Operating Systems

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Hold three copies of data, on two different forms of media, and one copy held offsite and offline

3-2-1 Rules

Based on the CPU, this determines the bit length of the memory address. Operating systems have different versions based on how many bits the CPU has. 32 bit has less processing power as a result slower

32 bit vs 64 bit

There are basic settings, but there are also more advanced settings that can be accessed that allow more control over your browser by using chrome://flags or about:config or something else depending on your browser.

Advanced browser settings.

Remember frequency and retenton Full Only - Backs up everything into a single file. This option takes up the most space and time. Low recovery complexity Full with Incremental - Does a full only back up, then proceeds to do incremental file back ups only of files that were modified after the last file backup. High recovery complexity This is the least amount of time and space. Full with Differential - Does a full only back up, then proceeds to do incremental file back ups only of files that were modified after the last full backup. This is moderate time and space used. Moderate recovery complexity

Backup Chains

Operating System by Google for chromebooks and other netbooks

Chrome OS

eventvwr.msc

Command for Event Viewer

msinfo32.exe Has hardware information

Command for System Information

devmgmt.msc

Command for device manager

net view net view \\<servername> is for specific server information

Command to display all servers on local network

net user

Command to look at user accounts or modify them

certmgr.msc Don't give malware certificates

Command to see certificates

tracert IP address or pathping IP address. This will record each access point it connects to and the speed it took to reach that point unless there is an error. Each point is considered to be a hop. This can be used to find the point of failure. pathping will ping each router to determine the round trip to better measure latency. If a host cannot be found, it will still show all the routers that it passes through. If there is a routing issue, double check that your ISP does not have any wider network outages, and if not, try restarting the router.

Command to track path of packet

If there is an issue with name resolution: nslookup /option host dnsServer. You can compare your domain with somebody else's domain and compare their results to see if there are any configuration issues.

Command to troubleshoot DNS

Digital Rights Management (Copyright for media)

DRM

Updates to antivirus that is daily or hourly that updates antivirus about new viruses that exist

Definition/pattern updates

wf.msc

Firewall command

Grandfather-father-son. Scheme that determines retention of files based on how often it is modified. This is usually connected with tape drives, but can sometimes apply to hard drives.

GFS

Globally Unique Identifier Partition Table. This is UEFI based boot partition and allows up to 128 primary partitions and allows larger partitions. GPT can be used as MBR if the computer firmware does not recognize GPT

GPT

Hardware Compatibility List. Windows has a compatibility list that lists all the tested and supported hardware for Windows

HCL

Go to advanced system settings > System Protection. Checkpoints should be made automatically but you can make changes here. System restore will rollback operating system to a chosen checkpoint without removing most files. System restore can be accessed through rstrui.exe

How to configure System Restore

Control panel > System and Security > Windows Defender Firewall > Allow an app or...

How to configure firewall

MMC > Add shared folders > right-click > properties > profile > configure settings as you wish. This is an old way of doing this and has the drawback of limiting files to one computer. You can set up a roaming profile which loads your files from a shared drive when you sign in then uploads any changes to the shared drive when you sign out, which can be slow if big files are being dealt with. You can also use folder redirection under group policies to default people's files to a shared drive.

How to create home folder

Control Panel > Backup and Restore > Create a system image and add it to USB. If you need to use it, you can use it under Advanced Boot Options or System Image Recovery. If you do not have a recovery image, then you may need to reinstall windows via Reset this PC. If reseting the PC and giving the PC away, remove all files and select the option to securely delete files.

How to create recovery image

Find "Indexing Options" in the control panel or through Windows search bar

How to edit "search" settings for file explorer

Right click folder > Properties > Advanced > Encrypt Not available on Home addition

How to encrypt individual files

Cannot be joined through Windows Home. Domain can be accessed through System Properties (sysdm.cpl) or through the "Access work or school" option under accounts.

How to join a domain

Incident Response Plan

IRP

secpol.msc

Local Security Policy. (Look at)

msra.exe

MSRA

System that requires the user to log in before the desktop is loaded when using RDP. This is to prevent DDoS attacks.

NLA

They grant permissions for both local access and network access. Right click folder > security

NTFS permissions

When an antivirus checks a file before user opens it in order to determine if it is safe or not.

On-access scanning

Preboot eXecution Environment. UEFI firmware that allows you to connect to a server over the network that contains boot files or files to install an OS to the computer. Computers that have this option may also support internet-based boot

PXE

%Usage - The amount of paging is occurring on the drive. If this number is too large, then it will impact disk performance. Paging is disk intensive.

