ECS01 - Operating System Basics Training Module v1 0

Click to edit Master title style
Date 03-01-2012 Content Owner Dinshaw Shitoot

COMMERCIAL IN CONFIDENCE Copyright 2011 ECS Europe Limited
Operating System Basics
Session Objectives
Summary: This Module will enable trainees to gain knowledge about Windows 7 Operating System architecture and to correlate it with application repackaging techniques used by the organization.
Duration: Day 1 - Windows architecture and file system Day 2 - Windows registry and control panel Day 3 - Computer management Target Audience: Trainee Engineers with Basic OS knowledge.
COMMERCIAL IN CONFIDENCE
Copyright 2011 ECS Europe Limited
Agenda
Architecture of Operating system

Files and Directories Windows explorer. Filename extension Common file types (dll, ocx, fnt, ttf, exe. lnk, etc.) System Files (hosts, services, etc) Windows Resource Protection Quick Launch System tray
Table of Contents
Windows Registry Introduction to registry editor Structure, common keys Importing/exporting/editing Registering a dll Security / Permissions
Control Panel ARP Environment variables Task Manager
Table of Contents
Computer Management
Event Viewer Services User Profiles Windows 7 Command Prompt and basic DOS commands
Architecture of Computer System

An operating system (OS) is a collection of Computer Programs that manages the hardware and software resources of a computer. OS is written in low-level languages (i.e. Machine Dependent) The operating system forms a platform for other system software and application software. Its acts as an interface between the USER and the HARDWARE.
Windows Explorer:
Windows Explorer is a file manager application that is included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user interface for accessing the file systems
It is the component of the operating system that presents the user interface on the monitor and enables the user to control the computer. It is sometimes referred to as the Windows GUI shell, or simply "Explorer".
Windows Explorer Demo

Change Hidden Files, Folders and Extensions Settings
Files and File Extension
Filename is metadata about a file; a string used to uniquely identify a file stored on the file system There are many different types of files: data files, text files, program files, directory files, and so on Different types of files store different types of information. For example, program files store programs, whereas text files store text A filename extension is a suffix (separated from the basefilename by a dot) to the name of a computer file applied to indicate the encoding (file format) of its contents or usage. Example:
Q&A
Practical Exercise
Perform Settings for viewing hidden files and extensions Create a text file Test.txt on Desktop. Double click and open it
Right click on Test.txt and click edit

Change the extension of Test.txt to Test.bmp
Double click and open Test.bmp

Right click on Test.txt and click edit
DLL (Dynamic-Link Library)

A dynamic link library (DLL) is a collection of small programs, which can be called upon when needed by the executable program (exe) that is running.
These libraries usually have the file extension DLL, OCX (for libraries containing ActiveX controls), or DRV (for legacy system drivers). The file formats for DLLs are the same as for Windows EXE files that is, Portable Executable (PE) for 32-bit and 64-bit Windows
Examples of such DLLs include icon libraries, sometimes having the extension ICL, and font files, having the extensions FON and FOT
INI Files

.INI files are plain-text files that contain configuration information. These files are used by Windows and Windows-based applications to save information about your preferences and operating environment. "INI" stands for initialization. "INI file is in form of Section, Key and Value
INF file
An INF file (stands for information) or Setup Information file, is a plain text file used by Microsoft Windows for installation of software and drivers. INF files are most commonly used for installing device drivers for hardware components.
Hosts & Services file

Hosts File : The hosts file is used to store information on where to find a node on a computer network. This file maps hostnames to IP addresses the hosts file is used as a supplement to (or instead of) the DNS on networks of varying sizes. This file is (unlike DNS) under the control of the user who is using the computer. Services File : The /etc/services file contains information about the known services used by the operating system.
Services
A Windows service is an application that starts when the Microsoft Windows operating system is booted and runs in the background as long as Windows is running.
Windows provides an interface called the Service Control Manager that manages the creation, deletion, starting and stopping of services.
An application that wants to be a service needs to first be written in such a way that it can handle start|stop|pause|... messages from the Service Control Manager.
Services
The HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services registry key is used for storing this database.
Configure Services using CMD

