Domain 1.0 - Windows Operating Systems
Windows Update
* Control Panel: •Use System and Security to configure Windows Update, manage Power Options, configure File History, configure Backup and Restore, configure Storage Spaces, and use Administrative Tools. * There are two types of Windows updates: - Hotfix: A hotfix is an operating system patch that fixes bugs and other vulnerabilities in the software. • Hotfixes may be released on a regular basis as fixes are created. • For the highest level of security, apply hotfixes as they are released (after you use a test computer to verify that the hotfix will not cause additional problems). • Microsoft identifies each hotfix by a number. This number also identifies a Knowledge Base (KB) article that describes the issues addressed by the hotfix. - Service pack (SP): A service pack (SP) is a collection of hotfixes and other system enhancements. • A service pack includes all hotfixes released to that time. If you install the service pack, you do not need to install individual hotfixes. Installing a service pack also includes all previous service packs. • Service packs might include additional functionality beyond simple bug fixes. * Windows Update is a feature of the Windows operating system that helps you keep your computer up to date. • By default, Windows automatically checks for updates, downloads them, and installs them during the automatic maintenance window (which is 2:00 AM by default). • Updates are classified as Important, Recommended, and Optional. By default, Important and Recommended updates are installed automatically. • Windows Update can install both hotfixes and service packs. For example, after installing a new version of Windows, Windows Update will download and install the latest service pack. • Windows Update includes updates for the following: o Windows operating system and utilities o Drivers that have passed Microsoft certification and that are made available through Windows Update • You can turn off automatic downloading or installation of updates. For example, on Windows 7 and Windows 8 you can configure your computer to: o Not check for updates (you can manually check for updates at any time) o Notify you of updates, but require your permission to download or install them o Download updates, but ask your permission to install them • You can view a list of installed updates and remove any updates. • For additional updates, you can use Microsoft Update in conjunction with Windows Update. Microsoft Update includes updates for Microsoft applications, such as Office applications. • Non-Microsoft applications and many drivers are not updated through Windows Update. • To manually check for updates for applications or drivers, go to the manufacturer's website. • Many applications include a feature that automatically checks the manufacturer's website periodically for updates. These programs typically ask your permission to install updates. • Hardware devices, such as the BIOS or many networking devices, store code in a special hardware ROM chip. This software is referred to as firmware. Updates are done by flashing (replacing or updating) the code stored on the chip. o Always follow the instructions when performing firmware updates. o Many updates are performed through a browser; some updates can only be performed by booting to special startup disks while outside of Windows. o Turning off the device or interrupting the update process could permanently damage the device. • Both hotfixes and service packs are specific to an operating system version. For example, a hotfix for Windows 8 will not work on Windows 10. However, a hotfix for Windows 10 Home will typically also apply to Windows 10 Professional. • In a business environment, it is wise to test updates in an isolated lab environment (called a sandbox) before rolling them out to production systems. * Complete the following tasks following a successful installation of Windows: • Edit the BIOS/UEFI settings to boot from the hard drive first. This prevents the system from accidently booting from the optical drive or the USB drive. • Update device drivers for unrecognized devices. During installation, drivers for many devices are installed from drivers on the installation disc. However, Windows may not include device drivers for all the hardware in the system. Use Device Manager to verify the status of all hardware devices. If necessary, manually download and install drivers for any unknown devices. • Configure Windows Update and download the latest updates. This may take some time to complete, so plan according in your deployment plan. • When Windows clients are installed into a Windows domain, verify that they are in the right time zone and are configured to get time from the correct time provider. Use the w32tm command line utility as follows: o w32tm /tz returns the current time zone settings on the client. o w32tm /query /source returns the time source being used by the Windows Time service on the client. o w32tm /query /status returns the status of the Windows Time service on the client. o w32tm /? displays command line help for other w32tm parameters that can be used for configuring, monitoring, and troubleshooting the Windows Time service on the client. • After installation, you must activate your copy of Windows. Activation does not send personal information to Microsoft (it isn't the same as registration). Some things to remember about activation are: o During activation, the product ID, hardware hash, and the product keys are verified through Microsoft. o You can activate over the Internet. The system will warn you if your activation is about to expire. o If you reinstall Windows, it will need to be activated again. o As a best practice, consider not activating Windows until you are sure the system is stable. This allows you to use the system for several days without activation, letting you reinstall if necessary. o A significant hardware change, such as upgrading your motherboard, may require Windows to be reactivated. If this is the case, you might need to contact Microsoft to get a reactivation key. • Configure the Windows Firewall and install anti-malware software. Be sure to update your anti-malware definition files. • Migrate user configuration settings and data using the following methods: o Use Windows Easy Transfer (WET) to transfer files from the old computer to the new computer. Windows Easy Transfer was introduced in Windows Vista and is included in the Windows 7, Windows 8, and Windows 8.1 operating systems. It is not compatible with Windows 10. You have several options for migrating the data between systems: Connect both computers using an Easy Transfer Cable (a special USB cable). Transfer data using a network connection between the computers. Save data to removable media and then load it on the new computer. o Use the User State Migration Tool (USMT). USMT is commonly used for large-scale migrations, to migrate data to multiple computers, or to have greater control over the migration process. When using USMT: 1. Run ScanState on the existing computer to save user settings and files. 2. Run LoadState on the new computer to move the information to the new computer. Be aware of the following when migrating user settings: If you perform an in-place upgrade installation, user settings and data are automatically retained; you do not need to use these tools to transfer files. But you should verify that all installed applications run correctly. If you perform a new installation on the existing system, run the transfer utility before performing the installation and save the resulting files to removable media or a network location. Following the installation, run the transfer utility to copy the data into the new installation. If you are moving from an old computer to a new computer, you can transfer files directly between the two computers. Migrating user settings and files does not migrate applications on the new computer, nor does it migrate system files such as fonts or drivers. Once the installation is complete, install applications and add other Windows features. Configure system backups and other data protection methods (such as System Protection and File History). * As a PC technician, you should be familiar with the symptoms of a malware infection. Look for the following: • Slow computer performance • Internet connectivity issues • Operating system lock ups • Windows update failures • Renamed system files • Disappearing files • Changed file permissions • Access denied errors
Display/display settings - Resolution - Color depth - Refresh rate
* Issue: Colors not correct / Colors are not smooth Cause: Incorrect colors are often caused by low color depth settings. - A "color palette" is the current list of colors that can be shown on the screen. - "Color shift" occurs when a new image must load a different palette than is currently used. - To correct color shift, increase the "color depth" of the display as follows: [Control Panel\Appearance and Personalization\Display\Change display settings\Advanced settings\ Adapter tab\List All Modes...pick an option from the list.]
System Restore
* System Restore automatically takes snapshots (called restore points) of your system. You can use these restore points to roll back your computer to a specific point-in-time configuration. • Restore points take snapshots of system files, registry settings, program files, and other batch, script, or executable files. Restore points do not protect user data files. • Automatic restore points are created in the background at regular intervals (by default once a day) as well as before configuration changes are made such as installing an application, installing an unsigned driver, or making other system changes. You can also manually create a restore point. • When you restore your system to a restore point, previous settings are restored, while subsequent changes are removed. For example, any applications installed after the restore point are no longer installed. • User data is not modified when restoring to a restore point. You cannot use a restore point to recover user data, and any changes made since a restore point are retained following the restore. • System Restore works only on NTFS partitions. Restore points are automatically saved to the same disk using up to 15% of the available disk space by default. You can customize the amount of disk space used for restore points. • System Restore is enabled automatically on the system hard drive where Windows is installed. * You can use a restore point to revert your system to a previous point in time when it was working properly. When using a restore point: • System changes made since the restore point was taken are undone. Any applications, device drivers, or patches installed since the restore point was taken will be removed when the system is reverted to that restore point. • User data is not affected; any files that have been changed since the restore point was taken will remain unchanged when the system is reverted to that restore point. Start System Restore using one of the following methods: • If the system can boot into Windows, open Control Panel and go to System and Security > System > System Protection > System Restore. • If the system can't boot into Windows, boot the computer from the Windows installation disc and repair the installation. Select Troubleshoot > Advanced Options > System Restore. * If you cannot boot the system into Safe Mode: o Enable boot logging to record a detailed list of drivers that are loading during system startup. Examine the Ntbtlog.txt file and identify the last driver that has loaded successfully. The problem device will be after this device. o Boot the system from the installation disc and use System Restore to revert the system to a recent restore point. * Blue screen or system hang after Windows splash screen is displayed: The most common cause of the errors at this stage are bad drivers or corrupt registry settings. To correct the problem, try the following (in this order): • If the error includes any error codes or messages, check the Microsoft website for troubleshooting information. • Boot the system into Safe Mode. In Safe Mode, rollback drivers, remove drivers, or restore to a restore point. • To identify which driver is causing the problem, enable boot logging, then read the Ntbtlog.txt file to identify the last driver that the system tried to load. • If you cannot boot into Safe Mode, boot into the Recovery Environment and use System Restore to restore to a restore point that was created when the system was working correctly. * A suggested procedure for remediating a system with a malware infection is as follows: 1. Identify the symptoms of the infection. 2. Quarantine the infected system. 3. Disable System Restore in Windows. This prevents the infection from being included in a restore point. 4. Update the antimalware definitions. 5. Scan for and remove the malware. Some malware cannot be removed because it is running. If possible, stop its process from running, then try to remove it. If you are unable to stop the malware's process, try booting into Safe Mode and then run the scanning software to locate and remove the malware. 6. If necessary, schedule future antimalware scans and configure the system to automatically check for signature file updates. 7. Re-enable System Restore and create a new restore point. 8. Educate the end user to prevent future infections. Some malware infections could require that you reinstall applications, features, restore files from a backup, or even restore the entire operating system from scratch. If the infection has damaged or corrupted system files, you might be able to repair the infected files using the sfc.exe command. Before running sfc, be sure to first remove the malware that caused the damage (or it might re-introduce the problem later). You might need to boot into Safe Mode in order to check system file integrity and repair any problems found. Some malware can corrupt the boot block on the hard disk preventing the system from starting. To repair the problem, try performing an automatic repair. Use fixmbr or fixboot in the Recovery Console to try to repair the damage. Alternatively, if your organization uses imaging solutions, you can quickly reimage an infected machine. Reimaging is often faster and more effective than malware removal and cleanup.
Internet Options: - Connections - Security - General - Privacy - Programs - Advanced
* Use Internet Options within Network and Internet to modify your Internet Properties. Use the General tab to modify your browser home page, startup window, tabs, history, and appearance. Use the Security tab to determine your security zone and security level. Use the Privacy tab to manage website privacy and enable and disable pop-ups and InPrivate Browsing. Use the Connections tab to set up Internet connections. Use the Programs tab to manage your default browser, add-ons, and other Internet programs and file associations. Use the Advanced tab to set and reset advanced browser settings. * Internet Explorer automatically detects and uses a proxy server if one is on the network. If the proxy server is not detected, use Internet Options to identify the proxy server IP address and port number.
