Lesson 2 - Managing Windows Flashcards
What is devmgmt.msc?
Device Manager allows you to view and edit the properties of installed hardware
What is diskmgmt.msc?
Disk Management is a console related to initializing, partitioning, and formatting disk drives (HDDs, SSDs, and optical drives)
What are the three volumes you can find on Disk 0 that is holding the OS?
- The system volume contains the files used to boot the OS. Uses a boot system called extensible firmware interface (EFI).
- The boot volume contains the operating system files and is usually allocated the drive letter C:
- Recovery partitions contain tools to repair a damaged installation &/or return the computer to its factory state.
What is initializing disks?
If you add an unformatted HDD, SSD, or thumb drive, you will be prompted to initialize it. You can choose whether to use the master boot record (MBR) or Globally Unique ID (GUID) Partition Table (GPT) partition style for the new disk. MBR and GPT refer to the way the partition information is stored on the disk
What is partitioning?
Each disk must be configured with at least one partition. You can create a new partition by right-clicking on an area of unpartitioned space. A wizard will prompt you to choose how much of the unallocated space to use and to select a file system.
What is formatting?
A new partition must be written with a file system - typically NTFS - to allow Windows to write and read files. The simpler FAT32 file system might be used for small, removable drives. You can also reformat existing partitions. This will delete all files from the volume. Along with the file system type, you can choose a volume label and allocation unit size
What is repartitioning?
Existing partitions can be expanded if there is unpartitioned space. Partitions can also be removed or shrunk to make space available
What is configuring dynamic disks?
If there is more than one disk available, a new dynamic volume can be configured. Dynamic volumes use multiple devices to implement some type of software RAID redundancy, such as mirroring. Now the feature is called Storage Spaces
What are the three main problems of file storage?
- Fragmentation: on a hard disk, ideally each file would be saved in contiguous clusters on the disk. In practice, over time as files grow, they become fragmented across non-contiguous clusters, reducing read performance.
- Capacity: It reduces over time. If the boot volume has less that 20% free space, performance can be impaired. When space drops below 200 MB, a Low Disk Space warning is generated.
- Damage: Hard disk operations are physically intensive, and the platters of the disk are easy to damage, especially if there is a power cut. If the disk does not recognize that a sector is damaged, files can become corrupted. SSDs can suffer from degradation of the memory circuitry, resulting in bad blocks, and can be damaged by impacts, overheating, and electrical issues.
What is dfrgui.exe?
Defragment and Optimize Drives tool runs various operations to speed up the performance of HDDs and SSDs
What does dfrgui.exe do on HDDs?
Defragmenting rewrites file data so that it occupies contiguous clusters, reducing the amount of time the controller has to seek over the disk to read a file
What does dfrgui.exe do on SSDs?
Data is stored in units called blocks that are not directly managed by the OS. The drive controller determines how blocks are used according to wear-leveling routines to minimize degradation of the solid-state cell. The main purpose of the optimizer tool is to instruct the controller to run a TRIM operation. TRIM is a provess by which the controller identifies data that the OS has marked as deletable and can then tag corresponding blocks as writable. The optimizer does perform a type of defragmentation operation on an SSD if it hold the OS and the system protection feature Volume Shadow Copy service is enabled
What is cleanmgr.exe?
The Disk Clean-up tool tracks files that can be safely erased to reclaim disk space. These files include ones deleted but still available in the Recycle Bin and various temporary files and caches. The tool can be run in administrator mode using the Clean up system files option to reclaim data from caches such as Windows Update and Defender
What is tasksch.msc?
The Task Scheduler runs commands and scripts automatically. Tasks can be run once at a future date or time or according to a recurring schedule. A task can be a simple application process or a batch file or script
What is lusrmgr.msc?
The Local Users and Groups console provides an advanced interface for creating, modifying, disabling, and deleting user accounts.
What is certmgr.msc?
The Certificate Manager console shows which certificates have been installed and provides a mechanism for requesting and importing new certificates
What are the certificates found in the Personal folder?
The Personal folder stores the certificates that have been issued to the user account. User certificates can be used for tasks such as authenticating to a network access server, encrypting data, and adding a digital signature to a document or message to prove its authenticity.
What are the certificates found in the Trusted Root Certification Authorities?
Trusted Root Certification Authorities contains a superset of the certificates of all issuers that are trusted, including Microsoft’s CA root, local enterprise CAs and third-party CAs. Most of these certificates are managed via Windows Update
What are the certificates found in the 3rd party Root CA?
Third-party Root Certification Authority contains trusted issuers from providers other than Microsoft or a local enterprise
What is gpedit.msc?
The Group Policy editor is a console related to configuring detailed user and system registry settings via policies. It provides a more robust means of configuring many of the Windows settings than editing the registry directly.
What is secpol.msc?
The Local Security Policy editor can be used to modify security settings specifically
What is regedit.exe?
The Registry Editor is a tool for making direct edits to the registry database, such as adding or modifying keys or values. The Registry Editor ca be used to make backups of the registry
What is the registry?
In the Windows registry, a key is analogous to a folder on the file system. Keys are used to group like settings together in a hierarchy that is logical to navigate
What is HKEY_USERS?
HKEY_USERS is a root key in the registry that is a database includes settings that apply to individual user profiles, such as desktop personalization. HKEY_CURRENT_USER is a subset of HKEY_USERS with the settings for logged in user.
What is the name of the binary files that the registry database is stored?
Hives
What is a hive?
A hive comprises a sign file (with no extension), a .LOG file (containing a transaction log), and a .SAV file (a copy of the key as it was at the end of setup).
What is a value entry?
Each root key can contain subkeys and data items called value entries. Subkeys are to folders as value entries are to files.
What are the three parts of a value entry?
- The name of the value
- The data type of the value (such as string or binary value)
- The value itself
What is MMC?
A Microsoft Management Console is a utility allowing Windows administrative tools to be added as snap-ins to a single interface. Most MMC snap-ins can be used to manage either the local computer or a remote computer.
You are supporting a user who has installed a vendor keyboard driver. The keyboard no longer functions correctly. Under Windows 10, what are the steps to revert to the previous driver?
Open Device Manager from the WinX menu, Instant Search, or the Computer Management console. Expand Keyboards, then right-click the device and select Properties. On the Driver tab, select Roll Back Driver.
You are troubleshooting an issue with a wireless adapter. When you open Device Manager, you find the device’s icon is shown with a down arrow superimposed. What does this mean, and why might this configuration have been imposed?
The icon indicates that the device has been disabled. It could be that there was a fault, or there may be a network configuration or security reason for disabling the adapter. In this sort of situation, use incident logs and device documentation to establish the reason behind the configuration change.
If a single physical disk is divided into three partitions, how many different file systems can be supported?
Three—each partition can use a different file system.
True or false? The dfrgui.exe utility should be disabled if Windows is installed to an SSD.
False. While solid state drives (SSDs) and hard disk drives (HDDs) have different mechanical and performance characteristics, it is still necessary to run the Defragment and Optimize Drives (dfrgui.exe) periodically to optimize performance.
In Windows, what is the difference between the boot partition and the system partition?
The system partition contains the boot files; the boot partition contains the system root (OS files). The boot partition is normally assigned the drive letter C. The system partition is not normally assigned a drive letter.
What is msinfo32.exe?
The System Information is a utility that provides a report of the PC’s hardware and software configuration. Running the tool produces an inventory of system resources, firmware and OS versions, driver file locations, environment variables, network status, and so on.
What is eventvwr.msc?
Event Viewer is a management console snap-in for viewing and managing logs on a Windows host.
What are the 4 main log files under Windows Logs folder in Event Viewer?
- System
- Application
- Security
- Setup
What type of logs can be found in the System log files in Event Viewer?
The System log contains information about events that affect the core OS. These include service load failures, hardware conflicts, driver load failures, network issues, and so on.
What type of logs can be found in the Application log files in Event Viewer?
The Application log contains information regarding non-core processes and utilities and some third-party apps. For example, app installers write events to the Application log.
