Introduction

We covered Windows fundamentals and basics such as file system, permissions, directory structure, system configuration, computer management, services, processes and registry. This was part of TryHackMe Pre Security Track

Get OSCP Certificate Notes

The Windows operating system (OS) is a complex product with many system files, utilities, settings, features, etc.

The Windows Desktop, aka the graphical user interface or GUI in short, is the screen that welcomes you once you log into a Windows 10 machine.

Traditionally, you need to pass the login screen first. The login screen is where you need to enter valid account credentials; usually, a username & password of a preexisting Windows account on that particular system or in the Active Directory environment (if it’s a domain-joined machine).

The Windows folder (C:\Windows) is traditionally known as the folder which contains the Windows operating system.

The folder doesn’t have to reside in the C drive necessarily. It can reside in any other drive and technically can reside in a different folder.

This is where environment variables, more specifically system environment variables, come into play. Even though not discussed yet, the system  environment variable for the Windows directory is %windir%.

User accounts can be one of two types on a typical local Windows system: Administrator Standard User.

The user account type will determine what actions the user can perform on that specific Windows system.

  • An Administrator can make changes to the system: add users, delete users, modify groups, modify settings on the system, etc.
  • A Standard User can only make changes to folders/files attributed to the user & can’t perform system-level changes, such as install programs.

The large majority of home users are logged into their Windows systems as local administrators. Remember from the previous task that any user with administrator as the account type can make changes to the system.

A user doesn’t need to run with high (elevated) privileges on the system to run tasks that don’t require such privileges, such as surfing the Internet, working on a Word document, etc. This elevated privilege increases the risk of system compromise because it makes it easier for malware to infect the system. Consequently, since the user account can make changes to the system, the malware would run in the context of the logged-in user.

The System Configuration utility (MSConfig) is for advanced troubleshooting, and its main purpose is to help diagnose startup issues.

Reference the following document here for more information on the System Configuration utility.

There are several methods to launch System Configuration. One method is from the Start Menu.

Challenge Answers

What encryption can you enable on Pro that you can’t enable in Home?
Which selection will hide/disable the Search box?

Which selection will hide/disable the Task View button?

Besides Clock and Network, what other icon is visible in the Notification Area?

What is the meaning of NTFS?

What is the name of the other user account?

What groups is this user a member of?

What built-in account is for guest access to the computer?

What is the account status?

What does UAC mean?
In the Control Panel, change the view to Small icons. What is the last setting in the Control Panel view?
What is the keyboard shortcut to open Task Manager?
What is the name of the service that lists Systems Internals as the manufacturer?

Whom is the Windows license registered to?

What is the command for Windows Troubleshooting?

What command will open the Control Panel? (The answer is  the name of .exe, not the full path)

What is the command to open User Account Control Settings? (The answer is the name of the .exe file, not the full path)

What is the command to open Computer Management? (The answer is the name of the .msc file, not the full path)

At what time every day is the GoogleUpdateTaskMachineUA task configured to run?

What is the name of the hidden folder that is shared?

What is the command to open System Information? (The answer is the name of the .exe file, not the full path)

What is listed under System Name?

Under Environment Variables, what is the value for ComSpec?
What is the command to open Resource Monitor? (The answer is the name of the .exe file, not the full path)
In System Configuration, what is the full command for Internet Protocol Configuration?

For the ipconfig command, how do you show detailed information?

What is the command to open the Registry Editor? (The answer is the name of  the .exe file, not the full path)
There were two definition updates installed in the attached VM. On what date were these updates installed?
In the above image, which area needs immediate attention?
Specifically, what is turned off that Windows is notifying you to turn on?
If you were connected to airport Wi-Fi, what most likely will be the active firewall profile?
What is the TPM?
What must a user insert on computers that DO NOT have a TPM version 1.2 or later?
What is VSS?

Video Walkthrough(s)