Topic 1: Windows Features, Tools, Utilities & Settings APL 355 APL355 BOOT TYPES A Solid-State Drive (SSD) or Hard Disk Drive (HDD) are storage devices that use solid-state flash memory and magnetic components respectively. A Universal Serial Bus (USB) port can be used as a boot device when a USB flash drive is inserted. An optical drive uses optical media such as CDs (Compact Discs) and DVDs (Digital Versatile Disc). A Preboot Execution Environment (PXE) is an industry standard client/server network boot interface. It allows a system to be booted remotely for configuration purposes. APL355 64-BIT VS 32-BIT OPERATING SYSTEMS In order to run a 64-bit operating system, you need a CPU that is capable of running a 64-bit version of Windows. 64-bit software is also needed to utilize the additional hardware. 64-bit versions of Windows also need 64-bit drivers. A 64-bit version of Windows can natively run 32-bit applications, and does so in “emulator” mode. The emulator tricks the application into thinking it’s running on a 32-bit system. APL355 TYPES OF INSTALLS An unattended install is an install method that is automated with an answer file that contains answers related to particular setup questions. A repair installation is a recommended option for a problematic system. A repair installation will look at the currently installed operating system and repair that installation. A clean install is a recommended option for a new or problematic system. A clean install is not necessarily an unattended install. A remote installation is performed with a network boot. The operating system is located on a server and installed remotely. APL355 TYPES OF MEDIA FOR INSTALLATION A recovery partiton is a special partition on a PC system's hard drive that contains the original factory software, including the operating system and preinstalled device drivers. Booting from the recovery partition initiates an out of the box installation. An official media download may not include any specific software that came with the system or any preinstalled drivers. It would also be time consuming and then required to be placed onto bootable media to be used as an installation source. A retail purchase of an operating system would not include any specific software that came with the system or any special preinstalled drivers. An OEM (Original Equipment Manufacturer) license is only a license to use software that came with the computer. It is not installation media. APL355 WINDOWS FOLDER STRUCTURE Windows is typically installed on the C: drive of a computer system. This is called the “root”. The Windows\System32 folder is the location for Windows operating system files. Each user on the computer system has a folder located in the root under the “Users” folder, which contains all of their files, such as Desktop, Documents, Favourites, Music, Videos etc. Windows applications usually create configuration data for each user on a system. Often the AppData folder is used, and each user would have their own within their user folder. Software applications are installed in either the Program Files or the Program Files (x86) folders. APL355 WINDOWS SYSTEM FILES Windows system files are files that have the system attribute turned on. (And are usually hidden) This allows Windows to protect system files from deletion, as they are generally crucial to the operating system or programs. A DLL file is a file type within Windows that contains shared code. DLL files can accessed by the operating system and numerous applications to perform particular functions. An EXE and MSI files are executable. They are generally used to install programs. APL355 COMPATIBILITY MODE Compatibility mode refers to a method of launching a Windows application as if it were running on an older operating system. This is done for compatibility purposes of using legacy software applications. APL355 BRANCH CACHE BranchCache is an optimization technology from Microsoft that can cache server based files on remote machines for quick and easy access. Limited version available on Windows 10 Pro and full version on Enterprise It works in 2 different modes: • Distributed: allows clients to request cached content from one another • Hosted: centralizes the cache on a BranchCache server APL355 ENCRYPTION BitLocker is a security mechanism that protects computer hard drives by encrypting the drive’s data. A TPM (Trusted Platform Module) chip is required for BitLocker to work. When a hardware change is detected, BitLocker prompts for authorization to access the drive. Encrypting File System (EFS) is used to encrypt certain files in certain folders and not the entire drive. EFS does not rely on hardware to do the encryption as BitLocker does with a TPM (Trusted Platform Module) chip. EFS is not supported on Windows 10 Home. APL355 DISK MANAGEMENT • We use the Disk Management utility to manage our storage within Windows. • However, when performing a clean install of Windows (or virtualized install), we use the tool in the Windows installer to format and partition our disk. APL355 HARD DRIVE FORMATTING AND INITIALIZATION When installing a new hard disk into a Windows system, it needs to be initialized. By right-clicking the disk in disk management the drive can be initialized. When installing a “foreign” dynamic type hard disk into a Windows system that was removed from another Windows system, it needs to first be imported. Before initializing or importing, the disk is not ready for use and would not yet appear in explorer. APL355 DISK PARTITION STRUCTURE There are two types of partition structure: • Master Boot Record (MBR) type partitions have limitations of disk sizes up to 2TB and four primary partitions. They are still widely used today with regular BIOS. • The newer GUID Partition Table (GPT) enables drives greater than 2TB and up to 128 primary partitions. Typically used by UEFI. • We make this selection when “initializing” our disk. APL355 EXTENDED PARTITIONS When using MBR-style (Master Boot Record) partitions, up to four primary partitions can be created. Only one of those partitions may be marked as active. All primary partitions are bootable. There is a limitation of one extended partition. In that case only three primary partitions could be created, with the fourth being an extended