Overview of the Microsoft Windows Operating Systems
IN THIS TUTORIAL
- You will learn about Windows OS features
- You will learn about Windows boot process
- You will learn about Windows components
- You will learn about Windows Task Manager
- You will learn about System Configuration
- You will learn about Windows Firewall
- You will learn about Microsoft Anti Spyware software
- You will leran about Group Policy objects
- You will learn about managing User Accounts
- You will learn about Computer Management snap-in
- You will learn about Windows command lines
- You will learn about troubleshooting Windows errors
- WINDOWS XP BOOT PROCESS
- Windows 7 Boot Process
- Windows Layers and Components
- Viewing Process Information with Task Manager
- System Configuration (MSConfig)
- Windows Firewall
- Windows Defender
- Microsoft Windows Malicious Software Removal Tool
- Group Policy
- BitLocker and BitLocker To Go
- Managing User Accounts
- Computer Management
- File Properties
- Overview of the Windows Command Line
- Tips for Troubleshooting Windows Errors
This tutorial covers the most recent version of the Microsoft Windows client operating systems. This tutorial assumes you have no previous knowledge and allows you to start from the beginning to learn how to administer and support Windows Operating Systems.
To troubleshoot problems on Windows systems, you must be familiar with the basic architecture of the OS. The architecture defines how the OS functions instead of what it can do, the features define what it can do, and understanding it is essential to grasping many of the topics discussed later.
The first OS Microsoft sold was MS-DOS 1.0. The very name, Disk Operating System, was indicative of the time when it was released.
The primary function of the OS was to allow for the loading of applications and the management of disks or storage. DOS was, and is, a text based operating system. It had no built-in GUI, and it worked with basic typed commands. Many of these commands still exist in the most current Windows OSs. The DOS OS was popular from 1981 all the way to 1999. After 1999 and the release of Windows 2000, the GUI based OS became more popular in business settings. The Windows Graphical User Interface (GUI) is composed of windows, buttons, text boxes, Start Menu, taskbar and other navigation elements.
Many of the elements that we use every day in modern versions of Windows have their beginnings in the early days of personal computers. The Command Prompt, which is still very useful in Windows Operating Systems, is based on the functionality of the command interpreter, COMMAND.COM, that was part of MS-DOS. You can still use many of the same commands today that people used in the 1980s.
For more information about the history of Microsoft Windows, visit: http://http://windows.microsoft.com/en-US/windows/history
There were many new features and changes from Windows XP to Windows Vista and later version of the Windows OS.
Some of these new features:
Improved Desktop Windows Vista introduced a new Desktop called Windows Aero. Windows Aero offers Vista Home Premium, Vista Business, Vista Ultimate, and Vista Enterprise users a more stable Desktop.
Computers running Windows Aero require a compatible graphics adapter.
Aero is hardware-based premium visual experience or graphical user interface that implemented in Windows Vista which includes effects such as transparent glass design, subtle window animations, animated cursors, new window color and eye candy.
Windows Aero is revised in Windows 7, with several UI changes, a more touch-friendly UI and many new visual effects and features, including mouse gestures.
Windows Aero requires high system specifications in order to work, with the minimum requirements of at least 1 GHz 32-bit (x86) or 64-bit (x64) processor, 1 GB (gigabyte) of system memory and a DirectX 9 compatible graphics accelerator processor card with a minimum of 128 MB of Video RAM, installed with Windows Display Driver Model (WDDM) driver.
Disk Management, utility that allows you to create, resize and delete hard disk partitions on the fly, without having to boot into a special disk utility or purchase additional software.
Windows Sidebar, Windows Vista introduced a new vertical bar called the Windows Sidebar. The Windows Sidebar has mini-applications running within the bar called gadgets. Windows 7 has removed the Windows Sidebar, but you can still add gadgets to the Windows 7 Desktop.
Parental Controls, Parental Controls allows the computer administrator (or parent) to configure how other family members will be able to use the computer system.
Parental Controls has many more uses than simply stopping your children from playing games late at night .
It can also be used to limit access to certain software packages .
You might, for instance, have some work related software on your home PC that you don't want other users to access.
Windows Mail, A replacement for Outlook Express that includes a new mail store that improves stability, and features integrated instant search.
It has the Phishing Filter like Internet Explorer 7 and Junk mail filtering that is enhanced through regular updates via Windows Update.
Windows Media Center, which was previously exclusively bundled in a separate version of Windows XP, known as Windows XP Media Center Edition, has been incorporated into the Home Premium and Ultimate editions of Windows Vista and 7.
Windows DVD Maker, a companion program to Windows Movie Maker that provides the ability to create video DVDs based on a user's content.
Users can design a DVD with title, menus, video, soundtrack, pan and zoom motion effects on pictures or slides.
Shadow Copy automatically creates daily backup copies of files and folders. Users can also create "shadow copies" by setting a System Protection Point using the System Protection tab in the System control panel.
