DOCSLIB.ORG

Course Title

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Course Title "Charting the Course ... ... to Your Success!" Windows 2008 R2 Internals Part 2 (Custom for Wells Fargo) Course Summary Description This class is a combination of lecture and hands-on exercises designed to increase the skills and understanding of experienced Windows 2008R2 Support and Admin specialists. It includes a variety of topics that should be selected by the client for maximum benefit. Topics I/O System File Systems Memory Management Crash Dump Analysis Cache Manager Audience This course is intended for IT Professional technical specialists who work in the complex computing environment of a medium to large company and are responsible for the underlying Microsoft technologies that support a business application infrastructure in Windows Server 2008 and Windows Server 2008 R2. Prerequisites Up to one year of experience managing Windows Server 2008 and/or Windows Server 2008 R2 in a medium-to-large networking environment of multiple physical locations. At least two years of experience configuring and managing Windows Vista or Windows 7 clients Experience managing applications and network technologies in an enterprise environment, which may include network services and resources such as messaging, databases, file and print, a firewall, Internet access, an intranet, Public Key Infrastructure, remote access, remote desktop, virtualization, and client computer management. Duration 20 – 40 hours depending upon client topic selections Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. References to other companies and their products are for informational purposes only, and all trademarks are the properties of their respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generically PT9207_WINDOWS2008R2INTERNALSPART2.DOC "Charting the Course ... ... to Your Success!" Windows 2008 R2 Internals Part 2 (Custom for Wells Fargo) Course Outline I. I/O System 3. Multipartition Volume Management A. I/O System Components 4. The volume Namespace 1. The I/O Manager 5. Volume I/O Operation 2. Typical I/O Processing 6. Virtual Disk Service B. Device Drivers E. Virtual hard Disk Support 1. Types of Device Drivers 1. Attaching VHDs 2. Structure of a Driver 2. Nested File Systems 3. Driver Objects and Device Objects F. BitLocker Drive Encryption 4. Opening Devices 1. Encryption keys C. I/O Processing 2. Trusted Platform Module (TPM) 1. Types of I/O 3. Bitlocker Boot Process 2. I/O Request to a Single-Layered Driver 4. Bitlocker Key Recovery 3. I/O Requests to Layered Drivers 5. Full-Volume Encryption Driver 4. I/O Cancellation 6. BitLocker Management 5. I/O Completion Ports 7. BitLocker to Go 6. I/O Prioritization G. Volume Shadow Copy Service 7. Container Notifications 1. Shadow Copies 8. Driver Verifier 2. VSS Architecture D. Kernel-Mode Driver Framework (KMDF) 3. VSS Operation 1. Structure and Operation of a KMDF Driver 4. Uses in Windows 2. KMDF Data Model H. Conclusion 3. KMDF I/O Model E. User-Mode Driver Framework (UMDF) III. Memory Management F. The Plug and Play (PnP) Manger A. Introduction to the Memory Manager 1. Level of Plug and Play Support 1. Memory Manager Components 2. Driver Support for Plug and Play 2. Internal Synchronization 3. Driver Loading, Initialization, and Installation 3. Examining Memory Usage 4. Driver Installation B. Services the memory Manager Provides G. The Power Manager 1. Large and Small Pages 1. Power manager Operation 2. Reserving and Committing Pages 2. Driver Power Operation 3. Commit Limit 3. Driver and Application Control of Device 4. Locking Memory Allocation Granularity Power 5. Shared Memory and Mapped Files 4. Power Availability Requests 6. Protecting memory 5. Processor Power Management (PPM) 7. No Execute Page Protection H. Conclusion 8. Copy on Write 9. Address Windowing Extensions II. Storage Management C. Kernel-Mode Heaps (System Memory Pools) A. Storage Terminology 1. Pool Sizes B. Disk Drivers 2. Monitoring Pool Usage 1. Rotating Magnetic Disks 3. Look Aside Lists 2. Solid State Disks D. Heap Manager C. Volume Management 1. Types of Heaps 1. Winload 2. Heap Manager Structure 2. Disk Class, Port, and Miniport Drivers 3. Heap Synchronization 3. Disk Device Objects 4. The Low Fragmentation heap 4. Partition Manager 5. Heap Security Features D. Volume Management 