Device Manager
* Use Device Manager to verify the status of all hardware devices. If necessary, manually download and install drivers for any unknown devices. * Use Device Manager to view installed devices and their status. - To open Device Manager: o Right-click the Start button and click Device Manager. o Click Start and type Device Manager. Click Device Manager. o Press the Windows key + R and type devmgmt.msc. To view all resources used by the computer: o On the file menu in Device Manager, click View > Resources by type (or Resources by connection). o Alternatively, press the Windows key + R, type Msinfo32, and press Enter. If you have installed (connected) a device, but the device is not working properly, {you can use Device Manager to help troubleshoot the issue as follows}: Verify that the device is recognized and enabled in Device Manager. * If the device is not listed in Device Manager, try rescanning for new devices. If that doesn't detect the device, make sure the device is plug and play compatible and that it is correctly connected and turned on. * A yellow question mark identifies a device that Windows could not recognize (no driver was found for the device). To correct this problem, you can right-click the device and search for a suitable driver. In many cases, you will need to download the driver from the manufacturer's website or install the driver from the device's installation disc. * A down arrow identifies a disabled device. To use a disabled device, enable it in Device Manager. * A device with an exclamation mark indicates some kind of problem with the device. The device might be partially working, but has encountered some type of error. Occasionally, installing a new device will lead to system instability, crashes, BSODs, or even the inability to boot the system. If your computer has any of these problems, and if you have recently added a new device or updated a driver, try the following to get the system working again: - If you can boot the system and log on, try the following: o If you had recently updated the driver, roll back the driver to a previous version. o Disable the device in Device Manager. o Physically remove the device, and then uninstall the device in Device Manager to remove the driver from the system. If you uninstall the device without removing it from the system, Windows will detect the device at the next startup and try to reinstall the driver. o Revert the system to a restore point before the device was updated or added. Wired Network Troubleshooting Tool Facts: Verify the network adapter Verify that your computer has detected and properly configured the network adapter card. - To view a list of available network connections: o On Windows 7, Right-click the network icon in the notification area and click Properties. o On Windows 10, Right-click Start, and then click Network Connections. o Verify an Ethernet connection icon exists. - If no Ethernet adapter is found, open Device Manager to make sure the device is detected, the appropriate driver is installed, and the device is enabled. Verify the network adapter: * If the network interface card is detected and configured, you should see an Ethernet or Wi-Fi icon in the Network Connections window. Make sure that the connection is enabled. * If there is no icon, check Device Manager to make sure that the device is detected, has the appropriate drivers, and is enabled. If there is no network device, then the hardware could not be detected. By default, Windows is allowed to control power to all devices that support the feature. You can edit the device properties in Device Manager to prevent Windows from controlling the device. The Wake on LAN (WoL) feature allows a device that receives a special network signal to wake the computer from a sleeping or hibernated state. WoL is often used by desktop administrators to remotely start up computers for management purposes. o By default, devices are not allowed to wake the computer, although they might support this feature. o Edit the device properties in Device Manager to allow a device to wake the computer. o WoL is not recommended for laptop computers, as the computer will periodically come out of standby to check its network state which runs down the battery. Microsoft Management Console (MMC) provides snap-ins for managing Device Manager Use the following recommendations to troubleshoot startup errors with the advanced boot options: *Boot into Safe Mode and then use the appropriate tool to undo any recent changes. For example, you can: o Use Device Manager to roll back drivers or disable devices that might be causing the problem. * OTHER STEPS Device fails to start This message indicates that a hardware device could not be started. Begin by checking Device Manager for information about the device. If necessary, update the driver or disable the device. Complete the following tasks following a successful installation of Windows: Edit the BIOS/UEFI settings to boot from the hard drive first. This prevents the system from accidently booting from the optical drive or the USB drive. Update device drivers for unrecognized devices. During installation, drivers for many devices are installed from drivers on the installation disc. However, Windows may not include device drivers for all the hardware in the system. Use Device Manager to verify the status of all hardware devices. If necessary, manually download and install drivers for any unknown devices. - Configure Windows Update and download the latest updates. This may take some time to complete, so plan according in your deployment plan. - When Windows clients are installed into a Windows domain, verify that they are in the right time zone and are configured to get time from the correct time provider. Use the w32tm command line utility as follows: o w32tm /tz returns the current time zone settings on the client. o w32tm /query /source returns the time source being used by the Windows Time service on the client. o w32tm /query /status returns the status of the Windows Time service on the client. o w32tm /? displays command line help for other w32tm parameters that can be used for configuring, monitoring, and troubleshooting the Windows Time service on the client.
Linux commands covered in Desktop Pro (shell commands)
* pwd Displays the path of the current directory (Present Working Directory) on the screen. * ifconfig Displays the IP address and the subnet mask assigned to this system. * ls Displays a list of files and subdirectories that exist within a directory. Some options commonly used with the ls command include the following: • -a Displays all files, including hidden files. • -l Displays a detailed (long) listing of directory contents including ownership, permissions, modification dates, and file sizes. • -R Displays the contents of the directory as well as all of its subdirectories. * --help Displays a brief summary of how to use the command. * bash Starts a new Bourne-again shell (bash) session. * man Displays the manual page for a command. It's very similar to the help screen, but it provides more detail. Use the Q key to quit and go back to the shell prompt. * info Displays more extensive documentation about the command. Use the Q key to quit and go back to the shell prompt. * cd Changes directories in the file system. For example, to change to the /home directory in the file system, you would enter cd /home at the shell prompt. * cp Copies files and directories from one location in the file system to another. For example, to copy the widget.odt file to the /home/rtracy directory, you would enter cp widget.odt /home/rtracy at the shell prompt. To copy an entire directory structure, include the -R option, which specifies that the directory contents be recursively copied. * mv Moves files and directories from one location in the file system to another. For example, to move the widget.odt file to the /home/rtracy directory, you would enter mv widget.odt /home/rtracy at the shell prompt. * rm Deletes files and directories from the file system. For example, to delete the widget.odt file, you would enter rm widget.odt at the shell prompt. * cat Displays the contents of a text file on the screen. For example, to view the contents of the widget.txt file, you would enter cat widget.txt at the shell prompt. * less Displays the contents of a text file on the screen, pausing the output one screen at a time. For example, to view the contents of the widget.txt file one page at a time, you would enter less widget.txt at the shell prompt. * head Displays the first few lines of a text file on the screen. For example, to view the first lines of the widget.txt file, you would enter head widget.txt at the shell prompt. * tail Displays the last few lines of a text file on the screen. For example, to view the last lines of the widget.txt file, you would enter tail widget.txt at the shell prompt. The -f option can be used with tail to monitor a file for changes. If new content is added to the end of the file (such as a log file), the new lines will be displayed on the screen. * vi Edits the contents of a text file. The vi uses four different operating modes: • Command mode • Command-line mode • Insert mode • Replace mode For example, to edit the contents of the widget.txt file, you would enter vi widget.txt at the shell prompt. You would then press the i key to enter Insert mode and make the necessary changes to the file. When done editing the file, you would press the Esc key to enter Command mode. Then you would press the : key {it's actually :wq} to enter command-line mode where you would enter exit to save your changes and exit the vi editor. * su Allows you to switch user accounts. • su - (su with a space and a hyphen) is used to switch to the root user with the home directory and environment variables assigned to the root user. * shutdown The shutdown command brings the system down or reboots the system in a secure manner. The syntax of the shutdown command is shutdown -h|-r +m message. The options for the shutdown command include: ** +m specifies when to perform the shutdown operation. m is the amount of time is specified in minutes. {Example, < [root@localhost ~]# shutdown ** -h +15 message It is time for a shutdown!>} -h instructs the system to shut down and power down. ** -r instructs the system to reboot after the shutdown. ** -p powers off the machine. ** message specifies a message that is sent to all users that accompanies the standard shutdown notification. touch {Additional commands learned from doing the simulation: • creates a file. Example <touch Rod_File.txt>
• System utilities
- REGEDIT - COMMAND - SERVICES.MSC - MMC - MSTSC - NOTEPAD - EXPLORER - MSINFO32 - DXDIAG - DEFRAG - System restore - Windows Update
Upgrade paths - differences between in-place upgrades, compatibility tools, Windows upgrade OS advisor
????
file structure and paths
????
Services
A service is a program that processes requests from other applications or users. Services can start automatically and stay constantly running in the background, waiting for service requests. Use the Services snap-in to view and manage running services. The service startup behavior determines how the service is started. - When set to Automatic, the service is started automatically by Windows when the system boots. - When set to Manual, the service must be manually started. - When Disabled, the service will not run. Advantages of client-server networks include Centralized services, among others. The Internet is a large, world-wide, public network. The network is public because virtually anyone can connect to it, and users or organizations make services freely available on the Internet. Users and organizations connect to the Internet through an Internet service provider (ISP). The Internet uses a set of communication protocols (TCP/IP) for providing services. Individuals and organizations can make services (such as a website) available to other users on the Internet. In addition to the physical infrastructure, networks are also made up of other networking devices that provide specific services or perform a specific role. File and Print Server - Provides file sharing and print sharing services. File and Print Server - Provides file sharing and print sharing services. Basic VoIP services include Skype or Google Voice. Coaxial cable with F-type connectors for cable Internet services. Coaxial cable is also used for older Ethernet implementations (often called thinnet or thicknet networks). SLP is a protocol that is able to organize and locate various network devices and services, such as printers, shared disk drives, directories, etc. The following table lists various services you can use to connect to the Internet: - Dial-up - Digital Subscriber Line (DSL) - Integrated Services Digital Network (ISDN) - Cable - Cellular - Satellite - Line of sight Because many Internet service providers also provide other services (such as cable TV or telephone), you can often combine services to get Internet access with other services. Wired Network Troubleshooting Tool Facts: If the ping test succeeds, the destination device is working. If you are still having problems, check issues with logon, resource sharing, permissions, or services. Print Services: A single print server services all print queues and print devices. Print Spooling Service: Use the Services snap-in to manage the Print Spooling service. Some of the key features of mobile devices are shown in the following table: * GPS is a space-based navigation system that provides location and time information in all weather conditions, anywhere on or near the Earth where there is an unobstructed line of sight to four or more GPS satellites. Mobile devices use GPS chips in order to calculate the device's location information. This is helpful for things like navigation applications and device location services. * Mobile payment service Mobile payment services operated under financial regulation and are performed using a mobile device. Instead of paying with cash, check, or credit cards, a consumer can use a mobile phone to pay for a wide range of services and digital or hard goods. * Device locator Many smartphones and tablets have a device location feature to locate a lost or stolen device. This feature is usually a proprietary service specific to the device manufacturer; however, there are also third-party apps that offer location services. Unauthorized location tracking occurs when the GPS on the device is being used to track your location without your permission. To protect against this, review the device's security settings and identify which installed apps have access to location services. You can then modify each app's permissions to deny location tracking access. Unauthorized camera/microphone activation is when the device's camera or microphone are being used without the user's permission. This can be caused by a malicious program or individual or it could be caused by an installed application that has been granted permission to use these services. Most mobile devices have an LED or icon that indicates if the camera is being used. If a camera is being used without permission, review the device's security settings and app permission settings. In addition, you can install an antimalware app and run a scan on the device to remove any malicious apps Task Manager Use the Services tab to view a list of services running on the computer. You can use this tab to start and stop a particular service. Use the System Configuration Utility (MSCONFIG) to: Configure startup preferences Customize bootup configuration Turn services on or off, {among other tasks} Command Prompt The Windows Recovery Environment provides a Command Prompt option that you can use to manually diagnose and repair system problems. Boot the system from the Windows installation disc and repair the installation. Select Troubleshoot > Advanced Options > Command Prompt. You can use the Command Prompt option in the Recovery Environment to: - Read boot logs - Enable and disable services - Read and write data to the hard disk drive - Overwrite corrupt or incorrect files (such as repairing a corrupt registry or restoring corrupt operating system files) - Format and partition drives - Repair a corrupted master boot record Service fails to start During or shortly after startup, you might see an error message stating that a service has failed to start. Check the Event Viewer for additional information about which service failed to start and the reason why it did not load. Try using the Services console or the NET START command to manually start the service. If the service is not required, you can change its startup type to Manual in the Services console to prevent it from trying to load during startup. If the service is necessary, use the Services console to make sure that any dependent services are configured to start and have started successfully. Verify that the service is configured with a valid user account and that the password has not changed. If an account other than the Local System account is used, make sure that the service is configured with the correct password (when you change the user account password, you must also change the password configured by the services that use that account). Enable Safe Mode When a computer boots in Safe Mode, only essential drivers and services are loaded (e.g., generic mouse, monitor, base storage device, keyboard, video drivers, and the Event Log service). This allows you to troubleshoot misbehaving applications, services, and drivers. Use the following recommendations to troubleshoot startup errors with the advanced boot options: * Boot into Safe Mode and then use the appropriate tool to undo any recent changes. For example, you can: - Use Device Manager to roll back drivers or disable devices that might be causing the problem. - Use Add or Remove Programs to uninstall software that has just been added. - Restore any settings that may have changed. - Disable unneeded services or applications that load at startup. - Use System Restore to restore the system to a known good restore point. * After booting into Safe Mode, begin by undoing the most recent change to the system. For example, if the problem started after you installed a new device driver, roll back the driver and reboot. * If undoing recent changes does not fix the problem, you could disable all unnecessary devices and services. If you can boot normally, you can identify which component was causing the problem by enabling devices and services one-by-one until the system becomes unstable. Cloud computing is a combination of software, data access, computation, and storage services provided to clients through the Internet. Hybrid cloud A hybrid cloud is a combination of public, private, and community cloud resources from different service providers. The goal behind a hybrid cloud is to expand the functionality of a given cloud service by integrating it with other cloud services. The advantages of cloud computing are: Flexibility of access * Rapid elasticity or scalable provisioning. Rapid elasticity is the ability to provide scalable services. In other words, rapid elasticity allows users to automatically request additional space in the cloud or other types of services. * Measured service. Measured service are services where the cloud provider measures or monitors the provision of services for various reasons, including billing, effective use of resources, or overall predictive planning. * Resource pooling. Resource pooling allows providers to serve multiple clients and customers with provisional and scalable services. These services can be adjusted to each client's needs without any changes being apparent to the client or end user. Through modern scalable systems involved in cloud computing and software as a service (SaaS), providers can create a sense of infinite or immediately available resources by controlling resource adjustments at a meta level. This allows customers to change their levels of service without being subject to any of the limitations of physical or virtual resources. * On-demand computing (ODC). ODC or metering of services is defined as "pay and use" computing power. ODC allows resources to be provided on an as-needed and when-needed basis. Computer Tracking Service If you are concerned about stolen devices being used to view confidential data, you can sign up for a computer tracking service. These services can help locate stolen devices, or take other actions such as deleting data or disabling the device. Most services use the IP address or a wireless signal to locate the device. The device must connect to the Internet to be located. Common symptoms of malware on your system include {among many others}: Unusual applications or services are running. When implementing network services, do not use protocols such as FTP or Telnet that pass logon credentials and data in clear text. Instead, use a secure alternative such as FTP-S or SSH. All-in-one devices create a single point of failure. Because so many services are hosted by a single device, then all of the services are affected if that device goes down.
