Operating Systems Basics

The Desktop can be customized with various colors and background images.
Windows supports multiple users, so each user can customize the Desktop to their
liking. The Desktop can store files, folders, shortcuts to locations and programs, and
applications. The Desktop also has a recycle bin icon, where files are stored when
the user deletes them. Files can be restored from the recycle bin or the recycle bin
can be emptied of files, which truly deletes them.

At the bottom of the desktop is the Task Bar. The Task Bar has three areas that are
used for different purposes. At the left is the Start menu. It is used to access all of
the installed programs, configuration options, and the search feature. At the center of
the Task Bar, users place quick launch icons that run specific programs or open
specific folders when they are clicked. Finally, on the right of the Task Bar is the
notification area. The notification area shows, at a glance, the functionality of many
different programs and features. For example, a blinking envelope icon may indicate
new email, or a network icon with a red “x” may indicate a problem with the network.

Often, right-clicking an icon will bring up additional functions that can be used. This
list is known as a Context Menu, shown in the figure.

Operating System Vulnerabilities

Operating systems consist of millions of lines of code. Installed software can also
contain millions of lines of code. With all this code comes vulnerabilities. A
vulnerability is some flaw or weakness that can be exploited by an attacker to reduce
the viability of a computer’s information. To take advantage of an operating system
vulnerability, the attacker must use a technique or a tool to exploit the vulnerability.
The attacker can then use the vulnerability to get the computer to act in a fashion
outside of its intended design. In general, the goal is to gain unauthorized control of
the computer, change permissions, or to manipulate or steal data.

Windows API este o interfață destinată programării aplicațiilor pentru sistemul de operare
Microsoft Windows.
Application Programming Interface reprezintă un set de definiții de sub-programe, protocoale
si unelte pentru programarea de aplicații si software. Un API poate fi pentru un sistem web,
sistem de operare, sistem de baze de date, hardware sau biblioteci software.
Application Programming Interface reprezintă un set de definiții de sub-programe,
protocoale si unelte pentru programarea de aplicații si software. Un API poate fi pentru un
sistem web, sistem de operare, sistem de baze de date, hardware sau biblioteci software.

Application Programming Interface is a set of definitions

of sub-programs, protocols and tools for programming
applications and software. An API can be for a web
system, operating system, database system, hardware
or software libraries.
Windows File Systems
exFAT

 This is a simple file system supported by many different operating systems.

 FAT has limitations to the number of partitions, partition sizes, and file sizes
that it can address, so it is not usually used for hard drives (HDs) or solid-
state drives (SSDs) anymore.
 Both FAT16 and FAT32 are available to use, with FAT32 being the most
common because it has many fewer restrictions than FAT16.
 What are the limitations of fat file system?
 FAT32

Limits

Max 2 TB (with 512 byte sectors) 8 TB (with 2 KB sectors and 32 KB clusters) 16 TB

volume size (with 4 KB sectors and 64 KB clusters)

Max file 2,147,483,647 bytes (2 GiB − 1 byte) (without LFS) 4,294,967,295 bytes (4 GiB − 1
size byte) (with LFS) 274,877,906,943 bytes (256 GiB − 1 byte) (only with FAT32+)

Hierarchical File System Plus (HFS+)

 This file system is used on MAC OS X computers and allows much longer
filenames, file sizes, and partition sizes than previous file systems.
 Although it is not supported by Windows without special software, Windows is
able to read data from HFS+ partitions

Extended File System (EXT)

 This file system is used with Linux-based computers.

 Although it is not supported by Windows, Windows is able to read data from
EXT partitions with special software.

New Technology File System (NTFS)

 This is the most commonly used file system when installing Windows. All
versions of Windows and Linux support NTFS.
 Mac-OS X computers can only read an NTFS partition. They are able to write
to an NTFS partition after installing special drivers.
NTFS is the most widely used file system for Windows for many reasons. NTFS
supports very large files and partitions and it is very compatible with other operating
systems. NTFS is also very reliable and supports recovery features. Most
importantly, it supports many security features. Data access control is achieved
through security descriptors. These security descriptors contain file ownership and
permissions all the way down to the file level. NTFS also tracks many time stamps to
track file activity. Sometimes referred to as MACE, the timestamps Modify, Access,
Create, and Entry Modified are often used in forensic investigations to determine the
history of a file or folder. NTFS also supports file system encryption to secure the
entire storage media.

