🐉 neospace ~

📝 Latest Posts

Windows Fundamentals 1

Jan 17, 202518 min read

Table of Content

Learning Objectives

Upon completion of this module, learners should be able to:

  • Identify and describe the key features and evolution of different Windows operating system editions.
  • Navigate the Windows graphical user interface (GUI), including the Start Menu, Taskbar, and Notification Area.
  • Understand the functionalities and security implications of the NTFS file system, including Alternate Data Streams (ADS).
  • Explain the importance and function of the Windows\System32 folder.
  • Differentiate between administrator and standard user accounts and their respective privileges.
  • Describe the purpose and mechanism of User Account Control (UAC) and its role in system security.
  • Utilize the Task Manager to monitor system processes and resource usage.
  • Effectively utilize the Windows Settings menu and Control Panel for system configuration.

Introduction to Windows

The Windows operating system (OS) is a complex product with many system files, utilities, settings, features, etc. 

This module will attempt to provide a general overview of just a handful of what makes up the Windows OS, navigate the user interface, make changes to the system, etc. The content is aimed at those who wish to understand and use the Windows OS on a more comfortable level. 

Press the Start Machine button below to launch the attached virtual machine.

If you want to access the virtual machine via Remote Desktop, use the credentials below. 

Machine IP: 10.10.55.136 User: administrator Password: letmein123!

Connect to Remote Desktop Windows machine using WSL

i need to connect to remoted desktop with WSL terminal cause i like that better than using web based RDP. first of all we need to connect to TryHackMe network by connecting to openvpn

then we need to install remmmina https://remmina.org/

sudo apt install remmina

then run remmina by typing remmina in terminal and then press enter, then fill these details ~IP may differ according to your machine instance then connect xD

Windows Editions

The Windows operating system, first released in 1985, has evolved into the dominant OS for home and corporate use. Over the years, it has also become a prime target for hackers and malware writers.

Windows XP

Windows XP was a popular version with a long lifecycle. However, when Microsoft announced the end-of-life for Windows XP, many users panicked. Corporations, hospitals, and other entities rushed to test and migrate to a viable alternative, which was Windows 7. Vendors had to update their hardware and software to be compatible with Windows 7. This transition was challenging and highlighted the importance of timely upgrades.

Windows Vista

Windows Vista, a complete overhaul of the Windows OS, faced numerous issues and was poorly received by users. It was quickly replaced, underscoring Microsoft’s learning curve in balancing innovation with user needs.

Windows 7

Windows 7 emerged as a stable and reliable option after Windows Vista. However, like its predecessors, it too was marked with an end-of-support date, compelling users to plan for future transitions.

Windows 8.x

Windows 8.x had a short lifespan, similar to Vista. Its changes, including the introduction of the Metro interface, failed to resonate with users.

Windows 10

Released as a successor to Windows 8.x, Windows 10 became the widely adopted version for desktops. It introduced:

  • Two main editions: Home and Pro.
  • Regular updates to enhance usability and security.

Windows 10 Support

As of June 2021, Microsoft announced the retirement date for Windows 10:

  • Support for at least one Semi-Annual Channel will continue until October 14, 2025.

Windows 11

Windows 11, released on October 5, 2021, is the current OS for end-users, offering new features and a modernized interface.

Windows Server

While focusing on desktop OS, it’s important to note that the current server edition is Windows Server 2019 Standard, which offers robust features for enterprise-level applications.

Improvements in Usability and Security

Despite criticism, Microsoft has consistently worked to improve usability and security in every new version of Windows.

gantt
    title Windows OS Timeline
    dateFormat  YYYY-MM-DD
    section Key Milestones
    Windows XP          :active, des1, 2001-10-25, 2009-04-14
    Windows Vista       :des2, 2007-01-30, 2009-10-22
    Windows 7           :des3, 2009-10-22, 2020-01-14
    Windows 8.x         :des4, 2012-10-26, 2016-01-12
    Windows 10          :des5, 2015-07-29, 2025-10-14
    Windows 11          :active, des6, 2021-10-05, 2025-10-14

Notes

  • The VM used in this context runs Windows Server 2019 Standard, confirmed via System Information.
  • For details on Windows 10 retirement and Windows 11, refer to Microsoft’s official announcements.

The Desktop (GUI)

NOTE

Cosome basic stuff going here about explaining windows UI and things. I’m just copy pasting the THM Notentents

The Windows Desktop, aka the graphical user interface or GUI in short, is the screen that welcomes you once you log into a Windows 10 machine.

Traditionally, you need to pass the login screen first. The login screen is where you need to enter valid account credentials; usually, a username & password of a preexisting Windows account on that particular system or in the Active Directory environment (if it’s a domain-joined machine). 

The above screenshot is an example of a typical Windows Desktop. Each component that makes up the GUI is explained briefly below.

