. Window uses what type of directory structure? 4. What is the mechanism by which a system determines the level of access an authenticated user has to system resources. Windows Command(s) Line The Windows Command Line, also known as Command Prompt or cmd.exe, is a command- line interpreter application available in most Windows operating systems. It provides a text- based interface to execute commands and run scripts. Using the File Explorer, you can navigate throughout windows file directory using My Computer, or the Command-Line Interface (CLI). The shell is a program that handles the user interface with the OS and is also a command language interpreter capable of running batch files or scripts. There are several methods to open a Windows CLI. The Start > Run window is probably the quickest and most commonly used. Once the Run window appears, type cmd and click OK. You can also simply type terminal into the search bar and the command line appears as an option. Windows Command Line The command line interface will benefit you as cyber operators. In order to navigate the Windows Command line, you have to know the proper Syntax for commands. Syntax is the grammatical rules and patterns that govern the ordered use of appropriate words and symbols necessary for commands to execute. If in doubt about the proper syntax of a command you can always utilize the HELP function by typing the COMMAND followed by /? or /help. Windows Command Line Basic Commands dir: Lists the contents of a directory. cd: Changes the current directory. copy: Copies files from one location to another. move: Moves files from one location to another. del: Deletes one or more files. mkdir: Creates a new directory. rmdir: Removes a directory. type: Displays the contents of a file. echo: Displays messages or turns command echoing on or off. ipconfig: Displays all current TCP/IP network configuration values. cls: clear your terminal screen. exit: Exits the command prompt. PowerShell PowerShell is a cross-platform task automation and configuration management framework from Microsoft. It includes a command-line shell and scripting language built on the.NET framework, designed for system administrators and power users to automate tasks and manage systems. Key Features: Command-line interface: PowerShell provides a command-line interface for executing commands and scripts. Scripting Language: It supports a scripting language that allows you to write complex scripts to automate administrative tasks. Cmdlets: PowerShell commands, known as cmdlets, follow a Verb-Noun naming convention, such as ‘Get-Process’ or ‘Set-Item’. PowerShell Cont. Pipelines: PowerShell supports pipelining, which allows you to pass the output of one cmdlet as input to another cmdlet, enabling complex data manipulation. Object-oriented: Unlike traditional command-line interfaces that output text, PowerShell outputs objects. This allows for more advanced data manipulation and processing. Remote Management: PowerShell supports remote management and scripting, enabling administrators to manage multiple systems from a single interface. Modules: PowerShell functionalities can be extended using modules, which are packages of cmdlets, providers, functions, and other tools. PowerShell Common uses: System Administration: Automating repetitive tasks, managing configurations, and handling system operations. Configuration Management: Setting up and managing system configurations across many servers. Task Automation: Writing scripts to automate complex workflows and repetitive tasks. File Management: Performing file and directory operations such as copying, moving, deleting, and renaming files. User Management: Creating, modifying, and deleting user accounts and groups. Service Management: Starting, stopping, and managing Windows services. Software Deployment: Installing, configuring, and managing software packages. PowerShell Basic Commands: Get-Help: Displays help information about PowerShell cmdlets. Update-Help: to update your Help Files Get-Command: Lists all cmdlets, functions, workflows, aliases installed on your system. Get-ChildItem: displays the files and directories in the PowerShell console. Get-Process: Retrieves the processes running on a local or remote computer. Get-Service: Gets the status of services on a local or remote machine. New-Item: Creates a new item, such as a file or directory. Copy-Item: Copies an item from one location to another. Remove-Item: Deletes files or directories. Check On Learning 1. What is also known as Command Prompt or cmd.exe? 2. What window’s command displays all current TCP/IP network configuration values? 3. _____ is a cross-platform task automation and configuration management framework from Microsoft. 