CompTIA A+ Certification Exam Core 2 (220-1002) objectives covered in this chapter:
This chapter focuses on the exam topics related to operating systems. It follows the structure of the CompTIA A+ 220-1002 exam blueprint, objective 1, and it explores the nine subobjectives that you need to master before taking the exam. The Operating Systems domain represents 27 percent of the total exam.
While the overwhelming percentage of devices you will come into contact with will be Windows devices, you will also encounter other operating systems. The Linux operating system and the macOS are increasingly found in enterprise networks in situations where their strengths can be leveraged. There are also many other technologies that you may not be directly managing, but you should still be familiar with them and understand their purpose. This chapter will focus on these areas, as well as other operating systems such as those found on smartphones. It covers the following topics:
The primary difference between 32-bit and 64-bit computing is the amount of data the processor (CPU) is able to process effectively. To run a 64-bit version of the operating system, you must have a 64-bit processor. To find out whether you are running the 32-bit or 64-bit version of Windows, you can look at the information shown in the System applet in the Control Panel in any of the Windows versions you need to know for this exam.
Other differences between 64-bit and 32-bit systems are their hardware requirements and the types of applications you can run on them. You can run a 32-bit application on either a 64-bit or 32-bit operating system, but you can only run 64-bit applications on a 64-bit system.
All operating systems have a minimum amount of RAM required to operate. It’s not just a matter of functioning well; if you don’t have that minimum memory, it won’t install! Always consult the documentation to ensure that you meet this requirement.
There is also a maximum amount of memory that an operating system can use, which is also useful to know. There is no use wasting memory in a device in which the operating system simply ignores it. The documentation that comes with the operating system will tell how much memory the system can support.
Software is written to operate on a specific operating system or systems. For example, if it’s written for Windows, it may not work on MacOS. If you intend to use an application, always check to see the operating system(s) it supports, which will be in the documentation. This may even influence the operating system you install.
Workstations are the most common types of devices in our networks. These are the user machines, both laptop and desktops. There are three main operating systems used on workstations, Windows, Apple (MacOS), and Linux.
While there are many Windows operating systems available, this exam asks that you know the intricacies of only four that run on the personal computer: Windows 7, Windows 8, Windows 8.1, and Windows 10. Each will be covered in its own section in this chapter.
In your career, you are almost certain to come in contact with the MacOS operating systems (since 2001 the MacOS system has been called OS X, so you may consider those terms interchangeable). Even though these systems constitute only a small percentage of the total number of devices found in enterprise environments, there are certain environments where they dominate and excel such as music and graphics.
Linux is probably used more often than MacOS in enterprise networks, in part because many proprietary operating systems that reside on devices such as access points, switches, routers, and firewalls are Linux-based. Linux systems also predominate in the software development area.
In this section of the chapter, you will be introduced to some of the common features and functions in these operating systems.
Computer operating systems are not the only type of operating system with which you will come into contact. Many tablets, smartphones, and other small devices will have operating systems that are designed to run on devices that have different resource capabilities and therefore require different systems. This section will look at operating systems for such mobile devices.
The Windows operating system, which is the most widely used for desktops and laptops, may also be found on some mobile devices such as smartphones and tablets, but it is not used as widely for these device types as iOS and Android. This is one of the best examples of closed source software.
The Android operating system from Google is built on a Linux kernel with a core set of libraries that are written in Java. It is an open source operating system, which means that developers have full access to the same framework application programming interfaces (APIs) used by the core applications.
Apple iOS is a vendor-specific system made by Mac for mobile devices. Developers must use the software development kit (SDK) from Apple and register as Apple developers.
Chrome is another operating system by Google that runs on its Chrome laptop. Based on the Linux kernel, it uses the Chrome browser as an interface. Originally it ran Chrome apps, but now Android apps have been made to run on it.
Vendors of operating systems impose certain restrictions and limitations on the support provided to their systems. Two of the more important of these are covered in this section.
