3 - Windows OS

DOS (Disk Operating System)

An operating system that the computer uses to enable data storage devices to read and write files

MS-DOS

Created by Microsoft

GUI (Graphical User Interface)

The Windows interface that allows users to work with data files and software visually

Desktop

The main area of the Windows GUI that can be customized with various colors and background images

Task Bar

Located at the bottom of the desktop

Recycle Bin

Icon on desktop where deleted files are stored temporarily and can be restored or permanently deleted

Context Menu

A list of additional functions that appears when right-clicking an icon

Hardware Abstraction Layer (HAL)

Software that handles all communication between the hardware and the kernel

Kernel

The core of the operating system that has control over the entire computer

User Mode

The mode where installed applications run with restricted address space

Kernel Mode

The mode where operating system code runs with full access to the computer

NTFS (New Technology File System)

The most commonly used file system when installing Windows

FAT (File Allocation Table)

A simple file system supported by many different operating systems with limitations on partition and file sizes

Extended File Allocation Table file system (exFAT)

• This is a simple file system supported by many different operating systems.

• FAT has limitations to the number of partitions, partition sizes, and file sizes that it can address, so it is not usually used for hard drives or solid-state drives anymore.

• Both FAT16 and FAT32 are available to use, with FAT32 being the most common as it has many fewer restrictions than FAT16.

HFS+ (Hierarchical File System Plus)

File system used on MAC OS X computers

EXT (Extended File System)

File system used with Linux-based computers

Master File Table (MFT)

Contains the locations of all files and directories on the partition in NTFS

Alternate Data Streams (ADS)

Additional data streams that can be connected to a file in NTFS

BIOS (Basic Input-Output System)

Firmware that initializes hardware devices and performs POST

UEFI (Unified Extensible Firmware Interface)

Firmware that boots by loading EFI program files from EFI System Partition

Bootmgr.exe

File that runs after BIOS/UEFI locates a valid Windows installation

BCD (Boot Configuration Database)

Database read by Bootmgr.exe during boot process

KMCS (Kernel Mode Code Signing)

Used to ensure all drivers are digitally signed during boot

Registry

A large hierarchical database where Windows stores all information about hardware

Registry Hive

The highest level in the registry hierarchy

HKEYCURRENTUSER (HKCU)

Registry hive that holds information concerning the currently logged in user

HKEY_USERS (HKU)

Registry hive that holds information concerning all user accounts on the host

HKEYCLASSESROOT (HKCR)

Registry hive that holds information about OLE registrations

HKEYLOCALMACHINE (HKLM)

Registry hive that holds system-related information

HKEYCURRENTCONFIG (HKCC)

Registry hive that holds information about the current hardware profile

regedit.exe

Tool used to modify the Windows registry

Process

Any program that is currently executing

Thread

A part of a process that can be executed

Service

A program that runs in the background to support the operating system and applications

Virtual Address Space

The set of virtual addresses that a process can use (4 GB for 32-bit

Process Handle

Used by user space processes to access kernel resources without direct connection

Local User

A user account created on a specific computer with customization settings and permissions

Domain

type of network service where all of the users, groups, computers, peripherals, and security settings are stored on and controlled by a database.

lusrmgr.msc

Control panel applet used to manage local users and groups

CLI (Command Line Interface)

Windows interface used to run programs

PowerShell

An integrated program within Windows that can create scripts to automate tasks

cmdlets

Commands in PowerShell that perform an action and return an output or object

WMI (Windows Management Instrumentation)

Used to manage remote computers and retrieve information about computer components

net command

Used in administration and maintenance of the OS with many subcommands

net accounts

Sets password and logon requirements for users

net session

Lists or disconnects sessions between computers on the network

net share

Creates, removes, or manages shared resources

net start

Starts a network service or lists running network services

net stop

Stops a network service

net use

Connects, disconnects, and displays information about shared network resources

net view

Shows a list of computers and network devices on the network

Task Manager

Provides information about software running and general performance of the computer

Resource Monitor

Provides detailed information about resource usage when more detail is needed

Network and Sharing Center

Used to verify or create network connections

TCP/IPv4

Internet Protocol Version 4 used for network connections

TCP/IPv6

Internet Protocol Version 6 used for network connections

DNS (Domain Name System)

Essential for finding addresses of hosts by translating names to IP addresses

nslookup

Command used to test DNS functionality

netstat

Command that displays details of active network connections

SMB (Server Message Block)

Protocol used to share network resources

UNC (Universal Naming Convention)

Format used to connect to resources: \servername\sharename\file

Administrative Shares

Special shares automatically created by Windows

RDP (Remote Desktop Protocol)

Protocol that allows users to log in to a remote host and manipulate it as if local

Windows Server

Family of Microsoft products used mainly in data centers to host services

netstat -abno

Command that displays active TCP connections with process information and PIDs

Event Viewer

Logs the history of application

Event ID

Number used to identify the type of security event in Event Viewer

Windows Update

Feature that checks for and installs high-priority updates to protect against security threats

Service Pack

Comprehensive update application that combines patches and upgrades

Security Policy

A set of objectives that ensures the security of a network

Local Security Policy

Can be used for stand-alone computers that are not part of an Active Directory domain

Password Policy

Found under Account Policies

Account Lockout Policy

Used to prevent brute-force login attempts

AppLocker

Feature that restricts which files users or groups are allowed to run

Malware

Includes viruses

Windows Defender

Built-in Windows virus and spyware protection that provides real-time protection

Antivirus Protection

Program that continuously monitors for viruses and attempts to quarantine or delete them

Firewall

Selectively denies traffic to a computer or network segment

Windows Defender Firewall

Built-in Windows firewall that can be configured to allow or block program access