4. What are the three key features of PowerShell? Backups Backups involve creating copies of data to protect against data loss. Backups can be full, incremental, or differential. They are critical for data recovery in case of hardware failure, data corruption, or other issues. Backup Types: Full: Used to backup an entire/complete system by selecting the entire volume. It involves copying the entire data set of the system to a separate partition or an external disk. It creates a complete copy of the specified data volume. Incremental: Used to copy only the data that has changed since the last (either full or incremental) backup. Differential: Used to copy changes since the last full backup, but they don’t rely on a previous differential backup. https://spanning.com/blog/types-of-backup-understanding-full-differential- incremental-backup/ Logs Logs are records of events that occur within an operating system or software application. They are used for monitoring, debugging, and auditing purposes. Logs typically include information about system events, errors, user activities, and security incidents. All operating systems provide some form of logging capabilities. A log file is a record of system or user activities. Logs can contain events generated either locally or from a remote system. The Department of Defense requires various levels of logging depending on the type and/or classification of a system. Log files can be stored locally. However, some OSs can consolidate Logs in a centralized location. In forensics, log analysis may be used by analysts to provide insight on a security incident. It can prove if someone accessed a file, downloaded material, or even plugged a removable storage device into a computer. Logs Logs can also be accessed through the command line. 1.Open the command line and type powershell or navigate directly to the powershell interface by typing powershell in the search bar. 1.Type get-eventlog * (The asterisk denotes a wildcard and will show all logs) to view the entire contents of specific log type get-eventlog Example: get-eventlog Application 2.The log can also be cleared from the CLI with: Clear-eventlog Application Scheduled Tasks Scheduled Tasks in Windows are automated processes that run at specific times or in response to specific events. The Task Scheduler is used to create and manage these tasks, which can include running scripts, launching programs, or executing commands. It does this by monitoring whatever criteria you choose (referred to as a trigger) and then executing the tasks when those criteria are met. Examples of Triggers: A specific time When a specific system event occurs When the system is booted At a specific time on a daily, weekly, or monthly schedule − Such as scheduling system backups that occur repeatedly When a user logs on Scheduled Tasks CLI Schedulers: There are two command-line schedulers in Windows, at and schtasks. With the addition of PS there is also now the new- sheduledtask cmdlet that starts a Windows PS background task on the local computer. at: Original command-line scheduler. On Windows 5.* architectures this command was used to escalate privileges by scheduling a process to run interactively as the local SYSTEM account. This command is deprecated on 10.* schtasks: Cannot be used to escalate privileges like at command. It also does not allow user interaction with a job scheduled to run as any user other than the currently logged on user. Example: Bob cannot schedule a job to run as Administrator and interact with that job, the job will just run in the background. Tasks are stored in the %SystemRoot%\System32\Tasks directory Scheduled Tasks Schtasks /? Displays scheduled tasks Schtasks /create Creates new task schtasks /create /sc once /tn command /tr cmd.exe /st 08:00 Schtasks /delete Deletes a task by name Schtasks /delete /tn command Schtasks /change Changes the task that is run, but not the name Schtasks /change /tn Notepad /tr C:\Windows\System32\calc.exe Schtasks /query Displays current scheduled tasks Schtasks /query /tn Notepad /v /fo list Check On Learning 1. What are the three backup types? 2. What is a record of system or user activities? 3. _____ is a cross-platform task automation and configuration management framework from Microsoft. 4. What is the PowerShell cmdlet to see all logs? 5. What in Windows are automated processes that run at specific times or in response to specific events? Boot Process Windows OS supports two processor rings. Kernel Mode - Kernels runs in the MOST privileged ring of the CPU (Ring 0) User Mode - The OS interface and User applications execute in the LEAST privileged ring (Ring 3) KERNEL MODE (RING 0): Access to all system memory and entire CPU instruction set Kernel mode OS and device driver code share address space Privileged to perform almost any action Closest to hardware USER MODE (RING 3): Limited in permission and authority OS interface and system software User applications Closest to user Boot Process The boot process is the sequence of steps the computer goes through when it is powered on, culminating in the operating system being loaded and becoming operational. This includes the BIOS/UEFI initialization, loading the bootloader, and starting the operating system kernel. Windows 10 boot process on BIOS systems comprises of four major phases. It starts from POST and ends up in loading the Windows OS Loader or the Kernel. Here is the list of the phases it goes through: 1.) Pre-Boot 2.) Windows Boot Manager 3.) Windows OS Loader 4.) Windows NT OS Kernel init. 5.) Windows User Logon Pre-Boot Process – Phase 1 Basic Input Output System Pre-Boot: POST or Power-On Self-Test loads firmware settings. It checks for a valid disk system, and if the system is good to go for the next phase. If the computer has a valid MBR, i.e. Master Boot Record, the boot process moves further and loads Windows Boot Manager. Firmware can be either Unified Extensible Firmware Interface (UEFI) or Basic Input/Output (BIOS). During every process, a program is loaded. Depending on whether it uses Legacy BIOS or UEFI, the file paths and files change. Unified Extensible Firmware Interface Boot Process – Phase 2 & 3 During every process, a program is loaded. Depending on whether it uses Legacy BIOS or UEFI, the file paths and files change. Windows Boot Manager: This step determines if you have multiple OS installed on your computer. If yes, then it offers a menu with the names of the OSs. When you select the OS, it will load the right program, i.e. Winload.exe to boot you into the correct OS. 1. bootmgr: Switches from real mode to protected mode 2. bootmgr: Reads BCD (store on BIOS/UEFI) 3. bootmgr: Starts winload.exe Windows OS Loader: WinLoad.exe loads important drivers to kick start the Windows Kernel. The kernel uses the drivers to talk to the hardware and do rest of the things required for the boot process to continue. 1. Loads ntoskrnl.exe and hal.dll 2. Starts drivers with start value of (0x0) Boot Process – Phase 4 Windows NT OS Kernel: The Kernel Initialization Phase is the last stage which picks up the Registry settings, additional drivers, etc. Once that has been read, the control is taken by the system manager process. It loads up the UI, the rest of the hardware and software. That’s when you finally get to see your Windows 10 Login screen. 1. Ntoskrnl.exe: Ntdll.dll is mapped into address space 2. Ntoskrnl.exe: Creates HKLM\Hardware key 3. Ntoskrnl.exe: Starts drivers, System Files and Services 4. Ntoskrnl.exe: Starts smss.exe (0) process Boot Process – cont… User Mode Start Up 1.Smss.exe (0): starts the subsystem process csrss.exe (0) and dependencies 1.Smss.exe (0): Starts wininit.exe 1.wininit.exe: Starts the SCM (services.exe) and the LSA (lsass.exe) 1.SCM starts all services with start value of (0x2) 1.Smss.exe (0) starts an instance of itself, smss.exe (1) 1.Smss.exe (1) starts csrss.exe (1) and its dependencies 1.Smss.exe (1) then starts winlogon.exe and smss.exe (1) exits 1.Winlogon.exe starts logonui.exe (1) (exits) and Userinit.exe (1) 1.Userinit.exe starts explorer.exe (1) Check On Learning 1. What are the two modes in Window’s OS? 2. What is the sequence of steps the computer goes through when it is powered on, culminating in the operating system being loaded and becoming operational? 3. The firmware is loaded in ___ phase? 4. What are the three responsibility of the bootmgr? 5. What is last stage in the boot process? Kernel Designs The kernel sits between the HAL and the Executive and provides multiprocessor synchronization, thread and interrupt scheduling and dispatching, and trap handling and exception dispatching; it is also responsible for initializing device drivers at bootup that are necessary to get the operating system up and running. Kernel designs refer to the architecture of the core component of an operating system, which manages system resources and communication between hardware and software. Common designs include monolithic kernels and microkernels. Kernel Designs: Monolithic Kernel Microkernel Hybrid Kernel Exokernel Virtual Kernel Kernel Designs: Monolithic Kernel Monolithic Kernel: all essential operating system functions reside in a single large binary. Both user services and kernel services are implemented under the same address space. It increases the size of the kernel, thus increasing the size of the operating system. Advantage: CPU scheduling, memory management, file management, and other operating system functions through system calls. Single large process running Faster operating system execution. Single static binary file Disadvantage: Any service failure leads to entire system failure New service require entire operating system Security vulnerabilities Kernel Designs: Microkernel Microkernel: keeps only the most critical functions in the kernel space, with other services running in user space. This type of kernel is characterized by its modularity, simplicity, and ability to run multiple operating systems on the same hardware. Advantage: More secure OS due to reduce attack surface Smaller in size Easily extendible and customizable Stability, Service failure does not affect the microkernel Disadvantage: Message passing between User and kernel spaces Slower Increase complexity and limited performance optimization Increase memory usage Kernel Designs: Hybrid Kernel Hybrid Kernel: combines aspects and benefits of both monolithic sand microkernels. It has speed and design of monolithic kernel and modularity and stability of microkernel. The hybrid kernel works to have a kernel structure like that of a microkernel, but to implement that structure in the manner of a monolithic kernel. Advantages: 1. Performance 2. Reliability 3. Flexibility 4. Compatibility Disadvantages: 1. Complexity 2. Security 3. Maintenance 4. Resource usage Kernel Designs Exokernel: exposes hardware resource directly to user level-applications. Provide minimal abstractions, allowing applications to manage resources efficiently. Advantages: 1. Flexibility 2. Performance 3. Security 4. Modularity Disadvantages: 1. Complexity 2. Development Difficulty 3. Limited Support 4. Debugging Difficulty Kernel Designs Virtual Kernel: manage virtual machines (VMs) and allow multiple operation systems to run concurrently on the same physical hardware Check On Learning 1. The kernel sits between the ___ and the ___? 