Before a storage device such as a disk can be used, it must be formatted with a file
system. In turn, before a file system can be put into place on a storage device, the
device needs to be partitioned. A hard drive is divided into areas called partitions.
Each partition is a logical storage unit that can be formatted to store information,
such as data files or applications. During the installation process, most operating
systems automatically partition and format the available drive space with a file
system such as NTFS.

NTFS formatting creates important structures on the disk for file storage, and tables
for recording the locations of files:

 Partition Boot Sector - This is the first 16 sectors of the drive. It contains the
location of the Master File Table (MFT). The last 16 sectors contain a copy of
the boot sector.
 Master File Table (MFT) - This table contains the locations of all the files and
directories on the partition, including file attributes such as security
information and timestamps.
 System Files - These are hidden files that store information about other
volumes and file attributes.
 File Area - The main area of the partition where files and directories are
stored.

Note: When formatting a partition, the previous data may still be recoverable
because not all the data is completely removed. The free space can be examined,
and files can be retrieved which can compromise security. It is recommended to
perform a secure wipe on a drive that is being reused. The secure wipe will write
data to the entire drive multiple times to ensure there is no remaining data.

MCSA (Microsoft Certified Solutions Associate)

Microsoft Certified Solutions Expert (MCSE)
Microsoft Intune becomes the name of the endpoint management family with the name Microsoft
Endpoint Manager no longer being used. Going forward, Microsoft will refer to cloud
management as Microsoft Intune and on-premises management as Microsoft Configuration
Manager.
There are two important registry items that are used to automatically start
applications and services:

 HKEY_LOCAL_MACHINE - Several aspects of Windows configuration are

stored in this key, including information about services that start with each
boot.
 HKEY_CURRENT_USER - Several aspects related to the logged in user are
stored in this key, including information about services that start only when the
user logs on to the computer.

 Different entries in these registry locations define which services and

applications will start, as indicated by their entry type. These types include
Run, RunOnce, RunServices, RunServicesOnce, and Userinit. These entries
can be manually entered into the registry, but it is much safer to use
the Msconfig.exe tool. This tool is used to view and change all of the start-up
options for the computer. Use the search box to find and open the Msconfig
tool.

 The Msconfig tool opens the System Configuration window. There are five
tabs which contain the configuration options.
Windows Shutdown

It is always best to perform a proper shutdown to turn off the computer. Files that are
left open, services that are closed out of order, and applications that hang can all be
damaged if the power is turned off without first informing the operating system. The
computer needs time to close each application, shut down each service, and record
any configuration changes before power is lost.

During shutdown, the computer will close user mode applications first, followed by
kernel mode processes. If a user mode process does not respond within a certain
amount of time, the OS will display notification and allow the user to wait for the
application to respond, or forcibly end the process. If a kernel mode process does
not respond, the shutdown will appear to hang, and it may be necessary to shut
down the computer with the power button.

There are several ways to shut down a Windows computer: Start menu power
options, the command line command shutdown, and using Ctrl+Alt+Delete and
clicking the power icon. There are three different options from which to choose when
shutting down the computer:

 Shutdown - Turns the computer off (power off).

 Restart - Re-boots the computer (power off and power on).
 Hibernate - Records the current state of the computer and user environment
and stores it in a file. Hibernation allows users to pick up right where they left
off very quickly with all their files and programs still open.

Sysinternals Suite
The Sysinternals Troubleshooting Utilities have been rolled up into a single
Suite of tools. This file contains the individual troubleshooting tools and
help files

The Suite is a bundling of the following selected Sysinternals

Utilities: AccessChk, AccessEnum, AdExplorer, AdInsight, AdRestore, Autol
ogon, Autoruns, BgInfo, BlueScreen, CacheSet, ClockRes, Contig, Coreinfo,
Ctrl2Cap, DebugView, Desktops, Disk2vhd, DiskExt, DiskMon, DiskView, Di
sk Usage
(DU), EFSDump, FindLinks, Handle, Hex2dec, Junction, LDMDump, ListDLLs
, LiveKd, LoadOrder, LogonSessions, MoveFile, NotMyFault, NTFSInfo, Pend
Moves, PipeList, PortMon, ProcDump, Process Explorer, Process
Monitor, PsExec, PsFile, PsGetSid, PsInfo, PsKill, PsList, PsLoggedOn, PsLog
List, PsPasswd, PsPing, PsService, PsShutdown, PsSuspend, PsTools, RAMM
ap, RDCMan, RegDelNull, RegHide, RegJump, Registry Usage
(RU), SDelete, ShareEnum, ShellRunas, Sigcheck, Streams, Strings, Sync,
Sysmon, TCPView, VMMap, VolumeID, WhoIs, WinObj, ZoomIt