what is microsoft windows basics.
What is the registry
Instead of a bunch of text files, it is a common storage area which is a database. Everything that is Windows is inside the registry. Any time you do something, you are updating the registry.
Access the registry- Start search-> REGEDIT or REGEDT32
5 root keys
HKEY_CLASSES_ROOT- which is everything that is your computer, files and data structure and etc.
HKEY_CURRENT_USER is all the information about the current user, from screensaver to background and etc.
HKEY_LOCAL_MACHINE- Information about the particular computer, the software, hardware, security.
HKEY_USERS- list of accounts on the computer
HKEY_CURRENT_CONFIG- current setup of the system
Before you make changes to the registry, ensure you make a backup. Export the piece of the registry that you want to edit. Right click on merge to bring back the original settings.
HKEY_LOCAL_MACHINE -> software -> microsoft -> windows -> current version -> run, which is the standard place for auto starting programs and run once
The boot process
Winload.exe has the job of getting windows started. Booting is to “pull yourself up from your own bootstraps.”
Your BIOS has your boot device orders.
Disk management to see system reserve folder, which is microsoft’s preferred way to get things booted.
System reserve partition is used booting, partition, backups, etc.
Bootmgr has the job to find winload.exe
BCD is boot configuration data and has the job to store information stating it found the winload.exe file
EZBCD is a 3rd party tool used to look at data from the winload.exe file.
Neogrub is a bootloader for Linux.
UEFI is an operating system with its own executables, when running on Windows you will see a few subtle changes. Winload.efi is ran under UEFI.
BCDEdit- command that shows us our BCD information
Windows system with a small hard drive or installing on a drive that is already partitioned, then you may not have a system reserve partition. Don’t be alarmed, Windows can boot without one.
Everything in your computer is a process.
Applications are things that we see and interact with and hidden programs that run in the background are Services that are long running.
Dealing with Processes
Task manager- go to when you have any process problems. Control + shift + escape or control + alt + delete and select task manager to bring up task manager or find through search. Everything in your computer is a process. To kill a process you right click and end process. End process tree will close every process associated with a certain process.
Tasklist is a command that will show you all your processes from a command prompt. Tlist is obsolete. PID is a process identifier, windows uses it to keep track of processes. Memory usage is big issue with processes. Run task manager or task list to see what processes take up the most memory in your system.
Dealing with processes are seeing what takes up the most memory and how to kill a process. Windows XP is not forgiving, Windows 7 and Vista is more forgiving on killing processes.
Task manager to turn services on and off.
Services control panel can show services in more depth. Access by command line, services.nsc command. You can change the startup type to different settings within each service.
Windows 8 Task Manager
New tabs such as performance which is a one stops shop look place to see how your system is performing. CPU, memory, disk and network usage can be shown in performance oriented graphs.
Application history shows CPU time and network usage over time. Startup apps will also show up in task manager. User activity tab will show on a per user basis who is accessing the system. The details tab still provides an old school view of task manager. Services tab can start or stop a services instead of services.nsc
Go to resource monitor to see how much of the CPU or RAM an application is using. Overview, CPU, Memory and Disk tabs show you how much resources a certain application or process is using.
Introduction to Users and Groups
Methodology that allows certain access and permissions to files. User account that can get you into the computer is called authentication.
NTFS is a file system been around for 20 years and designed to show how we can access the resources of our computer. Authentication provides us access into a computer and Authorization provides what we can do on a folder to folder basis.
User Accounts have a user name and a password and is stored in the registry. You can set NTFS permissions for each account or you can instead assign permissions to Groups. Groups are much easier to use compared to setting permissions for each user.
Included Windows Groups- Administrators, power users, users, guest, home users
Creating Users in Windows 7
Control panel -> user accounts -> manage another account -> create a new account
Managing Users in Windows 8
Control panel -> user accounts -> only standard and administrator user options
Primary tool to manage users on Windows- Administrative tools -> computer management -> local users and groups
Sharing Folders and Files
Setting up sharing on a single system without networks involved. Read and Execute is NTFS permission for executable files. Read is only for data files.
Create users -> place users in groups -> give NTFS permissions to groups -> set up permission per folder basis.
Right click on folder -> Security tab -> add group -> apply
NTFS Permissions for Folder
Full control- full permission
Modify- read, write and delete subfolders
Read/execute- see contents and run programs
List folder contents- See contents of folders and subfolders
Read- view contents and open data files
Write- write to files and create new files and folders
NTFS Permissions for File
Full control- full permission
Modify- read, write and delete the file
Read/execute- open and run the file
Read- open the file
Write- open and write to the file
Inheritance works if you have a folder that has a certain set of permissions and anything new created within the folder will also adopt that folders permissions.
Deny stops the inheritance for certain permissions. It typically shows that you haven’t set up the proper permissions.
When you copy files into a thumb drive, the permissions are removed.
Copy to another partition- original retains permissions, copy loses permissions
Move from one partition to another- original is gone, copy loses permissions
Copy within partition- original retains permissions, copy loses permissions
Move within a partition- original is gone, moved object retains permissions
You can fully automate system maintenance. Most operating systems have system maintenance automated, although you should manually deal with autostarting programs.
Windows Update – found in control panel, check for important updates. You can hide or check the details of an update by right clicking. Microsoft recommends automatic updates. Update history shows previous updates done. Ensure that the client wants patch management and updates before executing.
Autostarting Programs in Windows
MSCONFIG.EXE command brings up your system configuration utility used to see startup programs. You can disable a program from autostarting. In Windows 8, 8.1 and 10, use task manager for autostarting programs instead of msconfig.exe.
Autoruns is a program that shows every place that you have an autostarting program. You can disable them as easy as msconfig.exe.
Meeting the MMC or Microsoft Management Console
Type MMC on Start -> You can add programs to selected snap ins. You can switch between programs and save it to the desktop for an incredible shortcut. You can also access by the Start search by each programs “.msc” name.
MSC Tool Shortcuts (Access by Start search)
Disk Management -> diskmgmt.msc
Performance monitor -> perfmon.msc
Services -> services.msc
Local Users and Groups -> lusrmgr.msc
Local Security Policy -> secpol.msc
Local Group Policy -> gpedit.msc
Installing and uninstalling programs
(Windows 8.1) Control Panel -> Programs and features -> right click the application and click uninstall
Windows Features On and Off are built in features such as Internet Information Services and PowerShell
Windows System Restore
Takes your system, makes a backup copy that allows you to go back in time to get to a previous backup.
(Windows 8.1) System -> System Protection -> Turn System Restore On or Off. It is drive specific. Volume Shadow Copy is stored in system volume information and works on a block level and you should not try to get into the system volume information folder. Volume Shadow Copy helps make System Restore. Windows will make restore points automatically as a scheduled task or you can make a restore point manually.
Windows Vista Backup – Control panel -> backup and restore center
Backup files – only backs up personal user folders such as documents, not Windows or applications
Back up computer creates a system image or block level copy on your C drive, that has everything. Windows want you to place it on a separate drive. A system image works with Windows Recovery to restore a system.
Windows 7 Backup- Control panel -> backup and restore center
Set backup on optical media or network, but you will need to backup Windows still.
Windows 8.1 backup- Backup and restore center was replaced by File History, places backup on a separate drive. You can still create a system image.
Windows 10- brought backup and restore center back