6. Heap Debugging Features 1. Basic disks 7. Pageheap 2. Dynamic Disks 8. Fault tolerant Heap Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. References to other companies and their products are for informational purposes only, and all trademarks are the properties of their respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generically PT9207_WINDOWS2008R2INTERNALSPART2.DOC "Charting the Course ... ... to Your Success!" Windows 2008 R2 Internals Part 2 (Custom for Wells Fargo) Course Outline (cont’d) 6. System Working Sets E. Virtual Address Space Layouts 7. Memory Notification Events 1. x86 Address Space Layouts P. Proactive memory Management (SuperFetch) 2. x86 System Address Space Layout 1. Components 3. x86 Session Space 2. Tracing and Logging 4. System Page Table Entries 3. Scenarios 5. 64-Bit Address Space layouts 4. Page Priority and Rebalancing 6. x64 Virtual Addressing Limitations 5. Robust Performance 7. Dynamic System Virtual Address Space 6. ReadyBoost Management 7. ReadyDrive 8. System Virtual Address Space Quotas 8. Unified Caching 9. User Address Space Layout 9. Process Reflection F. Address Translation Q. Conclusion 1. X86 Virtual Address Translation 2. Translation Look-Aside Buffer IV. Cache Manager 3. Physical Address Extension (PAE) A. Key Features of the Cache Manager 4. X64 Virtual Address Translation 1. Single, Centralized System Cache 5. IA64 Virtual Address Translation 2. The Memory Manager G. Page Fault Handling 3. Cache Coherency 1. Invalid PTEs 4. Virtual Block Caching 2. Prototype PTEs 5. Steam-Based Caching 3. In-paging I/O 6. Recoverable File System Support 4. Collided page Faults B. Cache Virtual Memory Management 5. Clustered Page Faults C. Cache Size 6. Page Files 1. Cache Virtual Size 7. Commit charge and the System Commit 2. Cache Working Set Size Limit 3. Cache Physical Size 8. Commie charge and Page File Size D. Cache Data Structures H. Stacks 1. Systemwide Cache Data Structures 1. User Stacks 2. Pre-File Cache Data Structures 2. Kernel Stacks E. File System Interfaces 3. DPC Stack 1. Copying to and from the Cache I. Virtual Address Descriptors 2. Caching with the mapping and Pinning 1. Process VADs Interfaces 2. Rotate VAADs 3. Caching with the Direct memory Access J. NUMA Interfaces K. Section Objects F. Fast I/O L. Driver Verifier G. Read Ahead and Write Behind M. Page Frame Number Database 1. Intelligent Read-Ahead 1. Page List Dynamics 2. Write-Back Caching andLazy Writing 2. Page Priority 3. Write Throttling 3. Modified Page Writer 4. System Threads 4. PFN Data Structures H. Conclusion N. Physical Memory Limits 1. Windows Client Memory Limits V. File Systems O. Working Sets A. Windows File System Formats 1. Demand Paging 1. CDFS 2. Logical Prefetcher 2. UDF 3. Placement policy 3. FAT12, FAT16, and FAT32 4. Working Set Management 4. ExFAT 5. Balance Set manager and Swapper 5. NTFS Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. References to other companies and their products are for informational purposes only, and all trademarks are the properties of their respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generically PT9207_WINDOWS2008R2INTERNALSPART2.DOC "Charting the Course ... ... to Your Success!" Windows 2008 R2 Internals Part 2 (Custom for Wells Fargo) Course Outline (cont’d) B. File System Driver Architecture 4. Booting from iSCSI 1. Local FSDs 5. Initializing the Kernel and Executive 2. Remote FSDs Subsystems 3. File System Operation 6. Smss, Csrss, and Wininit 4. File System Filter Drivers 7. ReadyBoot C. Troubleshooting File System Problems 8. Images That Start Automatically 1. Process Monitor Basic vs. Advanced Modes B. Troubleshooting boot and Startup Problems 2. Process Monitor Troubleshooting 1. Last Known Good Techniques 2. Safe Mode D. Common Log File Systems 3. Windows Recovery Environment (WinRE) E. NTFS Design Goals and Features 4. Solving Common Boot Problems 1. High-end file System Requirements C. Shutdown 2. Advanced Features of NTFS D. Conclusion F. NTFS File System Driver G. NTFS On-Disk Structure VII. Crash Dump Analysis 1. Volumes A. Why Does Windows Crash? 