The user can view multiple versions of a file throughout a limited history and be allowed to restore, delete, or copy those versions. This feature is available only in the Business, Enterprise, and Ultimate editions of Windows Vista and is inherited from Windows Server 2003.
Windows System Assessment Tool (WinSAT), is a module of Microsoft Windows Vista, Windows 7, and Windows 8 that is available in the Control Panel under Performance Information and Tools (except in Windows 8.1 and Windows 10).
WinSAT is a tool used to benchmark system performance and reports them as a Windows Experience Index (WEI) score.
Software such as games can retrieve this rating and modify its own behavior at runtime to improve performance.
The benchmark tests CPU, RAM, 2-D and 3-D graphics acceleration, graphics memory and hard disk space.
The Windows Experience Index score is not displayed in Windows 8.1 and Windows 10 because the graphical user interface for WinSAT was removed in this version of Windows, although the command line winsat tool still exists and operates correctly Obtaining the WEI score from the command line is done by invoking winsat formal command.
Windows Ultimate Extras, The Ultimate edition of Windows Vista provides, via Windows Update, access to some additional features. These are a collection of additional MUI language packs, Texas Hold 'Em (a Poker game) and Microsoft Tinker (a strategy game where the character is a robot), BitLocker and EFS enhancements that allow users to back up their encryption key online in a Digital Locker, and Windows Dreamscene, which enables the use of videos in MPEG and WMV formats as the desktop background. On April 21, 2008, Microsoft launched two more Ultimate Extras; three new Windows sound schemes, and a content pack for Dreamscene.
Various DreamScene Content Packs have been released since the final version of DreamScene was released.
Windows Anytime Upgrade, is a program that allows a user to upgrade their computer running Windows Vista or Windows 7 to a higher edition. For example, a computer running Windows Vista Home Basic can be upgraded to Home Premium or better. The advantages of using Anytime Upgrade are that your programs and data aren't erased, it just installs the extra features of the edition you're upgrading to, and the price is less to upgrade than to replace your installation of Windows with the edition you wish to upgrade to. Anytime Upgrade is no longer available for Vista
Problem Reports and Solutions, a feature that allows users to check for solutions to problems or view previously sent problems for any solutions or additional information, if available.
Windows Update Software and security updates have been simplified, now operating solely via a control panel instead of as a web application. Windows Mail's spam filter and Windows Defender's definitions are updated automatically via Windows Update.
Users who choose the recommended setting for Automatic Updates will have the latest drivers installed and available when they add a new device.
Improved Windows Firewall, Firewalls are hardware devices or software applications that either restrict or allow users and data from an internal or external source. Microsoft Vista and later versions of Windows OS included an improved version of the software based firewall.
Windows Defender , An antispyware program with several real-time protection agents. It includes a software explorer feature, which provides access to startup programs, and allows one to view currently running software, network connected applications, and Winsock providers (Winsock LSPs).
User Account Control , Introduced with Windows Vista and Windows Server 2008, the User Account Control (UAC) allows a standard user to perform many functions without an Administrator account.
UAC helps prevent inadvertent or malicious changes to critical system processes by putting a security layer between the user and any action that Windows determines could cause harm to or destabilize the operating system .
UAC is a useful but not a foolproof way to protect Windows Vista and later versions of Windows OS from attack .
WINDOWS XP BOOT PROCESS
Knowing boot process of Windows OS will help you troubleshot boot errors.
Power supply unite switched on.
The power supply performs a self-test.
When all voltages and current levels are acceptable, the supply indicates that the power is stable and sends the Power Good signal to the processor.
The microprocessor timer chip receives the Power Good signal.
With the arrival of the Power Good signal the timer chip stops sending reset signals to the processor allowing the CPU to begin operations.
The CPU loads the ROM BIOS starting at ROM memory address FFFF:0000 which is only 16 bytes from the top of ROM memory.
As such it contains only a JMP (jump) instruction that points to the actual address of the ROM BIOS code.
The ROM BIOS checks to see if this is a 'cold-start' or a 'warm-start'.
If this is a cold-start the ROM BIOS executes a full P.O.S.T (Power On Self Test). If this is a warm-start the memory test portion of the
P.O.S.T is switched off.
The ROM BIOS performs a basic test of central hardware to verify basic functionality.
Any errors that occur at this point in the boot process will be reported by means of 'beep-codes' because the video subsystem has not yet been initialized.
Errors occur during the P.O.S.T can be classified as either 'fatal' or 'non-fatal'.
A non-fatal error will typically display an error message on screen and allow the system to continue the boot process. A fatal error, on the other hand, stops the process of booting the computer and is generally signaled by a series of beep-codes.
The BIOS searches for adapters that may need to load their own
ROM BIOS routines. The BIOS locates and reads the configuration information stored in CMOS.
If the first bootable disk is a fixed disk the BIOS examines the very first sector of the disk for a Master Boot Record (MBR). For a floppy
the BIOS looks for a Boot Record in the very first sector.