To list services manually Type Services.msc on Run Window, this will enlist all the services running on Operating System To list services using command line SC.exe is used to perform various operation with services Syntax SC [\\server] [command] [service_name] [Options] Key server : The machine where the service is running service_name : The KeyName of the service, this is often but not always the same as the DisplayName shown in Control Panel, Services. You can get the KeyName by running: SC GetKeyName <DisplayName> Options start - START a service. stop - STOP a service
Q&A
Practical
Get KeyName of Windows Installer Service Query Windows Installer Service Start Windows Installer Service using Command line Stop Windows Installer Service using Command line
Shortcut Files
Shortcuts are small files containing only the location of another file, and sometimes specific parameters to be passed to it when run. They are commonly placed on the desktop, start menu, and taskbar of various operating systems, and may only work from the GUI and not from the command line.
Shortcuts files are of two kinds: Normal Shortcuts (.lnk file) points to another file. URL Shortcuts (.url file) points to an intranet or internet site.
Shortcut Files Excercise

Create a Shortcut for Notepad.exe under <Start Menu>\<Programs>\Test Folder
Other files
.hlp, .chm These files are used to provide application help. .mdb .htm, .html .bmp, jpg, gif .log, .tmp MS Access database HTML pages Image files
log file and temporary files
Windows Resource Protection

Windows Resource Protection (WRP) is designed to protect Core operating system files and registry keys which can be overwritten with older versions or malicious code causing serious stability and security issues. WRP increases system stability, predictability, and reliability (e.g. some of the inetpub folders) Applications should not attempt to modify WRP-protected resources because these are used by Windows and other applications. If an application attempts to modify a WRP-protected resource, it can have the following results. Application installers that attempt to replace, modify, or delete critical Windows files or registry keys may fail to install the application and will receive an error message stating that access to the resource was denied.
Windows Resource Protection

Replacement of resources is supported only through the following mechanisms: Windows Service Pack installation using Update.exe
Hotfixes installed using Hotfix.exe or Update.exe

Operating system upgrades using Winnt32.exe
Special Directories
USE OF STARTUP Startup is a location that allows you to run any program when your computer starts.
Startup (User) - The current user's Startup folder in the Start Menu. The program run only for the current user. Location :%UserProfile%\Start Menu\Programs\Startup Startup (AllUsers) - The common (all users) Startup folder in the Start Menu. The programs listed in this folder runs for All users. Location :%All UsersProfile%\Start Menu\Programs\Startup
StartUp
StartUp Exercise
Create a shortcut for Notepad.exe under Startup Folder Log off and Login the machine
Check if Notepad is opened
Quick Launch
Quick Launch, in Microsoft Windows, is a customizable toolbar that lets you display the Windows Desktop or start a program, such as Internet Explorer or the Windows Media Player, with a single click
Location : %UserProfile%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
SYSTEM TRAY
The last part of the taskbar is called the notification area or system tray. It mainly contains status notifications, though some programs One Note use it for minimized windows Applications can put icons in the notification area to indicate the status of an operation or to notify the user about an event
Q&A
Windows Registry
The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components as well as the applications running on the platform: the kernel, device drivers, services, SAM, user interface and third party applications all make use of the registry. The registry editor that ships with Windows is regedit.exe The registry contains profiles for each user of the computer and information about system hardware, installed programs, and property settings.
Registry Value Types

List of standard registry value types Type ID 0 1 Symbolic type name REG_NONE REG_SZ Meaning and encoding of the data stored in the registry value No type (the stored value, if any) A string value, normally stored and exposed in UTF-16LE (when using the Unicode version of Win32 API functions), usually terminated by a null character
2 3 4
REG_EXPAND_SZ REG_BINARY REG_DWORD / REG_DWORD_LITTLE_ENDIAN REG_DWORD_BIG_ENDIAN REG_LINK
Thank You
Binary data (any arbitrary data)
An "expandable" string value that can contain environment variables, normally stored and exposed in UTF-16LE, usually terminated by a null character
A DWORD value, a 32-bit unsigned integer (numbers between 0 and 4,294,967,295 [232 1]) (little-endian) A DWORD value, a 32-bit unsigned integer (numbers between 0 and 4,294,967,295 [232 1]) (big-endian) A symbolic link (UNICODE) to another registry key, specifying a root key and the path to the target key A multi-string value, which is an ordered list of non-empty strings, normally stored and exposed in UTF-16LE, each one terminated by a null character, the list being normally terminated by a second null character. A resource list (used by the Plug-n-Play hardware enumeration and configuration) A resource descriptor (used by the Plug-n-Play hardware enumeration and configuration) A resource requirements list (used by the Plug-n-Play hardware enumeration and configuration)
5 6
REG_MULTI_SZ
8 9 10
REG_RESOURCE_LIST REG_FULL_RESOURCE_DESCRIPTOR REG_RESOURCE_REQUIREMENTS_LIST
Registry Hives
HKEY_CURRENT_USER :
HKEY_CURRENT_USER stores settings that are specific to the currently logged-in user. The HKCU key is a link to the subkey of HKEY_USERS that corresponds to the user; the same information is reflected in both locations.
Registry Hives
HKEY_USERS : contains subkeys corresponding to the HKEY_CURRENT_USER keys for each user registered on the machine.
Registry Hives
HKEY_LOCAL_MACHINE :
Contains configuration information particular to the computer (for any user).
Registry Hives
HKEY_CLASSES_ROOT :
HKEY_CLASSES_ROOT stores information about registered applications, including associations from file extensions and object class ids to the applications used to handle these items. On Windows 2000 and above, HKCR is a compilation of HKCU\Software\Classes and HKLM\Software\Classes. If a given value exists in both of the subkeys above, the one in HKCU\Software\Classes is used.
Registry Hives
HKEY_CURRENT_CONFIG :
Contains information about the hardware profile used by the local computer at system startup.
Registry Hives Exercise

