Windows OS Flashcards
Windows boot sequence?
BIOS initializes the hardware
Master Boot Record at start of Disk0
Loads code from boot sector of the active partition.
Bootloader loads & runs the bootloader from the file system
What is Windows Registry?
a system-defined database in which applications and system components store and retrieve configuration data.
What format is windos Registry?
A Tree format.
Each node is called a key.
Each key contains a subkey and data entries called values.
What is HKCR?
HKEY_Classes_Root
key contains files name extension associations and COM classes registration information.
What is HKCC?
HKEY_Current_Config
containes information a bout the current hardware profile of the local computer system.
this is stored in memory by the system kernel in order to mapp all other subkeys.
HKCU
HKEY_CURRENT_USER
preferences include the setting environment variables, data about program groups, colors, printers, network connections.
What Registry is used for start up application
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
What are hives?
is a logical group of keys, subkeys in a regitry that has a set of supporting files containing backups of its dat.
HKLM\SAM
is usually appears empty for most users. Unless they are given permission by admin. it is used to reference all the security accounts manger databases for all domains in the local system has been administratively authorized or configured.
HKLM\SECURITY
normally empty unless given access. This is linked to the Security database of the domain into which the current user is logged on. The kernel will access it to read and enforce the security policy applicable to the current user. And all application and operations started by the user.
HKLM\System
Only writable by admins. It contains information about eh windows system setup, data for secure random number generator, list the currently mounted devices contain a files systems.
HKLM\SOFTWARE
contains software and windows settings. It is mostly modified by applications and system installers. It is organized by software vendor.
Also includes a policy subkey for enforcing general usage policies for applications an system service including central certificates store for authenticating, authorizing and disallowing remote systems or services running outside the local network domain.
How many are there What are the WinAPI?
They are 8? Base Services Advances services Graphic Devices Interfaces UI Common Dialog box library Common control library window shell network services.
What is Base Services?
Provides access to the basic resources availble to a windows system. Such as file systems, devices, process, threads, error handling. These files resides in System32 directory
What is Advances services?
Provides access to function beyond the kernel. Like windows registry,shutdow/restart the system, stat/stop/create window services, manage user accounts.
What is Graphic Devices Interface?
control external outputs.
What is UI?
Provides the functions to create an manage screen windows.
What is Common Dialog Box library?
provides applications the standard dialog boxes to open & save files, choose font, color etc.
What is Common Control Library?
gives application advanced control provided by the OS. Like status bars, grogress bars toolbars, tabs.
What is Window shell?
llows applications to access functions provided by OS shell. To change and enhance it.
What is Network Services?
gives various networking abilities of the OS. Netbios/winsock,netdde, rpc.
Windows File system type
FAT32
File path types
A volume letter followed by : ex C:
A directory name C:\DIRECTORY
An optional filename C:\DIRECTORY\filename.txt
Absolute filepath
is the full path
C:\Directory\FileName
\Directory\Gile name
Relative filepath
..\Directory\FileName
What is UNC?
Universal naming convention paths. which is used to access network resources.
\MYNETWORKDEVICELOCATION
Where is the host file stored in windows
C:\Windows\System32\Drivers\etc\
List the Admin share for windows?
How man are there
7
Diskvolumd$ Admin$ Fax$ Ipc$ Print$ Sysvol netlogn
User profile location
On XP and 2000 C:\Documents and Settings\Application Data
On Windows plus its C:\Users\user-name\AppData\Roaming
Windows directory layout
\Perflogs(Hidden) \Program Files \Program Files (x86) \ProgramData \Users -> Public ->[username]->AppData \Windows ->System,System32,SysWowo64 ->WinSxs
What in \Perflogs
May hold windows performance log, but on default configuration, it is empty.
what in \Program Files
32-bit architecture: All apps (both 16-bit and 32-bit) are installed in this folder.
64-bit architecture: 64-bit apps are installed in this folder.
What is \Program Files (x86) ?
Appears on 64-bit editions of Windows. 32-bit and 16-bit apps are by default installed in this folder, even though 16-bit apps do not run on 64-bit Windows
\ProgramData
Contains program data that are expected to be accessed by computer programs regardless of the user account in the context of which they run. For example, an app may store specific information needed to operate DVD recorders or image scanners connected to a computer, because all users use them. Windows itself uses this folder. For example, Windows Defender stores its virus definitions in \ProgramData\Microsoft\Windows Defender. Programs do not have permission to store files in this folder, but have permission to create subfolders and store files in them. The organization of the files is at the discretion of the developer.
\Users
User profile folders. This folder contains one subfolder for each user that has logged onto the system at least once. In addition, it has two other folders: “Public” and “Default” (Hidden). It also has two folder like-items called “Default User” (an NTFS junction point to “Default” folder) and “All Users” (a NTFS symbolic link to “C:\ProgramData”).
What in \User\Public
This folder serves as a buffer for users of a computer to share files. By default this folder is accessible to all users that can log on to the computer. Also, by default, this folder is shared over the network, although anonymous access (i.e. without a valid password-protected user account) to it is denied. This folder contains user data, not program data, meaning that users are expected to be sole decider of what is in this folder and how it is organized. It is unethical for an app to store its proprietary data here. (There are other folders dedicated to program data.)
What in \User[username]\AppData?
This folder stores per-user application data and settings. The folder contains three subfolders: Roaming, Local, and LocalLow. Roaming is for networked based logins for roaming profiles. Data saved in Roaming will synchronize to the computer when the user logs into that. Local and LocalLowdoes not sync up with networked computers.
