Is a window containing applets used to manage hardware software users and the system?

As an Cybersecurity professional, you will manage the computer through a graphic user interface
(GUI) for some tasks and through a command line interface for others. In this topic, you will examine some of the administrative tools and utilities for Windows computers.

When you configure or troubleshoot a computer, you need to do so with an account that has sufficient privileges to make major changes to OS settings and files. If misused, these privileges could be a significant threat to the security of the computer system and network. In this topic, you will also learn how to exercise administrative privileges safely.

Windows Settings and Control Panel

Many tools are used to configure Windows settings and hardware devices. Some of the tools are accessible to ordinary users; others need administrative privileges to run.

In Windows 7, the Control Panel is the best place to start configuring your system. Each icon in the Control Panel represents an applet used to configure some part of the system. Most applets are added by Windows but some software applications, such as anti-virus software, add their own applets. Configuration information entered via Control Panel is ultimately stored in the Windows registry database.

You can access Control Panel through the Start Menu. In addition, certain applets are accessible by viewing object properties straight from the desktop or from Explorer.

Control Panel applets are arranged by category by default, although you can display “All items” via the breadcrumb or the “View by” menu. Note that options with the 

Windows Settings is a touchscreen-enabled “app” interface for managing a Windows 10 computer. Most of the standard Windows 10 configuration settings can be located within Windows Settings, but not all of them. Some options are still configured via Control Panel. Each Windows 10 feature update tends to move more configuration options from Control Panel to Windows Settings, though.

User Accounts

A user account is the principal means of controlling access to computer and network resources and rights or privileges. Resources include access to files, folders, or printers; rights or privileges refers to the ability to make configuration changes or read/modify a data file. Each resource is configured with an access list, which is a list of users and their permissions for that resource.

A user account is protected by authenticating the account owner—making them provide some data that is known or held only by them.

Each user account is also associated with a profile, stored in a subfolder of the Users folder. The profile contains per-user registry settings (ntuser.dat) and the default document folders. Software applications might also write configuration information to the profile.

When the OS is first installed, the account created or used during setup is a powerful local administrator account. The account is assigned membership of the local Administrators group. Generally speaking, you should only use this account to manage the computer—install applications and devices, perform troubleshooting, and so on.

You should create ordinary user accounts for day-to-day access to the computer. This is done by putting additional users of the computer in the Standard users group. Standard users cannot change the system configuration and are restricted to saving data files within their own user profile folder or the Public profile. For example, a user named David could save files only within C:\Users\David or C:\Users\Public. Administrators can access any folder on the computer.

The User Accounts applet in Control Panel allows users to manage their accounts. Users can manage local and network passwords and choose a picture to represent them on the log on screen.

Administrators can create and delete accounts or change the type of account (between administrator and user).

In Windows 8 and Windows 10, the User Accounts applet is still present and can still be used to change an account name or type, but it cannot be used to create new accounts. That function, plus most other account functions, is performed in the Accounts section of Windows Settings. Windows 8/10 accounts can either be local accounts (like Windows 7 user accounts) or linked to a Microsoft account, which gives access to Microsoft’s cloud services and syncs desktop settings across multiple devices.

User Account Control (UAC) is a solution to the problem of elevated privileges. In order to change important settings on the computer, such as installing drivers or software, administrative privileges are required. Previous versions of Windows make dealing with typical administrative tasks as an ordinary user very difficult, meaning that most users were given administrative privileges as a matter of course. This makes the OS more usable but it also makes it much more vulnerable, as any malicious software infecting the computer would run with the same administrative privileges.
UAC Secure Desktop
Accounts with administrative privileges are mediated by UAC. UAC counters the problem of escalated privileges by first extending some system privileges to ordinary users but then running accounts in a sandbox mode. Tasks that require UAC are shown with a Security Shield icon.

Configuring UAC
UAC protects the system from malware running with elevated administrator privileges. This is a good thing, but if you need to perform numerous system administration tasks at the same time, UAC can prove frustrating. You can configure UAC notifications to appear more or less frequently by using the configuration option in the User Accounts applet.

Administrative Tools

One of the options in Control Panel is the Administrative Tools shortcut.