Exporting a Registry Key
Right click on the registry to be exported Click on Export tab
Save the registry with suitable filename and with .reg extension
Registry Hives Exercise

Importing a Registry Key Double Click on <Filename>.reg file
Click Yes
Click OK
Special Registry Keys

RUN keys allows you to easily configure which programs run when your computer starts.
- HKLM / Run - The Run registry key located in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. These apply for all users who logs in. - HKCU / Run - The Run registry key located in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run. These apply for the current logged in user only.
Special Registry Keys

Run and RunOnce registry keys cause programs to run each time that a user logs on. The data value for a key is a command line. Register programs to run by adding entries of the form description-string=commandline. You can write multiple entries under a key. If more than one program is registered under any particular key, the order in which those programs run is indeterminate.
The Windows registry includes the following four keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunO nce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnc e Programs listed under Run will execute every time log-in happens where as Run Once will execute only at first log-on.
RUN Keys
Location of Run Key:
Active Setup
Active Setup is a process within Windows OS that runs automatically when a user logs in for the first time. Registry keys at HKLM\Software\Microsoft\Active Setup\Installed Components\%APPNAME% and HKCU\Software\Microsoft\Active Setup\Installed Components\%APPNAME% are compared, and if the HKCU registry entries don't exist, or the version number of HKCU is less than HKLM, then the specified application is executed for the current user. In case application is not having any advertised entry points and requires installation of components such as files or registry keys on a per-user basis then Active Setup is a possible solution
Q&A
Registry Exercise
Create Active Setup for Notepad.exe Give the Path of Notepad.exe Log off and Login check whether Notepad.exe is launched Create Run and RunOnce keys and perform above steps
Registering a .dll file

Regsvr32.exe is a process belonging to the Windows OS and is used to register dynamic-link libraries and ActiveX controls in the registry.
Syntax regsvr32 [/u] [/s] [/n] [/i[:cmdline]] dllname
Parameters
/u : Unregisters server. /s : Specifies regsvr32 to run silently and to not display any message boxes.
/n : Specifies not to call DllRegisterServer. You must use this option with /i.
/i: cmdline : Calls DllInstall passing it an optional [cmdline]. When used with /u, it calls dll uninstall. dllname : Specifies the name of the dll file that will be registered.
/? : Displays help at the command prompt.