2. Clusters B. The Blue Screen 3. Master File Table 1. Causes of Windows Crashes 4. File Record Nmbers C. Troubleshooting Crashes 5. File Records D. Crash Dump Files 6. File Names 1. Crash Dump Generation H. Resident and Nonresident Attributes E. Windows Error Reporting I. Data Compression and Sparse Files F. Online Crash Analysis J. The Change Journal File G. Basic Crash Dump Analysis 1. Indexing 1. Notmyfault 2. Object Ids 2. Basic Crash Dump Analysis 3. Quota Tracking 3. Verbose Analysis 4. Consolitated Security H. Using Crash Troubleshooting Tools 5. Reparse Points 1. Buffer Overruns, Memory Corruption, and 6. Transaction Support Special Pool K. NTFS Recovery Support 2. Code Overwrite and System Code Write 1. Design Protection 2. Metadata Logging I. Advanced Crash Dump Analysis 3. Recovery 1. Stack Trashes 4. NTFS Bad-cluster Recovery 2. Hung or Unresponsive Systems 5. Self-Healing 3. When There is No Crash Dump L. Encrypting File System Security J. Analysis of Common Stop Codes 1. Encrypting a File for the First Time 1. 0xD1- 2. The Decryption Process DRIVER_IRQL_NOT_LESS_OR_EQUAL 3. Backing Up Encrypted Files 2. OX8E_- 4. Copying encrypted Files KERNEL_MODE_EXCEPTION_NOT_HAND M. Conclusion LED 3. OX7F- VI. Startup and Shutdown UNEXPECTED_KERNEL_MODE_TRAP A. Boot Process 4.
Load more

Recommended publications
  • TK Backman, Jason Yang, SW Development at MS
    T.K. Backman Jason Yang [email protected] [email protected] Principal Development Lead Principal Development Lead Debugging and Tools Group Analysis Technologies Team Windows Engineering Desktop Windows Engineering Desktop Microsoft Corporation Microsoft Corporationnnn Code on a massive scale Developers on a massive scale Tight constraints on schedules University of Washington 3/2/2011 2 ◦ Company structure Why the world is not just about developers ☺ ◦ Innovation strategy How we actually improve software over time ◦ Dynamic tension When people are involved, everything changes ◦ Development cycles How we build software products in cycles ◦ Program analysis How we push quality upstream ◦ Windows engineering system How we build large-scale products University of Washington 3/2/2011 3 ◦ Total size: ~89,000 employees ◦ Windows & Office – “perfect org structure” PM – program managers Dev – software developers Test – software developers in test ◦ Around 1000 PM+Dev+Test feature teams on 100s of products University of Washington 3/2/2011 4 ◦ Team size: ~10,000 employees ◦ Sales & marketing ◦ Project managers / product managers ◦ 30 feature teams 1500 Devs 1500 Testers 1000 PMs ◦ Customer support engineers ◦ Build engineers University of Washington 3/2/2011 5 “I often say that when you can measure what you are speaking about, and express it in numbers, you know something about it; but when you cannot measure it, when you cannot express it in numbers, your knowledge is of a meager and unsatisfactory kind; it may be the beginning
    [Show full text]
  • Scheduling, Thread Context, and IRQL
    Scheduling, Thread Context, and IRQL December 31, 2020 Abstract This paper presents information about how thread scheduling, thread context, and a processor’s current interrupt request level (IRQL) affect the operation of kernel- mode drivers for the Microsoft® Windows® family of operating systems. It is intended to provide driver writers with a greater understanding of the environment in which their code runs. A companion paper, “Locks, Deadlocks, and Synchronization” at http://www.microsoft.com/whdc/hwdev/driver/LOCKS.mspx, builds on these fundamental concepts to address synchronization issues in drivers. Contents Introduction ....................................................................................................................... 3 Thread Scheduling ............................................................................................................ 3 Thread Context and Driver Routines .................................................................................. 4 Driver Threads .................................................................................................................. 5 Interrupt Request Levels .................................................................................................... 6 Processor-Specific and Thread-Specific IRQLs .............................................................. 8 IRQL PASSIVE_LEVEL ............................................................................................ 8 IRQL PASSIVE_LEVEL, in a critical region ..............................................................