Administrative Tools contains several shortcuts, giving you the ability to define and configure various advanced system settings and processes. There are also tools to assist with troubleshooting the system.

Administrative Tools is a collection of pre-defined Microsoft Management Consoles (MMCs). Each console contains one or more snap-ins that are used to modify various settings. The principal consoles are:

• Component Services—enables you to register new server applications or reconfigure security permissions for existing services.
• Computer Management—the default management console with multiple snap-ins to configure local users and groups, disks, services, devices, and so on.
  
• Data Sources—control connections to databases set up on the local computer.
• Event Viewer—allows monitoring of Windows logs. System, security, and application events are recorded in these logs. There are also application- and service-specific logs.
• Local Security Policy—allows you to view and edit the current security policy. A computer that is a member of a domain will have the security settings defined in the domain security policy.
• Print Management—set properties and monitor local printers and manage printer sharing on the network.
• Reliability and Performance Monitoring—view the performance of the local computer.
• Services—start, stop, and pause services.

As well as using the default consoles, you may find it useful to create your own. Consoles can be configured for each administrator and the details saved as a file with an MSC extension in their Start Menu folders.

Access Options for System Tools

Control Panel and Administrative Tools contain most of the shortcuts for the system features but there are other ways of accessing key tools.

The Computer object (renamed This PC in Windows 8/10) provides access to your local drives, printers, and any network drives that have been mapped. To browse resources, open Computer/This PC then the icon that represents the resource you want to view.

By right-clicking the icon itself and selecting the Properties option from the menu, you can access System properties. You can also right-click and select Manage to open the default Computer Management console.

Pressing Windows + X or right-clicking the Start button shows a shortcut menu including Control Panel, Windows Settings, and File Explorer, but also management utilities such as Device Manager, Computer Management, Command Prompt, and Windows PowerShell.

The Instant Search box on the Start Menu/Start Screen will execute programs and configuration options using simple names. You can open any file or program by pressing the Windows key then typing the path to the file. In the case of registered programs and utilities, you simply need to type the program file name or utility name.

Alternatively, you can access the Run dialog box using Windows + R or entering run into the search box.

There are several management consoles that you can access via the Run line by using the .MSC extension. For example:

• devmgmt.msc opens the Device Manager console.
• diskmgmt.msc opens the Disk Management console.
• compmgmt.msc opens the Computer Management console.

Command Line Tools

Most configuration of Windows can be done via convenient GUI tools, such as the management consoles and Control Panel. In some circumstances, though, it is necessary to use a command prompt to configure or troubleshoot a system. As you learn the commands, you may also find it quicker to use the command shell for actions such as file management. Learning commands is also valuable if you have to write scripts to automate Windows.

You can run any command from the Run dialog box. However, to input a series of commands or to view output from commands, you need to use the command shell (cmd.exe). To open the prompt, type cmd in the Run dialog box or Instant Search box.

You may need to run the command prompt with elevated privileges in order to execute a command. If a command cannot be run, the error message “The requested operation requires elevation” is displayed.

You cannot continue within the same window. You need to open a new command prompt as administrator. Right-click the command prompt shortcut and select Run as administrator then confirm the UAC prompt. Alternatively, type cmd in the Instant Search box then press Ctrl + Shift + Enter.

When run as administrator, the title bar shows “Administrator: Command Prompt” and the default folder is C:\Windows\System32 rather than C:\Users\Username.

To run a command, type it at the prompt (>) using the command name and any switches and arguments using the proper syntax. When you have typed the command, press Enter to execute it.

The syntax of a command lists which arguments you must use (plus ones that are optional) and the effect of the different switches. Switches are usually preceded by the forward slash escape character.

As you enter commands, the prompt fills up with text. If this is distracting, you can use the cls command to clear the screen.

Some commands, such as nslookup or telnet, can operate in interactive mode. This means that using the command starts that program and from that point, the prompt will only accept input relevant to the program. To exit the program you use the exit or quit command (or press Ctrl+C). The exit command will close the cmd window if not used within an interactive command.