partition. An extended partition is divided into segments known as logical drives. An extended partition is not formatted like a primary partition and the logical drives within can hold an operating system but are not bootable as there is no boot sector available. APL355 CHANGING PARTITIONS Creating a partition is the process of taking a section of a disk from available unused space to be used as a disk volume. Splitting a volume would create a new second volume. Splitting would involve the steps of first shrinking the existing volume and then partitioning new space for a second volume. Shrinking a volume is the process of taking a volume that has available space and reducing its size. This leaves the resulting free space to be used as another volume. Shrinking a volume may be restricted due to files that cannot be moved on the disk. Extending a volume is the process of using available unused space and adding it to an existing volume. APL355 BASIC AND DYNAMIC DISKS Basic disk types are the default disk types in Windows and are supported in Windows 10 Home edition. Basic disks can be partitioned, but they cannot span multiple volumes like a dynamic disk (for software RAID). Dynamic disks are not supported in Windows 10 Home edition. A dynamic disk can be used to create a volume that spans multiple disks and can be used in a software RAID configuration. APL355 ASSIGNING A DRIVE LETTER A healthy NTFS (New Technology File System) volume can be assigned a drive letter in Windows. Generally, the C: drive contains the operating system, but that can be changed if desired. APL355 MOUNTING A VOLUME A mount point is a Windows feature in disk management that allows a volume to be mounted at a point in the system folder structure rather than as a disk with a drive letter. For example, a mount point for a disk volume could be the My Documents folder which could be mapped to E:\ APL355 FORMATTING DISK Formatting a disk prepares a disk for use with a file system type. A full format not only clears the disk of any data and sets the file system type, but it also checks the disk for bad sectors. A quick format only clears the disk of any data and sets the file system type. APL355 FILE SYSTEMS NTFS (New Technology File System) is a file system developed by Microsoft for use with Windows systems. It provides 64-bit addressing, compression, access security, and indexing features. CDFS (CD File System) is a legacy file system used for Compact Disc optical media. UDF (Universal Disk Format) is an updated file system for optical media that supersedes CDFS. exFAT is a 64-bit version of FAT (File Allocation Table). Designed for removable hard drives and flash media, exFAT supports large volumes and large file sizes. exFAT supports access permissions but not compression or encryption. FAT32 (File Allocation Table) is a file system created as an improvement over FAT16, such as larger volumes. The maximum file size is 4GB minus 1 byte. APL355 REPAIR AND RECOVERY A factory recovery partition is a special partition that is created by the manufacturer of the system. This partition is used to reinstall the system. To repair a Windows 7/8/10 installation, booting from the installation disk is required. As the installation media is likely on optical media, an optical drive would be the best choice. A bootable flash drive would also work in this scenario. APL355 TYPES OF WINDOWS RECOVERY A system refresh is where Windows is reinstalled while keeping certain settings and personal files intact. A system reset is an option that will perform a reinstall to default Windows out of the box settings. A system restore is an option to roll back any changes to a specific point in time. System restore points can be created manually or automatically. Windows backup allows a user to create a system image of a Windows computer. The backup and restore utility can be found in control panel. APL355 BACKUP TYPES A full backup is used to backup an entire system’s data. A good backup strategy would include one full back up at the beginning of the week, and one incremental or differential performed daily. An incremental backup requires that there is a full backup performed first. An incremental only does a backup of data that has changed since the last backup. A differential backup requires that there is a full backup performed first. An differential only does a backup of data that has changed since the last full backup. An off-site backup is a backup that is held at a location other than the location of the original data. This is done for purposes of safekeeping. APL355 IMAGING OS Image deployment provides a rapid way to install a standardized version of an operating system on one or many target computers. The operating system is first installed and configured with any additional software, security settings, or general user settings on a reference computer. A disk dump creates a full image of a disk. This utility makes a bit-by-bit image regardless of the file system in use. APL355 VIRTUAL MEMORY Virtual memory improves a system’s performance by using an area of a hard disk as RAM (Random Access Memory). A paging file is used with the virtual memory setting and can be set to a certain size or it can sized by the operating system. This location on the disk is called swapped space. Swap space size can be adjusted in system properties. If swap space is low, PC performance can be impacted. APL355 ADMINISTRATION SHORTCUTS Pressing WINDOWS+X or right-clicking the Start button shows a shortcut menu including Control Panel, Windows Settings, and File Explorer but also management utilities such as Device Manager, Computer Management, Command Prompt, and Windows PowerShell. APL355 APPLICATIONS, SERVICES AND PROCESSES Both applications and services are considered “processes”. Applications are meant to interact with a single user Services work across the system, but don't interact with users directly. A service is usually a background application that runs when windows starts up. A service can be disabled, automatic, automatic (delayed start), or manual. A manual start means the service would need to be started by the user. There is no manual (delayed start) type. APL355 TASK MANAGER The processes tab displays a list of processes with the corresponding CPU