Introduction

We covered Windows fundamentals and basics such as file system, permissions, directory structure, system configuration, computer management, services, processes and registry. This was part of TryHackMe Pre Security Track

Key Windows Fundamentals I Explored

File System (NTFS)

I learned that Windows primarily uses NTFS (New Technology File System). I saw how to check this by right-clicking the C: drive and going to “Properties.” NTFS offers significant advantages over older file systems like FAT, including support for files larger than 4GB, the ability to set permissions on folders and files, and options for compression and encryption.

File Permissions

I explored standard Windows permissions like Read, Write, Read & Execute, List folder contents, Modify, and Full control. These are vital for various cybersecurity roles. I saw how to view these permissions by right-clicking a folder, going to “Properties,” and then the “Security” tab.

Important System Folders

I identified several critical system folders:

  • Windows Folder: Usually C:\Windows, containing the core operating system files.
  • System32: A crucial folder within the Windows directory. I was cautioned that any changes here could severely impact the system.
  • Program Files & Program Files (x86): Directories where applications are typically installed.

User Accounts, Profiles, and Permissions Management

I learned that user account management varies by Windows version. On Windows Server, I saw how to use lusrmgr.msc (Local User Manager) to manage users and groups. I noted that this tool isn’t available on standard Windows editions like Windows 10/11, where management is done through “Settings” > “Accounts” or “Control Panel” > “User Accounts.”

  • Command: lusrmgr.msc (typed into the “Run” dialog)

User Account Control (UAC)

I learned about UAC, a security feature that limits malicious code execution with administrator privileges. When a program needs admin rights, UAC prompts for credentials, similar to sudo in Linux.

Task Manager

Task Manager provides information about running processes and applications and helps monitor system performance (CPU, RAM). I explored its various tabs:

  • Applications/Processes: Shows running apps and background processes.
  • Details: Provides exact process information, PID, resource consumption, and UAC virtualization.
  • Services: Lists system services.
  • Users: Shows resource consumption per user.
  • Performance: Displays CPU and memory usage graphs, useful for troubleshooting.
  • Startup: (On newer Windows versions) Lists applications that run at startup.

System Configuration (MSConfig)

Accessed by typing msconfig in the “Run” dialog, this utility helps configure system startup. I looked at tabs like:

  • General: Configures startup type.
  • Boot: Manages OS boot options.
  • Services: Lists all configured services.
  • Startup: Shows startup items (though often managed via Task Manager now).
  • Tools: Provides quick access to various system management tools.
  • Command: msconfig (typed into the “Run” dialog)

Computer Management

This is a console that groups several administrative tools:

  • Task Scheduler: Similar to cron jobs in Linux, for scheduling tasks.
  • Event Viewer: Crucial for troubleshooting errors and viewing security logs (logins, failed logins).
  • Shared Folders: Lists shared folders, active sessions, and open files.
  • Local Users and Groups: Another way to manage users and groups.
  • Performance Monitor: For real-time or logged performance data.
  • Device Manager: Manages hardware devices.
  • Disk Management: For managing storage tasks like creating partitions.
  • Services and Applications: Includes the Services console and WMI Control.

System Information

This tool, launched from MSConfig or by searching, provides detailed technical specifications, including system summary, hardware resources, components, and software environment details.

Environment Variables

I learned that environment variables store information about the OS environment (e.g., OS path, temporary folder locations). I saw how to access them via Control Panel > System and Security > System > Advanced system settings > Environment Variables.

Resource Monitor

This provides a detailed view of resource consumption (CPU, memory, disk, network) per process, allowing me to sort by usage to identify demanding processes.

Registry Editor (Regedit)

The Registry Editor is a central hierarchical database storing information vital for Windows and application operability. I was cautioned that changes here can significantly affect the system and should only be made with clear instructions.

Windows Updates

Managed via Settings > Update & Security, I discussed checking for updates, advanced options (pausing updates, notifications), and stressed the importance of keeping Windows updated for security.

Windows Security (Windows Defender)

I learned that Windows Defender is generally sufficient for average users who practice safe browsing. Its features include:

  • Virus & threat protection: Quick, full, and custom scan options.
  • Manage settings: Real-time protection, cloud-delivered protection.
  • Exclusions: Adding files/folders to be ignored.
  • Firewall & network protection: Managing Windows Firewall for different network types.
  • Allow an app through firewall: Configuring exceptions.
  • Advanced settings: Creating specific inbound and outbound rules for ports and programs.

SmartScreen (Application & browser control)

This feature checks for unrecognized applications and files from the web, often showing a blue pop-up. Settings include Off, Warn, and Block. It also includes Exploit protection settings.

Volume Shadow Copy

This allows users to view shared folder contents as they existed at previous points in time, essentially creating snapshots or restore points. I noted that vulnerabilities in Shadow Copies can sometimes be exploited.

Technical Commands Used:

  • net user (in CMD to list active users)
  • lusrmgr.msc (in “Run” to open Local User Manager)
  • msconfig (in “Run” to open System Configuration)

TryHackMe Room Answers

What encryption can you enable on Pro that you can’t enable in Home?
Which selection will hide/disable the Search box?

Which selection will hide/disable the Task View button?

Besides Clock and Network, what other icon is visible in the Notification Area?

What is the meaning of NTFS?

What is the name of the other user account?

What groups is this user a member of?

What built-in account is for guest access to the computer?

What is the account status?

What does UAC mean?
In the Control Panel, change the view to Small icons. What is the last setting in the Control Panel view?
What is the keyboard shortcut to open Task Manager?
What is the name of the service that lists Systems Internals as the manufacturer?

Whom is the Windows license registered to?

What is the command for Windows Troubleshooting?

What command will open the Control Panel? (The answer is  the name of .exe, not the full path)

What is the command to open User Account Control Settings? (The answer is the name of the .exe file, not the full path)

What is the command to open Computer Management? (The answer is the name of the .msc file, not the full path)

At what time every day is the GoogleUpdateTaskMachineUA task configured to run?

What is the name of the hidden folder that is shared?

What is the command to open System Information? (The answer is the name of the .exe file, not the full path)

What is listed under System Name?

Under Environment Variables, what is the value for ComSpec?
What is the command to open Resource Monitor? (The answer is the name of the .exe file, not the full path)
In System Configuration, what is the full command for Internet Protocol Configuration?

For the ipconfig command, how do you show detailed information?

What is the command to open the Registry Editor? (The answer is the name of  the .exe file, not the full path)
There were two definition updates installed in the attached VM. On what date were these updates installed?
In the above image, which area needs immediate attention?
Specifically, what is turned off that Windows is notifying you to turn on?
If you were connected to airport Wi-Fi, what most likely will be the active firewall profile?
What is the TPM?
What must a user insert on computers that DO NOT have a TPM version 1.2 or later?
What is VSS?

Video Walkthrough(s)

, , , ,
Show Comments

The MasterMinds Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles