Topic 1: Windows Features, Tools,
Utilities & Settings
APL 355
APL355
BOOT TYPES
 A Solid-State Drive (SSD) or Hard Disk Drive
(HDD) are storage devices that use solid-state
flash memory and magnetic components
respectively.
 A Universal Serial Bus (USB) port can be used as
a boot device when a USB flash drive is inserted.
 An optical drive uses optical media such as CDs
(Compact Discs) and DVDs (Digital Versatile Disc).
 A Preboot Execution Environment (PXE) is an
industry standard client/server network boot
interface. It allows a system to be booted remotely
for configuration purposes.
APL355
64-BIT VS 32-BIT OPERATING SYSTEMS
 In order to run a 64-bit operating system, you
need a CPU that is capable of running a 64-bit
version of Windows.
 64-bit software is also needed to utilize the
additional hardware.
 64-bit versions of Windows also need 64-bit
drivers.
 A 64-bit version of Windows can natively run
32-bit applications, and does so in “emulator”
mode. The emulator tricks the application into
thinking it’s running on a 32-bit system.
APL355
TYPES OF INSTALLS
 An unattended install is an install method that is
automated with an answer file that contains answers
related to particular setup questions.
 A repair installation is a recommended option for a
problematic system. A repair installation will look at the
currently installed operating system and repair that
installation.
 A clean install is a recommended option for a new or
problematic system. A clean install is not necessarily
an unattended install.
 A remote installation is performed with a network boot.
The operating system is located on a server and
installed remotely.
APL355
TYPES OF MEDIA FOR INSTALLATION
 A recovery partiton is a special partition on a PC system's hard
drive that contains the original factory software, including the
operating system and preinstalled device drivers. Booting from
the recovery partition initiates an out of the box installation.
 An official media download may not include any specific
software that came with the system or any preinstalled drivers. It
would also be time consuming and then required to be placed
onto bootable media to be used as an installation source.
 A retail purchase of an operating system would not include any
specific software that came with the system or any special
preinstalled drivers.
 An OEM (Original Equipment Manufacturer) license is only a
license to use software that came with the computer. It is not
installation media.
APL355
WINDOWS FOLDER STRUCTURE





Windows is typically installed on the C: drive of a
computer system. This is called the “root”.
The Windows\System32 folder is the location for
Windows operating system files.
Each user on the computer system has a folder
located in the root under the “Users” folder, which
contains all of their files, such as Desktop,
Documents, Favourites, Music, Videos etc.
Windows applications usually create configuration
data for each user on a system. Often the AppData
folder is used, and each user would have their own
within their user folder.
Software applications are installed in either the
Program Files or the Program Files (x86) folders.
APL355
WINDOWS SYSTEM FILES
 Windows system files are files that have the
system attribute turned on. (And are usually
hidden)
 This allows Windows to protect system files
from deletion, as they are generally crucial to
the operating system or programs.
 A DLL file is a file type within Windows that
contains shared code. DLL files can accessed
by the operating system and numerous
applications to perform particular functions.
 An EXE and MSI files are executable. They
are generally used to install programs.
APL355
COMPATIBILITY MODE
 Compatibility mode refers to a
method of launching a Windows
application as if it were running on
an older operating system. This is
done for compatibility purposes of
using legacy software applications.
APL355
BRANCH CACHE
 BranchCache is an optimization
technology from Microsoft that can
cache server based files on remote
machines for quick and easy access.
Limited version available on Windows
10 Pro and full version on Enterprise
 It works in 2 different modes:
• Distributed: allows clients to
request cached content from one
another
• Hosted: centralizes the cache on a
BranchCache server
APL355
ENCRYPTION
 BitLocker is a security mechanism that protects
computer hard drives by encrypting the drive’s
data. A TPM (Trusted Platform Module) chip is
required for BitLocker to work. When a hardware
change is detected, BitLocker prompts for
authorization to access the drive.
 Encrypting File System (EFS) is used to encrypt
certain files in certain folders and not the entire
drive. EFS does not rely on hardware to do the
encryption as BitLocker does with a TPM (Trusted
Platform Module) chip. EFS is not supported on
Windows 10 Home.