On a fixed disk the Master Boot Record occupies the very first sector at cylinder 0, head 0, sector 1. It is 512 bytes in size.
If this sector is found it is loaded into memory and tested for a valid signature.
A valid signature would be the value 55AAh in the last two bytes.
Lacking an MBR or a valid signature the boot process halts with an error message which might read:
NO ROM BASIC - SYSTEM HALTED
A Master Boot Record is made up of two parts - the partition table which describes the layout of the fixed disk and the partition loader code which includes instructions for continuing the boot process.
With a valid MBR loaded into memory the BIOS transfers control of the boot process to the partition loader code that takes up most of
the 512 bytes of the MBR.
The partition loader (or Boot Loader) examines the partition table for a partition marked as active.
The partition loader then searches the very first sector of that partition for a Volume Boot Record.
The Volume Boot Record is also 512 bytes and contains a table that describes the characteristics of the partition and also the jump code that locates the first of the operating system files.
The active partition's volume boot record is checked for a valid boot signature and if found the boot sector code is executed as a program.
The loading of Windows XP is controlled by the file NTLDR which is a hidden, system file that resides in the root directory of the system partition.
NTLDR will load Windows XP in four stages:
1) Initial Boot Loader Phase
2) Operating System selection
3) Hardware Detection
4) Configuration Selection
During the initial phase NTLDR switches the processor from real mode to protected mode which places the processor in 32-bit
memory mode and turns memory paging on.
It then loads the appropriate file system drivers to allow NTLDR to load files from a partition formatted with any of the files systems supported by Windows XP.
Windows XP supports partitions formatted with either the FAT-16, FAT-32, or NTFS file system.
If the file BOOT.INI is located in the root directory NTLDR will read it's contents into memory.
If the file BOOT.INI is not found in the root directory NTLDR will continue the boot sequence and attempt to load XP.
Windows (specifically Ntldr) uses the Boot.ini file to determine which operating system options to display when the Startup program is running.
If BOOT.INI contains entries for more than one operating system NTLDR will stop the boot sequence at this point, display a menu of operating system choices, and wait for a specified period of time for the user to make a selection.
Assuming that the operating system being loaded is Windows NT, 2000, or XP pressing F8 key at this stage of the boot sequence to
display various boot options including "Safe Mode" and "Last Known Good Configuration".
The Last Known Good Configuration It's a Windows startup option that uses the most recent system settings that worked correctly. Every time you turn your computer off and Windows shuts down successfully, important system settings are saved in the registry. If a problem occurs, you can restart your computer using those settings. For example, if a new driver for your video card is causing problems, or an incorrect registry setting is preventing Windows from starting correctly, you can restart your computer using Last Known Good Configuration.
If the selected operating system is XP, NTLDR will continue the boot process by locating and loading the NTDETECT.COM program to perform hardware detection.
NTDETECT.COM collects a list of currently installed hardware components and returns this list for later inclusion in the registry under
the HKEY_LOCAL_MACHINE\ HARDWARE key.
NTLDR begins loading the XP kernel (NTOSKRNL.EXE).
During the loading of the kernel (but before it is initialized) NTLDR remains in control of the computer.
The screen is cleared and a series of white rectangles progress across the bottom of the screen.
NTLDR also loads the Hardware Abstraction Layer (HAL.DLL) at this time which will insulate the kernel from hardware.
Both files are located in the \Windows\System32 directory.
NTLDR now loads device drivers that are marked as boot devices.
With the loading of these drivers NTLDR relinquishes control of the computer.
Every driver has a registry subkey entry under HKEY_LOCAL_MACHINE\SYSTEM\Services.
Any driver that has a Start value of SERVICE_BOOT_START is considered a device to start at boot up.
The HAL is called to prepare the interrupt controller; the Memory Manager, Object Manager, Security Reference Monitor, and Process
Manager are initialized.
NTOSKRNL goes through two phases in its boot process - phase 0 and phase 1. Phase 0 initializes just enough of the microkernel and executive subsystems so that basic services required for the completion of initialization become available.
At this point, the system display a graphical screen with a status bar indicating load status.
Phase 1 begins when the HAL is called to prepare the system to accept interrupts from devices.
If more than one processor is present the additional processors are initialized at this point.
The initialization of I/O Manager begins the process of loading all the systems driver files.
Picking up where NTLDR left off, it first finishes the loading of boot devices.
Next it assembles a prioritized list of drivers and attempts to load each in turn.
The failure of a driver to load may prompt Windows XP to reboot and try to start the system using the values stored in the Last Known Good Configuration.
Kernel launches the Session Manager Subsystem (SMSS).
SMSS is responsible for creating the user mode environment that provides the visible interface to XP.
SMSS starts the graphics subsystem and login processes.
SMSS loads the win32k.sys device driver which implements the Win32 graphics subsystem.
Shortly after win32k.sys starts it switches the screen into graphics mode.
The Services Subsystem now starts all services mark as Auto Start.
Once all devices and services are started the boot is deemed successful and this configuration is saved as the Last Known Good Configuration.
