Module 7
Module 7
Windows History:
The first computers required a Disk Operating System (DOS) to create and manage files. Microsoft developed
MS-DOS as a command line interface (CLI) to access the disk drive and load the operating system files. Early
versions of Windows consisted of a Graphical User Interface (GUI) that ran over MS-DOS. However, modern
Windows versions are in direct control of the computer and its hardware and support multiple user processes.
This is much different than the single process, single user MS-DOS. Since 1993, there have been more than 20
releases of Windows that are based on the NT operating system. Users use a Windows GUI to work with data
files and software. The GUI has a main area that is known as the Desktop and a Task Bar situated below the
desktop. The Task Bar includes the Start menu, quick launch icons, and a notification area. Windows has many
vulnerabilities. Recommendations to secure the Windows OS include use of virus or malware protection, use of
strong passwords, use of firewall, and limited use of the administrator account, among others.
Windows consists of a hardware abstraction layer (HAL) that is software that handles all of the communication
between the hardware and the kernel. The kernel has control over the entire computer and handles input and
output requests, memory, and all of the peripherals connected to the computer. Windows operates in two different
modes. The first is user mode. Most Windows programs run in user mode. The second is kernel mode. It allows
operating system code direct access to the computer hardware. Windows supports several different file systems,
but NTFS is the most widely used. NTFS volumes include the partition boot sector, master file table, system files
and the file area. When a computer boots, it first accesses system information and code that is stored in BIOS
hardware. The BIOS boot code performs a system self-test called POST, locates and loads the Windows OS, and
loads other associated programs to start the operating system. Windows should always be shutdown properly.
A computer works by storing instructions in RAM until the CPU processes them. Each process in a 32-bit
Windows computer supports a virtual address space that enables addressing up to 4 gigabytes. Each process in
a 64-bit Windows computer supports a virtual address space of up to 8 terabytes. Windows stores all of the
information about hardware, applications, users, and system settings in a large database known as the registry.
The registry is a hierarchical database where the highest level is known as a hive, below that there are keys,
followed by subkeys. There are five registry hives that contain data regarding the configuration and operation of
Windows. There are hundreds of keys and subkeys.
You can use the CLI or the Windows PowerShell to execute commands. PowerShell can be used to create scripts
to automate tasks that the regular CLI is unable to automate. Windows Management Instrumentation (WMI) is used
to manage remote computers. The net command can be combined with switches to focus on specific output. Task
Manager provides a lot of information about what is running, and the general performance of the computer. The
Resource Monitor provides more detailed information about resource usage. The Network and Sharing Center is
used to configure Windows networking properties and test networking settings. The Server Message Block (SMB)
protocol is used to share network resources such as files on remote hosts. The Universal Naming Convention (UNC)
format is used to connect to resources. Windows Server is an edition of Windows that is mainly used in data centers.
It provides network, file, web, and management services to a Windows network or domain.
Windows Security:
Malware can open communication ports to communicate and spread. The Windows netstat command displays all
open communication ports on a computer and can also display the software processes that are associated with the
ports. This enables unknown potentially malicious software to be identified and shutdown. Windows Event Viewer
provides access to numerous logged events regarding the operation of a computer. Windows logs Windows events
and applications and services events. Logged event severity levels range through the information, warning, error,
or critical levels. It is very important to keep Windows up to date to guard against new security threats. Software
patches, updates, and service packs address security vulnerabilities as they are discovered. Windows should be
configured to automatically download and install updates as they become available. Windows can be configured to
only install and restart a computer at specified times of day.