Windows support Flashcards
what is active directory?
Active Directory simplifies life for administrators and end users while enhancing security for organizations. Administrators enjoy centralized user and rights management, as well as centralized control over computer and user configurations through the AD Group Policy feature. Users can authenticate once and then seamlessly access any resources in the domain for which they’re authorized (single sign-on). Plus, files are stored in a central repository where they can be shared with other users to ease collaboration, and backed up properly by IT teams to ensure business continuity.
what are some powershell commands to get info about: disks, partitions, printers?
The main cmdlets with which you can find out general information about disks and partitions:
Get-PhysicalDisk allows you to get information about physical disks, device characteristics.
Get-Disk display disk information at the logical level of the operating system.
Get-Partition show partition information on all drives.
Get-Volume display volume information on all disks.
- Get-Help
Get-Help is a simple but very useful command that enables admins to obtain helpful information about other PowerShell cmdlets, scripts, etc. If you need to know how the Get-EventLog command works, all you need to do is type “Get-Help -Name Get-EventLog” and Windows displays the full command syntax. - Get-Command
This displays the list of commands that correspond to the search parameter you entered. Admins can use this command by typing Get-Command followed by their search query. For instance, “Get-Command -service” displays all the commands associated with -service. - Get-Service
This command provides you with the list of services installed on your system. If you include the -Name switch as well as the name of the service as parameters to the Get-Service command, Windows will display the state of the service. - Get-Process
This command is similar to the Get-Service command. It’s used to get the list of all running processes on your computer. - Set-ExecutionPolicy
In line with security best practices, Windows has four built-in levels of access to the PowerShell environment. They are Restricted, All Signed, Remote Signed and Unrestricted.
Restricted — this locks down PowerShell and ensures that the environment is unable to run PowerShell scripts. You can only enter this command interactively.
Unrestricted — this removes all execution policy restrictions.
All Signed — in this mode, only scripts signed by trusted publishers are allowed to run.
Remote Signed — setting the execution policy to Remote Signed allows the execution of all scripts created locally. Scripts created remotely are allowed to run only if they are signed by trusted publishers.
To prevent the execution of malicious code in the PowerShell environment, scripting is disabled by default — i.e. set to Restricted. The Set-ExecutionPolicy command allows you to select your preferred level of security. All you need to do is enter the Set-ExecutionPolicy command and the policy name. For instance, “Set-ExecutionPolicy Unrestricted”.
PowerShell Remote Alerts
In this document you’ll find a PowerShell script that checks the status of the services listed below and sends an email alert if any of them is turned off:
Windows Firewall Windows Defender Windows Update Service Any installed third-party antivirus WP icon 6. Get-ExecutionPolicy As an IT admin working on unfamiliar computers and servers, you should first find out the status of the execution policy before running a script. The Get-ExecutionPolicy command helps you do this.
- Start-Service
The Start-Service command allows you to start any service on Windows — even if the service is disabled. To do this, append the name of the service to the Start-Service command. For example, ‘Start-Service -Name “WSearch”’ opens up Windows Search. - Start-Process
This is quite similar to the Start-Service command and allows you to start one or more processes via PowerShell. Use the Start-Process command followed by the requisite parameters to start a process. - Stop-Process
The Stop-Process command enables you to stop a process (or some of its instances) currently running on a computer. This is particularly useful when a process freezes up. Use the Get-Process command to get the process ID or name of the unresponsive process.
Terminate the process by typing the Stop-Process command with the process ID or process name. For instance, you can stop all Notepad processes using the following command:
Stop-Process -Name notepad
You can also stop a particular instance of a process using its process ID:
Stop-Process -ID 1943
10. ConvertTo-HTML
The ConvertTo-HTML command is a useful tool that admins can use to transfer the output of a PowerShell command/script into a report for further analysis or to send to someone else. For example, you may want to create a report that lists all the running processes on a local computer, as well as their current status. To do this, you can use this command:
Get-Process | ConvertTo-HTML -Property Name, Status > C:\processes.htm
This command will store the list of all running processes (in the form of a Web report) in a file ca
what are cached credentials?
What are cached credentials?
Windows 10 caches and stores usernames and passwords for Active Directory domains, other computers, apps like Outlook, websites, and FTP sites. This makes it easier to authenticate as you don’t have to type in the username and password every single time. But it does pose a risk of those credentials getting misused.
