Operating System Administration Recycle Bin Location

• Open Explorer. • In the location bar enter C:\$Recycle.Bin and press Enter. • Click Organize. • Select Folder and Search Options. • Select the View tab. • Select Show hidden files, folders, and drives. • Untick Hide protected files. • Click OK. Control Panel

• Most common configuration utility • Allows customisation of environment • Experiment with settings (not in college!) • Default Category View • Classic View (Before Win 7) • Small / Large Icons (Win 7 onwards) • CompTIA – “Given a scenario, use Control Panel utilities (the items are organised by ‘classic view/large icons’ in Windows).” – use classic. Control Panel – Selected Applets • Add a Device – Add and configure new hardware • Programs and features – Changes, adds, or deletes software • Administrative Tools – Perform administrative tasks on the PC • Date and Time – Sets the system and config options like Time Zone • Display – Configures screensavers, colours, display options and monitor drivers • Folder Options – Configure the look and feel of how folders are displayed • Fonts – Add and remove fonts • Internet Options – Sets internet connectivity options • Hardware and Sound – Configure audio and video options • Network and Internet; Network and Sharing Center – Options for connections to other computers • Phone and Modem – Options for using phone lines to dial out to the Internet • Power Options – Configure differing power schemes • Devices and Printers – Configures printer settings and defaults • System – View and configure system elements Applets

• List https://www.lifewire.com/command-line-commands-for- control-panel-applets-2626060 • Time and Date • TIMEDATE.CPL • Regional and Language Options • INTL.CPL • Internet Options • INET.CPL • Folder Options • Control Folders System Properties Applet

• Large number of important settings • SYSDM.CPL • Different versions – Different Options! • Computer Name Tab • Workgroup (loose associations) • Ideal for 10 or less workstations • Domain (tight associations managed by Domain Controller) • Hardware Tab • • Device Installation Settings • Always check manufacturers website for latest drivers • Drivers should be signed • https://docs.microsoft.com/en-us/windows-hardware/drivers/install/windows- driver-signing-tutorial System Properties Applet

• Advanced • Performance – important settings for configuration • Virtual memory • Processor time allocation • Visual Effects • Normally optimised so leave well alone • User Profiles • All users have a profile – Settings and preferences • Can or delete • Change Types • Up and Recovery • What to do during system start up and unexpected shutdowns • Boot manager options (Always allow a pause!) • Failure options to log and what to log • Environment Variables • User Variables – only affecting individual users • System Variables – For all users using the system • Once were very important in early versions of DOS and Windows System Properties Applet - cont.

• System Protection • System Restore Options (mentioned last week) • Remote • Enable/Disable Remote Assistance (Enabled by default) • Remote Desktop Connection tool (helps administration by remote admins) • To let a remote person control the PC (Mouse and Keyboard) tick option under advanced Other Applets

• Display/Display Settings Applet • Win10 in Settings, not control panel • User Accounts Applet • Allows you to change account details including pictures • UAC (User Account Control) settings Action Center Applet

• Security and Maintenance • Called Security Center in versions before Win10 • WSCUI.CPL • Firewall (not 7 and 8) • Automatic Updates • Virus Protection • Internet Options (not 7 and 8) • Windows 7 and 8 – Performance and trouble shooting added Applets

• Windows Firewall • FIREWALL.CPL • Manage the firewall from the applet • Power Options • .CPL • Manage the power settings for the system Applets

• Credential Manager • Manage stored credentials for applications (IE and Edge etc) • Encrypted database • Programs and Features • Appwiz.cpl • View and uninstall desktop applications • Can also see installed updates • HomeGroup • Introduced in Win7 • Allowed sharing of files and printers • Password required to join • Removed since Win10 (1803) update Applets

• Sound • mmsys.cpl • Troubleshooting • Network ad Sharing Center • Device Manager • hdwwiz.cpl • Introduced in Win95 and little changed sinced! • BitLocker • Drive encryption • Low-level • Fulldisk • Sync Center • Keeps mobile devices and PCs content up to date Command Prompt

• Is now a Windows Program • Used to be other way round! • CMD • Standard and Admin modes • Networking and Operating System Commands • For CompTIA • TASKKILL, BOOTREC, , , MD, RD, , , , COPY, XCOPY, , , SFC, CHKDSK, GPUPDATE, GPRESULT, , , , EXPAND, / , ? • https://www.lifewire.com/list-of-command-prompt-commands-4092302 • /? – gives help on all commands Exercise