Windows compatibility
Because some applications use elements that are specific to a certain version of an operating system, you may run into problems when trying to use these same programs on newer operating systems. Windows Compatibility Mode is designed to correct this problem by creating an environment that emulates the operating system for which the application was originally intended. In compatibility mode, you choose a target operating system (such as Windows Vista). When the application runs, it appears as if the application is running on the target operating system. To configure Compatibility Mode for an application, edit the properties of its shortcut or executable file. On the Compatibility tab, configure the following as appropriate: • Operating system compatibility mode • Reduced color mode • Run in 640x480 screen resolution • Disable display scaling on high DPI settings • Run the program as an administrator If you're not sure which settings to use, you can run the Compatibility Troubleshooter from the Compatibility tab. This utility will probe the application and automatically determine the correct compatibility settings. Windows 7 Enterprise and Ultimate editions also provide Windows XP Mode. This feature is not included with the operating system and must be downloaded separately. Windows XP Mode provides a Windows Virtual PC containing a pre-installed copy of Windows XP Professional. You can use this virtual machine to run older applications that don't run correctly on Windows 7. The applications running within the virtual environment are accessed using the Remote Desktop Protocol and thus appear to be running on the Windows 7 host operating system itself. • Applications with insufficient permissions might not run, or they might run but not function correctly (or some features might not be available). If this happens, you can run the application: o In compatibility mode. You can mark the Run this program as an administrator option on the Compatibility tab to automatically elevate privileges when the application is run. o As administrator. To do this, right-click the application shortcut or executable file and choose Run as administrator Note: Windows Vista introduced the following features and updates:
Disk Defragmenter
Disk Defragmenter optimizes the performance of your hard drive by joining fragments of files that are in different locations on your hard drive into a single location. • Some files, such as certain system files, cannot be moved. • To improve defragmentation, disable programs that run in the background like screensavers and virus software. Any disk access while Disk Defragmenter is running (whether to read from or write to the disk) will slow down the defragmentation process. • The more information that is on the drive, the more time it will take to defragment the drive. * Several things can help increase the performance of a slow HDD: • Keep the disk defragmented. A heavily fragmented disk can run quite slowly. You'll need ample free space to fully defragment the drive. * Defragmentation = On an SSD storage device, fragmentation is much less of an issue than it is for standard hard disk drives. File systems such as NTFS still fragment files when writing them to the drive in order to optimize storage space. However, an SSD storage device doesn't have read-write heads and no repositioning must occur to read heavily fragmented files. As a result, fragmented files can be read as quickly as contiguous files. When working with SSD drives, you should not defragment them as you do standard hard disk drives. This is because SSDs wear out over time. Each cell in a flash memory bank has a finite lifetime and can only be written to and erased a certain number of times before it fails. Running defragmentation utilities cause unnecessary write/erase operations to occur. Use Security and Maintenance in Control Panel to disable automatic disk defragmentation on SSD storage devices.
DirectX Diagnostic Tool (DxDiag)
DxDiag is a tool that shows information related to DirectX operation. DirectX is a set of programming interfaces for multimedia (video and audio). DxDiag displays information such as: • Operating system version • Processor and memory information • DirectX version • Settings and drivers used by display devices • Audio drivers • Input devices (mouse, keyboard, USB)
Firewall with Advanced Security
Everyday configuration tasks for the Windows Firewall are completed using the Windows Firewall applet in Control Panel. However, advanced firewall configuration tasks can be performed using an MMC snap-in called Windows Firewall with Advanced Security. Windows Firewall with Advanced Security supports a more granular firewall configuration than can be created using the Windows Firewall applet in Control Panel. For example, it can filter traffic based on parameters such as: • Source IP address • Destination IP address • Port number • ICMP protocol
Easy Transfer
Following installation, you will need to reinstall all applications and configure user settings. If desired, you can migrate user settings and data from an existing Windows system to the new installation. This can be done using two utilities: o Use Windows Easy Transfer to transfer all user settings and data from the old installation to the new installation. o Use the User State Migration Tool (USMT) when multiple systems need to be migrated at the same time on a large network. • Migrate user configuration settings and data using the following methods: o Use Windows Easy Transfer (WET) to transfer files from the old computer to the new computer. Windows Easy Transfer was introduced in Windows Vista and is included in the Windows 7, Windows 8, and Windows 8.1 operating systems. It is not compatible with Windows 10. You have several options for migrating the data between systems: Connect both computers using an Easy Transfer Cable (a special USB cable). Transfer data using a network connection between the computers. Save data to removable media and then load it on the new computer. o Use the User State Migration Tool (USMT). USMT is commonly used for large-scale migrations, to migrate data to multiple computers, or to have greater control over the migration process. When using USMT: 1. Run ScanState on the existing computer to save user settings and files. 2. Run LoadState on the new computer to move the information to the new computer.
SFC
If an error message indicates that an operating system DLL file is corrupt or missing, do one of the following: * Manually copy a known-good copy of the DLL back into the appropriate location in the file system. * Restore the system to a prior restore point. * Run the system file checker utility from the command prompt. The command is sfc /scannow. This utility scans all system files and replaces missing, corrupt, or incorrect versions of these files. Corrupt or missing DLL or system file: If you see errors about corrupt or missing DLLs or system files, either during startup or after Windows starts, boot the system from the installation disc and repair the system. Select Troubleshoot > Advanced Options > Startup Repair. Alternatively, you can select the Command Prompt option and then use the sfc command to run the System File Checker utility. The syntax to use with sfc is as follows: * Use sfc /scannow to scan the integrity of all protected system files and repair any file that has problems. * Use sfc /verifyonly to scan the integrity of all protected system files, but not repair them. * Use sfc /scanfile to scan the integrity of a specific file and repair it if it has problems. * Use sfc /verifyfile to scan the integrity of a specific file, but not repair it. Some malware infections could require that you reinstall applications, features, restore files from a backup, or even restore the entire operating system from scratch. If the infection has damaged or corrupted system files, you might be able to repair the infected files using the sfc.exe command. Before running sfc, be sure to first remove the malware that caused the damage (or it might re-introduce the problem later). You might need to boot into Safe Mode in order to check system file integrity and repair any problems found. If an error message indicates that an operating system DLL file is corrupt or missing, do one of the following: * Manually copy a known-good copy of the DLL back into the appropriate location in the file system. * Restore the system to a prior restore point. * Run the system file checker utility from the command prompt. The command is sfc /scannow. This utility scans all system files and replaces missing, corrupt, or incorrect versions of these files.
Split Screen the same app on both sides. (Side-by-side apps?)
Is it possible to run the same app in both sides of the split screen? For example, I want to run OneNote on both sides of the screen with two different notebooks open. https://answers.microsoft.com/en-us/windows/forum/windows8_1-desktop/split-screen-the-same-app-on-both-sides/d915c3e3-0baa-476e-ae99-e033b7e7838d
Component Services
Microsoft Management Console (MMC) provides snap-ins for managing Component Services. To open a blank console, type mmc in the Run box. You can then add snap-ins to work with the configuration of your system. The console consists of two or three panes:
Microsoft Registry Editor (Regedit.exe)
Microsoft Registry Editor is a tool for modifying entries in the Windows registry. The registry is a database that holds hardware, software, and user configuration settings. • Whenever a change is made to preferences, software, hardware, and user-settings, those changes are stored and reflected in the registry. • The preferred method of modifying the registry is to use the applications or management tools that write to the registry. For example, many Control Panel applets make changes to registry settings. • There will be some advanced settings that can only be made by directly editing the registry.
Performance Monitor
Performance Monitor displays statistics that tell you about the operation of your computer. • A counter identifies a specific statistic, such as % Processor Time or % Disk Free Space. • You can add or remove counters to customize the statistics you can see. • Real-time data are displayed in a graph. • Performance Monitor by itself does not save any data. To save statistics over time, use a data collector set. Use Task Manager, System Monitor, Resource Monitor, and Performance Monitor to track statistics. You should be familiar with the meaning and use of the following counters: - % Processor Time (processor utilization) - % Disk Time (highest active time) - Average Disk Queue Length - Available, used, and free physical memory - Memory committed bytes (commit charge) - Page file usage - Memory pages per second - Network Utilization Performance Monitor Users: Members of the Performance Monitor Users group can access performance counter data on the system. Performance Monitor Users: Members of this group can manage performance counters.
SERVICES.MSC
Services.msc is a shortcut in Windows operating system to get a list of all the services on the computer. Msc is a short form for management console. This command lists all the services and it's state. The state of a service could be started or stopped.
TSR (terminate-and-stay-resident)
Short for terminate-and-stay-resident, a TSR is a software program that remains in memory until it is needed, and then performs some function. A good example of a TSR is an antivirus scanner, which must remain loaded in memory to help protect your computer from computer viruses.