Paging Counter (For Performance Monitors)

A device that combines the features of a smartphone with a tablet.

Phablet

This is to remove the host from the main network. This is recommended if you suspect that there is malware on your computer

Quarantine

mstsc.exe To enable the ability to use RDP into another computer, it must be enabled under settings > system > remote desktop. Use Select users to configure who is allowed to access the computer remotely. Advanced settings have more configuration options

RDP

Investigate and verify malware symptoms. Quarantine infected systems. Disable System Restore in Windows. Remediate infected systems: - Update anti-malware software. - Scanning and removal techniques (e.g., safe mode, preinstallation environment). Schedule scans and run updates. Enable System Restore and create a restore point in Windows. Educate the end user.

Removing malware

A type of trojan that disguises itself as an antivirus

Rogue Antivirus

This is a software update for the antivirus to make sure that it scans better.

Scan engine/component updates

It hides it but can still be accessed through cmd

Significance of $ at the end of a shared folder name

There are different power levels using the Advanced Configuration and Power Interface (ACPI) power modes. S0: Power On S1-S3: Standby/Suspend to RAM - Cuts power to most devices except for RAM S4: Hibernate/Suspend to disk - Cuts power to most devices except for the disk. RAM memory gets transferred over to disk and added to a data file (hiberfil.sys) S5: Soft power off G3: Mechanically off

Sleep Modes

Spyware can change settings and add bookmarks and other changes, so if you notice them and don't remember changing them, then... URL redirecting Certificate warnings

Symptoms of malware affecting browser

When you use back up files in order to create a new full backup file.

Synthetic Backup

This is a program that can be used to schedule scans for any damaged or malicious use of system files, registry keys, and files. sfc /scannow - Runs scan immediately sfc /scanonce - Runs scan on next reboot sfc /scanboot - Runs each time the computer boots. sfc /verifyonly - Scans files but does not attempt to repair them

System File Checker

sysdm.cpl You can change hostname here

System Properties

Try to boot into safe mode to see if the graphical driver is messed up and fix that. If it does not load anything, then perhaps the OS needs to be repaired or recovered. You can check if the OS is responsive if you do start+ctrl+shift+b, where you will hear a beep and the display will reinitialize. Check if msconfig needs to be set back if this occurs after changing msconfig settings. If this happens too often, then use chkdsk

What happens if it looks like the OS loads but there is a black screen.

winver Version refers to last feature update (1607 is July 2016 or 22H2 is second half of 2022) OS Build is a two numbered code where first number represents feature update and the second number represents patches. This number can be used to determine if there have been any known issues with this update. About settings page has more information regarding the OS though

cmd command to check Windows version

dir to list directories md or mkdir to make a directory in the current directory rd or rmdir to remove directory rmdir /s to remove all files and subdirectories in addition to the directory itself

cmd directory commands

Run diskpart, then enter select disk 0 or whatever numbered disk that needs to be analyzed, then enter detail disk to display configuration information regarding the disk. It should say that all the partitions are healthy, but if it says that there is no partition table, then that means that the partition table is probably corrupted. Enter select partition 0 or select volume 0 or whatever numbered partition that you want to select, and enter detail partition or detail volume to get more information regarding the partition. You can use the commands assign, delete, or extend here to manage partition.

diskpart command

format C: /fs:NTFS or whatever drive letter and filesystem that you want to use. This will scan the drive for bad sectors first before continuing. You can use the /q switch to disable this. This command will remove data on the drive, but this can be recovered through third-party software

format command

shutdown /s - Shutdown shutdown /h - Hibernate shutdown /l - Log off shutdown /r - Restart /t adds a timer /a aborts shutdown

shutdown command

Replaced AutoRun from legacy Windows which would automatically run code on USB or CD that would be inserted into a computer so that you can access the files, which is bad if there is malware. Now with AutoPlay, which prompts the user to take an action when USB is inserted first. AutoPlay settings can be configured under Settings > Devices.

