Windows Flashcards
(25 cards)
What is the first phase of the Windows Boot Process?
Pre-Boot phase
In this phase, the PC’s firmware initiates a POST and loads firmware settings. The system identifies a valid system disk and reads the MBR, starting the Windows Boot Manager.
What does the Windows Boot Manager do?
Finds and starts the Windows loader (Winload.exe)
It is located on the Windows boot partition at %SystemRoot%\system32\winload.exe.
Which file is key during the Windows OS Loader phase?
%SystemRoot%\system32\ntoskrnl.exe
Essential drivers required to start the Windows kernel are loaded in this phase.
What does the Windows NT OS Kernel do?
Picks up registry settings, loads drivers, and passes control to the session manager process (Smss.exe)
The kernel loads the system registry hive into memory and handles the GUI.
What does HKEY_LOCAL_MACHINE (HKLM) store?
Settings specific to the local computer
Maintained in memory by the system kernel and contains sub-keys for SAM, SECURITY, SYSTEM, and SOFTWARE.
What information does the SAM sub-key contain?
Built-in accounts and configured accounts
Includes usernames, user identifiers, password hashes, registry hive locations, and domain status.
What is the purpose of the SECURITY sub-key?
Linked to the security database of the domain
It enforces the security policy for the current user.
What does the SYSTEM sub-key contain?
Information about the Windows System setup
It is crucial for the operational configuration of the system.
What type of information does HKEY_CLASSES_ROOT (HKCR) contain?
Information about registered applications
This includes file associations and OLE Object Class IDs.
What does HKEY_CURRENT_USER (HKCU) store?
Settings specific to the currently logged-in user
HKCU is a link to the user-specific subkey in HKEY_USERS.
What is the function of HKEY_CURRENT_CONFIG (HKCC)?
Acts as a pointer to the current hardware profile
It is a shortcut to the HKLM hive, where configuration information is stored.
What does HKEY_USERS (HKU) contain?
A SID sub-key for all loaded user profiles
User profile settings are stored in NTUSER.DAT and USRCLASS.dat files.
What is a Security Identifier (SID)?
A unique identifier for a security principal or security group
Each account or group has a unique SID issued by an authority such as a Windows Domain Controller.
What are the components of a SID?
String ID, revision level, ID authority
Each component helps to define the SID structure and its authority level.
What does the PowerShell command ‘Get’ do?
To get something
Example: get-help.
What is the function of the ‘tasklist’ command?
Displays a list of currently running processes
Can be used on local or remote computers.
What does the ‘ipconfig’ command do?
Displays current TCP/IP network configuration values
It can also refresh DHCP and DNS settings.
What is SysWOW64?
Subsystem of Windows OS for running 32-bit applications on 64-bit Windows
It allows compatibility for older applications.
What is a Dynamic Link Library (DLL)?
A library containing code and data used by multiple programs
It allows for shared functionality among applications.
What is a hard link?
A directory entry that associates a name with a file
It points to the inode of the file and shares the same data block.
What is a symbolic link?
A file that contains a reference to another file or directory
It affects pathname resolution and can be treated as an alias in Unix systems.
What information does an inode store?
Metadata for each file and directory
Includes file size, ownership, timestamps, access permissions, and number of links.
What is the Universal Naming Convention (UNC)?
A format for specifying the location of resources on a network
Example: \server-01\share-01\file1.txt.
Where are Windows Registry files stored?
C:\Windows\System32\config\
This location contains critical system configuration data.