    [Show full text]
  • Run-Commands-Windows-10.Pdf
    Run Commands Windows 10 by Bettertechtips.com Command Action Command Action documents Open Documents Folder devicepairingwizard Device Pairing Wizard videos Open Videos Folder msdt Diagnostics Troubleshooting Wizard downloads Open Downloads Folder tabcal Digitizer Calibration Tool favorites Open Favorites Folder dxdiag DirectX Diagnostic Tool recent Open Recent Folder cleanmgr Disk Cleanup pictures Open Pictures Folder dfrgui Optimie Drive devicepairingwizard Add a new Device diskmgmt.msc Disk Management winver About Windows dialog dpiscaling Display Setting hdwwiz Add Hardware Wizard dccw Display Color Calibration netplwiz User Accounts verifier Driver Verifier Manager azman.msc Authorization Manager utilman Ease of Access Center sdclt Backup and Restore rekeywiz Encryption File System Wizard fsquirt fsquirt eventvwr.msc Event Viewer calc Calculator fxscover Fax Cover Page Editor certmgr.msc Certificates sigverif File Signature Verification systempropertiesperformance Performance Options joy.cpl Game Controllers printui Printer User Interface iexpress IExpress Wizard charmap Character Map iexplore Internet Explorer cttune ClearType text Tuner inetcpl.cpl Internet Properties colorcpl Color Management iscsicpl iSCSI Initiator Configuration Tool cmd Command Prompt lpksetup Language Pack Installer comexp.msc Component Services gpedit.msc Local Group Policy Editor compmgmt.msc Computer Management secpol.msc Local Security Policy: displayswitch Connect to a Projector lusrmgr.msc Local Users and Groups control Control Panel magnify Magnifier
    [Show full text]
  • Guidelines for Designing Embedded Systems with Windows 10 Iot Enterprise
    Guidelines for Designing Embedded Systems with Windows 10 IoT Enterprise Version 2.0 Published July 15, 2016 Guidelines for designing embedded systems 1 CONFIDENTIAL Contents Overview .................................................................................................................................................................................................... 4 Building a task-specific experience ............................................................................................................................................ 4 General Group Policy settings ....................................................................................................................................................... 4 Application control ................................................................................................................................................................................ 5 Application boot options ................................................................................................................................................................. 5 Auto-boot Universal Windows apps ...................................................................................................................................... 5 Auto-boot Classic Windows apps ........................................................................................................................................... 5 Limit application access with AppLocker ...............................................................................................................................