AutoPlay

Settings > Update and Security > Backup

Backing up data or folders

Try testing the restore function, on a test file or in a virtual machine. Configure software used to verify the backup after it creates it. Run chkdsk regularly to ensure nothing gets corrupt. Verify backup contains all contents. Items should be backed up any time you have to do hardware maintenance inside a computer

Backup Testing and Recovery Best Practices

cleanmgr.exe This can remove whatever unnecessary files to reclaim some space back

Command for disk clean-up

dfrgui.exe

Command for disk defragmentor/optimizer

diskmgmt.msc

Command for disk management

lusrmgr.msc You can modify user permissions and accounts here

Command for local users and group console

perfmon.msc

Command for performance monitor

gpedit.msc This has settings that is likely not found under Settings or Control Panel

Command for policy editor

regedit.exe

Command for registry editor

resmon.exe

Command for resource monitor

services.msc

Command for services

msconfig.exe. Gives options regarding booting. Can enter safemode, limit resources, access services, access admin tools, etc.

Command for system configuration

taskmgr.exe

Command for task manager

tasksch.msc You can schedule commands and batch files here if you want

Command for task scheduler

netstat -a is used to show all connections -b is time consuming but runs executables to determine the name of the application involved with each connection -n displays connections in numerical form

Command that shows all open ports and listening ports

gpupdate applies any changed made to group policies immediately. You can use /force to reapply unchanged group policies as well. gpresult to show result.

Command to update group policies

bootrec /fixmbr is to fix MBR. Do not use this command if the computer is using GPT bootrec /fixboot is to fix boot sector bootrec /rebuildbed is to add missing Windows installation to the BCD

Commands to recover OS if no OS is found

%Disk Time - Percentage of time that the disk is performing read and write requests. If this over 85% for an extended period of time, then there might be a disk problem. Average Disk Queue Length - The number of requests outstanding on the disk. If this number is increasing and %Disk Time is high, then there is likely a disk problem.

Disk Counters (For Performance Monitors)

SHREDDING, INCINERATING, DEGAUSSING

Disposal of storage media

End-user license agreement.

EULA

Settings > Network & Internet > Status

How to perform network reset and clear network configurations

Instead of System Restore, it might be work checking control panel > programs > programs and features > uninstall an update.

How to remove recently installed Windows Updates

ipconfig /all to see lease information ipconfig /release AdapterName to remove lease ipconfig /renew AdapterName to renew lease

How to replace lease from IP in case it is either missing or incorrect

Device manager > right click > properties > driver > roll back

How to roll back driver

Right click a network folder and select Map Network Drive, assign a letter, and check "Reconnect on Sign-in" unless you only want it to be temporary. This can be done through the command line too net use M: \\<servername>\<folder> /persistent:yes is to map folder to drive letter M net use M: /delete deletes the specified map drive (M in this case). net use * /delete deletes all mapped drives You can turn of network discovery afterwards

How to set up a mapped drive

ipconfig /displaydns If cache records are out of date from above, then use ipconfig /flushdns

How to troubleshoot DNS issues regarding name records

User > Properties > Account > Unlock account If user forgot password. Right click account and right-click reset password.

How to unlock account that has been locked due to too many failed attempts

There should be an error message that pops up that you can look up. Logs can also be found in %SystemRoot%/WindowsUpdate.txt

If a Windows Update failed...

Master Boot Record. Creates a partition of 512 MB for the operating system. A drive can support up to 4 primary partitions that can have an operating system installed, with one of them marked as active. Each primary partition will start with a boot sector or partition boot record (PBR) that facilitates loading the operating system. This is for Legacy boot devices. This can only be used by using BIOS and not UEFI

MBR

Use Task Manager to terminate suspicious processes. Execute commands at a command prompt terminal, and/or manually remove registry items using regedit. Use msconfig to perform a safe boot or boot into Safe Mode, hopefully preventing any infected code from running at startup. Boot the computer using the product disc or recovery media, and use the Windows Preinstallation Environment (WinPE) to run commands from a clean command environment. Remove the disk from the infected system, and scan it from another system, taking care not to allow cross-infection.

Manual virus removal steps

Available Bytes - The amount of memory available. This shouldn't really be below 10%. If this number decreases over time, then there could be a memory leak. Pages/Sec - The number of pages written and read from disk because of page faults. This number should not be averaging above 50. Check paging usage

Memory Counters (For Performance Monitors)

ping 127.0.0.1

Ping loopback address

%Processor Time - Percentage of time that the processor is executing a non-idle thread. If this number is above 85% for a long period, then there could be a processor bottleneck %Privileged Time - This can be useful to look at if %Processor Time is very high. This represents system processes, so if this is high too, then the CPU is under-powered %User Time - This can be useful to look at if %Processor Time is very high. This represents software processes.