  1. The Desktop
  2. Start Menu
  3. Search Box (Cortana)
  4. Task View
  5. Taskbar
  6. Toolbars
  7. Notification Area

The Desktop

The desktop is where you will have shortcuts to programs, folders, files, etc. These icons will either be well organized in folders sorted alphabetically or scattered randomly with no specific organization on the desktop. In either case, these items are typically placed on the desktop for quick access.

The look and feel of the desktop can be changed to suit your liking. By right-clicking anywhere on the desktop, a context menu will appear. This menu will allow you to change the sizes of the desktop icons, specify how you want to arrange them, copy/paste items to the desktop, and create new items, such as a folder, shortcut, or text document.

Under Display settings, you can make changes to the screen’s resolution and orientation. In case you have multiple computer screens, you can make configurations to the multi-screen setup here. 

Note: In a Remote Desktop session, some of the display settings will be disabled. 

You can also change the wallpaper by selecting Personalize.

Under Personalize, you can change the background image to the Desktop, change fonts, themes, color scheme, etc. 

The Start Menu

In previous versions of Windows, the word Start was visible at the bottom left corner of the desktop GUI. In modern versions of Windows, such as Windows 10, the word ‘Start’ doesn’t appear anymore, but rather a Windows Logo is shown instead. Even though the look of the Start Menu has changed, its overall purpose is the same. 

The Start Menu provides access to all the apps/programs, files, utility tools, etc., that are most useful. 

Clicking on the Windows logo, the Start Menu will open. The Start Menu is broken up into sections. See below.

  1. This section of the Start Menu provides quick shortcuts to actions that you can perform with your account or login session, such as making changes to your user account, lock your screen, or signing out of your account. Other shortcuts specific to your account are your Documents (document icon) folder and Pictures folder (pictures icon). Lastly, the gear/cog icon will take you to the Settings screen, and the power icon will allow you to Disconnect from a Remote Desktop session, shut down the computer, or restart the computer.

In the below image, you can see what each of the icons represents. To expand this section, click on the icon that resembles a hamburger at the top.  

  1. This section will show all Recently added apps/programs at the top and all the installed apps/programs (that are configured to appear in the Start Menu). In this section, you’ll also see the apps/programs will be listed in alphabetical order. Each letter will have its own section. See below.

In the above image, the first box is where the recently added apps/programs will appear. The second box is where all the installed apps/programs will appear. 

Note: In your VM, Google Chrome will not show up as a Recently Added program anymore.

If you have a LONG list of installed apps/programs, you can jump to a particular section in the list by clicking on the letter headings to launch an alphabet grid. See below.

Note: The white letters match the letter headings. 

  1. The right side of the Start Menu is where you will find icons for specific apps/programs or utilities. These icons are known as tiles. Some tiles are added to this section by default. If you right-click any of the tiles, you guessed it; a menu will appear to allow you to perform more actions on the selected tile; such as resizing the tile, unpinning from Start Menu, view its Properties, etc. See below.

Apps/programs can be added to this Start Menu section by right-clicking the app/program and selecting Pin to Start. See below.

The Taskbar

Some of the components are enabled and visible by default. The Toolbar (6), for example, was enabled for demonstration purposes.  

If you’re like me and want to disable some of these components, you can right-click on Taskbar to bring up a context menu that will allow you to make changes.

Any apps/programs, folders, files, etc., that you open/start will appear in the taskbar. 

Hovering over the icon will provide a preview thumbnail, along with a tooltip. This  tooltip is handy if you have many apps/programs open, such as Google Chrome, and you wish to find which instance of Google Chrome is the one you need to bring in to focus. 

When you close any of these items, they will disappear from the taskbar (unless you explicitly pinned it to the taskbar). 

The Notification Area

The Notification Area, which is typically located at the bottom right of the Windows screen, is where the date and time are displayed. Other icons possibly visible in this area is the volume icon, network/wireless icon, to name a few. Icons can be either added or removed from the Notification Area in Taskbar settings. 

From there, scroll down to the Notification Area section to make changes. 

Here are Microsoft’s brief documents for the Start Menu and  Notification Area.

Tip: You can right-click any folder, file, app/program, or icon to view more information or perform other actions on the clicked item.

Questions

  1. Which selection will hide/disable the Search box?
    • Hidden
  2. Which selection will hide/disable the Task View button?
    • Show Task View button
  3. Besides Clock and Network, what other icon is visible in the Notification Area?
    • Action Center

The File System

FAT File System Overview

FAT (File Allocation Table) is still commonly used in devices like USB drives, MicroSD cards, and similar portable storage devices. However, it is not typically used on personal Windows computers, laptops, or Windows servers.