Microsoft Management Console (MMC)
The Microsoft Management Console (MMC) is a framework that provides a common user interface for performing system administration tasks. Management of a set of related features is done by adding snap-ins to the console. The MMC provides the shell for running these snap-ins, while the snap-ins provide the details for performing specific management tasks. Microsoft provides snap-ins for managing: • Local Users and Groups • Device Manager • Disk Management • Print Management • Component Services • Windows Firewall with Advanced Security To open a blank console, type mmc in the Run box. You can then add snap-ins to work with the configuration of your system. The console consists of two or three panes: • The tree pane (on the left) organizes objects in a hierarchy. • The results pane (in the middle) shows objects and configuration options. • The actions pane (on the right) lists the actions you can take on objects. (The actions pane was new with Windows Vista.) You can save a console that includes the snap-ins you use most (saved consoles have the .msc extension). Microsoft provides a number of preconfigured consoles that include snap-ins for common tasks. For example: Computer Management is a saved MMC console that includes common snap-ins used to manage your computer. * Everyday configuration tasks for the Windows Firewall are completed using the Windows Firewall applet in Control Panel. However, advanced firewall configuration tasks can be performed using an MMC snap-in called Windows Firewall with Advanced Security.
Windows Memory Diagnostics
The Windows Memory Diagnostic tests the Random Access Memory (RAM) on your computer for errors. This utility is not included with Windows and must be downloaded from Microsoft's Online Crash Analysis website.
Command Prompt
The Windows Recovery Environment provides a Command Prompt option that you can use to manually diagnose and repair system problems. Boot the system from the Windows installation disc and repair the installation. Select Troubleshoot > Advanced Options > Command Prompt. You can use the Command Prompt option in the Recovery Environment to: • Read boot logs • Enable and disable services • Read and write data to the hard disk drive • Overwrite corrupt or incorrect files (such as repairing a corrupt registry or restoring corrupt oWhen using the Command Prompt to troubleshoot problems, you should first research your problem at the Microsoft Website and print the exact instructions for performing recovery procedures. The Command Prompt provides dozens of commands to display information and make changes. You can access a complete description of these commands and their syntax by typing help or help / [command] at the Command Prompt.perating system files) • Format and partition drives • Repair a corrupted master boot record * Enable Safe Mode with Command Prompt = Safe Mode with Command Prompt starts the computer in Safe Mode and displays a command prompt. * Corrupt MBR or partition table = The master boot record (MBR) is responsible for locating the system (active) partition and loading the volume boot record (VBR). A corrupt or missing master boot record or a corrupt partition table prevents the system from loading the boot record code and finding the volume boot record and loading the boot loader program. Symptoms of a corrupt MBR or partition table include: • The system hangs immediately after the BIOS information is shown. • Any of the following errors: o MBR corrupt o Invalid partition table o Error loading operating system o Missing operating system To fix the problem, boot the system from the installation disc and repair the system. Select Troubleshoot > Advanced Options > Startup Repair. Alternatively, you can select the Command Prompt option and then run the bootrec /FixMbr command. The /FixMbr option causes the bootrec command to rewrite the master boot record without overwriting the existing partition table on the disk. * Inaccessible boot disk = The boot loader program uses the boot configuration database (BCD) to locate valid Windows installations to start. If the database points to a location that does not include any operating system files, you will see a message similar to the following: "Windows could not start because of a computer disk hardware configuration problem. Could not read from the selected boot disk. Check boot path and disk hardware." To correct the problem, boot the system from the installation disc and repair the system. Select Troubleshoot > Command Prompt option and then run the bootrec /RebuildBcd command. The /RebuildBcd option causes the bootrec command to scan all storage devices for operating systems and add them to the BCD database. Missing or corrupt file: If the boot manager cannot locate needed operating system files on the selected boot partition, you might see the following errors occur: • Windows could not start because the following file is missing or corrupt: <filename> Please re-install a copy of the above file. • A blue screen error that describes a corrupt or missing file. This problem is caused either by a corrupt disk, corrupt files, or missing files. To correct the problem, boot the system from the installation disc and repair the system. Select Troubleshoot > Advanced Options > Startup Repair. Alternatively, you can select the Command Prompt option and then use the copy command to replace the file referenced by the error message with a known good copy. Corrupt or missing DLL or system file: If you see errors about corrupt or missing DLLs or system files, either during startup or after Windows starts, boot the system from the installation disc and repair the system. Select Troubleshoot > Advanced Options > Startup Repair. Alternatively, you can select the Command Prompt option and then use the sfc command to run the System File Checker utility. The syntax to use with sfc is as follows: • Use sfc /scannow to scan the integrity of all protected system files and repair any file that has problems. • Use sfc /verifyonly to scan the integrity of all protected system files, but not repair them. • Use sfc /scanfile to scan the integrity of a specific file and repair it if it has problems. • Use sfc /verifyfile to scan the integrity of a specific file, but not repair it. * If you type a specific command in the Run... box, the command prompt window will open and execute the command. If the command finished, the command prompt window will close automatically, meaning that you might not see the actual output for the command. To eliminate this problem, type the command into a command window and not the Run... dialog. You can access the Run command by clicking the Windows logo key+R. * Use the Command Prompt to execute command-line commands. To open a command prompt, • On Windows 7, click Start and type cmd in the Search box. • On Windows 8/10, right-click the Start menu and select Command Prompt. Some commands launched from the command line require elevated privileges to run. If this is the case, run Command Prompt as Administrator. * Executable files (.exe, .com) are program files that can be run. Batch files (.bat as well as other extensions) also run and execute a series of commands, but typically launch another program to interpret the commands in the batch or script file.
EXIT
The exit command ends the current command prompt session and closes the Command Prompt window.
EXPAND
The expand command is used to expand compressed .cab files. * expand -d [source_file] displays the contents of the specified .cab file. * expand [source_file] [destination] expands all the files in the specified .cab file to the chosen destination. * expand [source_file] f:[filename] [destination] extracts a single file from the specified .cab file to the chosen destination.
MSTSC
The mstsc command is used to establish a remote desktop session with another computer. To run the mstsc command, use the following syntax: * mstsc /v:[server_ip]
ROBOCOPY
The robocopy command (short for Robust File Copy) is used to copy entire folder structures between volumes or across a network. The benefit of using robocopy is that all NTFS file permissions and attributes are maintained and interrupted transfers can be resumed. robocopy uses the following syntax: * robocopy [source_folder] [destination] [options] ** /s copies subdirectories, excluding empty directories ** /e copies subdirectories, including empty directories ** /mov moves all specified files and directories, and deletes them from the source when complete ** /copyall copies all files attributes and information RoboCopy is a very powerful copy utility and should only be used if you fully understand how to use it.
SHUTDOWN
The shutdown command is used to shutdown local and remote systems. The following options can be used with the shutdown command: * /i opens the Remote Shutdown Dialog graphical interface window. * /l logs off the current user from the local system. * /r shuts down and restarts the local computer. * /h causes the computer to hibernate. * /t [xx] sets a delay time (in seconds) before the computer shuts down.
EXPLORER
This command when typed at the command prompt, it launches "This PC" or "My Computer" content.
NOTEPAD
This command when typed at the command prompt, it launches Notepad.
MSINFO32
This command when typed at the command prompt, it launches the System Information window.
DEFRAG
This command when typed at the command prompt, it runs the Disk Defragmenter in a text mode.
DISKPART
Use Disk Management or DiskPart to create, format, and manage partitions and volumes. You access Disk Management on Windows systems through Computer Management. You access DiskPart from the command prompt by entering cmd.
System Configuration Utility (Msconfig.exe)
Use the System Configuration Utility to configure your system to enable optimal troubleshooting and diagnosis of technical issues. Use the System Configuration Utility to: - Configure startup preferences - Customize bootup configuration - Turn services on or off During a system state backup, all system configuration information is backed up (system data cannot be backed up selectively in portions).
RD
Use the rd command to delete (remove) a directory. Common switches used with rd are: * rd [directory] removes the specified directory within the current directory. * rd [path] [directory] removes the directory specified in the path. * rd /s removes subdirectories in addition to files in the current directory. * rd /q will not prompt you before each deletion.
XP Mode (XP virtual mode)
Windows 7 introduced Windows XP mode and it only runs on Windows 7 Windows 7 Enterprise and Ultimate editions also provide Windows XP Mode. This feature is not included with the operating system and must be downloaded separately. Windows XP Mode provides a Windows Virtual PC containing a pre-installed copy of Windows XP Professional. You can use this virtual machine to run older applications that don't run correctly on Windows 7. The applications running within the virtual environment are accessed using the Remote Desktop Protocol and thus appear to be running on the Windows 7 host operating system itself. Some older applications may not run properly when you try to use them on new versions of Windows. There are several options for fixing the issue: • Buy a newer version of the application. • Use Compatibility Mode settings. • Use XP Mode (Windows 7 only). • Use Client Hyper-V to create a virtual machine running an older version of Windows.
Charms
Windows 8/8.1 •Charms and the charm toolbar, which provides access to system and app controls
Start Screen
Windows 8/8.1 •Start Screen (replaced the traditional Start menu)
Windows Defender Security Center (Security Center)
Windows Security Center (WSC) is a comprehensive reporting tool that helps users establish and maintain a protective security layer around their computer systems. Once a security layer is established, Windows Security Center is inconspicuous as it monitors the computer's health state. However, if vulnerabilities exist, WSC provides alerts and prescriptive guidance to assist the user in achieving a secure state which is surfaced to the end user through the Action Center. In order for third party security solutions (antivirus, antimalware, or antispyware) to be compliant with Windows and successfully report status to Action Center, they are required to register themselves with Security Center and report any subsequent status changes using private APIs for communicating with WSC. WSC, in turn, communicates these updates to Action Center, where they are finally displayed to the end user. https://docs.microsoft.com/en-us/windows/desktop/devnotes/windows-security-center
Note
Windows Vista introduced the "compatibility mode".
Task Scheduler
You can use Task Scheduler to configure an application to run automatically based upon event triggers that you define.
Non-TPM Security
You have the following options for implementing Bitlocker on systems without a TPM chip: • You can save the BitLocker key on a USB device. The USB device is inserted before starting the computer and provides authentication before the operating system drive is decrypted. The BIOS must support reading USB devices during startup. • Windows 8 and later allows you to configure an unlock password for the operating system drive. To use this feature, enable Configure Use Of Passwords For Operating System Drives policy in the Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives node of Computer Configuration. • Windows supports authentication using a smart card certificate. The smart card certificate is stored on a USB device and is used similarly to the BitLocker key on a USB device.
Data Sources
You use the ODBC Data Source Administrator to create and manage ODBC data sources. To open the ODBC Data Source Administrator in Windows 7, do the following: * On the Start menu, click Control Panel. * In Control Panel, click Administrative Tools. * In Administrative Tools, click Data Sources (ODBC).
MSCONFIG Boot tab
[ The Boot tab is an option added later into the System Configuration utility (Windows 98 and XP have boot.ini). This tab allows you to make the same adjustments you can make in the Windows boot.ini file without having to edit the file. In Advanced options, you can adjust additional settings, such as the Number of processors to use during boot, maximum memory, and other debug options.] https://www.computerhope.com/jargon/m/msconfig.htm
WIN.INI tab
[ The WIN.INI tab gives Windows 98 and Windows XP users quick access to editing and enabling and disabling the Windows win.ini file.]
MSCONFIG Startup tab
[The Startup tab is one of the most frequent reasons most Windows users enter the System Configuration utility. In the Startup tab, you'll be able to start and stop any of the programs (TSRs) that open each time your computer starts. These startup programs are often one of the biggest causes for a computer to startup and run slow. Uncheck any program that you want to disable from starting up each time. Note: In Windows 8, Microsoft has removed this feature in the System Configuration utility and moved it into the Windows 8 Task Manager. ] https://www.computerhope.com/jargon/m/msconfig.htm
MSCONFIG Tools tab
[The Tools tab gives you quick access to all the Microsoft Windows tools] https://www.computerhope.com/jargon/m/msconfig.htm
How to disable MS Edge for good
https://answers.microsoft.com/en-us/windows/forum/apps_windows_10-winapps-appscat_social/how-to-disable-edge/2a99ad5b-237e-4b20-ad0a-20d731d5ee0a
Windows Defender
https://www.itpro.co.uk/desktop-software/26635/how-to-turn-on-windows-defender-1
Pinning
{as in pinning and application to the Taskbar}
Windows Upgrade Advisor / Upgrade Assistant
•If you are installing a new version of Windows on an existing computer, run the Upgrade Advisor (if you're upgrading to Windows 7) or the Upgrade Assistant (if you're upgrading to Windows 8 or 10) to determine whether your system is compatible. These tools scan your system and verify that hardware is sufficient and compatible with the new operating system. They can also identify valid upgrade paths from your current operating system version.