utilization, memory usage, and disk usage for each. (Including apps and background processes) The performance tab displays an overview of the system’s physical memory, kernel memory, CPU usage, and a system summary of threads, handles, and processes. The services tab displays a list of services and the corresponding PID (process ID). Services can be started and stopped from this display. Other tabs include app history, startup (to select which processes will start with Windows), Users and Details of all processes/apps. APL355 MSCONFIG The general tab contains diagnostic startup options. The boot tab contains the option to boot into safe mode, to choose a no GUI (Graphical User Interface) boot, etc. The startup tab contains the option to view the task manager to selectively disable unused startup items. The tools tab contains system components that can be used to modify certain areas of the system’s behavior. The services contains the option to view a list of services and the option to selectively enable/disable them quickly. APL355 PERFORMANCE MONITOR Performance monitor is a Windows utility that is used to view system performance data in real time or from a log file. Data collector sets are used as a basis for gathering information for analysis. APL355 WINDOWS MEMORY DIAGNOSTICS Windows memory diagnostics is a Windows utility that can scan system memory for issues. This utility has the option to set a scan the next time the system reboots or to immediately reboot and begin the scan. APL355 DIRECTX Microsoft DirectX is a collection of application programming interfaces (APIs) for handling tasks related to multimedia, especially game programming and video, on Microsoft platforms The Dxdiag (DirectX Diagnostic Tool) utility is used to view graphics and audio related hardware and settings. The Dxdiag tool was introduced with Windows 98 Second Edition and systems with DirectX version 6.0 or later. APL355 COMPUTER MANAGEMENT Computer management is a utility within Windows that is used to view event logs, manage and edit disk storage, folder shares, local users, and more. It is not used to view network properties or settings. APL355 EVENT VIEWER The application event log will log any events that are considered as application issues. The failure to start an application is an example of an application event that would be logged. The security event log will log any events that are considered as security issues. An invalid login attempt is an example of a security event that would be logged. The system event log will log any events that are considered as operating system issues. Failure to access a hardware device such as a drive would be logged in the system log. APL355 TASK SCHEDULER Task scheduler is used to schedule tasks, such as running a program or a script. With task scheduler, a schedule is created to perform the task with options such as which user account to use and if the task can run when a user is not logged onto the system. APL355 MICROSOFT MANAGEMENT CONSOLE The MMC (Microsoft management console) command is a utility that is used for administrative console tools. By using mmc, custom consoles can be created by adding tools and then saved for later use. APL355 GROUP POLICIES Group Policy is a Windows feature that contains a variety of advanced settings, particularly for network administrators. A local Group Policy can also be used to adjust settings on a single computer. Group Policy isn’t designed for home users, so it’s only available on Professional, Ultimate, and Enterprise versions of Windows. Gpresult is a command line utility that is used to display the results of applied group policies. Gpupdate is a command line utility that is used to immediately apply group policy settings to a computer. APL355 THE REGISTRY The Windows registry is structured as a set of five root keys that contain databases. The HKEY_LOCAL_MACHINE key contains hardware information such as bus type, system memory, and drivers. The HKEY_CLASSES_ROOT key contains OLE (Object Linking and Embedding) data as well as file association data. The HKEY_CURRENT_USER key contains profile information for the currently logged in user. This includes desktop settings, environment variables, and application preferences. The HKEY_CURRENT_CONFIG key contains system and software configuration information specific to a session. APL355 TYPES OF USER ACCOUNTS An administrator account has privileges to the entire operating system and applications. This account is created during the operating system installation. A guest account is a limited access default account created when a Windows operating system is installed. This account can be used by guests who do not have an account on the system. By default, this account is disabled. The LocalSystem account is a non-interactive account that is unrestricted in terms of making changes to the system configuration and file system. The LocalService account is a non-interactive account that is limited to run services that cannot make system-wide changes. APL355 USER ACCOUNT CONTROL (UAC) When changes are made to Windows settings, user account control can help to prevent any unintended changes by prompting the user. By default, user account control is turned on and can be accessed through the user management control panel window. APL355 USING WINDOWS EXPLORER Explorer is a Windows utility that is used for browsing resources. By viewing local resources within Windows file explorer, files and folders can be viewed and manipulated. Entering an Internet URL within Windows file explorer will launch the system’s default web browser. APL355 FILES Every file has the following attributes: • A filename – The actual name of the file on the storage media. • An extension or file format – To establish what type of file it is and therefore what program should open it. • Directories and Subdirectories – Containers that specify where the file is located APL355 HIDDEN FILES AND FOLDERS Hidden files are a way to keep users from deleting or manipulating important system files. Folders or files can be marked as hidden and therefore they adopt the “H” attribute. This can be done within the GUI under properties or on the command line. Folder options can also toggle showing hidden, files, folders and drives for the user. APL355