NTFS File System Overview

NTFS (New Technology File System) is the file system used by modern Windows installations and provides many advanced features not available in FAT. It is known as a journaling file system, enabling automatic repair of folders and files on disk in case of failure using a log file.

Key Features of NTFS

  1. Support for Files Larger Than 4GB: Addresses FAT’s 4GB size limitation.
  2. Permissions: Allows setting specific access controls on files and folders.
  3. Compression: Built-in folder and file compression.
  4. Encryption: Includes Encryption File System (EFS) for securing data.

To check the file system of your Windows installation:

  • Right-click the drive (usually C:) and select Properties to view its file system type.

NTFS Permissions

NTFS allows granular control over access to files and folders. Permissions include:

  • Full Control: Grants complete access to modify and manage the file or folder.
  • Modify: Allows editing content but not changing permissions.
  • Read & Execute: Enables viewing and executing files.
  • List Folder Contents: Allows viewing contents of a folder.
  • Read: Grants read-only access.
  • Write: Permits modifying and adding content.
graph TD
    A[Full Control] -->|Includes| B[Modify]
    A -->|Includes| C[Read & Execute]
    C -->|Includes| D[Read]
    C -->|Includes| E[List Folder Contents]
    B -->|Includes| F[Write]

How to View Permissions:

  1. Right-click the file or folder.
  2. Select Properties.
  3. Navigate to the Security tab.
  4. In the Group or user names section, select the entity to view permissions.

For detailed understanding, refer to Microsoft documentation on NTFS Special Permissions.

Alternate Data Streams (ADS)

ADS is an NTFS feature allowing files to have multiple data streams. Each file has at least one data stream ($DATA). ADS is not displayed natively in Windows Explorer but can be viewed using PowerShell or third-party tools.

Security Perspective

  • Malware Use: ADS can be exploited by malware to hide data.
  • Legitimate Use: For example, Windows writes identifiers in ADS for files downloaded from the Internet.

To explore ADS:

  • Refer to resources like MalwareBytes documentation or Advent of Cyber 2 (Day 21).
graph TD
    ADS[Alternate Data Streams] -->|Uses| Malware[Malware Hiding]
    ADS -->|Uses| Legit[Legitimate Metadata Storage]

More About ADS : https://www.malwarebytes.com/blog/101/2015/07/introduction-to-alternate-data-streams More About Alternate Data Stream>>>

Summary

NTFS offers enhanced features compared to FAT, making it the preferred file system for modern Windows installations, providing:

  • Larger file support
  • Security through permissions and encryption
  • Robust data handling and recovery
  • Advanced features like ADS for additional functionality

Answer:

What is the meaning of NTFS?
NTFS stands for New Technology File System, a robust, secure, and feature-rich file system used by modern Windows operating systems.

The Windows\System32 Folders

The C:\Windows folder typically contains the Windows operating system but doesn’t have to reside in the C drive or even in a folder named “Windows.” The system environment variable %windir% points to the location of the Windows directory. Environment variables, as explained by Microsoft, store information about the operating system environment, such as system paths, processor details, and temporary folder locations. The Windows folder itself contains many subfolders essential for the OS. img

One of the many folders is System32. img

The System32 folder holds the important files that are critical for the operating system.

You should proceed with extreme caution when interacting with this folder. Accidentally deleting any files or folders within System32 can render the Windows OS inoperational. Read more about this action here

Note: Many of the tools that will be covered in the Windows Fundamentals series reside within the System32 folder.

User accounts, Profiles, and Permissions

User accounts can be one of two types on a typical local Windows system: Administrator & Standard User

The user account type will determine what actions the user can perform on that specific Windows system. 

  • An Administrator can make changes to the system: add users, delete users, modify groups, modify settings on the system, etc. 
  • A Standard User can only make changes to folders/files attributed to the user & can’t perform system-level changes, such as install programs.

You are currently logged in as an Administrator. There are several ways to determine which user accounts exist on the system. 

One way is to click the Start Menu and type Other User. A shortcut to System Settings > Other users should appear. 

If you click on it, a Settings window should now appear. See below.

Since you’re the Administrator, you see an option to Add someone else to this PC.

Note: A Standard User will not see this option.  

Click on the local user account. More options should appear: Change account type and Remove

Click on Change account type. The value in the drop-down box (or the highlighted value if you click the drop-down) is the current account type. 

When a user account is created, a profile is created for the user. The location for each user profile folder will fall under is C:\Users.

For example, the user profile folder for the user account Max will be C:\Users\Max.

The creation of the user’s profile is done upon initial login. When a new user account logs in to a local system for the first time, they’ll see several messages on the login screen. One of the messages, User Profile Service, sits on the login screen for a while, which is at work creating the user profile. See below.

 

Once logged in, the user will see a dialog box similar to the one below (again), indicating that the profile is in creation.

