As an Cybersecurity professional, you will manage the computer through a graphic user interface When you configure or troubleshoot a computer, you need to do so with an account that has sufficient privileges to make major changes to OS settings and files. If misused, these
privileges could be a significant threat to the security of the computer system and network. In this topic, you will also learn how to exercise administrative privileges safely. Many tools are used to configure Windows settings and hardware devices. Some of the tools are accessible to ordinary users; others need administrative privileges to run. In Windows 7, the Control
Panel is the best place to start configuring your system. Each icon in the Control Panel represents an applet used to configure some part of the system. Most applets are added by Windows but some software applications, such as anti-virus software, add their own applets. Configuration information entered via Control Panel is ultimately stored in the Windows registry database. You can access Control Panel through the Start Menu. In addition, certain applets are accessible by viewing object properties straight from the desktop or from Explorer. Control Panel applets are arranged by category by default, although you can display “All items” via the breadcrumb or the “View by” menu. Note that options with the Windows Settings is a touchscreen-enabled “app” interface for managing a Windows 10 computer. Most of the standard Windows 10 configuration settings can be located within Windows Settings, but not all of them. Some options are still configured via Control Panel. Each Windows 10 feature update tends to move more configuration options from Control Panel to Windows Settings, though. Note: In Windows 8, this app is referred to as “PC Settings” and is accessed via the Charms bar.User AccountsA user account is the principal means of controlling access to computer and network resources and rights or privileges. Resources include access to files, folders, or printers; rights or privileges refers to the ability to make configuration changes or read/modify a data file. Each resource is configured with an access list, which is a list of users and their permissions for that resource. A user account is protected by authenticating the account owner—making them provide some data that is known or held only by them. Each user account is also associated with a profile, stored in a subfolder of the Users folder. The profile contains per-user registry settings (ntuser.dat) and the default document folders. Software applications might also write configuration information to the profile. Administrator and Standard User AccountsWhen the OS is first installed, the account created or used during setup is a powerful local administrator account. The account is assigned membership of the local Administrators group. Generally speaking, you should only use this account to manage the computer—install applications and devices, perform troubleshooting, and so on. You should create ordinary user accounts for day-to-day access to the computer. This is done by putting additional users of the computer in the Standard users group. Standard users cannot change the system configuration and are restricted to saving data files within their own user profile folder or the Public profile. For example, a user named David could save files only within C:\Users\David or C:\Users\Public. Administrators can access any folder on the computer. Note: Windows protects system folders from non-root administrative users. These folders are owned by a system account (such as TrustedInstaller). This provides more protection against malware and misconfiguration. It is possible for any administrator account to take ownership of a system folder and override these protections, though.User Accounts AppletThe User Accounts applet in Control Panel allows users to manage their accounts. Users can manage local and network passwords and choose a picture to represent them on the log on screen. Administrators can create and delete accounts or change the type of account (between administrator and user). Local and Microsoft AccountsIn Windows 8 and Windows 10, the User Accounts applet is still present and can still be used to change an account name or type, but it cannot be used to create new accounts. That function, plus most other account functions, is performed in the Accounts section of Windows Settings. Windows 8/10 accounts can either be local accounts (like Windows 7 user accounts) or linked to a Microsoft account, which gives access to Microsoft’s cloud services and syncs desktop settings across multiple devices. UAC User Account
Control (UAC) is a solution to the problem of elevated privileges. In order to change important settings on the computer, such as installing drivers or software, administrative privileges are required. Previous versions of Windows make dealing with typical administrative tasks as an ordinary user very difficult, meaning that most users were given administrative privileges as a matter of course. This makes the OS more usable but it also makes it much more vulnerable, as any
malicious software infecting the computer would run with the same administrative privileges. Figure: Security Shield icon showing that changing this setting will require UAC authorization. Screenshot used with permission from Microsoft. When a user needs to exercise administrative rights, she or he must explicitly confirm use of those rights: If the logged in account has standard privileges, an administrator’s credentials must be entered via the authorization dialog box. If the logged in account is already an administrator, the user must still click through the authorization dialog box. The desktop darkens into a special secure desktop mode to prevent third-party software from imitating the authorization dialog box. Configuring UAC Administrative ToolsOne of the options in Control Panel is the Administrative Tools shortcut. Administrative Tools contains several shortcuts, giving you the ability to define and configure various advanced system settings and processes. There are also tools to assist with troubleshooting the system. Default Microsoft Management ConsolesAdministrative Tools is a collection of pre-defined Microsoft Management Consoles (MMCs). Each console contains one or more snap-ins that are used to modify various settings. The principal consoles are:
As well as using the default consoles, you may find it useful to create your own. Consoles can be configured for each administrator and the details saved as a file with an MSC extension in their Start Menu folders. Note: Most MMC snap-ins can be used to manage either the local computer or a remote computer (a computer elsewhere on the network).Access Options for System ToolsControl Panel and Administrative Tools contain most of the shortcuts for the system features but there are other ways of accessing key tools. Computer/This PCThe Computer object (renamed This PC in Windows 8/10) provides access to your local drives, printers, and any network drives that have been mapped. To browse resources, open Computer/This PC then the icon that represents the resource you want to view. By right-clicking the icon itself and selecting the Properties option from the menu, you can access System properties. You can also right-click and select Manage to open the default Computer Management console. WinX/Power Users MenuPressing Windows + X or right-clicking the Start button shows a shortcut menu including Control Panel, Windows Settings, and File Explorer, but also management utilities such as Device Manager, Computer Management, Command Prompt, and Windows PowerShell. Note: Contents of the WinX menu do change frequently. For example, the Control Panel link is no longer included in Windows 10 (1803).Instant Search and Run CommandThe Instant Search box on the Start Menu/Start Screen will execute programs and configuration options using simple names. You can open any file or program by pressing the Windows key then typing the path to the file. In the case of registered programs and utilities, you simply need to type the program file name or utility name. Alternatively, you can access the Run dialog box using Windows + R or entering run into the search box. Note: The run command is useful if you want to execute a program with switches that modify the operation of the software. For example, Microsoft Office programs can be executed using safe mode switches for troubleshooting..MSC Extensions and the Run LineThere are several management consoles that you can access via the Run line by using the .MSC extension. For example:
Command Line ToolsMost configuration of Windows can be done via convenient GUI tools, such as the management consoles and Control Panel. In some circumstances, though, it is necessary to use a command prompt to configure or troubleshoot a system. As you learn the commands, you may also find it quicker to use the command shell for actions such as file management. Learning commands is also valuable if you have to write scripts to automate Windows. Command PromptYou can run any command from the Run dialog box. However, to input a series of commands or to view output from commands, you need to use the command shell (cmd.exe). To open the prompt, type cmd in the Run dialog box or Instant Search box. Note: Alternatively, you can type command to achieve the same thing. This used to be specifically a DOS command interpreter, but now just links to cmd.exe.You may need to run the command prompt with elevated privileges in order to execute a command. If a command cannot be run, the error message “The requested operation requires elevation” is displayed. You cannot continue within the same window. You need to open a new command prompt as administrator. Right-click the command prompt shortcut and select Run as administrator then confirm the UAC prompt. Alternatively, type cmd in the Instant Search box then press Ctrl + Shift + Enter. When run as administrator, the title bar shows “Administrator: Command Prompt” and the default folder is C:\Windows\System32 rather than C:\Users\Username. Note: You can use this technique to open other utilities, such as Explorer or Notepad, with administrative privileges.Command SyntaxTo run a command, type it at the prompt (>) using the command name and any switches and arguments using the proper syntax. When you have typed the command, press Enter to execute it. The syntax of a command lists which arguments you must use (plus ones that are optional) and the effect of the different switches. Switches are usually preceded by the forward slash escape character. Note: If an argument includes a space, it may need to be entered within quotes (.”..”).As you enter commands, the prompt fills up with text. If this is distracting, you can use the cls command to clear the screen. Some commands, such as nslookup or telnet, can operate in interactive mode. This means that using the command starts that program and from that point, the prompt will only accept input relevant to the program. To exit the program you use the exit or quit command (or press Ctrl+C). The exit command will close the cmd window if not used within an interactive command. Getting HelpThe command prompt includes a rudimentary help system. If you type help at the command prompt then press Enter, a list of available commands is displayed. If you enter help CommandName, help on that command is displayed, listing the syntax and switches used for the command. You can also display help on a particular command by using the /? switch (for example, netstat /? displays help on the netstat command). Text EditorsMany files used by the operating system and applications are in a binary file format that can only be interpreted by the application. A plain text file can be modified in any text editor, but if it is saved through an application other than a basic text editor, it could be converted to a binary format and so become unusable. Windows supplies the basic text editor Notepad to modify text files. There are many third-party alternatives with better features, however. Run CommandYou can also execute commands from Instant Search or from the Run dialog box. If a command is interactive, it will open a command prompt window for input. If a command is non-interactive, the command prompt window will open briefly and close again as the command executes. If you want to force a command into interactive mode, use the cmd /k keyword before the command (for example, cmd /k ipconfig). Windows Shutdown OptionsWhen the user wants to finish using Windows, simply disconnecting the power runs a risk of losing data or corrupting system files. There are various choices for closing or suspending a session:
These options can be selected from the Start Menu/Start Screen or by pressing Ctrl+Alt+Del. Note: One of the “quirks” of Windows 8.0 was the lack of an obvious way to select the Shut Down command. Microsoft expected users to just use the physical power button, which on a modern computer invokes a shut down command (soft power) rather than a hard reset (unless you keep the power button pressed down). Users were reluctant to adopt this method, no doubt following years of IT departments telling them not to turn off a computer that way. The power options in Windows 8.0 are accessed via the Charms bar. The Start button and a power button on the Start Screen was returned in 8.1. In Windows 10 it appears right above the Start button, where no one can miss it.The computer can also be shut down at a command prompt by using the shutdown command plus the relevant switch (shown in the previous figure). If a shutdown is in progress, shutdown /a aborts it (if used quickly enough). The shutdown /t nn command can be used to specify delay in seconds before shutdown starts; the default is 30 seconds. The Windows RegistryThe Windows registry provides a remotely accessible database for storing operating system, device, and software application configuration information. When you boot a Windows machine, the registry is populated with information about hardware detected in your system. During boot, Windows extracts information from the registry, such as which device drivers to load and in what order. Device drivers also send and receive data from the registry. The drivers receive load parameters and configuration data. Finally, whenever you run a setup program or configure the system via Control Panel/Settings or Administrative Tools, it will add or change data in the registry. The registry does have a dedicated tool called regedit for direct editing, but it is not the tool you would use on an everyday basis to modify configuration data. Control Panel/Settings and Administrative Tools are better options for most tasks. Registry StructureThe registry is structured as a set of five root keys that contain computer and user databases. The computer database includes information about hardware and software installed on the computer. The user database includes the information in user profiles, such as desktop settings, individual preferences for certain software, and personal printer and network settings.
Each root key can contain subkeys and data items called value entries. Subkeys are analogous to folders and the value entries are analogous to files. A value entry has three parts: the name of the value, the data type of the value, and the value itself. The following table lists the different data types.
The registry database is stored in binary files called hives. A hive comprises a single file (most hives have a file with no extension), a .LOG file (containing a transaction log), and a .SAV file (a copy of the key as it was at the end of setup). The system hive also has an .ALT backup file. Most of these files are stored in the %SystemRoot%\System32\Config folder, but hive files for user profiles are stored in the folder holding the user’s profile. The following table shows the standard hives.
You can start the Registry Editor by running regedit via Instant Search, the Run dialog box, or the command prompt. You can use it to view or edit the registry and to back up and restore portions of the registry. Use the Find tool (Ctrl + F) to search for a key or value. If you want to copy portions of the registry database and use them on other computers, select File→ Export Registry File. The file will be exported in a registry-compatible format and can be merged into another computer’s registry by double-clicking the file (or calling it from a script). A registration file is a plain text file. If you merge changes from a .reg file back to the registry, additions that you have made to the registry will not be overwritten. Use the Registry Hive Files format to create a binary copy of that portion of the registry. Restoring from the binary file will remove any additions you made, as well as reversing the changes. What are the applets of Control Panel?Common Control Panel applets. What manages hardware and software supports the computer's basic functions and runs programs?An operating system is software that supports and manages all the programs and applications used by a computer or mobile device. An operating system uses a graphic user interface (GUI), a combination of graphics and text, that allows you to interact with the computer or device.
Which applet of Control Panel help you to control and manage how your desktop and other Windows feature look and behave?The Device Manager Control Panel applet is used to manage the hardware installed in Windows.
Which of the following contains information about installed hardware and software?HKLM (HKEY_LOCAL_MACHINE)
Contains computer-specific information about the hardware installed, software settings, and other information. The information is used for all users who log on to that computer.
|