    [Show full text]
  • System Administration Guide
    Experion PKS Release 516 System Administration Guide EPDOC-X139-en-516A August 2020 DISCLAIMER This document contains Honeywell proprietary information. Information contained herein is to be used solely for the purpose submitted, and no part of this document or its contents shall be reproduced, published, or disclosed to a third party without the express permission of Honeywell International Sàrl. While this information is presented in good faith and believed to be accurate, Honeywell disclaims the implied warranties of merchantability and fitness for a purpose and makes no express warranties except as may be stated in its written agreement with and for its customer. In no event is Honeywell liable to anyone for any direct, special, or consequential damages. The information and specifications in this document are subject to change without notice. Copyright 2020 - Honeywell International Sàrl 2 Contents CONTENTS Contents 3 Chapter 1 - About this guide 9 Before reading this guide 10 Chapter 2 - System administration 11 Administering users 12 Windows user accounts 12 Users and groups 12 Passwords administration 13 Deleting a user 13 Experion Operator accounts 14 Control Builder client licenses 14 Administering displays 15 Changing service account passwords 16 Service account scope types 18 Changing passwords for single-machine scope accounts 21 Changing passwords for multi-machine scope accounts 22 Preparing to change passwords for system-wide scope accounts 23 Changing passwords for system-wide scope accounts 26 Changing DSA Advanced Security
    [Show full text]
  • Deploying Microsoft SQL Server on Amazon Web Services
    Deploying Microsoft SQL Server on Amazon Web Services This paper has been archived. November 2019 For the latest technical content about the AWS Cloud, see the AWS Whitepapers & Guides page: https://aws.amazon.com/whitepapers Archived Notices Customers are responsible for making their own independent assessment of the information in this document. This document: (a) is for informational purposes only, (b) represents current AWS product offerings and practices, which are subject to change without notice, and (c) does not create any commitments or assurances from AWS and its affiliates, suppliers or licensors. AWS products or services are provided “as is” without warranties, representations, or conditions of any kind, whether express or implied. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers. © 2019 Amazon Web Services, Inc. or its affiliates. All rights reserved. Archived Contents Introduction .......................................................................................................................... 1 Amazon RDS for SQL Server .......................................................................................... 1 SQL Server on Amazon EC2 ........................................................................................... 1 Hybrid Scenarios .............................................................................................................. 2 Choosing Between
    [Show full text]
  • Copyrighted Material
    Index Numerics Address Resolution Protocol (ARP), 1052–1053 admin password, SOHO network, 16-bit Windows applications, 771–776, 985, 1011–1012 900, 902 Administrative Tools window, 1081–1083, 32-bit (x86) architecture, 124, 562, 769 1175–1176 64-bit (x64) architecture, 124, 562, 770–771 administrative tools, Windows, 610 administrator account, 1169–1170 A Administrators group, 1171 ADSL (Asynchronous Digital Subscriber Absolute Software LoJack feature, 206 Line), 1120 AC (alternating current), 40 Advanced Attributes window, NTFS AC adapters, 311–312, 461, 468–469 partitions, 692 Accelerated Graphics Port (AGP), 58 Advanced Computing Environment (ACE) accelerated video cards (graphics initiative, 724 accelerator cards), 388 Advanced Confi guration and Power access points, wireless, 996, 1121 Interface (ACPI) standard, 465 access time, hard drive, 226 Advanced Graphics Port (AGP) card, access tokens, 1146–1147 391–392 Account Operators group, 1172 Advanced Graphics Port (AGP) port, 105 ACE (Advanced Computing Environment) Advanced Host Controller Interface (AHCI), initiative, 724 212–213 ACPI (Advanced Confi guration and Power Advanced Micro Devices (AMD), 141–144 Interface) standard, 465 Advanced Packaging Tool (APT), 572 Action Center, 1191–1192 Advanced Power Management (APM) Active Directory Database, 1145–1146, 1183 standard, 465 active heat sink, 150 Advanced Programmable Interrupt active matrix display, LCD (thin-fi lm Controller (APIC), 374 transistor (TFT) display), 470 Advanced RISC Computing Specifi cation active partition, 267,
    [Show full text]
  • Windows NT Network Management: Reducing Total Cost of Ownership - 9 - Performance Monitoring
    Windows NT ...: Reducing Total Cost of Ownership - Chapter 9 - Performance Monitorin Page 1 of 13 [Figures are not included in this sample chapter] Windows NT Network Management: Reducing Total Cost of Ownership - 9 - Performance Monitoring AN OLD ADAGE SAYS, "IF YOU can’t measure it, you can’t manage it." Even if you can measure something, how can you tell if your changes are making a difference if you don’t have baseline information? It’s important to monitor a server’s or work- station’s performance to maximize your investment in these tools. If a user complains that her computer is too slow, you often need more information to fix the problem. For example, if the problem is loading Web pages on a computer using an analog modem, the modem is probably limiting the system’s performance. However, if the computer is an older model, certain operations may wait for the CPU to finish processing. In this case, a complete system upgrade may be the best solution. The usefulness of performance monitoring goes far beyond handling user expectations. A network and systems administrator can use information obtained by analyzing the operations of existing hardware, software, and networking devices to predict the timing of upgrades, justify the cost of replacing and upgrading devices, and assist in troubleshooting. Performance monitoring ultimately reduces TCO and is a vital part of managing any IT environment. Performance monitoring helps answer important questions about your current environment. For example, you may want to know which activity specifically uses the most resources in your environment. If you determine that it is loading Web pages, then upgrading the RAM or the CPU speed of client machines may not help much.