2. What are the five Kernel Designs? 3. What are the disadvantages of Monolithic Kernel? 4. What kernel exposes hardware resource directly to user level-applications and provide minimal abstractions, allowing applications to manage resources efficiently? PROCESS BASELINE A process baseline is a set of standard performance metrics or behaviors established for processes running on a system. It is data collected periodically so that the performance of the network/system can be properly evaluated. The data collected are then used as a reference during real-time monitoring and evaluation so we can effectively identify abnormalities or establish network normalcy. - Creating and maintaining an up-to-date, in-depth, and precise baseline of any given system is vital. - Often this makes the difference between spotting exploits and losing valuable infrastructure/data. - Baselines can be stand-alone, or they can be collected over a period to help with pattern of life assessments. https://medium.com/purple-team/network-scanning-and- enumeration-4e998752eb10 Concurrency Concurrency in computing refers to the ability of a system to manage multiple tasks or processes simultaneously. This is achieved through mechanisms like multitasking, multithreading, and parallel processing, allowing for efficient use of system resources and improved performance. Benefits of Concurrency: Improved Responsiveness: Allows a system to remain responsive even while certain tasks are blocked or waiting for resources. Resource Utilization: Maximizes the use of available processing resources (CPU cores) by keeping them busy with productive work. Modularity and Scalability: Enables modular design and scalability in applications, where tasks can be divided into smaller units that can run concurrently. Concurrency cont… A single processor may only be scheduled to run one process at a time. Multi-tasking is the illusion of performing multiple jobs simultaneously by interleaving processes on the same CPU. Systems with multiple processors, schedule multiple processes simultaneously in what is known as concurrency. When running concurrent processes certain conditions may arise. Race Condition - Occurs due to a process depending on the timely output sequence of another process. If the dependent process receives the data out of sequence or in an untimely manner, unanticipated behavior results. Deadlocks: Situations where two or more processes are unable to proceed because each is waiting for another to release a resource. Synchronization: Techniques like locks, semaphores, and mutexes are used to coordinate access to shared resources and prevent race conditions. Interrupts Interrupts are signals sent to the CPU by hardware or software indicating an event that needs immediate attention. They temporarily halt the current execution flow, allowing the CPU to address the interrupting event, and then resume normal operations. In I/O devices one of the bus control lines is dedicated for this purpose and is called the Interrupt Service Routine (ISR). 1. Software Interrupts Traps and exceptions are other names for software interruptions. Software interrupts often occur when system calls are made. 2. Hardware Interrupts All the devices are connected to the Interrupt Request Line to request an interrupt. Exceptions Exceptions are events that disrupt the normal flow of execution in a program, often due to errors. They are handled by special constructs in programming languages, allowing the program to take corrective action or terminate gracefully. Examples of exceptions include memory access violations, debugging issues, and mathematical anomalies like division by zero. Not all exceptions result from faults. System calls are treated as exceptions by the OS kernel. Trap Handling Trap handling involves managing software-generated interrupts or exceptions. When a trap occurs, the operating system's kernel takes control, performs the necessary actions to address the issue, and then returns control to the appropriate point in the program. The OS kernel uses a trap handler to take control of interrupts and exceptions when they occur. When an interrupt occurs, the kernel traps the currently executing process/thread and changes its state to wait. The interrupting process/thread is then scheduled to run on the CPU if permitted by the kernel. Interrupts are typically scheduled with higher priority in the queue. Device Drivers Device drivers are specialized software programs that allow the operating system to communicate with hardware devices. They provide the necessary interface for the OS to control and interact with devices like printers, graphics cards, and network adapters. A driver is a software component that lets the operating system and a device communicate with each other. This is why when you connect hardware to a computer you often need a driver. The device does not know how communicate with the OS, but the driver is the translator. Both the device, driver, and OS all know how to communicate with each other. Check On Learning 1. A ____ ____ is a set of standard performance metrics or behaviors established for processes running on a system. 2. What in computing refers to the ability of a system to manage multiple tasks or processes simultaneously? 