Applying Permissions to Registry

To assign permissions to a registry key Open Registry Editor Right click the key to which you want to assign permissions On the Edit menu, click Permissions Assign an access level to the selected key
Computer Management
Computer Management is a collection of Windows administrative tools that you can use to manage a local or remote computer.
The computer management console has the following categories of tools: System Tools Storage Services and Applications
Event Viewer
Event Viewer maintains logs about program, security, and system events on your computer.
The system defines three log sources, "System", "Application", and "Security". The System and Application log sources are intended for use by the Windows operating system and Windows applications respectively. The Security log source, however, is only directly writable by the Local Security Authority Subsystem Service (lsass.exe).
Eventviewer
To open Event Viewer, click Start, click Control Panel, click Administrative Tools, and then double-click Event Viewer.
OR Start Menu -> Run -> Type Eventvwr and press enter key
User Profiles
A User Profile (userprofile, or simply 'profile' when used in-context) is a feature of the Microsoft Windows operating system, comprising a given user's collection of personal documents and settings on that computer.
User Profiles
Types of user profiles include: A local user profile, is created the first time you log on to a computer and is stored on the computer's local hard disk. Any changes made to your local user profile are specific to the computer on which the changes are made. A roaming user profile, is created by your system administrator and is stored on a server. This profile is available every time you log on to any computer on the network. Any changes made to your roaming user profile will be updated on the server. A mandatory user profile, is a roaming profile that can be used to specify particular settings for individuals or an entire group of users. Only system administrators can make changes to mandatory user profiles.
User Profiles
Data on the computer is broadly divided into two types
1) Machine specific data 2) User specific data
Machine specific data can be accessed or modified by any no. of users who use that computer e.g. Files under ALLUSER Profile folder, c:\Program Files, registries under HKLM, System DSN etc.
User specific data can be accessed or modified by single user who logged in e.g. Files stored in My documents folder, HKCU registries, USER specific environment variables etc.
Control Panel
Control Panel is a part of the Microsoft Windows graphical user interface which allows users to view and manipulate basic system settings and controls, such as adding hardware, adding and removing software, controlling user accounts, and changing accessibility options. Control panel is an independent program, not a folder as it appears, which is accessed from the start menu, and is stored in the system32 directory as control.exe
Control Panel
Environment Variable
Environment variables are strings that contain information such as drive, path, or file name. They control the behavior of various programs. For example, the TEMP environment variable specifies the location in which programs place temporary files. Any user can add, modify, or remove a user environment variable.
However, only an administrator can add, modify, or remove a system environment variable.
Using System in Control Panel, you can customize the following variables:
User environment variables for logged in user. The user environment variables are different for each user of a particular computer. The variables include any that are set by the user, as well as any variables defined by programs, such as the path to the location of the program files. System environment variables Administrators can change or add environment variables that apply to the system, and thus to all system users. During installation, Windows Setup configures the default system variables, such as the path to the Windows files.
Editing Environment Variable:
Common Environment Variables

Variable %ALLUSERSPROFILE% and %PROGRAMDATA% C:\ProgramData Windows Vista/7
%APPDATA%
%COMMONPROGRAMFILES% %COMMONPROGRAMFILES(x86)%
C:\Users\{username}\AppData\Roaming
C:\Program Files\Common Files C:\Program Files (x86)\Common Files C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;{ plus program paths} %SystemDrive%\Program Files %SystemDrive%\Program Files (x86) (only in 64-bit version) %SystemDrive%\Windows %SystemDrive%\Users\{username}\AppData\Local\Temp
%PATH%
%PROGRAMFILES% %PROGRAMFILES(X86)% %SystemRoot% %TEMP% and %TMP%
%USERPROFILE%
%PUBLIC% %PROGRAMDATA%
%SystemDrive%\Users\{username}
%SystemDrive%\Users\Public %SystemDrive%\ProgramData
Environment Variables
Create a Folder at : C:\Program Files\Test Append Path Environment Variable with above path Remove C:\Program Files\Test from Path Environment Variable
Task Manager
A task manager is a program used to provide information about the processes and programs running on a computer, as well as the general status. It can be used to terminate processes and programs, as well as change the process priority.
Add/Remove Programs
In Add/Remove Programs in Control Panel, a list of installed applications is displayed for the purpose of easy removal.
Registry : HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Uninstall
Command Prompt
A command line interface or CLI is a method of interacting with an operating system or software using a command line interpreter. A command prompt (or just prompt) is a sequence of (one or more) characters used in a command line interface to indicate readiness to accept commands. Its intent is to literally prompt the user to take action. RunAs command Every executable when launched normally then it Runs with current logged in user token. When required to Run any program with token of different user then RunAs Utility is used. Syntax RUNAS [/profile] [/env] [/netonly] /user:<UserName> program /profile if the user's profile needs to be loaded /env to use current environment instead of user's. /netonly use if the credentials specified are for remote access only. /user <UserName> should be in form USER@DOMAIN or DOMAIN\USER program command line for EXE. See below for examples
RunAs using GUI