What type of logs can be found in the Security log files in Event Viewer?
The Security log holds the audit data for the system.
What type of logs can be found in the Setup log files in Event Viewer?
The Setup log records event generated during installation.
What is taskmgr.exe?
The Task Manager tool can be used to monitor the PC’s key resources.
What information can found in the Processes tab in Task Manager?
View of each app or background process to view its sub-processes and view more clearly what resources each is taking up
What information can found in the Performance tab in Task Manager?
The Performance tab provides more information about the CPU, memory, disk, network, and graphics processing unit (GPU) subsystems
What information can found in the Memory tab in Task Manager?
The Memory page reports which slots have modules installed and the speed
What information can found in the Disk page in Task Manager?
The Disk pages report the type and capacity plus statistics for active time, response time, and read/write speeds.
What information can found in the CPU and GPU pages in Task Manager?
The CPU page shows the number of cores and logical processors (HyperThreading), multisocket, or virtualization enabled. The GPU page is shown if the system has a dedicated graphics adapter. It reports the amount of graphics memory available and utilization statistics.
What information can found in the Users tab in Task Manager?
The Users tab lets you see the people who are logged on, the info about the processes they are running, and the resource utilization associated with their account
What information can found in the Startup tab in Task Manager?
The Startup tab lets you disable programs added to the Startup folder or set to run using the registry
What information can found in the Services tab in Task Manager?
The Services tab monitors the state of all registered background processes.
What is resmon.exe?
Resource Monitor shows an enhanced version of the sort of snapshot monitoring provided by Task Manager
What is perfmon.msc?
Windows Performance Monitor can be used to provide real-time charts of system resources or can be used to log information to a file for long-term analysis
What are counter logs?
Counter logs allow you to collect statistics about resources, such as memory, disk, and processor. These can be used to determine system health and performance
What are trace logs?
Trace logs can collect statistics about services, providing you with detailed reports about resource behavior. In essence, trace logs provide extensions to the Event Viewer, logging data that would otherwise be inaccessible.
What does the counter “% Processor Time” mean for a Processor?
The percentage of time that the processor is executing a non-idle thread. In general terms, this should be low. If it is greater that 85% for a sustained period, you may have a processor bottleneck.
What does the counter “% Privileged Time” or “% User Time” mean for a Processor?
If overall processor time is very high (over 85% for sustained periods), it can be helpful to compare these. Privileged time represents system processes, whereas user time is software applications. If privileged time is much higher, it is likely that the CPU is underpowered.
What does the counter “% Disk Time” mean for a Physical Disk?
The percentage of elapsed time that the selected disk drive is busy servicing read or write requests. This is a good overall indicator of how busy the disk is. Again, if the average exceeds 85% for a sustained period, you may have a disk problem
What does the counter “Average Disk Queue Length” mean for a Physical Disk?
The number of requests outstanding on the disk at the time the performance data is collected. Taken with the preceding counter, this gives a better indicator of disk problems. For example, if the disk queue length is increasing and disk time is high, then you have a disk problem.
What does the counter “Available Bytes” mean for Memory?
The amount of memory available - this should not be below about 10% of total system RAM. If available bytes fall continuously, there could be a memory leak (that is, a process that allocates memory but does not release it again).
What does the counter “Pages/sec” mean for Memory?
The number of pages read from or written to disk to resolve hard page faults. This means your system is using the paging file. Nothing wrong as long as this is not excessive (averaging above about 50). You probably also want to check the paging file’s usage by viewing the paging object itself.
What does the counter “% Usage” mean for Paging File?
The amount of the pagefile instance in use in percent. If your paging file is currently 1000MB on the disk and this figure averages 50%, then it means you might benefit from adding memory (about 500 MB). Don’t forget that if your system pages excessively, then disk performance will suffer - paging is disk intensive.
What is msconfig.exe?
System Configuration Utility is used to modify various settings and files that affect the way the computer boots and loads Windows. The msconfig tool is frequently used to test various configurations for diagnostic purposes, rather than a permanently make configuration changes. Follow diagnostic testing, permanent changes would typically be made with more appropriate tools, like Services, to change the startup settings of various system services.