Each user profile will have the same folders; a few of them are:

  • Desktop
  • Documents
  • Downloads
  • Music
  • Pictures

Another way to access this information, and then some, is using Local User and Group Management

Right-click on the Start Menu and click Run. Type lusrmgr.msc. See below

Note: The Run Dialog Box allows us to open items quickly. 

Back to lusrmgr, you should see two folders: Users and Groups

If you click on Groups, you see all the names of the local groups along with a brief description for each group. 

Each group has permissions set to it, and users are assigned/added to groups by the Administrator. When a user is assigned to a group, the user inherits the permissions of that group. A user can be assigned to multiple groups.

Note: If you click on Add someone else to this PC from Other users, it will open Local Users and Management.

Questions

  1. What is the name of the other user account?
    • tryhackmebilly
  2. What groups is this user a member of?
    • Remote Desktop Users,Users
  3. What built-in account is for guest access to the computer?
    • Guest
  4. What is the account description?
    • window$Fun1!

User Account Control (UAC)

Purpose: UAC protects Windows systems by limiting the privileges of administrator accounts. It prevents malware from easily running with elevated permissions, even if a user is logged in as an administrator.

How it works:

  • Standard User Accounts: Operate with limited privileges. Actions requiring administrator rights trigger UAC prompts.
  • Administrator Accounts (with UAC enabled): Don’t automatically run with elevated privileges. Any action requiring admin rights prompts the user for confirmation via a UAC dialog box. This prompt requires the user to enter their credentials to grant elevated access.
  • UAC Exemptions: By default, the built-in administrator account is exempt from UAC prompts.
  • Visual Indicator: A shield icon on a program’s icon indicates that running it requires UAC elevation (admin privileges).

Benefits:

  • Reduces the risk of malware infection and system compromise.
  • Prevents unintended changes to the system by standard users.

Note: The built-in administrator account is typically exempt from UAC, highlighting the importance of using standard user accounts for daily tasks whenever possible.

NOTE

Even if a user is logged in as an administrator, UAC still prompts for confirmation when an action requires elevated privileges. This is because UAC runs administrator accounts with standard user privileges by default and only elevates to full admin rights when explicitly authorized by the user.

Key Points about UAC and Administrator Accounts:

  1. Logged-in Administrator Accounts:

• Administrator accounts in Windows do not always run with full admin privileges. Instead, they run with standard privileges by default.

• When an action needs elevated permissions (e.g., installing software, changing system settings), UAC will prompt for confirmation.

  1. UAC Prompt Behavior:

• For administrator accounts, UAC typically asks for confirmation (a Yes/No dialog).

• For standard user accounts, UAC asks for both confirmation and the credentials of an administrator account.

  1. Disabling UAC:

• If UAC is completely turned off (not recommended for security reasons), administrator accounts will not see any prompts and will automatically perform elevated actions.

• This leaves the system more vulnerable to malware and unauthorized changes.

So, even if you’re logged in as an administrator, you will still see UAC prompts unless UAC is disabled or set to the lowest level. This is an essential security feature to prevent malware from exploiting admin privileges without user consent.

Settings and the Control Panel

On a Windows system, the primary locations to make changes are the Settings menu and the Control Panel.

For a long time, the Control Panel has been the go-to location to make system changes, such as adding a printer, uninstall a program, etc. 

The Settings menu was introduced in Windows 8, the first Windows operating system catered to touch screen tablets, and is still available in Windows 10. As a matter of fact, the Settings menu is now the primary location a user goes to if they are looking to change the system.

nothing much important here :3

Task Manager

The last subject that will be touched on in this module is the Task Manager.

The Task Manager provides information about the applications and processes currently running on the system. Other information is also available, such as how much CPU and RAM are being utilized, which falls under Performance

You can access the Task Manager by right-clicking the taskbar. 

Task Manager will open in Simple View and won’t show much information. 

Click on More details, and the view changes.

You can refer to this blog post for more detailed information about the Task Manager.

If you wish to learn more about the core Windows processes and what each process is responsible for, visit the Core Windows Processes room.

Questions

  1. What is the keyboard shortcut to open Task Manager?
    • Ctrl+Shift+Esc

Conclusion

This TryHackMe room provided a foundational overview of the Windows operating system, covering key aspects relevant to both general users and those interested in cybersecurity. We explored the evolution of Windows editions, examined the graphical user interface (GUI) and its components, delved into the NTFS file system and its security implications (including Alternate Data Streams), investigated the critical System32 folder, and understood user accounts, profiles, and permissions. Finally, the crucial role of User Account Control (UAC) in enhancing system security was explained, along with a practical look at the Task Manager. This module provides a solid base for further exploration of Windows internals and security practices.

Next >>

Windows Fundamentals 2 🏃🏻‍♂️

Graph View

Backlinks