• Start Word • Start a COMMAND prompt • Use TASKLIST to the PID of Word • Use TASKKILL to Word using the PID • Hint use KILLTASK /? to see options

• Start Excel • Use TASKKILL to kill Excel using the Image Name CD (chdir) / MD () / RD () • From a command prompt read and understand: help cd ( or cd /? ) help md ( or md /? ) help rd ( or rd /? ) • Exercise 1. Open a command Prompt 2. Change to your documents folder 3. Make a directory called test 4. Change to the test directory 5. Make a directory called test1 6. Change to the test1 directory 7. Make a directory called test2 8. Change back to the documents directory 9. Remove the directory test directory 10. Remove the directory test directory using /s 11. Repeat steps 3 to 8 12. Remove the directory test directory using /q More Commands

• DEL • Deletes files and directories. • Wildcards • Same as ERASE • FORMAT • Wipes data from a disk • FORMAT [volume] [switches] • /FS:[filesystem] – FAT, FAT32 or NTFS • /V:[] – Specifies the volume label • /Q – Quick Format Copying Files and Directories • Copy • COPY [filename] [destination] • /A – ASCII text file • /V – verifies the copy • /Y – supresses the are you sure overwrite prompt • Not for directory copying • XCOPY • Copies folders and files • XCOPY [source] [destination] [switches] • /A – only files with archive attribute • /E – include empty directories • /F – display full filenames when copying • /G – copy encrypted file to destination that doesn’t support encryption • /H – copy hidden and system files • /K – Copies attributes (XCOPY will reset Read-Only by default) • /O – Copies ownership and ACL info (important as NTFS default in inheritance from parent) • /R – Overwrites read-only files • /S – Copy directories and Subdirectories (not empty ones) • /U – Copies only files that already exist in the destination • /V – Verifies the size of each new file ROBOCOPY

• Robust File Copy • Very useful for NTFS • For example the /mir switch mirrors a complete directory • See https://technet.microsoft.com/en-us/library/ee851678.aspx Quick Commands

• DISKPART (requires admin privileges as a user) • SFC – (again admin privileges required) • Switches: • /SCANFILE – Scans file for problems and fixes them • /SCANNOW – Immediately scans all protected system files • /VERIFYONLY – Scans protected system files but not change them • /VERIFYFILE – Identifies the integrity of the specified file and will repair if needed • /OFFBOOTDIR – Repairs an offline boot directory • /OFFWINDIR – Repairs an offline windows directory • Will overwrite file if issue is found from C:\Windows\WinSxS (protected dir) • Most system files are in C:\Windows\System32 Quick Commands

• CHKDSK – Checks a hard disk and attempts to repair errors • GPUPDATE – update for Group Policy Settings • GPRESULT – shows the Resultant Set of Policy (RSoP) for a remote user/computer • EXIT – leaves the script or command window • EXPAND – used to expand compressed files • HELP – lists the commands available • HELP [command] – gives help on the [command] • [command] /? – more help on the specified [command] DIR

• Displays a list of folders and subdirectories within a directory. • Exercise • Open a command prompt • Type DIR /? • Record in working records what the following switches do: 1. /A 2. /O 3. /L 4. /S 5. /T 6. /P 7. /Q More Commands

• Dism • Deploy Image Servicing and Management • Uses windows images (.wim) files • Can install and remove system features with the tool • • Net Use • Allows administrators to map drives • net use z: \\server\share • net user • Allows administrators to list all the local accounts • Creating users

• net user newUser Pa55w0rd /add NET • All windows have a NET command • Allows command line access to the network • Many switches – see https://www.lifewire.com/net-command- 2618094 • NET SHARE allows creation of shares at command line • NET SHARE =: • Own subset of parameters • /DELETE – Stop sharing a folder • /REMARK – Adds a comment for browsers • /UNLIMITED – Set the user limit to Maximum allowed • /USERS – Set a specific user limited Network Commands

• Need to know • PING • • TRACERT • • NBSTAT • NET • NETDOM • ipconfig

• Vital command • Covered in 1001

• ipconfig /all • Displays all the interface details available • ipconfig /release • Releases the current IP address from the DHCP lease • ipconfig /renew • Renews an IP address lease from the DHCP server • ipconfig /displaydns • Allows you to view the local dns cache • ipconfig /flushdns • Clears the local dns cache. Useful when a DNS entry has changed IPCONFIG (IFCONFIG)

• Displays network settings • First tool to use when having issues

Switch Function

/ALL Displays all parameters.