APL355
DISK MANAGEMENT
• We use the Disk
Management utility to
manage our storage within
Windows.
• However, when performing
a clean install of Windows
(or virtualized install), we
use the tool in the Windows
installer to format and
partition our disk.
APL355
HARD DRIVE FORMATTING AND INITIALIZATION
 When installing a new hard disk into a
Windows system, it needs to be initialized.
By right-clicking the disk in disk
management the drive can be initialized.
 When installing a “foreign” dynamic type
hard disk into a Windows system that was
removed from another Windows system, it
needs to first be imported.
 Before initializing or importing, the disk is
not ready for use and would not yet
appear in explorer.
APL355
DISK PARTITION STRUCTURE
 There are two types of partition structure:
• Master Boot Record (MBR) type
partitions have limitations of disk
sizes up to 2TB and four primary
partitions. They are still widely used
today with regular BIOS.
• The newer GUID Partition Table
(GPT) enables drives greater than
2TB and up to 128 primary partitions.
Typically used by UEFI.
• We make this selection when
“initializing” our disk.
APL355
EXTENDED PARTITIONS
 When using MBR-style (Master Boot Record) partitions, up to four primary partitions can be
created. Only one of those partitions may be marked as active. All primary partitions are
bootable. There is a limitation of one extended partition. In that case only three primary
partitions could be created, with the fourth being an extended partition.
 An extended partition is divided into segments known as logical drives.
 An extended partition is not formatted like a primary partition and the logical drives within can
hold an operating system but are not bootable as there is no boot sector available.
APL355
CHANGING PARTITIONS
 Creating a partition is the process of taking a section
of a disk from available unused space to be used as a
disk volume.
 Splitting a volume would create a new second volume.
Splitting would involve the steps of first shrinking the
existing volume and then partitioning new space for a
second volume.
 Shrinking a volume is the process of taking a volume
that has available space and reducing its size. This
leaves the resulting free space to be used as another
volume. Shrinking a volume may be restricted due to
files that cannot be moved on the disk.
 Extending a volume is the process of using available
unused space and adding it to an existing volume.
APL355
BASIC AND DYNAMIC DISKS
 Basic disk types are the default disk
types in Windows and are supported
in Windows 10 Home edition. Basic
disks can be partitioned, but they
cannot span multiple volumes like a
dynamic disk (for software RAID).
 Dynamic disks are not supported in
Windows 10 Home edition. A
dynamic disk can be used to create
a volume that spans multiple disks
and can be used in a software RAID
configuration.
APL355
ASSIGNING A DRIVE LETTER
 A healthy NTFS (New
Technology File System)
volume can be assigned a
drive letter in Windows.
 Generally, the C: drive
contains the operating
system, but that can be
changed if desired.
APL355
MOUNTING A VOLUME
 A mount point is a Windows
feature in disk management
that allows a volume to be
mounted at a point in the
system folder structure rather
than as a disk with a drive
letter.
 For example, a mount point for
a disk volume could be the My
Documents folder which could
be mapped to E:\
APL355
FORMATTING DISK
 Formatting a disk prepares a
disk for use with a file system
type.
 A full format not only clears the
disk of any data and sets the
file system type, but it also
checks the disk for bad sectors.
 A quick format only clears the
disk of any data and sets the
file system type.
APL355
FILE SYSTEMS
 NTFS (New Technology File System) is a file system developed
by Microsoft for use with Windows systems. It provides 64-bit
addressing, compression, access security, and indexing
features. CDFS (CD File System) is a legacy file system used
for Compact Disc optical media.
 UDF (Universal Disk Format) is an updated file system for
optical media that supersedes CDFS.
 exFAT is a 64-bit version of FAT (File Allocation Table).
Designed for removable hard drives and flash media, exFAT
supports large volumes and large file sizes. exFAT supports
access permissions but not compression or encryption.
 FAT32 (File Allocation Table) is a file system created as an
improvement over FAT16, such as larger volumes. The
maximum file size is 4GB minus 1 byte.