    [Show full text]
  • An Evolutionary Study of Linux Memory Management for Fun and Profit Jian Huang, Moinuddin K
    An Evolutionary Study of Linux Memory Management for Fun and Profit Jian Huang, Moinuddin K. Qureshi, and Karsten Schwan, Georgia Institute of Technology https://www.usenix.org/conference/atc16/technical-sessions/presentation/huang This paper is included in the Proceedings of the 2016 USENIX Annual Technical Conference (USENIX ATC ’16). June 22–24, 2016 • Denver, CO, USA 978-1-931971-30-0 Open access to the Proceedings of the 2016 USENIX Annual Technical Conference (USENIX ATC ’16) is sponsored by USENIX. An Evolutionary Study of inu emory anagement for Fun and rofit Jian Huang, Moinuddin K. ureshi, Karsten Schwan Georgia Institute of Technology Astract the patches committed over the last five years from 2009 to 2015. The study covers 4587 patches across Linux We present a comprehensive and uantitative study on versions from 2.6.32.1 to 4.0-rc4. We manually label the development of the Linux memory manager. The each patch after carefully checking the patch, its descrip- study examines 4587 committed patches over the last tions, and follow-up discussions posted by developers. five years (2009-2015) since Linux version 2.6.32. In- To further understand patch distribution over memory se- sights derived from this study concern the development mantics, we build a tool called MChecker to identify the process of the virtual memory system, including its patch changes to the key functions in mm. MChecker matches distribution and patterns, and techniues for memory op- the patches with the source code to track the hot func- timizations and semantics. Specifically, we find that tions that have been updated intensively.
    [Show full text]
  • Security Advisory MTIS20-010 - Page 1 of 19 UNDER ANALYSIS: Firewall Enterprise
    NEW THREAT OVERVIEW | PREVIOUS THREATS UPDATES | THREAT DETAILS EXECUTIVE SUMMARY March 10, 2020 | MTIS20-010 Since the last McAfee® Labs Security Advisory (February 12), the following noteworthy event has taken place: Patches are available for multiple Microsoft security vulnerabilities NEW THREAT OVERVIEW (MSPT-Mar2020) Microsoft IIS Server improperly handles Malformed Request Headers Privilege Escalation (CVE- 2020-0645) MTIS20-010-A IMPORTANCE: Medium COVERED PRODUCTS: UNDER ANALYSIS: Firewall Enterprise Back to top (MSPT-Mar2020) Microsoft Windows .LNK file Remote Code Execution (CVE-2020-0684) MTIS20-010-B IMPORTANCE: High COVERED PRODUCTS: UNDER ANALYSIS: Firewall Enterprise Back to top (MSPT-Mar2020) Microsoft DirectX improperly handles Objects in Memory Privilege Escalation (CVE-2020-0690) MTIS20-010-C IMPORTANCE: Medium COVERED PRODUCTS: DAT | Web Gateway UNDER ANALYSIS: Firewall Enterprise Back to top (MSPT-Mar2020) Microsoft Visual Studio improperly handles Pipeline Job Tokens Privilege Escalation (CVE-2020- 0758) MTIS20-010-D IMPORTANCE: Medium COVERED PRODUCTS: UNDER ANALYSIS: Firewall Enterprise Back to top (MSPT-Mar2020) Microsoft Defender Handles Certain Objects in Memory Privilege Escalation (CVE-2020-0762) MTIS20-010-E IMPORTANCE: Medium COVERED PRODUCTS: Security Advisory MTIS20-010 - Page 1 of 19 UNDER ANALYSIS: Firewall Enterprise Back to top (MSPT-Mar2020) Microsoft Defender Handles Certain Objects in Memory Privilege Escalation (CVE-2020-0763) MTIS20-010-F IMPORTANCE: Medium COVERED PRODUCTS: UNDER ANALYSIS: Firewall