The command prompt includes a rudimentary help system. If you type help at the command prompt then press Enter, a list of available commands is displayed. If you enter help CommandName, help on that command is displayed, listing the syntax and switches used for the command. You can also display help on a particular command by using the /? switch (for example, netstat /? displays help on the netstat command).

Many files used by the operating system and applications are in a binary file format that can only be interpreted by the application. A plain text file can be modified in any text editor, but if it is saved through an application other than a basic text editor, it could be converted to a binary format and so become unusable. Windows supplies the basic text editor Notepad to modify text files. There are many third-party alternatives with better features, however.

You can also execute commands from Instant Search or from the Run dialog box. If a command is interactive, it will open a command prompt window for input. If a command is non-interactive, the command prompt window will open briefly and close again as the command executes. If you want to force a command into interactive mode, use the cmd /k keyword before the command (for example, cmd /k ipconfig).

Windows Shutdown Options

When the user wants to finish using Windows, simply disconnecting the power runs a risk of losing data or corrupting system files. There are various choices for closing or suspending a session:

• Shut down (shutdown /s)—close all open programs and services before powering off the computer. The user should save changes in any open files first but will be prompted to save any open files during shut down.
• Standby/Sleep—save the current session to memory and put the computer into a minimal power state.
• Hibernate (shutdown /h)—save the current session to disk before powering off the computer.
• Log off (shutdown /l)—close all open programs and services started under the user account but leave the computer running.
• Switch user—log on to another user account, leaving programs and files under the current account open.
• Lock—secure the desktop with a password while leaving programs running.
• Restart (shutdown /r)—close all open programs and services before rebooting without powering down. This is also called a soft reset.

These options can be selected from the Start Menu/Start Screen or by pressing Ctrl+Alt+Del.

The computer can also be shut down at a command prompt by using the shutdown command plus the relevant switch (shown in the previous figure). If a shutdown is in progress, shutdown /a aborts it (if used quickly enough). The shutdown /t nn command can be used to specify delay in seconds before shutdown starts; the default is 30 seconds.

The Windows Registry

The Windows registry provides a remotely accessible database for storing operating system, device, and software application configuration information. When you boot a Windows machine, the registry is populated with information about hardware detected in your system. During boot, Windows extracts information from the registry, such as which device drivers to load and in what order. Device drivers also send and receive data from the registry. The drivers receive load parameters and configuration data. Finally, whenever you run a setup program or configure the system via Control Panel/Settings or Administrative Tools, it will add or change data in the registry.

The registry does have a dedicated tool called regedit for direct editing, but it is not the tool you would use on an everyday basis to modify configuration data. Control Panel/Settings and Administrative Tools are better options for most tasks.

The registry is structured as a set of five root keys that contain computer and user databases. The computer database includes information about hardware and software installed on the computer. The user database includes the information in user profiles, such as desktop settings, individual preferences for certain software, and personal printer and network settings.

Each root key can contain subkeys and data items called value entries. Subkeys are analogous to folders and the value entries are analogous to files. A value entry has three parts: the name of the value, the data type of the value, and the value itself. The following table lists the different data types.

The registry database is stored in binary files called hives. A hive comprises a single file (most hives have a file with no extension), a .LOG file (containing a transaction log), and a .SAV file (a copy of the key as it was at the end of setup). The system hive also has an .ALT backup file. Most of these files are stored in the %SystemRoot%\System32\Config folder, but hive files for user profiles are stored in the folder holding the user’s profile. The following table shows the standard hives.

You can start the Registry Editor by running regedit via Instant Search, the Run dialog box, or the command prompt. You can use it to view or edit the registry and to back up and restore portions of the registry. Use the Find tool (Ctrl + F) to search for a key or value. If you want to copy portions of the registry database and use them on other computers, select File→ Export Registry File. The file will be exported in a registry-compatible format and can be merged into another computer’s registry by double-clicking the file (or calling it from a script).

A registration file is a plain text file. If you merge changes from a .reg file back to the registry, additions that you have made to the registry will not be overwritten. Use the Registry Hive Files format to create a binary copy of that portion of the registry. Restoring from the binary file will remove any additions you made, as well as reversing the changes.