The XP boot process is not considered complete until a user has successfully logged onto the system.
The process is begun by the WINLOGON.EXE file which is loaded as a service by the kernel and continued by the Local Security Authority (LSASS.EXE) which displays the logon dialog box.
The Service Controller then takes control and scans the services subkey of the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet for services with a Start value of 0x2, and loads them in order.
Once a user has successfully logged on, the whole boot process is considered successful. It is at this point that the Clone control set is copied to the LastKnownGoodRecovery configuration.
Windows 7 Boot Process
Windows 7 boot process not so much different than Windows XP only differences is that the few boot critical files are different. Windows XP boot loader NTLDR is replaced by BOOTMGR, the Windows Vista and later version of the Windows OS boot manager is BOOTMGR. Also Windows XP boot configuration file, BOOT.INI, has been replaced with the Boot Configuration Database (BCD), the BCD lives in the boot folder of the System Volume and can be edited with the Bcdedit command line tool.
The MBR finds and loads the Volume Boot Sector and the NT Sector.
The NT Boot Sector has the ability to read FAT32 and NTFS. The NT Boot Sector finds and loads BOOTMGR.
BOOTMGR checks for hibernation state. If it's found, it loads WINRESUME.EXE.
BOOTMGR mounts and extracts basic boot information from BCD (Boot Configuration Data).
BOOTMGR loads and passes control to WINLOAD.EXE.
In that respect, winload.exe is functionally equivalent to the operating system loader function of NTLDR in prior versions of Windows NT.
WINLOAD.EXE then loads NTOSKRNL.EXE, HAL.DLL, dependencies, boot drivers, and the SYSTEM registry hive.
WINLOAD.EXE then loads and executes NTOSKRNL.EXE and transfers control to the kernel.
NTOSKRNL.EXE initializes the kernel itself, initializes the display driver.
NTOSKRNL.EXE then passes control to the Session Manager SMSS.EXE.
SMSS.EXE loads the rest of the registry, loads the WINLOGON.EXE process to create the user session, and then starts the services and the rest of the non-essential device drivers and the security subsystem LSASS.EXE.
The Service Controller then takes control and scans the services subkey of the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet for services with a Start value of 0x2, and loads them in order.
After a user has successfully logged into the machine, Winlogon.exe does the following:
User and Computer Group Policy settings are applied.
Startup programs are run from the following locations:
- HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
- "%UserProfile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
- "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp"
Once a user has successfully logged on, the whole boot process is considered successful. It is at this point that the Clone control set is copied to the LastKnownGoodRecovery configuration.
Windows Layers and Components
The Windows OS is divided into layers, or modes of operation. The first is Kernel mode and the second is User mode. Kernel mode is where the operating system kernel, device drivers and other low-level processes operate. User mode is where your applications, such as Microsoft Word or Excel, and environment subsystems run.
System Support Processes
System support processes include system processes that do not run as services.
These include processes like the logon process (WINLOGON.EXE) and the Session Manager subsystem (SMSS.EXE).
The Session Manager is the first User mode process that starts when the OS loads.
The Session Manager launches environment subsystems and the WINLOGON.EXE process.
The Windows application programming interface (API) is the user-mode system programming interface to the Windows operating system family .
The Windows API consists of thousands of callable functions.
Almost all Windows programs interact with the Windows API, on the Windows NT line of operating systems.
Dynamic link libraries (DLLs)
The last User mode component is the subsystem DLLs. Contain code that can be called upon by other processes so that programmers need not re-create the code for each application.
Service processes are those system or application processes that do run as services.
These include system services like the Task Scheduler and the Print Spooler, but they also include non-system services like SQL Server, which is a database server service.
A service is an application or innate operating system component that provides services (capabilities) to the network, the local machine, or both.
While the executive is in charge of process and thread management, the kernel is in charge of thread scheduling.
It decides which thread gets processor time and on which processor it gets time at any moment.
It is also responsible for synchronization when multiple processors are used and for interrupt handling through the interrupt objects, which work in relation to the I/O Manager.
Device drivers are Kernel mode components that provide a communication interface between the I/O Manager within the executive and the actual hardware for which they are written.
Device drivers place calls to the Hardware Abstraction Layer, described next, to communicate with the hardware.
Device drivers may be used to communicate with specific hardware or with file systems, networks, and other protocols.
Hardware Abstraction Layer (HAL)
The HAL does exactly what its name implies—it abstracts or disconnects the OS from the core hardware, such as the processor architecture. Because of the HAL, Windows can run on systems that support 32-bit processing (x86) or 64-bit processing (x64).
Additionally, with the x86 processors, it can run on either Advanced Configuration and Power Interface (ACPI) PCs or Advanced Programmable Interrupt Controller (APIC) PCs.
Processes, Threads, and Jobs
Although programs and processes appear similar on the surface, they are fundamentally different.
A program is a static sequence of instructions, whereas a process is a container for a set of resources used when executing the instance of the program.