APL355
REPAIR AND RECOVERY
 A factory recovery partition is a special
partition that is created by the
manufacturer of the system. This partition
is used to reinstall the system.
 To repair a Windows 7/8/10 installation,
booting from the installation disk is
required. As the installation media is likely
on optical media, an optical drive would
be the best choice. A bootable flash drive
would also work in this scenario.
APL355
TYPES OF WINDOWS RECOVERY
 A system refresh is where Windows is
reinstalled while keeping certain settings
and personal files intact.
 A system reset is an option that will
perform a reinstall to default Windows out
of the box settings.
 A system restore is an option to roll back
any changes to a specific point in time.
System restore points can be created
manually or automatically.
 Windows backup allows a user to create
a system image of a Windows computer.
The backup and restore utility can be
found in control panel.
APL355
BACKUP TYPES
A full backup is used to backup an entire system’s
data. A good backup strategy would include one full
back up at the beginning of the week, and one
incremental or differential performed daily.
 An incremental backup requires that there is a full
backup performed first. An incremental only does a
backup of data that has changed since the last
backup.
 A differential backup requires that there is a full
backup performed first. An differential only does a
backup of data that has changed since the last full
backup.
 An off-site backup is a backup that is held at a location
other than the location of the original data. This is
done for purposes of safekeeping.

APL355
IMAGING OS
 Image deployment provides a rapid
way to install a standardized version of
an operating system on one or many
target computers.
 The operating system is first installed
and configured with any additional
software, security settings, or general
user settings on a reference computer.
 A disk dump creates a full image of a
disk. This utility makes a bit-by-bit
image regardless of the file system in
use.
APL355
VIRTUAL MEMORY
 Virtual memory improves a system’s
performance by using an area of a hard disk
as RAM (Random Access Memory).
 A paging file is used with the virtual memory
setting and can be set to a certain size or it
can sized by the operating system.
 This location on the disk is called swapped
space.
 Swap space size can be adjusted in system
properties.
 If swap space is low, PC performance can be
impacted.
APL355
ADMINISTRATION SHORTCUTS
 Pressing WINDOWS+X or right-clicking
the Start button shows a shortcut menu
including Control Panel, Windows
Settings, and File Explorer but also
management utilities such as Device
Manager, Computer Management,
Command Prompt, and Windows
PowerShell.
APL355
APPLICATIONS, SERVICES AND PROCESSES
 Both applications and services are considered
“processes”.
 Applications are meant to interact with a single
user
 Services work across the system, but don't
interact with users directly. A service is usually a
background application that runs when windows
starts up.
 A service can be disabled, automatic, automatic
(delayed start), or manual. A manual start means
the service would need to be started by the user.
There is no manual (delayed start) type.
APL355
TASK MANAGER
 The processes tab displays a list of processes
with the corresponding CPU utilization,
memory usage, and disk usage for each.
(Including apps and background processes)
 The performance tab displays an overview of
the system’s physical memory, kernel memory,
CPU usage, and a system summary of
threads, handles, and processes.
 The services tab displays a list of services and
the corresponding PID (process ID). Services
can be started and stopped from this display.
 Other tabs include app history, startup (to
select which processes will start with
Windows), Users and Details of all
processes/apps.
APL355
MSCONFIG
 The general tab contains diagnostic startup
options.
 The boot tab contains the option to boot into safe
mode, to choose a no GUI (Graphical User
Interface) boot, etc.
 The startup tab contains the option to view the
task manager to selectively disable unused
startup items.
 The tools tab contains system components that
can be used to modify certain areas of the
system’s behavior.
 The services contains the option to view a list of
services and the option to selectively
enable/disable them quickly.
APL355
PERFORMANCE MONITOR
 Performance monitor is a
Windows utility that is used to
view system performance
data in real time or from a log
file.
 Data collector sets are used
as a basis for gathering
information for analysis.
APL355
WINDOWS MEMORY DIAGNOSTICS
 Windows memory diagnostics is
a Windows utility that can scan
system memory for issues.
 This utility has the option to set
a scan the next time the system
reboots or to immediately reboot
and begin the scan.