BitLocker differs from the Encrypting File System (EFS) in the following ways:
• BitLocker encrypts the entire volume. EFS encrypts individual files. • BitLocker encrypts the volume for use on the computer, regardless of the user. Any user who has the PIN or startup key and who can successfully log on can access a BitLocker volume. With EFS, only the user who encrypted the file can access the file unless access has been granted to other users. {this is bc Bitlocker only requires a PIN and not a user ID? Whereas EFS requires a username and password that identifies whether or not the user is either the creator of the file or someone who has been given privileges to the file.} • BitLocker protects files against offline access only. If the computer boots successfully, any authorized user who can log on can access the volume and its data. EFS protects against offline access as well as online access for unauthorized users. EFS does not provide online protection if an authorized user's credentials are compromised.
Aero
* Aero Windows Aero is a set of features that improves the visual appearance of Windows. Features of Aero include: * Windows 7 Enhanced Aero features, including: Snap (maximizes window when dragged to top of screen) Shake (hide/show all windows except for the window being "shaken") Peek (reveals the desktop by making all windows transparent) * Aero Aero Flip 3D is activated with the + Tab key and shows an expanded 3D view of running programs. * Aero is not available in the Windows 7 Home Basic version. In addition, features depend on the graphics card in the system. For example, you might not be able to use Flip 3D if the graphics card does not have the necessary features. * Windows Vista Windows Aero and enhanced visual appearance, including the Windows sidebar and gadgets
Windows Store
* Applications must be written to run on mobile devices based on the operating system and system architecture. App distribution is provided online by platform: Google: Play Store iOS: AppStore Microsoft: Windows Store * The Windows store has the least number of applications when compared to the other two major OSes. * Task Manager Use the App History tab to monitor Windows Store apps running on the system.
???? 64-bit processor and related 32-bit concepts
* Boot Camp has the following system requirements: Intel-based Mac Installation media containing 64-bit version of Windows 8 or later 55 GB of free space * All variations of DDR are synchronized with the system clock and accept 64-bit words. * DDR2 accepts 4 consecutive 64-bit words per bus clock cycle. * DDR3 accepts 8 consecutive 64-bit words per bus clock cycle * DDR4 accepts 8 consecutive 64-bit words per bus clock cycle * DIMMs have a 64-bit data path that matches the system bus width. * The UEFI supports 64-bit firmware device drivers * PCI-X: Uses a 64-bit interface to achieve faster data speeds. *SEC (Security) Immediately after the system is powered on, the SEC sequence begins. Power is supplied to the CPU. The CPU switches from 16-bit Real Mode to 64-bit Protected Mode. The CPU executes a specific set of instructions to prepare the system for PEI to run. * Graphics design or CAD/CAM workstation: Select the most powerful processor that you can afford. Graphics and CAD/CAM applications require a great deal of processing power. A 64-bit multi-core processor should be the minimum processor considered. * Audio/video editing workstation: Select the most powerful processor that you can afford. Audio and video editing applications require a great deal of processing power. A 64-bit multi-core processor should be the minimum processor considered. * Gaming system: Gaming applications require a great deal of processing power. A 64-bit multi-core processor should be the minimum processor considered. * Home or small office server: A 64-bit multi-core processor should be the minimum processor considered. * In addition to the version and edition, you will also need to select which Windows OS architecture to install. Each OS has either a 32-bit (x86) or 64-bit (x64) architecture edition. The biggest advantage to using a 64-bit version is support for more than 4GB of memory (most 32-bit systems can only use about 3GB of memory). You would also choose a 64-bit version if you needed to run 64-bit applications or use hardware that had only 64-bit drivers. You must have a 64-bit processor to run a 64-bit operating system. You can, however, run a 32-bit operating system on a 64-bit processor. A 64-bit operating system requires 64-bit drivers. For this reason, older hardware (that has only 32-bit drivers available) will not work on a 64-bit operating system. A 64-bit operating system can run both 32-bit and 64-bit applications; a 32-bit operating system cannot run a 64-bit application. Some 32-bit applications running on a 64-bit version of Windows will have errors that do not exist on 32-bit systems, so vendors might need to release patches for these applications. * Windows Vista = 15 GB free disk space (20 GB for a 64-bit system) * Windows 7 = 1 GB RAM (2 GB for a 64-bit system)16 GB free disk space (20 GB for a 64-bit system). * Windows 8/8.1 = 1 GB RAM (2 GB for a 64-bit system); 16 GB free disk space (20 GB for a 64-bit system) * If the original host and the new host both use similar architectures but are from different manufacturers, you usually cannot resume a suspended virtual machine it must be rebooted. For example, if the original host and new host both have virtualization-enabled 64-bit processors, such as one using an AMD-V and the other using an Intel VT-x CPU, a suspended virtual machine will work after being moved and rebooted. * Program files %programfiles% C:\Program Files C:\Program Files (x86) on 64-bit systems only
BitLocker
* Each Windows OS edition has different features and limitations. For example, Windows 10 Home edition does not include BitLocker support. * Windows Vista introduced BitLocker drive encryption (Enterprise edition only) * Disk encryption - BitLocker is a Microsoft solution that provides whole disk encryption. - BitLocker is supported on Ultimate or Enterprise editions of Windows. - You can implement BitLocker with or without a Trusted Platform Module (TPM). - When using BitLocker with a TPM, the key required to use the disk can be stored in the TPM. This means that the computer can boot without a prompt as long as the hard drive is in the original computer. - Without a TPM, the startup key must be stored on a USB drive. On Windows 10, you can also supply a password at system boot to unlock a Bitlocker-encrypted drive. {as an option}When the startup key is saved in the TPM, you can require an additional PIN or startup key that must be used to start the system. - You can use BitLocker to encrypt removable storage devices (such as USB flash drives). - BitLocker protects against unauthorized data access on lost or stolen laptops and on other compromised systems: • BitLocker encrypts the entire contents of the "operating system partition", including operating system files, swap files, hibernation files, and all user files. A special BitLocker key is required to access the contents of the encrypted volume. • BitLocker uses integrity checking early in the boot process to ensure that the drive contents have not been altered, and that the drive is in the original computer. If any problems are found, the system will not boot, and the drive contents remain encrypted. The integrity check prevents hackers from moving the hard disk to another system in order to try to gain access to its contents. • BitLocker requires data to be decrypted before it can be used, which reduces disk I/O throughput. • BitLocker is only available on Ultimate and Enterprise editions of Windows. • In Windows 8 and later, you can choose to encrypt the entire volume or just the used space on the volume.
Local Users and Groups
* Microsoft provides snap-ins for managing: - Local Users and Groups * Users Group: Any user created with Local Users and Groups is automatically a member of this group. * Account Lockout Policy settings in the Local Security Policy control what happens when users enter incorrect passwords. With account lockout, an account is locked (and cannot be used for logon) when a specified number of incorrect passwords are entered. o Depending on the policy settings, locked accounts might be unlocked automatically after a period of time. o You can unlock a locked account by editing the account properties in Local Users and Groups. o If an account is locked because the user forgot the password, an administrator can change the password using Local Users and Groups. As a best practice, when changing the password for a user, the password the administrator configures should be a temporary password. In the user account properties, select the User must change password at next logon option to require the user to change the password after logging on with the temporary password.
OneDrive
* OneDrive is Microsoft's cloud-based backup service and requires a Microsoft account. * This is one of the backup tools that Windows Mobile devices use. * Cloud storage—Provides integrated access to OneDrive, which provides free storage space in the cloud (optional). Online Authentication Facts If a Windows 8 or later system has Internet access, online Microsoft accounts can be used as well as local user accounts to authenticate. A local account is stored on the local system and all profile information associated with the account stays on the computer. If an online Microsoft account is used to authenticate to the Windows system, Microsoft's online service is used to authenticate the user to the local system as well as to back up some user profile information to Microsoft's cloud. In this configuration, the email address and password associated with the Microsoft account is used to log on to the system. If the same Microsoft account is used to log on to another Windows 8 or later system, the account's profile information is automatically synchronized to the other computer, including password, desktop configuration, and apps. Files associated with the user profile are not synchronized. However, the account's associated OneDrive account can be used to make user files available on other systems. Once the online account has been created, you can associate a local user account with an online user account by opening the Settings app and going to Accounts > Your Account > Sign In with a My Microsoft Account Instead. Online account settings can be managed by opening the Settings app and going to Accounts > Your Account > Manage My Microsoft Account. The following information can be managed: Name The account email address (which is the account name) Personal info The account password The account security information You can also close the account and delete all data associated with it.
App History tab
* Use the App History tab to monitor Windows Store apps running on the system. * it is found in the Task Manager utility
Windows Easy Transfer (WET)
* Use this Windows tool to transfer all user settings and data from the old installation to the new installation. * Use Windows Easy Transfer (WET) to transfer files from the old computer to the new computer. Windows Easy Transfer was introduced in Windows Vista and is included in the Windows 7, Windows 8, and Windows 8.1 operating systems. It is not compatible with Windows 10. You have several options for migrating the data between systems: - Connect both computers using an Easy Transfer Cable (a special USB cable). - Transfer data using a network connection between the computers. - Save data to removable media and then load it on the new computer.
User State Migration tool (USMT)
* Use this tool when multiple systems need to be migrated at the same time on a large network. * Use the User State Migration Tool (USMT). USMT is commonly used for large-scale migrations, to migrate data to multiple computers, or to have greater control over the migration process. When using USMT: 1. Run ScanState on the existing computer to save user settings and files. 2. Run LoadState on the new computer to move the information to the new computer. Be aware of the following when migrating user settings: If you perform an in-place upgrade installation, user settings and data are automatically retained; you do not need to use these tools to transfer files. But you should verify that all installed applications run correctly. If you perform a new installation on the existing system, run the transfer utility before performing the installation and save the resulting files to removable media or a network location. Following the installation, run the transfer utility to copy the data into the new installation. If you are moving from an old computer to a new computer, you can transfer files directly between the two computers. Migrating user settings and files does not migrate applications on the new computer, nor does it migrate system files such as fonts or drivers. Once the installation is complete, install applications and add other Windows features. Configure system backups and other data protection methods (such as System Protection and File History).
User Account Control (UAC)
* Windows Vista introduced User Account Control (UAC). * User Account Control (UAC) is a feature that helps minimize the dangers of unwanted actions or unintended software installations. UAC differentiates between standard user privileges and administrative privileges. Icons next to some tasks identify tasks that require administrative privileges. In addition, performing other tasks, such as installing applications or hardware devices, require administrative privileges. If standard user privileges are not sufficient to perform a task, the system requests privilege elevation. If you are logged on as a standard user, you are prompted to supply the username and password for an administrator user. If you are logged on as an administrator, you are prompted for permission before the action is performed. * Go To 9.4.8 UAC Facts for entire details.
addt'l Windows commands covered in Desktop Pro
* cmd = to access the command line. * cleanmgr = to run Disk Cleanup. * defrag = to run Disk Defragmenter in a text mode. * chkdsk = to run Check Disk. * bootrec = run this command to rebuild the boot configuration data. You can also run the bootrec command with the following switches: o /fixmbr: Repairs the master boot record o /fixboot: Repairs the boot sector o /rebuildbcd: Rebuilds the boot configuration data * sfc /scannow = You run the system file checker utility from the command prompt. This utility scans all system files and replaces missing, corrupt, or incorrect versions of these files. * Attrib = to change file or folder attributes, edit the properties of the file or folder, or use the Attrib command from the command prompt. (You cannot change permissions with the Attrib command.)