3. This benefit of Concurrency maximizes the use of available processing resources (CPU cores) by keeping them busy with productive work. 4. What are the two types of interrupts? 5. ___ are events that disrupt the normal flow of execution in a program, often due to errors. What Are Your Question s SUMMARY OBJECTIVES Describe Windows Authentications Describe Boot Process Describe User/Group Management Describe Kernel Designs Describe File/File Systems Describe Process Baseline Describe Directory Structure Describe Concurrency Describe File Permissions Describe Interrupts Describe Windows Command(s) Line Describe Exceptions Identify PowerShell Describe Trap Handling Describe Backups Describe Device Drivers Describe Logs Demonstrate Windows Fundamentals Describe Scheduled Tasks Identify Win Fund. Part I SUMMARY LSA 1: Describe Windows Authentications Different authentication methods: Password-based authentication Multi-factor authentication (MFA) Public key infrastructure (PKI) Oauth Windows Authentication (NTLM) (Kerberos or negotiation type) LSA 2: Describe User/Group Management Two types of accounts primarily exist: User & Service Accounts Three types of user accounts: Local, Domain, Built-in: Types of built-in: Standard: Administrator, & Guest: User and Group Management: GUI, CLI and PS LSA 3: Describe File/File Systems Difference between File and File System Identify Win Fund. Part I SUMMARY cont. LSA 4: Describe Directory Structure: Windows Folder, System 32,.dll,.exe, Program Files and Users Folder LSA 5: Describe File Permissions: Authentication and Authorization LSA 6: Describe Windows Command(s) Line and using the /? and /help LSA 7: Identify PowerShell: Cross-platform interface Key features: CLI, Scripting language and CMDLETs, Pipelines, Object-oriented, Remote management, & modules Common Uses: Management, automation, Sys Admin, & software deployment LSA 8: Describe Backups: Full, Incremental, & Differential LSA 9: Describe Logs: the difference between Logs and Log files LSA 10: Describe Scheduled Tasks: Triggers and syntax Windows Command Line Basic Commands dir: Lists the contents of a directory. cd: Changes the current directory. copy: Copies files from one location to another. move: Moves files from one location to another. del: Deletes one or more files. mkdir: Creates a new directory. rmdir: Removes a directory. type: Displays the contents of a file. echo: Displays messages or turns command echoing on or off. ipconfig: Displays all current TCP/IP network configuration values. cls: clear your terminal screen. exit: Exits the command prompt. PowerShell Basic Commands: Get-Help: Displays help information about PowerShell cmdlets. Update-Help: to update your Help Files Get-Command: Lists all cmdlets, functions, workflows, aliases installed on your system. Get-ChildItem: displays the files and directories in the PowerShell console. Get-Process: Retrieves the processes running on a local or remote computer. Get-Service: Gets the status of services on a local or remote machine. New-Item: Creates a new item, such as a file or directory. Copy-Item: Copies an item from one location to another. Remove-Item: Deletes files or directories. Identify Win Fund. Part II SUMMARY LSA 11: Describe Boot Process: Two types of Modes: Kernel (priv) & User (least priv) Boot phases: 1. Pre-boot: POST, BIOS/UEFI Firmware 2. Boot Mgr: Real-Protected, Read BCD, and starts winload.exe 3. OS Loader: Ntoskrnl.exe, HAL.dll, Drivers 4. Kernel Init: Ntdll.dl and the rest of drivers and services 5. User Logon: from SMSS.exe – explorer.exe LSA 12: Describe Kernel Designs: monolithic, microkernel, hybrid, exo, & virtual LAS 13: Describe Process Baseline: to establish a standard and help identify abnormality on systems. LSA 14: Describe Concurrency: managing multiple task efficiently. Benefits: Improved Responsiveness, Resource Utilization, Modularity and stability. Conditions: Race, Deadlocks and synchronization. LSA 15: Describe Interrupts: Indication of an event that needs immediate attention. Two types: Software and Hardware LSA 16: Describe Exceptions: disruption to normal flow LSA 17: Describe Trap Handling: Managing software-generated interrupts or exceptions. LSA 18: Describe Device Drivers: OS to communicate with Hardware Identify Win Fund. CLI Demonstration Basic Commands dir: Lists the contents of a directory. cd: Changes the current directory. copy: Copies files from one location to another. move: Moves files from one location to another. del: Deletes one or more files. mkdir: Creates a new directory. rmdir: Removes a directory. type: Displays the contents of a file. echo: Displays messages or turns command echoing on or off. ipconfig: Displays all current TCP/IP network configuration values. cls: clear your terminal screen. exit: Exits the command prompt. Identify Win Fund. PS Demonstration Get-Help: Displays help information about PowerShell cmdlets. Update-Help: to update your Help Files Get-Command: Lists all cmdlets, functions, workflows, aliases installed on your system. Get-ChildItem: displays the files and directories in the PowerShell console. Get-Process: Retrieves the processes running on a local or remote computer. Get-Service: Gets the status of services on a local or remote machine. New-Item: Creates a new item, such as a file or directory. Copy-Item: Copies an item from one location to another. Remove-Item: Deletes files or directories.