/RELEASE Releases the IP address if using DHCP

/RELEASE6 Releases the IPv6 address if using DHCP

/RENEW Get new IP address from DHCP server

/RENEW6 Get new IPv6 address from DHCP server

/FLUSHDNS Flushes the DNS server name resolver cache PING

• Send Packets to another device • Uses ICMP (Internet Control Messaging Protocol) • Verifies network connectivity • Gives indication of time • ping OR ping

Option Function -t Persistent ping. Use CTRL+C to stop. Default in Linux. -n count Specifies the number of requests to send -l size Specifies packet size ping -4 Use IPv4 ping -6 Use IPv6 TRACERT

• Trace Root • Shows the differing IP addresses a packet took to its destination NETSTAT • Used to check inbound and outbound connections

Option Function

-a Displays all connections and listening ports

-b Display the executable creating each connection. Takes time and requires permissions

-e Display Ethernet statistics (can use with –s option for more information)

-f Display fully qualified domain names (FQDN) for remote addresses

-n Displays addresses and port numbers in numerical form

-o Displays the owning process ID for each connection

-p proto Shows connections for the protocol specified. TCP, UDP, TCPv6, UDPv6 -s options IP, IPv6, ICMP,ICMPv6,TCP,TCPv6,UDP, UDPv6 -r Displays routing table

-s Displays per protocol statistics NSLOOKUP • TCP/IP needs hostname resolution to IP addresses • Two modes 1. Interactive 2. Noninteractive • Allows verification of entries on DNS servers • Interactive mode – NSLOOKUP at command prompt • > prompt. Type HELP or ? Use EXIT to quit. • NonInteractive mode • NSLOOKUP /SET =<3> • NSLOOKUP /VIEW:DOMAIN Command Prompt

• Administrator mode to perform tasks that could damage settings

• Windows 7 and Win 10 • Start -> All Programs -> Accessories, right click command prompt • Choose Run as Administrator • Confirm UAC • Windows 8 • Provides two choices on start menu • All versions • Win Key + R • Type cmd • Cntl+Shift+Enter The Windows Registry

• Database for windows • Contains settings, registration info, file extension associations. • REGEDIT • Needs admin rights • BE CAREFUL – BE VERY CAREFUL • https://www.lifewire.com/what-is-a-registry-hive-2625986 • Exercise – visit the above link and read about the following “hives” • HKEY_CLASSES_ROOT • HKEY_CURRENT_USER • HKEY_LOCAL_MACHINE • HKEY_USERS • HKEY_CURRENT_CONFIG • Last Known Good Configuration (F8 on boot) uses an earlier copy of the registry Windows Registry

• Known as The Registry • Central configuration Database • Loaded at Startup • Holds all the configuration information for the installation • Local User information • File extension information The Registry

● Be Careful – Be VERY Careful!

● Requires Administrator rights to edit

● Last Known Good Configuration (F8 on boot) uses an earlier copy of the registry

● On Win8/10 if two consecutive failed boot attempts, the Windows Recovery Environment (WinRE) is invoked

● Restore Points take a copy of the registry

● Exercise – visit https://www.lifewire.com/what-is-a-registry-hive-2625986 and read about the following “hives” – HKEY_CLASSES_ROOT – HKEY_CURRENT_USER – HKEY_LOCAL_MACHINE – HKEY_USERS – HKEY_CURRENT_CONFIG

The Registry

● Comprised of the following 5 files in C:\Windows\System32\Config – Default – SAM – Security – Software – System

● Individual Entries are called Keys

● HKEY – Handle to Registry Key The Registry

Hive Contents

HKEY_CURRENT_USER User-specific configuration information for the user currently logged into Windows. e.g. colour scheme and wallpaper

HKEY_USERS User-specific configuration information for any user who has ever logged into Windows.

HKEY_LOCAL_MACHINE Configuration information for the PC’s hardware. e.g. Network Settings (if not set in HKEY_CURRENT_USER)

HKEY_CURRENT_CONFIG Current configuration for the PC’s hardware, including Plug and Play configurations.