Windows Firewall
* • Use Windows Firewall to manage network traffic that is allowed or denied through the Windows host-based firewall. * The Windows operating system uses network location profiles to determine the security settings for a particular network connection. The following table describes each "network location profile" and the situations in which they should be selected: Home network; Work network; Public network. In each instance, the Windows firewall configuration is changed to allow certain types of network communication. With the exception of Home network and Work network, the Windows firewall in Public network configuration is changed to block almost all inbound and most outbound communications. For applications to be able to communicate, they need to be manually allowed through the firewall. The Public network profile should be used when connecting to any unknown network location, such as a hotel's Wi-Fi network. * Microsoft provides snap-ins for managing: • Windows Firewall with Advanced Security ...among others [Snap-ins are the basic components of Microsoft's Management Console (MMC). The MMC snap-ins are the actual management tools; the console - sometimes referred to as a "tools host" - is simply a framework into which the snap-ins are added.]
???? 32-bit processor and related 32-bit concepts
*The total capacity of memory that you can install in your system is limited by many aspects..such as The maximum amount of memory that can be addressed (used) by the operating system. A 32-bit operating system can use between 3 GB and 4 GB of memory, while a 64-bit operating system can use more. *Common bit depths include: The color depth is the number of different colors that can be displayed on the screen at a time. 32-bit, also called true color (16.7 million possible colors and alpha channel) *An IP address: Is a 32-bit binary number represented as four octets (four 8-bit numbers). Each octet is separated by a period. *A 64-bit operating system can run both 32-bit and 64-bit applications. However, a 32-bit operating system can only run 32-bit applications. * 64-bit operating system versions include an additional folder named Program Files (x86). 32-bit applications are installed into this folder. * In addition to the version and edition, you will also need to select which Windows OS architecture to install. Each OS has either a 32-bit (x86) or 64-bit (x64) architecture edition. The biggest advantage to using a 64-bit version is support for more than 4GB of memory (most 32-bit systems can only use about 3GB of memory). You would also choose a 64-bit version if you needed to run 64-bit applications or use hardware that had only 64-bit drivers. You must have a 64-bit processor to run a 64-bit operating system. You can, however, run a 32-bit operating system on a 64-bit processor. A 64-bit operating system requires 64-bit drivers. For this reason, older hardware (that has only 32-bit drivers available) will not work on a 64-bit operating system. A 64-bit operating system can run both 32-bit and 64-bit applications; a 32-bit operating system cannot run a 64-bit application. Some 32-bit applications running on a 64-bit version of Windows will have errors that do not exist on 32-bit systems, so vendors might need to release patches for these applications. * After identifying the operating system version and edition you would like to use, the first step prior to purchase and installation of the operating system is to verify that the operating system is compatible with the hardware and software you will use. Obtain the latest drivers for all hardware. Remember, 32-bit drivers must be used on older 32-bit operating systems while 64-bit drivers should be used with 64-bit operating systems. * If you are moving a virtual machine (guest) to a new virtual host that differs from the original host in platform or architecture, be aware of these options and limitations: A guest can be successfully moved from a 32-bit host to a 64-bit host. A guest that is moved from a 64-bit host to a 32-bit host will probably not work correctly. If the guest is a 64-bit virtual machine, it probably won't start up at all on the 32-bit host.
BitLocker uses the following {3} components:
- BitLocker partition - Trusted Platform Module (TPM) - Non-TPM Security
• Disk management {SKIPPED..GO BACK TO IT}
- Drive status {Disk Status} - Mounting - Initializing - Extending partitions - Splitting partitions - Shrink partitions - Assigning/changing drive letters - Adding drives - Adding arrays - Storage spaces
BitLocker partition
- Implementing BitLocker requires two NTFS partitions: • The system partition is a 100 MB volume that contains the boot files. This partition is set to active, and is not encrypted by the BitLocker process. • The operating system partition must be large enough for the operating system files. This partition is encrypted by BitLocker. - Be aware of the following: • A new Windows installation creates "both partitions" prior to the installation of the "operating system files". • For operating systems already installed on a single partition, you may need to resize the existing partition and create the system partition required by BitLocker.
category view vs. classic viewby-
- [Category is the default view in all modern versions of Windows. Selecting "Large icons" or "Small icons" is the equivalent of the classic list item view from Windows XP. ... The classic Windows XP list item view is now used by the Control Panel, regardless of whether you use Windows 7, Windows 8.1 or Windows 10.] https://www.digitalcitizen.life/control-panel-switching-between-classic-category-view
shadow copy
- [Shadow Copy (also known as Volume Snapshot Service, Volume Shadow Copy Service or VSS) is a technology included in Microsoft Windows that allows taking manual or automatic backup copies or snapshots of computer files or volumes, even when they are in use.] - MBR Partitioning • When you shrink a partition, unmovable files (e.g., the paging file or the shadow copy storage area) are not automatically relocated and you cannot decrease the allocated space beyond the point where the unmovable files are located. If you need to shrink the partition further, check the Application Log for Event 259, which identifies the unmovable file. Next, move the paging file to another disk, delete the stored shadow copies, shrink the volume, and then move the paging file back to the disk. [ A page file (also known as a "paging file") is an optional, hidden system file on a hard disk. The page file can be used to "back" (or support) system crash dumps and extend how much system-committed memory (also known as "virtual memory") a system can back.] - Windows 7 The Backup and Restore console leverages the shadow copy feature of the Windows file system to allow files to be backed up even if they are open when the backup runs. The initial backup process backs up all of the files specified in the job. However, subsequent backups will evaluate the state of the file system and only backup files that have changed since the last backup was run. As a result, the first backup will take quite some time to complete, but subsequent backups will run much faster. - Windows 8.x: File History does not back up the entire system. Only the data in a user's profile is backed up. However, a user can add folders to a library to back them up using File History. File history backs up files in the background. Once every hour, File History creates a shadow copy of user account files. This creates a snapshot of user account's files at a particular point in time. After creating the shadow copy, Windows keeps track of the prior versions of those files. Once done, users can browse and restore previous versions of files. - Windows Vista: Windows Vista introduced Shadow Copy file backup (Business edition only)
ReadyBoost
- was first introduced in Windows Vista - [ ReadyBoost is a feature introduced with Microsoft Windows Vista. It uses memory found in USB storage devices or other external flash memory storage as an extension to the computers overall system memory. ReadyBoost is designed to increase the performance of Windows, without installing additional RAM (random access memory) in the computer.]
sidebar
- was first introduced in Windows Vista - [ Windows Sidebar is a pane on the side of the Windows Vista desktop that organizes gadgets (mini-applications with a wide variety of possible uses) and makes them easy to access.]
A suggested procedure for remediating a system with a malware infection is as follows:
1.Identify the symptoms of the infection. 2.Quarantine the infected system. 3.Disable System Restore in Windows. This prevents the infection from being included in a restore point. 4.Update the antimalware definitions. 5.Scan for and remove the malware. Some malware cannot be removed because it is running. If possible, stop its process from running, then try to remove it. If you are unable to stop the malware's process, try booting into Safe Mode and then run the scanning software to locate and remove the malware. 6.If necessary, schedule future antimalware scans and configure the system to automatically check for signature file updates. 7.Re-enable System Restore and create a new restore point. 8.Educate the end user to prevent future infections.
32-bit vs 64-bit processor
A 32-bit processor can process 32-bits of information at a time; a 64-bit processor can process 64-bits of information. The biggest advantage of 64-bit processors over 32-bit processors is in the amount of memory they can use. {the biggest difference between the 2 is..}32-bit processors have a limit of 4GB. 64-bit processors have a theoretical limit of 16 EB, although operating system and current hardware limitations impose a much lower practical limit. The operating system and applications must be written for 64-bits to take full advantage of 64-bit processing {that the processor offers}. The processor instruction set identifies all instructions (operations) that a processor can perform. 32-bit processors use the IA-32 instruction set (also referred to as x86). Itanium processors from Intel use the IA-64 instruction set. AMD64 and Intel 64 processors use the x86-64 instruction set (also referred to as x64). 32-bit applications can run on 64-bit processors using the following methods: Itanium processors use a software layer to translate between IA-32 and IA-64. x64 processors execute both 32-bit and 64-bit instructions in the hardware. You can run a 32-bit operating system on a computer with a 64-bit processor. Applications typically perform better on 64-bit systems. 64-bit applications typically perform better than 32-bit applications. In some cases, 32-bit applications might perform better on 64-bit systems.
Trusted Platform Module (TPM)
A Trusted Platform Module (TPM) is a special hardware chip included on the computer motherboard that contains software in firmware that generates and stores cryptographic keys. The TPM chip must be enabled in the BIOS/UEFI. The TPM chip stores the BitLocker key that is used to unlock the disk partitions and stores information about the system to verify the integrity of the system hardware. The TPM ensures system integrity as follows: 1. The TPM examines the startup components present on the unencrypted partition. 2. Based on the hardware and system components, a system identifier is generated and saved in the TPM. 3. At startup, components are examined and a new system identifier is generated. 4. The new identifier is compared to the saved identifier. If the identifiers match, the system is allowed to boot.
Metro UI
A new user interface from Microsoft that replaces the traditional Microsoft Windows operating system look and feel. The Metro UI consists largely of a "Start Screen" made up of "Live Tiles," which are dynamic and continually updated links to applications and features. The Metro design was introduced in the Microsoft Windows 7 Phone OS and is designed to be a predominately touch-based interface that will work across a large variety of devices, including mobile smartphones, tablet computers, laptops and desktop PCs. Metro is also expected to be the default interface in the upcoming Windows 8 release. https://www.webopedia.com/TERM/M/metro.html - Windows 8/8.1 Windows Metro UI, which is optimized for touchscreen devices
CHKDSK
Check Disk is a utility that verifies the file system integrity of a hard disk. Errors that can be checked and fixed by Check Disk include: * Lost clusters are a series of used clusters on the hard disk drive that are not associated with a specific file. * A cross-linked file occurs when two files claim the same cluster. Check Disk will identify cross-linked files and correct their cluster associations. * Orphaned files are files that exist on the hard drive but which are not associated with a directory in the index. Normally Check Disk can re-associate the file with the correct directory. * A bad sector is a portion of the hard disk that cannot be used. Bad sectors are marked so that they are no longer used. Any used bad sectors are redirected to another sector. The NTFS file system automatically detects bad sectors as the system operates saving and reading files. You can run Check Disk by typing Chkdsk at a command prompt. * Use Chkdsk with the /f switch to automatically fix errors without scanning for bad sectors. * Use the /r switch to scan and fix bad sectors and other errors.
Computer Management
Computer Management is a saved MMC console that includes common snap-ins used to manage your computer. Some common ways to start Computer Management include: - Right-click the Start menu and select Computer Management. - Select Start > All Apps > Windows Administrative Tools > Computer Management. - Search for Computer Management. - In the Control Panel, open System and Security > Administrative Tools, then double-click the Computer Management icon. * Use the following tools to manually share a folder: o Shared Folder snap-in in Computer Management o Edit the properties for the folder in Windows Explorer
Complete the following tasks following a successful installation of Windows:
Configure the Windows Firewall and install anti-malware software. Be sure to update your anti-malware definition files.
TPM
[A Trusted Platform Module (TPM) is a specialized chip on an endpoint device that stores RSA encryption keys specific to the host system for hardware authentication. Each TPM chip contains an RSA key pair called the Endorsement Key (EK). The pair is maintained inside the chip and cannot be accessed by software.]