Despite of the fact that a thread must execute in process, the process and its associated threads are different concept.
Processes are used to group resources together and threads are the entities scheduled for execution on the CPU.
A process, in the simplest terms, is an executing program. One or more threads run in the context of the process.
A thread is the basic unit to which the operating system allocates processor time.
A thread can execute any part of the process code, including parts currently being executed by another thread.
Viewing Process Information with Task Manager
Windows Task Manager enables you to monitor the applications, processes, and services currently running on your PC.
The built-in Windows Task Manager provides a quick list of the processes on the system .
- You can start Task Manager by pressing Ctrl + Alt + Delete keys.
- You can also start Task Manager by pressing Ctrl + Shift + ESC keys.
- You can also right-click the taskbar and select Task Manager.
To display additional details, choose Select Columns from the View menu and select additional columns to be added.
You can use Task Manager to start and stop programs and to stop processes.
If you want to exit a program, select the program and click the End Task button.
If you want to end a process and all processes directly or indirectly related to it, right-click the process that you want to end, and then click End Process Tree.
This feature is useful when you have an open program that is no longer responding to input commands.
MANAGING APPLICATIONS WITH TASK MANAGER
The Applications tab displays the status of the programs that are running on the computer.
For each task, you will see the name of the task and the current status (Running, Not Responding, or Stopped).
To match a process with a running program, right-click the program name on the Applications tab of Windows Task Manager, and then click Go To Process.
To make the application window active, select it and click the Switch To button.
To start a program, from menu bar click File --> New Task… In the Create New Task dialog box type your command or click Browse button to locate the application.
This procedure is very similar to starting a program by using the Run command dialog box on the Start Menu.
MANAGING PROCESSES WITH TASK MANAGER
The Processes tab displays information about the processes that are running on the computer.
A process can be an application that you start or subsystems and services that are managed by the operating system.
Notice that processes are identified by the name of the image of which they are an instance .
For each process, you will see the Image Name (the name of the process), the User Name (the user account that is running the process), CPU (the amount of CPU utilization for the process), Memory (Private Working Set) (the amount of memory that is being used by the process), and Description (a description of the process).
If you’re not sure what a processes is, you can right-click it and select “Search online” to search for it in your default search engine.
To manage a process, right-click it and choose an option from the context menu. You can choose to end the process, end the process tree, debug the process, specify virtualization, create a dump file, or set the priority of the process (to Realtime, High, Above Normal,
Normal, Below Normal, or Low).
If your computer has multiple processors installed, you can also set processor affinity (the process of associating a specific process with a specific processor) for a process.
By default, only your processes are shown. To display processes from all users, including System, Local Service, and Network Service, click Show Processes From All Users button.
MANAGING SERVICES WITH TASK MANAGER
The Services tab of the Task Manager lists all the services that can run on the computer.
For each service, you will see the Name (the name of the service), the PID (the associated process identifier),
Description (a description of the service, Status (whether a process is Running or Stopped), and Group (the service group).
- To start or stopped a service, right click the service name and select Start.
- To stop a running service, right click the service and select Stop .
- You can also open the Services tool by clicking the Services button.
The Services tool allows you to specify whether a process starts automatically, automatically with a delayed start, manually, or is disabled.
MANAGING PERFORMANCE WITH TASK MANAGER
Click the Performance tab to view a dynamic overview of the performance of your computer.
This information is similar to the information tracked by Performance Monitor.
The Performance tab shows the following information:
- CPU usage, in real time and in a history graph
- Memory usage, in real time and in a history graph
- Physical memory statistics
- Kernel memory statistics
- System totals for handles, threads, processes, uptime, and the pagefile
Click the Resource Monitor button to launch the Resource Monitor that you can also find in Performance Monitor.
MANAGING NETWORKING WITH TASK MANAGER
The Networking tab of the Task Manager, provides an overview of your networking usage.
Statistics for each adapter are displayed at the bottom of the tab.
MANAGING USERS WITH TASK MANAGER
The Users tab of the Task Manager, shows the active and disconnected users on your computer.
For each user, you will see the User (the name of the user), the ID (the current user ID), Status (whether Active or Disconnected), Client Name, and Session (whether the user is connected via the console session or by another method, such as Remote Desktop).
- To send a message to a user, select the user and click the Send Message button.
- To connect to a user session, right-click the user and select Connect.
- To disconnect a user session, select the user and click the Disconnect button.
- To log off a user, select the user and click the Logoff button.
System Configuration (MSConfig)
To access System Configuration, click Start Menu on the taskbar or on your keyboard .
Type msconfig in to Start Menu search box, and press Enter key on your keyboard .
The General tab is the default tab in the System Configuration and shows how the computer will start, by default Normal startup should be selected. If you've changed any of the settings in the Boot tab or disabled any programs or services from starting up, the Selective startup will be selected. If Selective startup is enabled and startup programs or services have been disabled, a notice will appear when the computer first starts letting you know that the Selective startup is enabled.