APL355
DIRECTX
 Microsoft DirectX is a collection of
application programming interfaces (APIs)
for handling tasks related to multimedia,
especially game programming and video,
on Microsoft platforms
 The Dxdiag (DirectX Diagnostic Tool) utility
is used to view graphics and audio related
hardware and settings. The Dxdiag tool was
introduced with Windows 98 Second Edition
and systems with DirectX version 6.0 or
later.
APL355
COMPUTER MANAGEMENT
 Computer management is a utility within Windows that is used to view event logs, manage
and edit disk storage, folder shares, local users, and more. It is not used to view network
properties or settings.
APL355
EVENT VIEWER
 The application event log will log any
events that are considered as application
issues. The failure to start an application
is an example of an application event that
would be logged.
 The security event log will log any events
that are considered as security issues.
An invalid login attempt is an example of
a security event that would be logged.
 The system event log will log any events
that are considered as operating system
issues. Failure to access a hardware
device such as a drive would be logged
in the system log.
APL355
TASK SCHEDULER
 Task scheduler is used to
schedule tasks, such as running
a program or a script.
 With task scheduler, a schedule
is created to perform the task
with options such as which user
account to use and if the task
can run when a user is not
logged onto the system.
APL355
MICROSOFT MANAGEMENT CONSOLE
 The MMC (Microsoft
management console)
command is a utility that is used
for administrative console tools.
 By using mmc, custom
consoles can be created by
adding tools and then saved for
later use.
APL355
GROUP POLICIES
 Group Policy is a Windows feature that
contains a variety of advanced settings,
particularly for network administrators.
 A local Group Policy can also be used to
adjust settings on a single computer.
 Group Policy isn’t designed for home users, so
it’s only available on Professional, Ultimate,
and Enterprise versions of Windows.
 Gpresult is a command line utility that is used
to display the results of applied group policies.
 Gpupdate is a command line utility that is used
to immediately apply group policy settings to a
computer.
APL355
THE REGISTRY
 The Windows registry is structured as a set of five root
keys that contain databases.
 The HKEY_LOCAL_MACHINE key contains hardware
information such as bus type, system memory, and
drivers.
 The HKEY_CLASSES_ROOT key contains OLE (Object
Linking and Embedding) data as well as file association
data.
 The HKEY_CURRENT_USER key contains profile
information for the currently logged in user. This includes
desktop settings, environment variables, and application
preferences.
 The HKEY_CURRENT_CONFIG key contains system and
software configuration information specific to a session.
APL355
TYPES OF USER ACCOUNTS
 An administrator account has privileges to the entire
operating system and applications. This account is created
during the operating system installation.
 A guest account is a limited access default account created
when a Windows operating system is installed. This account
can be used by guests who do not have an account on the
system. By default, this account is disabled.
 The LocalSystem account is a non-interactive account that
is unrestricted in terms of making changes to the system
configuration and file system.
 The LocalService account is a non-interactive account that
is limited to run services that cannot make system-wide
changes.
APL355
USER ACCOUNT CONTROL (UAC)
 When changes are made to Windows
settings, user account control can help to
prevent any unintended changes by
prompting the user.
 By default, user account control is turned
on and can be accessed through the user
management control panel window.
APL355
USING WINDOWS EXPLORER
 Explorer is a Windows utility that
is used for browsing resources.
By viewing local resources within
Windows file explorer, files and
folders can be viewed and
manipulated.
 Entering an Internet URL within
Windows file explorer will launch
the system’s default web browser.
APL355
FILES
 Every file has the following attributes:
• A filename – The actual name of the file on the storage media.
• An extension or file format – To establish what type of file it is and therefore what
program should open it.
• Directories and Subdirectories – Containers that specify where the file is located
APL355
HIDDEN FILES AND FOLDERS
 Hidden files are a way to keep users from
deleting or manipulating important system
files.
 Folders or files can be marked as hidden
and therefore they adopt the “H” attribute.
 This can be done within the GUI under
properties or on the command line.
 Folder options can also toggle showing
hidden, files, folders and drives for the user.
APL355