BOOTREC
Corrupt MBR or partition table: The master boot record (MBR) is responsible for locating the system (active) partition and loading the volume boot record (VBR). A corrupt or missing master boot record or a corrupt partition table prevents the system from loading the boot record code and finding the volume boot record and loading the boot loader program. Symptoms of a corrupt MBR or partition table include: - The system hangs immediately after the BIOS information is shown. - Any of the following errors: o MBR corrupt o Invalid partition table o Error loading operating system o Missing operating system To fix the problem, boot the system from the installation disc and repair the system. Select Troubleshoot > Advanced Options > Startup Repair. Alternatively, you can select the Command Prompt option and then run the bootrec /FixMbr command. The /FixMbr option causes the bootrec command to rewrite the master boot record without overwriting the existing partition table on the disk. Inaccessible boot disk: The boot loader program uses the boot configuration database (BCD) to locate valid Windows installations to start. If the database points to a location that does not include any operating system files, you will see a message similar to the following: Windows could not start because of a computer disk hardware configuration problem. Could not read from the selected boot disk. Check boot path and disk hardware. To correct the problem, boot the system from the installation disc and repair the system. Select Troubleshoot > Command Prompt option and then run the < bootrec /RebuildBcd > command. The /RebuildBcd option causes the bootrec command to scan all storage devices for operating systems and add them to the BCD database. Failure to boot (OS not found) for HDD/ SSD: A failure to boot with an error message that reads something to the effect of "OS Not Found" could be trivial or serious. Common causes include the following: You're booting from the wrong disk that doesn't have an operating system installed. This is a very common issue. It frequently occurs when a CD or DVD is in your optical drive at system boot and the BIOS/UEFI is configured to boot from the optical drive first. The error message is displayed when an operating system can't be found on the optical disc. To fix this issue, simply remove the optical disc from the drive and reboot. This error could also be caused in situations where you have multiple hard disks in the system, but only one has an operating system installed. If the boot device setting gets inadvertently changed in the BIOS/UEFI, it will try to boot the system from the wrong hard disk. Your master boot record (MBR) has been overwritten or is corrupt. The MBR is the first sector of your hard drive that tells the BIOS where to look for the operating system on the disk. If the MBR is damaged or corrupt, then the operating system will fail to load. On Windows, you have to boot from the installation disc to enter the recovery environment and select the Automatic repair option. Alternatively, you can select the Command prompt option and run the bootrec command to rebuild the boot configuration data. You can also run the bootrec command with the following switches: o /fixmbr: Repairs the master boot record o /fixboot: Repairs the boot sector o /rebuildbcd: Rebuilds the boot configuration data
Administrative tools
[Administrative Tools is the collective name for several advanced tools in Windows that are used mainly by system administrators. Administrative Tools is available in Windows 10, Windows 8, Windows 7, Windows Vista, Windows XP, and Windows Server operating system]
HELP
If you need further help with a particular command, type [command_name] /? to display information about the specified command (typing help [command_name] will also display help information).
Local Security Policy
In Windows, edit the Local Security Policy to modify password settings for a local computer, or the Default Domain Policy to control passwords for all computers in an Active Directory domain. The following table lists various policy settings that you should know. Password Policy The password policy defines characteristics that valid passwords must have. Settings that you can configure in the password policy include: • Minimum password length requires passwords to have a minimum length. In general, longer passwords are more secure than shorter ones (although they can be harder to remember). • Password complexity prevents using passwords that are easy to guess or easy to crack. It forces passwords to include letters, symbols, a combination of lower case and caps, and numbers. • Maximum password age forces users to change the password after the specified time interval. • Minimum password age prevents users from changing the password too quickly. • Enforce password history requires users to input a unique (previously unused) password when changing the password. This prevents users from reusing previous passwords. Account Lockout Policy Use account lockout settings to protect user accounts from being guessed and to also prevent accounts from being used when hacking attempts are detected. Lockout policy settings are: • Account lockout threshold specifies the maximum number of incorrect logon attempts. Once the number has been reached, the account will be locked and logon disabled. A common setting is to lock the user account when three consecutive incorrect passwords have been entered. • Account lockout duration determines the length of time the account will be disabled (in minutes). When the time period expires, the account will be unlocked automatically. Setting this to 0 means that the account remains locked until manually unlocked by an administrator. • Reset account lockout counter after determines the amount of time (in minutes) that passes before the number of invalid attempt counter is reset. For example, if a user enters two incorrect passwords, the incorrect counter will be cleared to 0 after the timer has expired. Be aware of the following when troubleshooting user authentication on Windows systems: • For a workgroup, the username must match a user account configured on the local system. However, if the computer is a member of a domain, the username must match a user account configured in the domain database on the domain controller. • Usernames are not case sensitive. • Passwords are case sensitive. Having the Caps Lock on (or the Fn key for the Num Lock on a laptop) could result in incorrect characters in the password. • Password Policy settings in the Local Security Policy control characteristics about a password such as how long it must be, how often it must be changed, or whether complex passwords are required. • Account Lockout Policy settings in the Local Security Policy control what happens when users enter incorrect passwords. With account lockout, an account is locked (and cannot be used for logon) when a specified number of incorrect passwords are entered. o Depending on the policy settings, locked accounts might be unlocked automatically after a period of time. o You can unlock a locked account by editing the account properties in Local Users and Groups. o If an account is locked because the user forgot the password, an administrator can change the password using Local Users and Groups. As a best practice, when changing the password for a user, the password the administrator configures should be a temporary password. In the user account properties, select the User must change password at next logon option to require the user to change the password after logging on with the temporary password. • A disabled account cannot be used for logon. o You will typically disable an account that is no longer needed or that will not be used for a long period of time. o You can manually disable and enable an account; however, you cannot manually lock an account (you can only unlock a locked account). Accounts are locked automatically through the account lockout settings. o By default, the Guest account is disabled. On later versions of Windows, the built-in Administrator account is also disabled during installation. Both of these accounts are usually left disabled. • To access a shared folder, shared printer, or Remote Desktop within a workgroup environment, you must supply credentials that match a valid user account configured on the remote computer you are trying to access. The user account you specify must have a password configured. User accounts with blank passwords cannot be used to access a computer over the network. • By default, members of the Administrators group are allowed Remote Desktop access. To allow non-administrators access, add them to the list of authorized users for Remote Desktop. This automatically makes them members of the Remote Desktop Users group.
MSCONFIG Services tab
[ The Services tab allows you to enable or disable any of the Microsoft Windows services or other program services you have running on the computer. Check the "Hide all Microsoft services" box at the bottom of the window to only see non-Windows services such as driver services and program services. Unchecking a box will disable the service from starting.] https://www.computerhope.com/jargon/m/msconfig.htm
compatibility mode
Some older applications may not run properly when you try to use them on new versions of Windows. There are several options for fixing the issue: • Buy a newer version of the application. • Use Compatibility Mode settings. • Use XP Mode (Windows 7 only). • Use Client Hyper-V to create a virtual machine running an older version of Windows. Application vendors may provide upgrades to their current applications to resolve application compatibility issues. This is the best long-term application compatibility solution. Compatibility Mode can be used to run an older program using settings from a previous version of Windows. The Program Compatibility Assistant (PCA) runs in the background and monitors applications for known compatibility issues when they are run. When a potential issue with an application is detected, the PCA will prompt the user and provide links to recommended solutions. The following options are available: • Use the Compatibility Troubleshooter to automatically determine the settings for the application to run on the current version of Windows. When using the Program Compatibility Troubleshooter: o You start the utility by right-clicking on the executable file or the executable file shortcut and then selecting Run compatibility troubleshooter on the Compatibility tab. o If a solution is found, the settings are stored and the application will be launched using the modified environment. • Manually specify predefined compatibility mode. o The predefined mode replicates the environment of a previous version of a Windows operating system. o To manually specify settings, mark Run this program in compatibility mode for on the Compatibility tab, then select the version of Windows the application was written for. You may have to try more than one to get the application to run correctly. The service pack level is an important consideration when selecting a previous version. • Manually set compatibility settings without selecting a specific version of Windows. The options that can be configured include: o Reduced color mode allows applications with a limited color pallet to display correctly. Select one of the following: 8-bit (256) color 16-bit (65536) color o Run in 640 x 480 screen resolution allows low resolution applications to display properly. o Disable display scaling on high DPI settings turns off automatic resizing of applications when large-scale fonts are being used. o Run this program as administrator configures the application to run with administrator-level privileges. Old applications that ran on legacy versions of Windows may require elevated access to run correctly.
gadgets (nothing on this)
[ Windows Desktop Gadgets (called Windows Sidebar in Windows Vista) is a discontinued widget engine for Microsoft Gadgets. It was introduced with Windows Vista, in which it features a sidebar anchored to the side of the desktop. Its widgets can perform various tasks, such as displaying the time and date. In Windows Vista, the widgets are restricted to a sidebar but in Windows 7, they can be freely moved anywhere on the desktop. https://en.wikipedia.org/wiki/Windows_Desktop_Gadgets]
System Restore
System Restore automatically takes snapshots (called restore points) of your system. You can use these restore points to roll back your computer to a specific point-in-time configuration. • Restore points take snapshots of system files, registry settings, program files, and other batch, script, or executable files. Restore points do not protect user data files. • Automatic restore points are created in the background at regular intervals (by default once a day) as well as before configuration changes are made such as installing an application, installing an unsigned driver, or making other system changes. You can also manually create a restore point. • When you restore your system to a restore point, previous settings are restored, while subsequent changes are removed. For example, any applications installed after the restore point are no longer installed. • User data is not modified when restoring to a restore point. You cannot use a restore point to recover user data, and any changes made since a restore point are retained following the restore. • System Restore works only on NTFS partitions. Restore points are automatically saved to the same disk using up to 15% of the available disk space by default. You can customize the amount of disk space used for restore points. • System Restore is enabled automatically on the system hard drive where Windows is installed. You can use a restore point to revert your system to a previous point in time when it was working properly. When using a restore point: • System changes made since the restore point was taken are undone. Any applications, device drivers, or patches installed since the restore point was taken will be removed when the system is reverted to that restore point. • User data is not affected; any files that have been changed since the restore point was taken will remain unchanged when the system is reverted to that restore point. Start System Restore using one of the following methods: • If the system can boot into Windows, open Control Panel and go to System and Security > System > System Protection > System Restore. • If the system can't boot into Windows, boot the computer from the Windows installation disc and repair the installation. Select Troubleshoot > Advanced Options > System Restore. - Launch Recovery Environment Use this option to access system recovery tools, such as: • Reset This PC • System Restore • System Image Recovery • Startup Repair • Command Prompt - Use the following recommendations to troubleshoot startup errors with the advanced boot options: o Use System Restore to restore the system to a known good restore point. Use the following recommendations to troubleshoot startup errors with the advanced boot options: •Boot into Safe Mode and then use the appropriate tool to undo any recent changes. For example, you can: •Use Device Manager to roll back drivers or disable devices that might be causing the problem. •Use Add or Remove Programs to uninstall software that has just been added. •Restore any settings that may have changed. •Disable unneeded services or applications that load at startup. •Use System Restore to restore the system to a known good restore point. Blue screen or system hang after Windows splash screen is displayed: If you cannot boot into Safe Mode, boot into the Recovery Environment and use System Restore to restore to a restore point that was created when the system was working correctly.