Processor Counters (For Performance Monitors)

Based on the bits for the CPU, RAM can be limited. 32 bit CPU can only use 4 GB as the maximum size of memory, while 64 bit is 16 exabytes. This number is far bigger than anything we need today, and it is regularly limited on purpose by software and licenses. For example, Windows 10 Home edition is only limited to 128 GB of RAM. (Pro is 2TB, and enterprise and pro for workstations is 6TB)

RAM limitations

RDP Restricted Admin (RDPRA) Mode and Remote Credential Guard can be used to mitigate some risk of logging into a system remotely that has malware on it.

RDPRA

Create a fresh restore point or system image and a clean data backup. Validate any other security-critical services and settings that might have been compromised by the malware. Verify DNS configuration—DNS spoofing allows attackers to direct victims away from the legitimate sites they were intending to visit and toward fake sites. As part of preventing reinfection, you should inspect and re-secure the DNS configuration. Re-enable software firewalls—If malware was able to run with administrative privileges, it may have made changes to the software (host) firewall configuration to facilitate connection with a C&C network. An unauthorized port could potentially facilitate reinfection of the machine. You should inspect the firewall policy to see if there are any unauthorized changes. Consider resetting the policy to the default. Run another antivirus scan and disable quarantine if computer is safe.

Re-enable system restore

You can run 32 bit operating systems and applications on 64 bit hardware, but not vice versa. Updating an operating system could also mess with old software that previously worked. Not all software is available for every operating system

Software Compatability

Viruses - Requires you to run an executable which then affects other files Boot Sector Viruses - These are viruses that intend to attack the boot sector Trojans - Virus that conceals itself as legitimate software while it is running malware in the background Worms - Malware that can replicate itself and spread itself to other hosts. Fileless Malware - Uses scripts or batch files to do malicious stuff. This is not necessarily an executable.

Types of malware

Backdoor - When malware is installed that allows an attacker to remote into the computer to either unleash more malware, add it to a botnet, or gain greater access into a network. The attacker uses a command and control (C&C) host or network to establish a connection to the compromised host. Spyware - Malware that can perform reconfiguration of browser settings Keylogger - Malware that records keystrokes Rootkit - Malware that finds a way to get elevated permissions so it can do anything Ransomware - Malware that tries to escort money out of the user Cryptominer - Malware that uses your resources to mine crypto

Types of malware payloads

End-of-life: When the developer stops updating an operating system, there will be no more patches, updates, or technical support for it. Software developers will also stop creating applications that support the operating system. This also goes for outdated versions of an operating system. If someone doesn't update their operating system or switch to a non-discontinued operating system, then security flaws that won't be patched can appear and could affect the user experience

Vendor Specific Limitations

You can change a policy or registry to enable highly detailed status messages for more details. msconfig.exe under boot tab may have boot logging or more information during booting. Usually this is caused by loading drivers and services, but there could be some form of file corruption as well. If the person can sign in but the desktop is very slow to load, then perhaps the profile become corrupted, in which case, you'll need to make a new profile, and transfer over all the files except for the NTUSER.DAT, NTUSER.DAT.LOG, and NTUSER.INI files.

What to do if system boots but very slowly.

Advanced sharing settings in control panel. You can turn on network discovery here. Under "All Networks", you can turn off password protected sharing

Where to configure sharing options

Task Manager

Where to disable which process start on boot up

System Configuration. You can launch other settings here to through "Tools"

Where to find boot options

Services

Where to turn off background process or restart them.

move source destination copy source destination xcopy source destination robocopy source destination xcopy and robocopy are both designs to copy the contents of more than one directory, but robocopy is more preferred for this. Robocopy can tolerate network interruptions. /v verifies that copy was successful /y suppresses prompting /-y prompts you if you are overwriting

cmd copy commands

If it says that the IP address or domain name is unreachable, then that means that the host is disconnected or undiscoverable. If host is supposed to be up, then there is some configuration issue. If router IP is unreachable then there must be a configuration issue. This is assuming that both hosts are on the same network. No reply (request timed out) means that the message was sent to the hose but it didn't reply. Either host is down or configured to not respond.

ipconfig failure messages


Set pelajaran terkait

Basic Timer Control: On-Delay and Off-Delay

View Set

Leadership exam 2 part 1 (ch. 7,8, 12,13 HALF)

View Set

Key Concepts in Economics and Agribusiness Management

View Set

SM Analysis of Financial Statements

View Set

Chapter 67: Coordinating Care for Patients With Sexually Transmitted Infection

View Set