The Boot tab is a very important one. Here you can view the operating systems installed on your computer and select the default one (if you have a multi-boot setup). In Advanced options, you can adjust such settings as the Number of processors to use during boot, maximum memory, and other debug options.
The Services tab allows you to enable or disable any of the Microsoft Windows services or other third party program services you have running on the computer. Check the "Hide all Microsoft services" box at the bottom of the window to only see non-Windows services such as driver services and program services. Unchecking a box will disable the service from starting.
One of the most useful hidden features in Windows OS, and indeed in every version of Windows OS, is the MSConfig.
On this tab, you will see a list of all the programs that start automatically when Windows OS starts up .
You can stop all the programs you don’t want to run every time you logon to Windows OS.
Minimizing the number of programs that run automatically at startup will reduce boot time.
Note: Starting with Windows 8, Windows 8.1 and Windows 10 Microsoft has removed this feature in the System Configuration utility and moved it into the Windows Task Manager Startup tab.
The Tools tab gives you quick access to all the Microsoft Windows system tools. For example, Event Viewer, Command Prompt etc..
For more information about System Configuration (msconfig.exe) utility visit: http://www.7tutorials.com/how-use-system-configuration-tool-all-its-awesomeness
A firewall is software or hardware that checks information that comes from the Internet or from a network. Then, the firewall either blocks the information or lets the information pass through to your computer.
Whether information is blocked or passed through depends on your firewall settings.
A firewall can help prevent malicious software (such as worms) from gaining access to your computer through a network or the Internet. A firewall can also help stop your computer from sending malicious software to other computers. Windows XP, Windows XP Service Pack 2 (SP2), and Windows XP Service Pack 3 (SP3) include firewall software.
Many people prefer to use a third-party firewall with Windows .
Third-party firewalls can offer more features and more protection than the standard Windows firewall, but they can also be quite intrusive and complicated to use .
For advanced PC users, or for people who are always careful about what they click and open when browsing the Internet, the standard firewall that comes with Windows 7 is perfectly adequate Windows Firewall is a two-way firewall that will block incoming and outgoing traffic, unlike the inbound-only block included with Windows XP firewall.
By default, Windows Firewall settings provide adequate protection for most situations; however, more advanced controls might be necessary in certain environments, such as in a home where people play Internet games or share files, or in an office where Windows Firewall could block access to a network or file share .
To correct some Windows issues, especially network connection problems where a program or service cannot communicate with the outside world or your network, you might need to set more appropriate permissions for the program or service .
Windows Firewall alerts you when a program wants to be allowed through the firewall .
If you accidentally give permission to a program and later want to deny it access through your firewall, you can do this on the main Windows Firewall options panel by clicking Allow A Program Or Feature Through Windows Firewall.
A list of programs that have firewall access appears. Clear the check boxes for the programs and features you want to block.
To change these permissions, you will need to access the advanced settings.
Click Advanced Settings in the blue pane of the Windows Firewall main window.
The Windows Firewall with Advanced Security window opens with a whole array of options for controlling your firewall and access to and from your PC. The advanced firewall controls let you access and set inbound and outbound rules.
To learn how to manage Windows Firewall with Advanced Security visit: http://www.7tutorials.com/gain-additional-control-using-windows-firewall-advanced-security
The Windows Defender, formerly known as Microsoft AntiSpyware, is a software product that helps combat malware. Windows Defender was initially an antispyware program; it is included with Windows Vista and Windows 7 and is available as a free download for Windows XP and Windows Server 2003. In Windows 8, 8.1 and Windows 10 however, it is upgraded to an antivirus program.
Windows Defender needs to be updated regularly, like all anti-virus and anti-malware products, and you can do this through Windows Update .
Accordingly, you should make sure that Windows Update is set to download updates automatically.
Some anti-malware products included with anti-virus packages turn off the Windows Defender service .
You should not worry too much about this; it’s only anti-virus software that can do this, not malware .
You can turn Windows Defender back on, but doing so could cause a conflict with your other anti-malware software.
As mentioned earlier, Windows XP, Vista and 7 does not include anti-virus software, so you need to add an independent anti-virus package when you install the operating system on your computer.
Microsoft Windows Malicious Software Removal Tool
If you review the updates your computer receives through Windows Update, you might notice something called the Microsoft Windows Malicious Software Removal Tool.
This is an extra tool in addition to Windows Defender that’s updated monthly by Microsoft and runs automatically on your PC . It can also be downloaded from the Microsoft website . As another anti-malware tool, it will check your computer for viruses and malware, try to remove any it finds, and report this information to Microsoft .
This is a useful tool but should not be considered a replacement for separate anti-virus and anti-malware products.
You can star Microsoft Windows Malicious Software Removal Tool by typing MRT into ‘Run’ dialog box, Command Prompt and Start Menu.
Group Policy is a set of rules that you can apply to help manage users and computers. Group Policy is the de facto method for administrators to centralize the management of computers and users within an Active Directory directory service domain.