Taskbar
The Taskbar is the bar that is typically displayed at the bottom of a Windows interface (although its position can be changed). The Taskbar: • Contains icons that represent each program or application that is currently running. • Can be configured to display different types of toolbars. For instance, Quick Launch is a toolbar that contains shortcuts to designated programs. In Windows, you can also pin programs to the Taskbar. You launch a pinned program by clicking the icon on the Taskbar. Notification Area: The Notification Area is a part of the Taskbar, usually located to the right of the Taskbar. The Notification Area: • Displays the time and date. • Displays icons that represent the applications and processes that are running behind the scenes on your computer such as audio volume, security programs, and connectivity to the Internet or a workgroup. * Taskbar thumbnails show the contents of an open window when you move the mouse over items on the taskbar. * The Show Desktop button (on the right side of the Taskbar) hides all open windows. Hovering over the button makes the content of all open windows disappear (called Peek). MacOS Dock: The Dock is the main taskbar in Mac OS. The Dock is used to launch apps, switch between running apps, access the Trash, and also access specific folders. * Redesigned Taskbar with the ability to pin applications * New icons appear on the desktop or taskbar, or new toolbars are displayed in the browser.
GPRESULT
The gpresult command displays Group Policy settings and Resultant Set of Policy (RSOP) for a user or a computer. * /s computer specifies the name or IP address of a remote computer. (Do not use backslashes.) The default is the local computer. * /u domain \ user runs the command with the account permissions of the user that is specified by user or domain\user. The default is the permissions of the current logged-on user on the computer that issues the command. * /p password specifies the password of the user account that is specified in the /u parameter. * /user target_user name specifies the user name of the user whose RSOP data is to be displayed. * /scope { user | computer } displays either user or computer results. Valid values for the /scope parameter are user or computer. If you omit the /scope parameter, gpresult displays both user and computer settings. * /v specifies that the output display verbose policy information. * /z specifies that the output display all available information about Group Policy. Because this parameter produces more information than the /v parameter, redirect output to a text file when you use this parameter (for example, gpresult /z >policy.txt). * /? displays help at the command prompt. To run the gpresult command, use the following syntax: * gpresult [/s computer [/u domain\user /p password]] [/user target_user name] [/scope {user|computer}] [/v] [/z]
GPUPDTE
The gpupdate command refreshes local and Active Directory-based Group Policy settings, including security settings. * /target: { computer | user } processes only the computer settings or the current user settings. By default, both the computer settings and the user settings are processed. * /force ignores all processing optimizations and reapplies all settings. * /wait: value identifies the number of seconds that policy processing waits to finish. The default is 600 seconds. 0 means "no wait"; -1 means "wait indefinitely." * /logoff logs off after the refresh has completed. This is required for those Group Policy client-side extensions that do not process on a background refresh cycle but that do process when the user logs on, such as user software installation and folder redirection. This option has no effect if there are no extensions called that require the user to log off. * /boot restarts the computer after the refresh has completed. This is required for those Group Policy client-side extensions that do not process on a background refresh cycle but that do process when the computer starts up, such as computer software installation. This option has no effect if there are no extensions called that require the computer to be restarted. * /? displays help at the command prompt. To run the gpupdate command, use the following syntax: * gpupdate [/target:{computer|user}] [/force] [/wait:value] [/logoff] [/boot]
DEL
Use the del command to delete one or more files on the system. Common switches used with del are: * del [file] specifies the file to delete. Wildcards and multiple filenames can be given. * del /p prompts for confirmation before deleting the specified file(s).
DIR
Use the dir command to display a list of files and subdirectories in a directory. Common switches used with dir are: * dir /p pauses output at every page. * dir /s displays information in subdirectories. * dir /a[xx] displays files with the specified attributes: o Options may be combined, such as /arh, to show read-only, hidden files.
MD or MKDIR
Use the md and mkdir commands to create (make) a directory. Common switches used with md are: * md [directory] creates a new directory in the current directory. * md [path] [directory] creates a new directory in the directory specified by the path.
TASKKILL
The taskkill command is used to end running processes. * < taskkill /im [image_name] > kills the specified process by using its image name (e.g., mspaint.exe). * < taskkill /PID [pid_number]> kills the specified process by using its PID (e.g., 3572). * < taskkill /f > Sometimes a process will not respond the taskkill command. If this is the case, use the /f option with the command, which forces the process to close.
TASKLIST
The tasklist command displays a list of the processes that are currently running on the system. The output of the tasklist command includes a process ID (PID) that can be used to end the process.
Event Viewer
Use Event Viewer to view logs about programs, system events, and security. Each entry is listed as a warning, error, or information event. Events are added to the following logs: - The "Application log" contains a list of all application-related events such as application installations, un-installations, and application errors. - The "System log" contains a list of all system-related events such as system modifications, malfunctions, and errors. - The "Security log" contains a list of all security-related events such as security modifications and user login events. - Members of the "Event Log Readers group" are allowed to use Event Viewer to read the system's event logs. - During or shortly after startup, you might see an error message stating that a service has failed to start. -- Check the Event Viewer for additional information about which service failed to start and the reason why it did not load. - When a Blue Screen of Death (BSOD) on Windows, or the Pinwheel of Death on Mac OS appears, {among other things}, capture any error messages displayed. A smart phone is a great tool for doing this. Then check Event Viewer for recent events. Use the Internet to search for solutions based on the error. - When troubleshooting operating system problems, the system log files can be an invaluable resource for identifying exactly what happened. For example, Event Viewer displays messages generated by the Windows operating system and by applications running on the system. Each entry is categorized according to the severity of the issue it describes: o Information o Warning o Error o Audit success/failure Service fails to start: If a service fails to start, you will see a message such as: At least one service or driver failed during system startup. Use Event Viewer to examine the event log for details. Use Event Viewer to view details about the service that did not start, then try starting the service manually. If necessary, re-enable or re-install the service. - You should frequently check your logs in Event Viewer to identify suspicious behaviors.
Task Manager (and most common tabs)
Use Task Manager to view the current state of the system and running applications. Task Manager is made up of the following tabs: • Use the Processes tab to view the status of all current applications running on the computer. Use this tab to terminate unresponsive applications. • Use the Performance tab to view system-wide processor, memory, disk, and network statistics. • Use the App History tab to monitor Windows Store apps running on the system. • Use the Startup tab to enable or disable applications that start automatically when the system boots. • Use the Users tab to monitor users currently logged on to the system. • Use the Details tab to view the status of all current processes running on the computer and the CPU and memory resources they use. Use this tab to modify the priority of a process or terminate unwanted processes. • Use the Services tab to view a list of services running on the computer. You can use this tab to start and stop a particular service.
CD
Use the cd command to work with the current directory. Common switches used with cd are: * cd by itself shows the current directory (the current directory is usually showed in the command prompt as well). * cd [folder name] changes the current directory to the one specified (if the directory is within the current directory). * cd [full path] changes to the directory specified by the path. * cd .. changes the current directory to the immediate parent directory (moves up one directory level). * cd /D [file] [path] changes the current drive in addition to changing the directory.
COPY
Use the copy command to copy files from one location to another. Common switches used with copy are: * copy [source] [destination] copies the specified file to the new location. * copy [folder] [*.*] [path] [destination] copies all files with extensions in a folder to the new location. * copy /a specifies that the file is an ASCII text file. * copy /b specifies that the file is a binary file. * copy /n copies files using short filenames. * copy /y will not prompt you before each overwrite operation. * copy /v verifies files after they are copied. Be aware of the following for how moving (copying) files between partitions affects the file attributes: * When copying files from a FAT32 partition to another partition, the file attributes are retained. * When copying files from an NTFS partition to a FAT32 partition, attributes such as encryption and permissions that are not available in FAT32 are removed.
XCOPY
Use the xcopy command to copy files and directory trees. Common switches used with xcopy are: * xcopy /a copies files with the archive attribute set and doesn't change the attribute. * xcopy /m copies files with the archive attribute set and turns off the archive attribute. * xcopy /d copies files changed on or after the specified date. If no date is given, it copies only those files whose source time is newer than the destination time. * xcopy /p prompts you before creating each destination file. * xcopy /s copies directories and subdirectories (except empty ones). * xcopy /e copies directories and subdirectories, including empty ones. * xcopy /h copies hidden and system files also. * xcopy /r overwrites read-only files. * xcopy /k copies attributes. Normal xcopy will reset read-only attributes. * xcopy /y overwrites existing files without prompting.
SYSTEM.INI tab
[ The SYSTEM.INI tab gives Windows 98 and Windows XP users quick access to editing and enabling and disabling the Windows system.ini file.]
Side-by-Side View
[Enable Show windows side by side Make sure that you have at least two windows open. Then right-click anywhere on the taskbar and select Show windows side by side. The windows are resized according the number of windows to be displayed. You should note that windows that are minimized are not shown through this side by side interface. When you are done you can close the side by side interface. You can do this by right-clicking on the taskbar and selecting Undo Show all windows side by side] https://answers.microsoft.com/en-us/windows/forum/windows_10-start/windows-10-side-by-side/ee4d80ac-36c1-4d56-b813-22393df65a66
PowerShell
[PowerShell is a task-based command-line shell and scripting language built on .NET. PowerShell helps system administrators and power-users rapidly automate tasks that manage operating systems (Linux, macOS, and Windows) and processes. PowerShell commands let you manage computers from the command line. PowerShell providers let you access data stores, such as the registry and certificate store, as easily as you access the file system. PowerShell includes a rich expression parser and a fully developed scripting language.] https://docs.microsoft.com/en-us/powershell/scripting/overview?view=powershell-6
BOOT.INI tab
[The BOOT.INI tab gives Windows 98 and Windows XP users quick access to editing and enabling and disabling the Windows boot.ini file.]
MSCONFIG General tab
[The General tab is the default tab in the System configuration and shows how the computer will start, by default Normal startup should be selected. If you've changed any of the settings in the Boot tab or disabled any programs or services from starting up, the Selective startup will be selected. When the operating system uses Selective Startup, it will give you a reminder notification that Selective Startup is being used.] https://www.computerhope.com/jargon/m/msconfig.htm
"boot.ini" file
[The file boot.ini is a Microsoft initialization file found on the Microsoft Windows NT, Microsoft Windows 2000, and Microsoft Windows XP operating systems. This file is always located on the root directory of the primary hard drive. In other words, it is located at C:\ directory or the C Drive. This file is used by Microsoft Windows as a method of displaying a menu of operating systems currently on the computer and allowing the user to select what operating system to load. The information in boot.ini is also used to point to the locations of each of the operating systems.] https://www.computerhope.com/issues/ch000492.htm
Multi-monitor
[Two dual-monitor Digital Audio Workstation Multi-monitor, also called multi-display and multi-head, is the use of multiple physical display devices, such as monitors, televisions, and projectors, in order to increase the area available for computer programs running on a single computer system. Research studies[1][2][3] show that, depending on the type of work, multi-head may increase the productivity by 50-70%.] https://en.wikipedia.org/wiki/Multi-monitor
service
[When referring to computer software, a service is a software program or portion of a program that is loaded when another program is loaded. For example, a Microsoft Windows Service is part of Windows that is loaded each time Windows 2000 and above starts. An example of a Windows service is Messenger, which allows users to send messages to other Windows users on their network.] https://www.computerhope.com/jargon/s/service.htm
As a PC technician, you should be familiar with the symptoms of a malware infection. Look for the following:
•Slow computer performance •Internet connectivity issues •Operating system lock ups •Windows update failures •Renamed system files •Disappearing files •Changed file permissions •Access denied errors You should frequently check your logs in Event Viewer to identify suspicious behaviors. If you suspect a system has been infected, you should observe the following best practices to remove the malware: •Identify the malware symptoms. •Quarantine the infected system. •Disable system restore to prevent the malware from being saved in a restore point (and to prevent an uninfected restore point from being potentially deleted to make room for a new restore point). •Remediate the infected system. •Update the antimalware definitions. •Scan for and remove the malware. Some malware can be removed while the system is running normally. However, some malware can only be removed while in Safe Mode or in the Pre-Installation Environment. •Schedule future scans and updates. •Re-enable system restore and create a new restore point. •Educate end user to prevent the infection from happening again.