Windows Fundamentals II
Discover more about System Configuration, UAC settings, Resource Monitoring, the Windows Registry, and more...
Computer Management
The Computer Management (compmgmt) utility has three primary sections.
System Tools
With Task Scheduler, we can create and manage common tasks that our computer will carry out automatically at the times we specify.
A task can run an application, a script, etc., and tasks can be configured to run at any point. A task can run at log in or at log off. Tasks can also be configured to run on a specific schedule, for example, every five mins.
Event Viewer allows us to view events that have occurred on the computer. These records of events can be seen as an audit trail that can be used to understand the activity of the computer system. This information is often used to diagnose problems and investigate actions executed on the system.
There are 5 types of events that can be logged:
| Event Type | Description |
|---|---|
Error | Indicates a significant problem such as loss of data or loss functionality. For example, if a service fails to load during startup, and error event is logged. |
Warning | Not necessarily significant, but may indicate a possible future problem. For example, when disk space is low, a warning event is logged. If an application can recover from an event without loss of functionality or data, it can generally classify the event as a warning event. |
Information | Describes the successful operation of an application, driver, or service. For example, when a network driver loads successfully, it may be appropriate to log an information event. It is generally inappropriate for a desktop application to log an event each time it start. |
Success Audit | Records an audited security access attempt that is successful. For example, a user's successful attempt to log onto the system is logged as a success audit event. |
Failure Audit | Records au audited security access attempt that fails. For example, if a user tries to access a network drive and fails, the attempt is logged as a failure audit event. |
The standard logs are visible under Windows Logs:
| Log | Description |
|---|---|
Application | Contains events logged by applications. For example, a database application might record a file error. The application developer decides which events to record. |
Security | Contains events such as valid and invalid logon attempts, as well as events related to resource use such as creating, opening, or deleting files or other objects. An administrator can start auditing to record events in the security log. |
System | Contains events logged by system components, such as failure of a driver or other system component to load during startup. |
CustomLog | Contains events logged by applications that create a custom log. Using a custom log enables an application to control the size of the log or attach ACLs for security purposes without affecting other applications. |
Shared Folders is where you will see a complete list of shares and folders shared that others can connect to.
Under Sessions, you will see a list of users who are currently connected to the shares. In this VM, you won't see anybody connected to the shares.
In Performance, you'll see a utility called Performance Monitor (perfmon). Perfmon is used to view performance data either in real-time or from a log file. This utility is useful for troubleshooting performance issues on a computer system, whether local or remote.
Device Manager allows us to view and configure the hardware, such as disabling any hardware attached to the computer.
Storage
Disk Management is a system utility in Windows that enables you to perform advanced storage tasks. Some tasks are:
Set up a new drive
Extend a partition
Shrink a partition
Assign or change a drive letter (ex. E:)
Services & Applications
allows scripting languages (such as VBScript or Windows PowerShell) to manage Microsoft Windows personal computers and servers, both locally and remotely. Microsoft also provides a command-line interface to WMI called Windows Management Instrumentation Command-line (WMIC).
System Information
The system information (msinfo32) tool gathers information about your computer and displayes a comprehensive view of your hardware, system components, and software environment, which you can use to diagnose computer issues.
System Summary will display general technical specifications for the computer, such as processor brand and model.
Under Components, you can see specific information about the hardware devices installed on the computer. Some sections don't show any information, but some sections do, such as Display and Input.
In the Software Environment section, you can see information about software baked into the operating system and software you have installed. Other details are visible in this section as well, such as the Environment Variables and Network Connections.
Resource Monitor
Resource monitor (resmon) displays per-process and aggregate CPU, memory, disk, and network usage information, in addition to providing details about which processes are using individual file handles and modules. Advanced filtering allows users to isolate the data related to one or more processes (either applications or services), start, stop, pause, and resume services, and close unresponsive applications from the user interface.
Command Prompt
The command prompt (cmd) is not the only way to interact with the operating system on Windows, but on early systems, it was the sole way to interact with it.
When the was introduced, it allowed users to perform complex tasks with a few clicks of a button instead of entering commands in the command prompt. Even though the GUI is the primary way to interact with the operating system, a computer user can still interact via the command prompt.
The command hostname will output the computer name.
The command whoami will output the name of the logged-in user.
The command ipconfig will show the network address settings for the computer.
A command to retrieve the help manual for a command is /?. Example: ipconfig /?.
To clear the command prompt screen, the command is cls.
The command netstat will display protocol statistics and current TCP/IP connections. It can also be run with parameters such as -a, -b, -e, etc.
The net command is primarily used to manage network resources. For the manual, you have to use different syntax: net help
Registry Editor
The Windows Registry is a central hierarchical database used to store information necessary to configure the system for one or more users, applications, and hardware devices. The registry contains information that Windows continually references during operation.
There are various ways to view/edit the registry. One way is to use the Registry Editor (regedt32).
Answers
Task 2
What is the name of the service that lists Systems Internals as the manufacturer? PsShutdown
Whom is the Windows license registered to? Windows User
What is the command for Windows Troubleshooting? C:\Windows\System32\control.exe /name Microsoft.Troubleshooting
What command will open the Control Panel? control.exe
Task 3
What is the command to open User Account Control Settings? UserAccountControlSettings.exe
Task 4
What is the command to open Computer Management? compmgmt.msc
At what time every day is the GoogleUpdateTaskMachineUA task configured to run? 6:15 AM
What is the name of the hidden folder that is shared? sh4r3dF0Ld3r
Task 5
What is the command to open System Information? msinfo32.exe
What is listed under System Name? THM-WINFUN2
Under Environment Variables, what is the value for ComSpec? %SystemRoot%\system32\cmd.exe
Task 6
What is the command to open Resource Monitor? resmon.exe
Task 7
In System Configuration, what is the full command for Internet Protocol Configuration? C:\Windows\System32\cmd.exe /k %windir%\system32\ipconfig.exe
For the ipconfig command, how do you show detailed information? ipconfig /all
Task 8
What is the command to open the Registry Editor? regedt32.exe
Last updated