Whenever a vendor sets an end-of-life date, it means that after that date they will no longer offer help and support for that product. After that you are on your own regarding errors and troubleshooting.
When Microsoft and possibly other vendors release operating system updates, they sometimes make the update package available only to those who purchased a full copy of the previous version. For example, you can install Windows 10 as an update only if you have a full installation of Windows 8.1; going from Windows 7 to 10, you would pay for a full install. In cases like this, the update package will be cheaper than the full operating system, the idea being to give the customer credit for the purchase of the previous system. Those without the previous system must pay full price for a new installation of the updated operating system.
While using a mix of desktop operating systems in an organization is not recommended, you may find yourself in that scenario. If that is the case, you may also find yourself supporting many more applications, as they are specific to the OS, and sometimes even to an OS version such as Windows 7 or Windows 10. Be aware that you may encounter compatibility issues between the systems and between the documents produced by the applications. Always research online about these issues, as someone has probably already solved the issue!
Describe the major differences between the Android and iOS operating systems. Android is an open source operating system, and iOS is a vendor-specific system made by Apple. Apps for Android systems can be obtained from Google Play or many other sites, whereas iOS apps are available only on the Apple Store site.
This section contains numerous tables because of the nature of the information that it covers. It is imperative that you be familiar with Windows 7, Windows 8, Windows 8.1, and Windows 10. Make certain you understand the features available in each of these versions of Windows as well as the editions that were made available for each of them. The topics covered in this section of the chapter are as follows:
Windows 7 was released in 2009, much to the delight of many users who were dissatisfied with Windows Vista. It has had one service pack and is still widely used even though three operating system versions have been released since. It comes in six editions, each of which differs in requirements and capabilities.
Table 6.1 shows the available editions and their hardware requirements.
Table 6.1 Windows 7 editions
Features | Starter | Home Basic | Home Premium | Professional | Enterprise | Ultimate |
Licensing scheme | OEM licensing | Retail and OEM | Licensing scheme | OEM licensing | Retail and OEM | Licensing scheme |
Maximum physical memory (RAM) (32-bit) | 2 GB | 4 GB | 4 GB | 4 GB | 4 GB | 4 GB |
Maximum physical memory (RAM) (64-bit) | N/A | 8 GB | 16 GB | 192 GB | 192 GB | 192 GB |
Maximum physical CPUs supported | 1 | 1 | 1 | 2 | 2 | 2 |
Windows 8 was released in 2012 and was never fully embraced. Many corporate teams skipped from Windows 7 to Windows 10. Among the chief complaints about Windows 8 were the confusing Start screen and the new Metro desktop. Sometimes it’s not good to shake things up too soon.
Table 6.2 shows the editions of Windows 8 and their hardware requirements.
Table 6.2 Windows 8 editions
Features | Windows RT | Windows 8 (Core) | Windows 8 Pro | Windows 8 Enterprise |
Availability | Pre-installed on devices | Most channels | Most channels | Volume License customers |
Architecture | ARM (32-bit) | IA-32 (32-bit) or x64 (64-bit) | IA-32 (32-bit) or x64 (64-bit) | IA-32 (32-bit) or x64 (64-bit) |
Maximum physical memory (RAM) | 4 GB | 128 GB on x64 4 GB on IA-32 | 512 GB on x64 4 GB on IA-32 | 512 GB on x64 4 GB on IA-32 |
Released a year after its predecessor, Windows 8.1 expanded functionality available to apps compared to Windows 8, but still was avoided because of the new interface. It did introduce OneDrive integration and added expanded tutorials for the new interface (to no avail).
The following are hardware requirement for Windows 8.1:
It seems that Microsoft has fallen into a pattern of succeeding with every other version number as Windows 10 has been a success. In May 2018 it did undergo an update that seems to cause no major issues. Windows 10 supports universal apps, which are those designed to run across multiple platforms. Its interface is friendly to both the mouse and touchscreen navigation. The movement away from the tablet look in Windows 8 has been well received.
