Introduction
We covered Windows fundamentals and basics such as file system, permissions, directory structure, system configuration, computer management, services, processes and registry. This was part of TryHackMe Pre Security Track
Key Windows Fundamentals I Explored
File System (NTFS)
I learned that Windows primarily uses NTFS (New Technology File System). I saw how to check this by right-clicking the C: drive and going to “Properties.” NTFS offers significant advantages over older file systems like FAT, including support for files larger than 4GB, the ability to set permissions on folders and files, and options for compression and encryption.
File Permissions
I explored standard Windows permissions like Read, Write, Read & Execute, List folder contents, Modify, and Full control. These are vital for various cybersecurity roles. I saw how to view these permissions by right-clicking a folder, going to “Properties,” and then the “Security” tab.
Important System Folders
I identified several critical system folders:
- Windows Folder: Usually
C:\Windows
, containing the core operating system files. - System32: A crucial folder within the Windows directory. I was cautioned that any changes here could severely impact the system.
- Program Files & Program Files (x86): Directories where applications are typically installed.
User Accounts, Profiles, and Permissions Management
I learned that user account management varies by Windows version. On Windows Server, I saw how to use lusrmgr.msc
(Local User Manager) to manage users and groups. I noted that this tool isn’t available on standard Windows editions like Windows 10/11, where management is done through “Settings” > “Accounts” or “Control Panel” > “User Accounts.”
- Command:
lusrmgr.msc
(typed into the “Run” dialog)
User Account Control (UAC)
I learned about UAC, a security feature that limits malicious code execution with administrator privileges. When a program needs admin rights, UAC prompts for credentials, similar to sudo
in Linux.
Task Manager
Task Manager provides information about running processes and applications and helps monitor system performance (CPU, RAM). I explored its various tabs:
- Applications/Processes: Shows running apps and background processes.
- Details: Provides exact process information, PID, resource consumption, and UAC virtualization.
- Services: Lists system services.
- Users: Shows resource consumption per user.
- Performance: Displays CPU and memory usage graphs, useful for troubleshooting.
- Startup: (On newer Windows versions) Lists applications that run at startup.
System Configuration (MSConfig)
Accessed by typing msconfig
in the “Run” dialog, this utility helps configure system startup. I looked at tabs like:
- General: Configures startup type.
- Boot: Manages OS boot options.
- Services: Lists all configured services.
- Startup: Shows startup items (though often managed via Task Manager now).
- Tools: Provides quick access to various system management tools.
- Command:
msconfig
(typed into the “Run” dialog)
Computer Management
This is a console that groups several administrative tools:
- Task Scheduler: Similar to cron jobs in Linux, for scheduling tasks.
- Event Viewer: Crucial for troubleshooting errors and viewing security logs (logins, failed logins).
- Shared Folders: Lists shared folders, active sessions, and open files.
- Local Users and Groups: Another way to manage users and groups.
- Performance Monitor: For real-time or logged performance data.
- Device Manager: Manages hardware devices.
- Disk Management: For managing storage tasks like creating partitions.
- Services and Applications: Includes the Services console and WMI Control.
System Information
This tool, launched from MSConfig or by searching, provides detailed technical specifications, including system summary, hardware resources, components, and software environment details.
Environment Variables
I learned that environment variables store information about the OS environment (e.g., OS path, temporary folder locations). I saw how to access them via Control Panel > System and Security > System > Advanced system settings > Environment Variables.
Resource Monitor
This provides a detailed view of resource consumption (CPU, memory, disk, network) per process, allowing me to sort by usage to identify demanding processes.
Registry Editor (Regedit)
The Registry Editor is a central hierarchical database storing information vital for Windows and application operability. I was cautioned that changes here can significantly affect the system and should only be made with clear instructions.
Windows Updates
Managed via Settings > Update & Security, I discussed checking for updates, advanced options (pausing updates, notifications), and stressed the importance of keeping Windows updated for security.
Windows Security (Windows Defender)
I learned that Windows Defender is generally sufficient for average users who practice safe browsing. Its features include:
- Virus & threat protection: Quick, full, and custom scan options.
- Manage settings: Real-time protection, cloud-delivered protection.
- Exclusions: Adding files/folders to be ignored.
- Firewall & network protection: Managing Windows Firewall for different network types.
- Allow an app through firewall: Configuring exceptions.
- Advanced settings: Creating specific inbound and outbound rules for ports and programs.
SmartScreen (Application & browser control)
This feature checks for unrecognized applications and files from the web, often showing a blue pop-up. Settings include Off, Warn, and Block. It also includes Exploit protection settings.
Volume Shadow Copy
This allows users to view shared folder contents as they existed at previous points in time, essentially creating snapshots or restore points. I noted that vulnerabilities in Shadow Copies can sometimes be exploited.
Technical Commands Used:
net user
(in CMD to list active users)lusrmgr.msc
(in “Run” to open Local User Manager)msconfig
(in “Run” to open System Configuration)
TryHackMe Room Answers
Which selection will hide/disable the Task View button?
Besides Clock and Network, what other icon is visible in the Notification Area?
What is the name of the other user account?
What groups is this user a member of?
What is the account status?
Whom is the Windows license registered to?
What command will open the Control Panel? (The answer is the name of .exe, not the full path)
What is the command to open Computer Management? (The answer is the name of the .msc file, not the full path)
What is the name of the hidden folder that is shared?
What is listed under System Name?
For the ipconfig command, how do you show detailed information?