What in \Windows
Windows itself is installed into this folder
What in \Windows ->Sys*
These folders store dynamic-link library (DLL) files that implement the core features of Windows and Windows API. Any time a program asks Windows to load a DLL file and do not specify a path, these folders are searched after app’s own folder is searched.”System” stores 16-bit DLLs and is normally empty on 64-bit editions of Windows. “System32” stores either 32-bit or 64-bit DLL files, depending on whether the Windows edition is 32-bit or 64-bit. “SysWOW64” only appears on 64-bit editions of Windows and stores 32-bit DLLs.
whats in \Windows\WinSxs
This folder is officially called “Windows component store” and constitutes the majority of Windows. A copy of all Windows components, as well as all Windows updates and service packs is stored in this folder. Starting with Windows 7 and Windows Server 2008 R2, Windows automatically scavenges this folder to keep its size in check. For security reasons and to avoid the DLL Hell issue, Windows enforces very stringent requirements on how the files in this folder are organized
What type of logging does windows uses?
Windows Event Logs
Where are logs stored in windows
C:\WINDOWS\systems32\config\ & C:\WINDOWS\system32\Winevrt\Logs
What are the log categories?
Application log System log Security log Directory Service log DNS Server log File replication services log
What is Application log?
Any event by an application. These are determined by the developers of the application.
What is System log?
Any event logged by the OS. Example failure to start a dirve etc.
What is Security log?
Any event that matters about the security of the system. Valid and invalid logins and logoff. File deletion.
What is Directory Services log?
records event of AD. This is available only on the domain controller
What is DNS server log?
records evnets for DNS server and name resolution.
What is File replication services log?
records events of domain controller replication.
Log types
Information warning error success audit failure audit
how to open a file?
just type file name.
How to use a space from the command line
use “”
What is the following command: attrib
sets or displays the read-only, archive, system, and hidden attributes of a file or directory. +- are used to add and remove
What is the following command: attrib +- H
adds/remove hidden to a file for directory
What is the following command: attrib +- S
adds/remove system attribute.
What is the following command: attrib /D
does the directory as well.
What is the following command: net
used to admin accounts on windows
net [accounts | computer | config | continue | file | group | help | helpmsg | localgroup | name | pause | print | send | session | share | start | statistics | stop | time | use | user | view]
what is the following command: diskpart
is used to manage windows drives (disk,partitions, volums, or virtual disk)
what is the following command: format
used to format disk for window.
what is the following command: set
list the environment variables
What is LDAP?
It provides a mechanism used to connect to, search, and modify Internet directories
SECURITY Accounts Manger
Is a database in Windows OS that contains user names password
Windows file protection
Application that watches certain files on the windows OS. If these files changes they change them back. This is used to monitor if files change restore them back,
Kerberos
Defines how the client interacts with a network authenticatin service.
Clients obtain tickets from Kerberos Key distribution center. And they present these ticket to the servers when connections are established. Added in windows server 2000
WINS
Windows Internet Name Service (WINS) is a legacy computer name registration and resolution service that maps computer NetBIOS names to IP addresses.
Windows defender
is an anti-spyware and anti adware software that is included as part of the operating system itself. Windows Defender can be updated like an Anti-virus solution.
Windows firewall
is a host based firewall that is included with each copy of Windows.
Data Execution Prevention
During the execution of a process, it will contain several memory locations that do not contain executable code. Attackers use these sections to initiate code injection attacks. After arbitrary code has been inserted, they can carry out attacks such as buffer overflows. Data Execution Prevention is a security technique that is used to prevent the execution of code from such data pages. This is done by marking data pages as non-executable. This makes it harder for code to be run in those memory locations.
User Account control
is a security feature first introduce in vista limit and privileges only to authorized user. If application tries to perform user must authenticate before running.
Bitlocker
is a full disk encryption
what is admin for windows hash?
What is the format
500
Format username:unique security ID number: LM hash : NTLM hash:::
NTLM
New Technology LAN Manager (NTLM) is a suite of Microsoft security protocols intended to provide authentication, integrity, and confidentiality to users.
What is Active Directory?
are the foundations of distributed networks built in windows 2000+.
provide secure structured hierarchal data storage objects for user, computers printers and services.
What are the concepts in Active Directory?
Attributes Containers and leaves Objects name and identities naming Contexts and directory partitions Domain Trees Forest Active Directory Server and Dynamic DNS Replication and data Integrity.
What are the concepts in Active Directory Attributes?
Each object in AD contains a set of attributes that define the characteristics of the object
What are the concepts in Active Directory Containers and leaves?
Containers are object that contain other objects. Leave are objects that can contain no other objects.
What are the concepts in Active Directory Objects name and identities?
Different identities for a given object.
Relative Distinguished Name
Distinguished Name
Object GUID
What are the concepts in Active Directory domain tree?
is made up of several domains that share a common schema and configuration, forming a contiguous namespace.
What are the concepts in Active Directory forest?
is a set of one or more domains trees that do not form a contiguous name space.
What are the concepts in Active Directory server and Dynamic DNS?
publish there addresses such that clients can find them knowing only there domain name.
What are the concepts in Active Directory replication and data integrity?
replicates on other servers to populate changes.
dir /a
shows the hidden directories of a folder
rmdir /s
removes the folder and everything in the folder
what does “create con”
Create a file and lets you add the test
what does “type filename”
displays the contents of the text file
what does more filename
displays the contents of the text file
what does del do?
deletes a file name