Every executable when launched normally then it Runs with currently logged in user token. When required to Run any program with token of different user then RunAs Utility is used.
XCOPY
Xcopy is a powerful version of the copy command with additional features; has the capability of moving files, directories, and even whole drives from one location to another.
SYNTAX XCOPY source [destination] [/A | /M] [/D[:date]] [/P] [/S [/E]] [/V] [/W] [/C] [/I] [/Q] [/F] [/L] [/H] [/R] [/T] [/U] [/K] [/N] [/O] [/X] [/Y] [/-Y] [/Z] [/EXCLUDE:file1[+file2][+file3]...]
XCOPY Excercise
Use XCOPY Command to copy C:\Program Files\Common Files to C:\Users\<LoggedInUser>\Desktop\Test folder
TASKKILL
Taskkill ends one or more tasks or processes. Processes can be killed by process ID or image name.
Syntax taskkill [/s Computer] [/u Domain\User [/p Password]]] [/fi FilterName] [/pid ProcessID]|[/im ImageName] [/f][/t]
TASKKILL
Parameters
/s Computer : Specifies the name or IP address of a remote computer (do not use backslashes). The default is the local computer. /u Domain\User : Runs the command with the account permissions of the user specified by User or Domain\User. The default is the permissions of the current logged on user on the computer issuing the command. /p Password : Specifies the password of the user account that is specified in the /u parameter.
/fi FilterName : Specifies the types of process(es) to include in or exclude
IPCONFIG
Ipconfig in Windows is a command line utility that displays all current TCP/IP network configuration values
Mapping Drives
Drive mapping is how System connects a local drive letter (A through Z) with a shared storage location of another computer over a network. Mapping of drives can be done through two different ways
Run a Batch file containing the command net use NET [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP | HELPMSG | LOCALGROUP | PAUSE | SESSION | SHARE | START | STATISTICS | STOP | TIME | USE | USER | VIEW ] Mapping of Drives can also be done through GUI
Printers
A printer driver or a print processor is a piece of software that converts the data to be printed to the form specific to a printer. The purpose of printer drivers is to allow applications to do printing Software Printers These are convertors of Documents from one format to another. Ex Word to PDF convertor Hardware Printers These printers enable user to print Hard copies of Document Spooler Service needs to be stopped before installing a printer and that needs to be restarted after installation Location of Printers Control Panel\Hardware and Sound\Devices and Printers
Q&A

ECS01 - Operating System Basics Training Module v1 0

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

ECS01 - Operating System Basics Training Module v1 0

Diunggah oleh

Hak Cipta:

Format Tersedia

Click to edit Master title style

Date 03-01-2012 Content Owner Dinshaw Shitoot

Operating System Basics

Copyright 2011 ECS Europe Limited

Architecture of Operating system

Copyright 2011 ECS Europe Limited

Copyright 2011 ECS Europe Limited

Copyright 2011 ECS Europe Limited

Architecture of Computer System

Copyright 2011 ECS Europe Limited

Copyright 2011 ECS Europe Limited

Windows Explorer Demo

Copyright 2011 ECS Europe Limited

Files and File Extension

Copyright 2011 ECS Europe Limited

Copyright 2011 ECS Europe Limited

Right click on Test.txt and click edit

Double click and open Test.bmp

Copyright 2011 ECS Europe Limited

DLL (Dynamic-Link Library)

Copyright 2011 ECS Europe Limited

Copyright 2011 ECS Europe Limited

Copyright 2011 ECS Europe Limited

Hosts & Services file

Copyright 2011 ECS Europe Limited

Copyright 2011 ECS Europe Limited

Copyright 2011 ECS Europe Limited

Configure Services using CMD

Copyright 2011 ECS Europe Limited

Copyright 2011 ECS Europe Limited

Copyright 2011 ECS Europe Limited

Copyright 2011 ECS Europe Limited

Shortcut Files Excercise

Copyright 2011 ECS Europe Limited

log file and temporary files

Copyright 2011 ECS Europe Limited

Windows Resource Protection

Copyright 2011 ECS Europe Limited

Windows Resource Protection

Hotfixes installed using Hotfix.exe or Update.exe

Copyright 2011 ECS Europe Limited

Copyright 2011 ECS Europe Limited

Copyright 2011 ECS Europe Limited

Check if Notepad is opened

Copyright 2011 ECS Europe Limited

Location : %UserProfile%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch

Copyright 2011 ECS Europe Limited

Copyright 2011 ECS Europe Limited

Copyright 2011 ECS Europe Limited

Copyright 2011 ECS Europe Limited

Registry Value Types

REG_EXPAND_SZ REG_BINARY REG_DWORD / REG_DWORD_LITTLE_ENDIAN REG_DWORD_BIG_ENDIAN REG_LINK

REG_RESOURCE_LIST REG_FULL_RESOURCE_DESCRIPTOR REG_RESOURCE_REQUIREMENTS_LIST

Copyright 2011 ECS Europe Limited

Copyright 2011 ECS Europe Limited

Copyright 2011 ECS Europe Limited

Copyright 2011 ECS Europe Limited

Copyright 2011 ECS Europe Limited

Copyright 2011 ECS Europe Limited

Registry Hives Exercise

Copyright 2011 ECS Europe Limited

Registry Hives Exercise

Special Registry Keys