Group Policy applies to all areas of configuration, including software, security, Microsoft Internet Explorer, the registry, and much more. It is no secret that Group Policy requires Active Directory to be a full-fledged powerhouse of a management solution.
Although you can have local Group Policy objects (GPOs) that control a single computer.
The security section of a Group Policy object has numerous settings that all target the security of the computer being configured. Other settings allow control over passwords, group membership, Internet Explorer, firewalls, and more.
Another benefit of the evolution of Group Policy is software distribution.
When the software distribution feature of Group Policy was developed, it was important that Microsoft Installer (MSI) packages could be distributed using this technology.
This made Group Policy a valid alternative to other technologies that managed the installation of software.
Local Group Policy Editor can be access by typing gpedit.msc in the Start Menu search box.
The Group Policy Editor interface is split into two main sections: Computer Configuration and User Configuration .
Each of these sections is subdivided further into Software Settings, Windows Settings, and Administrative Templates.
- Computer Configuration Administrators can use Computer Configuration to set policies that are applied to computer, regardless of who logs on to the computers. Computer Configuration typically contains sub-items for software settings, Windows settings, and administrative templates.
- User Configuration Administrators can use User Configuration to set policies that apply to users, regardless of which computer they log on to. User Configuration typically contains sub-items for software settings, Windows settings, and administrative templates.
Fortunately, all of the available options in Group Policy Editor are clearly labeled, and all include detailed descriptions of what happens when you edit them . This can help you understand how each selection will affect you and other users on your PC so you can make informed choices .
Step-by-Step Guide to Understanding the Group Policy Feature Set visit: https://msdn.microsoft.com/en-us/library/bb742376.aspx
BitLocker and BitLocker To Go
The BitLocker, first introduced with Windows Vista, is available only in the Enterprise and Ultimate editions of Windows 7. It is a full disk encryption system that uses the Advanced Encryption Standard (AES) cryptography method .
BitLocker works several different ways in Windows 7, depending on what you are encrypting and what hardware you have in your PC.
The BitLocker To Go allows you to encrypt a USB drive and restrict access with a password. Without the password, the USB drive is worthless.
Managing User Accounts
There are a great many ways to manage users on a PC and to prevent anyone from installing unauthorized software, making unnecessary changes, and downloading and opening harmful files from the Internet . With UAC, a user can bypass security warnings by simply clicking through a dialog box .
For better security on a multi-user desktop, you can set the main user as an administrator and all other users as standard users . Standard users have far fewer privileges to change Windows Settings.
They are even further restricted if you establish a password for the administrator account so nobody can click through a UAC dialog box without entering the administrator user account password.
On a multi-user PC, protecting the main administrator account with a password prevents other users from logging in as the administrator and upgrading their own accounts from standard users to administrators .
To set up additional user accounts on your PC, follow these simple instructions.
1. On the Start Menu, click Control Panel, click User Accounts, and then click Manage Another Account.
2. Click Create A New Account near the bottom of the window that appears.
3. Enter a name for the new user, select Standard User or Administrator, and then click Create Account button.
What Is the Guest Account?
A guest account is simply an existing standard user account that can be switched on and off as needed . It should be noted that unless you have a password on your administrator account, anyone logged in as the guest user will be able to click Yes on UAC security prompts . The guest account prevent occasional visitors from making changes on your PC.
Computer Management is a collection of Windows administrative tools that you can use to manage a local or remote computer. The tools are organized into a single console, which makes it easy to view administrative properties and to gain access to the tools that are necessary to perform your computer-management tasks.
The Computer Management console consists of a window divided into two panes.
The left pane contains the console tree; the right pane contains details.
When you click an item in the console tree, information about that item is displayed in the details pane.
The information that is displayed is specific to the item that you select.
The administrative tools in Computer Management are grouped into the following three categories in the console tree:
- System Tools
- Services and Applications
Each category includes several tools or services:
- Event Viewer Use the Event Viewer tool to manage and view events that are recorded in the Application, Security, and System logs. You can monitor the logs to track security events and to identify possible software, hardware, and system problems.
- Shared Folders Use the Shared Folders tool to view connections and resource in use on the computer. You can create, view, and manage shares, view open files and sessions, and close files and disconnect sessions.
- Local Users and Groups Use the Local Users and Groups tool to create and manage your local user accounts and groups.
- Performance Logs and Alerts Use the Performance Logs and Alerts tool to configure performance logs and alerts to monitor and collect data about your computer's performance.
- Device Manager Use Device Manager to view the hardware devices installed in your computer, update device drivers, modify hardware settings, and troubleshoot device conflicts.
- Removable Storage Use the Removable Storage tool to track your removable storage media and manage the libraries, or data-storage systems, that contain them.
- Disk Defragmenter Use the Disk Defragmenter tool to analyze and defragment volumes on your hard disks.
- Disk Management Use the Disk Management tool to perform disk related tasks such as converting disks or creating and formatting partitions. Disk Management helps you manage your hard disks, and the partitions or volumes that they contain.