    [Show full text]
  • Unit OS6: Device Management
    Lab Manual - OS6 Device Management Unit OS6: Device Management 6.4. Lab Manual Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze 1 Lab Manual - OS6 Device Management Copyright Notice © 2000-2005 David A. Solomon and Mark Russinovich These materials are part of the Windows Operating System Internals Curriculum Development Kit, developed by David A. Solomon and Mark E. Russinovich with Andreas Polze Microsoft has licensed these materials from David Solomon Expert Seminars, Inc. for distribution to academic organizations solely for use in academic environments (and not for commercial use) 2 2 Lab Manual - OS6 Device Management Roadmap for Section 6.4. Lab experiments investigating: Viewing Security Processes Looking at the SAM Viewing Access Tokens Looking at Security Identifiers (SIDs) Viewing a Security Descriptor structure Investigating ordering of Access Control Entries (ACEs) Investigating Privileges 3 This Lab Manual includes experiments investigating the the I/O system mechanisms and concepts implemented inside the Windows operating system. Students are expected to carry out Labs in addition to studying the learning materials in Unit OS6. A thorough understanding of the concepts presented in Unit OS6: Device Management is a prerequisite for these Labs. 3 Lab Manual - OS6 Device Management Lab: Viewing the Installed Driver List View the list of System Drivers in the Software Environment section of the Windows Information utility (Msinfo32.exe) Note: the distinction between File System Drivers and Kernel Drivers is from the Type value in the driver’s Registry key. This distinction is meaningless. 4 Lab objective: Viewing the Loaded Driver List You can see a list of registered drivers on a Windows 2000 system by going to the Drivers section of the Computer Management Microsoft Management Console (MMC) snapin or by right-clicking the My Computer icon on the desktop and selecting Manage from the context menu.
    [Show full text]
  • 05 Vcloud Services Consultant
    Optimizing Windows for VMware View 4.5 Optimizing Windows for VMware View™ 4.5 (Optimizing Windows 7, Windows Vista and XP) Version 2.0 For use only by VMware PSO and VMware Solution Providers Consulting Service Delivery Aid – Not a Customer Deliverable Optimizing Windows for VMware View 4.5 Version History Date Ver. Author Description Rev iewers February 2011 V2.0 Tim Federwitz Second Release (Added Dav id Richardson, John Windows XP and Vista) Dodge, Matt Coppinger, Matt Wood August 2010 V1.0 Tim Federwitz First Release (Windows 7 John Dodge, Matt only ) Coppinger, Matt Lesak, Ry an Miersma, Justin Venezia © 2011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. This product is covered by one or more patents listed at http://www.vmware.com/download/patents.html . VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. VMware, Inc 3401 Hillview Ave Palo Alto, CA 94304 www.vmware.com © 2011 VMware, Inc. All rights reserved. Page 2 of 44 Optimizing Windows for VMware View 4.5 Contents 1. Introduction ......................................................................................... 4 1.1 Comparing Default and Optimized Windows 7 Installations ........................................ 4 1.2 How to use this Guide ............................................................................................... 4 2.
    [Show full text]