HKEY_CLASSES_ROOT information. Virtual Memory • Paging file (or swap file) • Uses Hard Disk Space for RAM • Especially where RAM is short. Better to add more memory! • Idle programs are managed in and out of the file by OS • Emulates RAM so programs think they are in RAM • PAGEFILE.SYS (hidden in root directory) • Size limited by HDD size • Control Panel -> System -> Advanced System Settings. Performance Area. Virtual Memory. • Specify location • Specify Size (not too small, typically 1.5x RAM) • Make sure the drive where the pagefile resides has plenty of empty space The Virtual Memory Process

● Storing Data in Virtual Memory – An application loads and requests memory from the system. – The VMM assigns it a page of memory addresses from within the virtual memory space. – The application stores information in one or more of the virtual memory locations. – The VMM maps the virtual address the application uses to a physical location in RAM. – As physical RAM becomes full, the VMM moves inactive data from memory to the pagefile in a process called paging or swapping. The Virtual Memory Process

● Retrieving Data from Virtual Memory – An application requests data from its virtual memory location. – The VMM determines which physical RAM location was mapped to this virtual memory address. – If the VMM finds that the data is not present in the RAM location, it generates an interrupt called a page fault. – The VMM locates the data in the pagefile, retrieves the data from the hard disk, loads it back into RAM, and updates the virtual-to- physical address mapping for the application. If necessary, the VMM swaps other data out of RAM to release space. – The application retrieves the data from RAM. Pagefile Optimisation

● Automatically creates a pagefile on installation – Pagefile. – System sets the size using an algorithm that looks at physical memory and disk size – Pagefile at boot starts at an initial size and grows to maximum Pagefile Optimisation – some help

● Can only be adjusted by the system admin – Microsoft recommend an initial pagefile size of 1.5 times the amount of RAM

● The more RAM you have, the smaller a pagefile you need. – If the initial size of the pagefile is too low, the system will use time adding space to the pagefile. – Adding space to the pagefile after startup also increases disk fragmentation. – A good idea to set the initial size to the same value as the maximum size.

● But if the initial size is too high, the pagefile will be mainly empty wasting disk space. Pagefile Optimisation – some help

● Can only be adjusted by the system admin – Reoccurring "low virtual memory" errors solved by increase the maximum size of the pagefile. – If you have multiple drives, you can the pagefile off the drive that contains the Windows system files, so that the computer can access system files and pagefile information simultaneously. – Put the pagefile on the fastest drive that does not contain Windows. – If there is not a noticeable speed difference between drives, create additional pagefiles on multiple drives. This speeds access time because the system can read and write from multiple drives simultaneously Task Manager

• CTRL+SHIFT+ESC • CTRL+ALT+DEL -> Task Manager • Different Versions have different tabs • Default application to run when system seems slow • Shutdown unresponsive applications • Priority Changing • Change Priority Alternative Click on the task (Scale 0 to 31) • Low (4 and lower) • Below Normal (6) • Normal (8) • Above Normal (10) • High (13) • Realtime (24). Requires Admin privileges • Priority Reverts next time program is run • https://www.howtogeek.com/169823/beginner-geek-what-every-windows-user-needs- to-know-about-using-the-windows-task-manager/ Task Manager – Services Tab

• Clicking on the Services Button opens the MMC • MMC – Microsoft Management Console • Front End for Administrative tools • Alternate Click: • Start Service • Stop Service • Go To Process Task Manager (Windows 8 onwards)

• Startup Tab • Lists services to begin at Start Up • Can disable it from here • Windows 7 functionality provided by MSCONFIG Services

• SERVICES.MSC • Control Panel -> Administration Tools -> Services • Status of services provided by windows • Alternate Click allows Start, Stop, Pause, Resume, or Restart • Can be Started Automatically, manually or disabled MMC – Microsoft Management Console

• Administrative tools • Win Key + R then type mmc • Click File then Add or Remove Snap in • See https://technet.Microsoft.com/en-us/library/dd632541.aspx • Add in: • Computer Management • Services • Performance Monitor (can run by win key + R and perfmon) • Task Scheduler • Windows Defender Firewall (used to be Windows Firewall in win7/8.1) • Component Services • Print Management Performance Monitor

• Good for trouble shooting • Perfmon • https://www.youtube.com/watch?v=591kfPROYbs Other Windows Tools