Services and Applications
- Services Use Services to manage services on local and remote computers. You can start, stop, pause, resume, or disable a service.
- WMI Control Use WMI Control to configure and manage the Windows Management Instrumentation (WMI) service.
- Indexing Service Use Indexing Service to manage the Indexing service, and to create and configure additional catalogs to store index information.
To start and use Computer Management on the local computer:
- Click Start Menu, and then click Control Panel. Click Performance and Maintenance, click Administrative Tools, and then double click Computer Management.
- You can also start Computer Management by right clicking the Computer icon from Start Menu and select Manage.
File properties are details about a file, such as author names, tags, or the date when a file was last modified and created.
The file properties has four tabs:
General tab displays basic information about files including its location, type, size, size on the disk, date it was created, modified and last accessed and file read-only, hidden attributes. You can change the the program that opens it by clicking the “Change” button. The “Advanced” button lets you compress and/or encrypt the file add or take away the file from index for searching and add or take away the archive bit.
Security tab shows you who has access to read and modify the file and its attributes and lets you change those permissions.
To learn about NTFS File Permissions visit: http://www.ntfs.com/ntfs-permissions.htm
Details tab displays the meta tags associated with the file as well as a wide variety of other information including the basic file information shown in General tab.
Previous Versions tab are either backup copies of file and folder that you backup by using “Backup and Restore Center” or shadow copies of files folders that Windows saves automatically as part of a restore point. Shadow copies can be copies of files on your computer or shared files on a computer on a network. You can use previous version of file to restore a file you accidentally modified or deleted or that were damaged.
Overview of the Windows Command Line
The command line is built into the Microsoft Windows operating system and is accessed through the command shell window. Every version of Windows has had a built-in command line, used to run built-in commands, utilities, and scripts. Although the command line is powerful and versatile, some Windows administrators never use it. If you are happy using the graphical administration tools, you may be able to use them forever without ever having to do anything more than point and click.
For proficient Windows administrators, skilled support staff and committed power users, however, the Windows command line is inescapable. Knowing how to use the command line properly, including which command-line tools to use when and how to put the tools to work effectively, can mean the difference between smooth-running operations and frequent problems. And if you’re responsible for multiple domains or networks, learning the time saving strategies that the command line offers is not only important, but essential, for sustaining day-to-day operations. You not only discover the vast array of commands that are at your disposal but you also see how to automate those commands so that you can save significant time and effort while performing administrative tasks. At one time, everyone worked at the command line. In fact, when you started the computer, you saw a command prompt and you never really left it the entire time you worked with the computer.
The days of DOS are gone and the command line is seemingly gone with it—or is it? The command line still exists and you can use it to make your life easier. In addition, working at the command line can help you automate tasks and work considerably faster. Working at the command line doesn’t mean that you have to perform tasks manually or memorize arcane syntax. It’s true that you had to do that in the past to an extent, but even in the past, people created batch files so all they needed to remember was the batch file name and not the difficult series of command line switches for executing a command.
Explaining command line needs its own tutorial thread instead of doing that I will provide you with website URL address links which is where you can learn about command line.
“An A-Z Index of the Windows CMD command line”
“ The Windows Command Line, Batch Files, and Scripting”
You can open Command Prompt by:
Typing cmd.exe into Start Menu search box.
If used without parameters, help command lists and briefly describes every system command.
To view information about a command, type following:
To view information about Copy command type:
Tips for Troubleshooting Windows Errors
As everybody says Google is your friend and it very true. if error message pop up you can copy its error description message text and paste it to google search box. You can copy the error message text from dialog box by clicking the error message dialog box and press CTRL + C keys to copy the content of the error message dialog box. If you want more information about error that happened than view all Windows error logs with “Even Viewer” console you can google search the Event ID number with its Source of the error.
System File Checker Tool (SFC.exe)
If a Windows Resource Protection (WRP) file is missing or is corrupted, Windows may not behave as expected. For example, some Windows functions may not work, or Windows may crash. System File Checker (Sfc.exe) is a command line utility in Windows that allows users to scan for corruptions in Windows system files and restore corrupted files.
Run the System File Checker tool (SFC.exe).
Open an elevated Command Prompt:
- Type Cmd.exe into Start Menu search box
- Right click Cmd.exe select Run as administrator
- At the command prompt, type the following command, and then press ENTER key:
The sfc /scannow command will scan all protected system files, and replace corrupted files with a cached copy that is located in a compressed folder at %WinDir%\System32\dllcache. In Windows Vista and later versions Windows OS there isn’t a ‘dllcache’ folder the Winsxs folder, stores cached copies of the Windows system files.
In case you are unable to start the System File Checker and you instead get the “Windows Resource Protection Could Not Start the Repair Service” error, you may want to check up if Windows Modules Installer service has been Disabled. To do so, type services.msc in Start Menu search box and hit Enter. The startup type of this service should be set to Manual. Double click the Windows Modules Installer service name to set its startup type to Manual.