What is the BCD?
The Boot Configuration Data is information about operating systems installed on the computer located in \boot\bcd on the system partition. The BCD can be modified using the bcedit command-line tool or msconfig.
Identify how to open the tool shown in this exhibit. What single word command can you use to open the tool shown in the exhibit? How can this tool assist with troubleshooting?
Run the System Information tool using the msinfo32 command. This tool produces a comprehensive hardware and software inventory report. This configuration and version information will be useful for many troubleshooting tasks.
You take a support call where the user doesn’t understand why a program runs at startup when the Startup folder is empty. What is the likely cause, and how could you verify this?
The program has added a registry entry to run at startup. You could check this (and optionally disable the program) by using Task Manager.
You are monitoring CPU Usage and notice that it often jumps to 100% and then falls back. Does this indicate a problem?
Probably not—CPU Usage usually peaks and falls. If it stays over 80–90%, the system could require a faster CPU, or if it spikes continually, there could be a faulty application.
You have a computer with two SATA disks. You want to evaluate the performance of the primary disk. How would you select this in Performance Monitor, and what might be appropriate counters to use?
Select the Physical Disk object, select the counter, and then select the 0 C: instance. Counters that are useful for evaluating performance include % Disk Time and Average Disk Queue Length.
You are monitoring system performance and notice that a substantial number of page faults are occurring. Does this indicate that a memory module is faulty?
No—it shows the system is using the pagefile intensively and could benefit from more system RAM being installed.
What is cmd.exe?
The Command Prompt is a basic shell interpreter for Windows. It processes the legacy command set that has been part of Windows since its earliest versions.
What does this error mean “The requested operation requires elevation”?
The command prompt needs to be reopened with Administrator credentials “Run as administrator”.
How to get help in Command Prompt?
If you type help at the command prompt and then press ENTER, a list of available commands is displayed. If you enter help Command, the help system lists the syntax and switches used for the command. You can also display help on a particular command by using the /? switch. For example, netstat /? displays help on the netstat command.
What is dir command?
It is a command-line utility that displays information about the contents of the current directory. You can present files in a particular order using the /o:x switch, where x could be n to list by name, s to list by size, e to list by extension, or d to list by date. The date field can be set by the /t:x switch, where x is c for created on, a for last access, or w for last modified.
Another useful switch is /a:x, which displays files with the attribute indicated by x (r for Read-only, h for hidden, s for system, and a for archive).
A wildcard character allows you to use unspecified characters with the command. A question mark (?) means a single unspecified character. For example, the command dir ????????.log will display all .log files with eight characters in the file name.
What is cd command?
Command-line tool used to navigate the directory structure.
If the current directory is C:\Users\David and you want to change to C:\Users\David\Documents, enter: cd Documents
If the current directory is C:\Users\David\Documents and you want to move up to the parent directory, enter: cd ..
If the current directory is C:\Users\David and you want to change to the root directory of the drive, enter: cd \
If the current directory is C:\Users and you want to change to C:\Windows, enter: cd \Windows
What are the three-parts of this syntax: command Source Destination
Command: move command or copy command
Source: is the drive name, path, and name of the files to be moved/copied
Destination: the drive name and path of the new location
What is the xcopy command?
It is a utility that allows you to copy the contents of more than one directory at a time and retain the directory structure. The syntax for xcopy is: xcopy Source [Destination] [Switches]. You can use switches to include or exclude files and folders
What is the robocopy command?
The “robust copy” is another file copy utility. robocopy is designed to work better with long file names and NTFS attributes. You can also use robocopy to move files (/mov switch).
What is the md command?
It is a command-line to create a directory. For example, to create a directory called Data in the current directory, type md Data. To create a directory called Docs in a directory called Data on the A drive, when the current path is C:\, type md A:\Data\Docs
What is the rmdir command?
It is used to delete an empty directory, enter rd Directory or rmdir Directory. If the directory is not empty, you can remove files and subdirectories from it using the /s switch or use the /q switch to supress confirmation messages (quiet mode)
What is diskpart?
It is the command interface underlying the Disk Management tool
What is the basic process of inspecting disks and partitions?
- Run the ‘diskpart’ utility, and then enter ‘select disk 0’ at the prompt (or the number of the disk you want to check).
- Enter ‘detail disk’ to display configuration information for the disk. The utility should report that the partitions (or volumes) are healthy. If diskpart reports that the hard disk has no partitions, the partition table may have become corrupted.
- Enter either ‘select partition 0’ or ‘select volume 0’ at the prompt.
- Enter either ‘detail partition’ or ‘detail volume’ to view information about the object. You can now use commands such as ‘assign’ (change the drive letter), ‘delete’ (destroy the volume), or ‘extend’.
- Enter exit to quit diskpart.
What is the format command?
It writes a new few system to a drive. This process deletes any data existing on the drive. The basic command is format X: /fs:SYS, where X is a drive letter and SYS is the file system, such as NTFS, FAT32, or EXFAT. By default, the command performs a scan for bad sectors first. This scan can be suppressed by using the /q switch.
What is chkdsk?
chkdsk scans the file system and/or disk sectors for faults and can attempt to repair any problems detected.
What is autochk?
It is a version of Check Disk that will run automatically if the system detects file system errors at boot.
What are the three ways to run chkdsk?
- ‘chkdsk X:’ (where X is the drive letter but no switch is used) runs the tool in read-only mode. The scan will report whether errors need to be repaired.
- ‘chkdsk X: /f’ attempts to fix file system errors.
- ‘chkdsk X: /r” fixes file system errors and attempts recovery of bad sectors. You are prompted to save any recoverable data, which is copied to the root directory as filename.chk files.
What is this command: ‘shutdown /s’ ?
Shutdown. The ‘shutdown /t nn’ command can be used to specify delay in seconds before shutdown starts; the default is 30 seconds. If a shutdown is in progress, ‘shutdown /a’ aborts it.
What is this command: ‘shutdown /h’?
Hibernate. Save the current session to disk before powering off the computer.
What is this command: ‘shutdown /l’?
Log off. Close all open programs and services started under the user account, but leave the computer running.
What is this command: ‘shutdown /r’?
Restart. Close all open programs and services before rebooting without powering down. This is also called a soft reset.
What is the command sfc?
System File Checker provides a manual interface for verifying system files and restoring them from cache if they are found to be corrupt or damaged.
What is this command: ‘sfc /scannow’?
Runs a scan immediately of system files
What is this command: ‘sfc /scanonce’?
Schedules a scan of the system files when the computer is next restarted
What is this command: ‘sfc /scanboot’?
Schedules a scan of the system files that runs each time the PC boots.
What is the winver command?
It reports version information.
- Version refers to a feature update via a year/month code representing the time of release, such as 1607 (July 2016) or 21H1 (first half of 2021).
- OS Build is a two-part numeric value with the first part representing the brand plus feature update and the second rev part representing quality update status (patches).
You are attempting to run a command but receive the message “The requested operation requires elevation.” What must you do to run the command?
Run as Administrator when opening Command Prompt
Which Windows command is probably best suited for scripting file backup operations?
The robocopy command offers more options than those offered by the xcopy command, so it will usually be the better choice. The copy command is quite basic and probably not suitable.
Is the command format d: /fs:exfat /q valid? If so, what is its effect, and what precaution might you need to take before running it?
Yes, it is valid. It formats drive D with the exFAT file system by using a quick format (does not scan for bad sectors). This will delete the file table on the drive so existing data files can be overwritten—the formatted drive will appear to be empty in Explorer. If there are existing files that need to be preserved, they should be backed up before running the format command.
How do you perform a scan to identify file system errors in read-only mode?
At a command prompt, run chkdsk without any switches. Note that sfc is not the correct answer as this verifies the integrity of protected system files rather than checks the file system on a drive.
Why might you run the shutdown command with the /t switch?
To specify a delay between running the command and shutdown starting. You might do this to give users a chance to save work or to ensure that a computer is restarted overnight.