Where are Windows 10 credentials stored?
Active Directory credentials. Domain credentials (usernames and passwords are stored on the local computer’s registry as salted hashes. This is under HKEY_LOCAL_MACHINE\Security\Cache, found in the %systemroot%\System32\config\SECURITY file.
Generic credentials. You can view Website and Windows credentials by launching the Credential Manager (credwiz.exe).
Internet credentials. You can view Internet usernames and passwords in the Internet Control Panel (inetcpl.cpl). Run inetcpl.cpl, go to Content, scroll to Autocomplete, click Settings, and click on Manage Passwords.
how do you do a dns lookup on windows CLI?
How To Use NSLOOKUP to View Your DNS Records
Launch Windows Command Prompt by navigating to Start > Command Prompt or via Run > CMD.
Type NSLOOKUP and hit Enter. …
Set the DNS Record type you wish to lookup by typing set type=## where ## is the record type, then hit Enter.
what disk encryption options do we have in windows?
How does BitLocker work?
How BitLocker works with operating system drives
You can use BitLocker to mitigate unauthorized data access on lost or stolen computers by encrypting all user files and system files on the operating system drive, including the swap files and hibernation files, and checking the integrity of early boot components and boot configuration data.
How BitLocker works with fixed and removable data drives
You can use BitLocker to encrypt the entire contents of a data drive. You can use Group Policy to require that BitLocker be enabled on a drive before the computer can write data to the drive. BitLocker can be configured with a variety of unlock methods for data drives, and a data drive supports multiple unlock methods.
? whats it mean to get a temporary profile in windows and why might it happen?
Fix You’ve been signed in with a temporary profile error: When you try to login to Windows using your user account and you receive the following error message “You’ve been signed in with a temporary profile” then this means that your user account profile has been corrupted. Well, all your user profile information and settings are saved in Registry keys which can easily become corrupt. When the user profile gets corrupted Windows will log you in with a temporary profile rather than the standard user profile. In such case you will receive the following error message:
You’ve been signed in with a temporary profile.
You can’t access your files, and files created in this profile will be deleted when you sign out. To fix this, sign out and try signing in later. Please see the event log for more details or contact your system administrator.
what determines the order that GPOs are applied?
By default, Group Policy is inherited and cumulative, and it affects all computers and users in an Active Directory container.
GPOs are processed in the following order:
The local GPO is applied. GPOs linked to sites are applied. GPOs linked to domains are applied. GPOs linked to organizational units are applied. For nested organizational units, GPOs linked to parent organizational units are applied before GPOs linked to child organizational units are applied.
Note The order in which GPOs are processed is significant because when policy is applied, it overwrites policy that was applied earlier.
The Group Policy objects (GPOs) that apply to a user (or computer) do not all have the same precedence. Settings that are applied later can override settings that are applied earlier
The policies are applied in the hierarchy –> Local machines, Sites, Domains and Organizational Units.(LSDOU)
what’s in the SYSVOL directory?
What is the SYSVOL folder?
A: The SYSVOL folder stores the server copy of the domain’s public files that must be shared for
common access and replication throughout a domain.
All AD databases are stored in a SYSVOL folder and it’s only created in an NTFS partition. The
Active Directory Database is stored in the %SYSTEM ROOT%NDTS folder.
what’s SCCM used for?
Microsoft System Center Configuration Manager (SCCM) is a Windows product that enables the management, deployment and security of devices and applications across an enterprise. Amongst other potential uses, administrators will commonly use SCCM for endpoint protection, patch management and software distribution. SCCM is part of the Microsoft System Center systems management suite.
What is GPO ?
Q: What is Group Policy?
A: Group Policy allows you to implement specific configurations for users and computers. Group
Policy settings are contained in Group Policy objects (GPOs), which are linked to the following Active
Directory service containers: sites, domains, or organizational units (OUs).
Q: What are GPOs (Group Policy Objects)?
A: A Group Policy Object (GPO) is a collection of settings that control the working environment of
user accounts and computer accounts. GPOs define registry-based policies, security options, software
installation and maintenance options, script options, and folder redirection options.
There are two kinds of Group Policy objects:
Local Group Policy objects are stored on individual computers.
Nonlocal Group Policy objects, which are stored on a domain controller, are available only in
an Active Directory environment.