• Windows Memory Diagnostics Tool • Start -> Windows Administrative Tools -> Windows Memory Diagnostics Tool • Requires a reboot • Local Security Policy • secpol.msc • Start -> Windows Administrative Tools -> Local Security Policy • We will return to security later in the course • User Account Management (from MMC) • View, Create, Modify individua Users • View, Create, Modify individua Groups Windows System Configuration Tools

• msconfig • Functionality varies between versions of windows • Boot tab • Configure next boot to be safe • Services Tab • See all services installed and their state • Start Up Tab • Configure programs to run at start up • Tools Tab • Allows launching of admin tools Windows System Information Tools

• msinfo32 • Cannot change information • Thorough list of PC information • Can search or export the data

• dxdiag • Allows checking of driver signing • Tests DirectX functionality

• mstsc • Microsoft Terminal Services Client • Remote Desktop Connection Tool • Command line (see mstsc /? for options) and GUI Power Management • ACPI – Advanced Configuration Power Interface • BIOS must support • BIOS provides the i/f for Windows • Legacy systems support APM – (Advanced Power Management) • 3 Main Power states • Hibernate • Saves memory, preserves data and applications. Uses HDD to store state. • Turns PC off. • Waking brings it back exactly to the place where hibernation happened. • • Not the same as hibernate, but a low-power state • PC remains on. • Shutdown/Turn Off • Shuts all applications down and turns off • WoL – Wake On LAN • wakes a sleeping PC from a LAN wake up signal Disk Management

• All disks need to be partitioned and formatted • Partitioning • creates logical drives • One HDD can have multiple partitions • Formatting • Creates and configures a partition for use • FAT – File Allocation Table • NTFS – New Technology File System uses MFT (Master File Table) Partition Type Description

FAT ●Introduced in 1981 ●Uses 8.3 naming convention

●Became FAT16

●Max partition size 2GB

NTFS ●For typical Windows installations. ●Can handle large disk partitions.

●More efficient than FAT32.

●File and folder compression

●Can handle partitions greater than 32GB

FAT32 ●For legacy Windows installations. ●Less secure than NTFS.

●Disk partition size restrictions.

●Only use if absolutely necessary

●Greater than 2GB then FAT32

●Smaller than 2GB then FAT16

●Maximum 32GB exFAT ●Extended FAT ●Better for flash drives where NTFS cannot be used.

●For sharing external files between Windows and OS X computers.

●Provides read/write access of Windows partitions to OS X users Partition Type Description

CDFS ●Compact Disc File System. ●Enables multiple OSs to read the same optical disc

ext2,ext3,ext4 ●For Linux installations ●ext4 the latest (and now partially supported by Windows)

●Volumes of 1 Exbibyte (EiB) and files of 16 Tebibytes (TiB)

NFS ●Network File System. ●Hosted on a server.

●Clients access over the network as if the files were stored locally.

VFAT ●Virtual FAT ●Introduce in Win95

●Allowed 255 Character file names

●Also created an 8.3 file name Other Partition Information

• Swap Partition • Linux and Unix installations • Same as Page file in the windows system • Own partition type • Formatting Partitions • Quick Format • A new File Allocation Table is created • Original files remain to be written over • Full Format • A new File Allocation Table is created • Original files are written over Disk Management MMC

• Right Click on Start Menu • Select Disk Management • Windows supports three types of partition styles • Basic Disks • MBR (Master Boot Record) – standard BIOS partition table • 4 Primary partitions • Or 3 Primary Partitions and one extended partition • An extended partition can contain up to 26 logical partitions • The boot partition must be set to active, only one can be active • GPT • GUID Partition Tables • Used by UEFI (Unified Extensible Firmware Interface • Greater than 2TB • Can have 128 Primary partitions (no need for logical or extended therefore) • Dynamic Disks • MS designed system • Up to 2000 volumes (Or partitions) • All will have a 1MB partitioning table database Disk Management MMC

• Initialize Disks (Makes the disk readable to the system) • Mount Partitions (makes it available to the system) • Extending Partitions (allows you to grow a partitions size) • Shrink Partitions • Allows checking of a drives health • Files are not always written contiguously (all the data in one location) • Defragmenting allows the file system to tidy up the disk to consolidate fragmented files • Defragmented drives operate better • Do not defragment an SSD