The following are hardware requirements for Windows 10:
There are features present in Windows that cater to personal needs, while others are more relevant to the corporate environment. In this section we’ll look at a few of these features.
Not all editions of Windows can join a domain. Home editions cannot, while Professional and Enterprise editions can. To join a Windows 7/8/10 computer to a domain, do the following:
BitLocker allows you to use drive encryption to protect files—including those needed for startup and logon. This is available with the Ultimate and Enterprise editions of Windows 7 and the Pro and Enterprise editions of Windows 8, 8.1, and 10. For removable drives, BitLocker To Go provides the same encryption technology to help prevent unauthorized access to the files stored on them.
Media Center is one of the features that will probably be used more at home. It is a digital video recorder and media player created by Microsoft. Media Center was first introduced to Windows in 2002. It was discontinued after Windows 7 and available as a paid add-on in Windows 8 and 8.1. It is not available in Windows 10.
BranchCache is a bandwidth-optimization feature that started with Windows 7. Each client has a cache and acts as an alternate source for content requested by devices on its own network. There are two modes, Hosted Cache and Distributed. In Hosted Cache mode, designated servers act as a cache for files requested by clients in its area. In Distributed mode, each client contains a cached version of the BranchCache-enabled files it has requested and received, and it acts as a distributed cache for other clients requesting that same file.
The Encrypting File System (EFS) is an encryption tool built into Windows 7, and Windows 8 or 8.1 Professional or Enterprise. (EFS is not fully supported on Windows 7 Starter, Windows 7 Home Basic, and Windows 7 Home Premium or Windows 10 editions.) It allows a user to encrypt files that can be decrypted only by the user who encrypted the files. It can be used only on NTFS volumes but is simple to use.
To encrypt a file in Windows 8.1, simply right-click the file, access the file’s properties, and on the General tab click the Advanced button. That will open the Advanced Attributes dialog box, as shown in Figure 6.1. On this page, select the Encrypt Contents To Secure Data box.
Desktop styles or interfaces have changed slightly from Windows 7 to Windows 10. The following are some of the features of the interfaces.
The Aero interface offers a glass design that includes translucent windows. It was new with Windows Vista. It requires a graphics card with DirectX 9 graphics with 128 MB RAM to functions and can be enabled in Control Panel.
These are mini programs, introduced with Windows Vista, that can be placed on the desktop (Windows 7), allowing them to run quickly and letting you personalize the PC (clock, weather, and so on). Windows 7 renamed these Windows Desktop Gadgets (right-click the desktop and click Gadgets in the context menu; then double-click the one you want to add). In 2011, Microsoft announced it is no longer supporting the development or uploading of new gadgets. No operating system after Windows 7 supports Gadgets.
You can also install an XP mode virtual machine using these instructions:
Windows 8.1 and 10 allow you to run a Metro application (also called at various times Tileworld apps and modern apps; these are apps you get at the Windows Store) and a desktop application at the same time, or up to four Metro apps at the same time, which on other devices such as a smartphone may not be possible.
To do this, you must split the screen into two parts, which can be done in two ways.
In Windows 8.1, the user interface is different from earlier versions of Windows. The Start menu was removed, and the desktop replaced with a new look called Metro. This look resembles the interface of a smartphone or tablet and represents the Microsoft vision of a common interface on all devices. Information, settings, and applications are housed in tiles. Figure 6.2 shows this look.
This look received negative reactions from most desktop and laptop users and more positive reactions from those raised on the smartphone interface. Microsoft reacted by changing the name of the look to the Microsoft design language. While there were rumors of a return to the Start menu, Microsoft made the classic Start menu available in Windows 8.1 but by default stuck to its guns and continued to use a Start screen rather than a Start menu. (The Start screen is covered in the “Start screen” section.)
Pinning is the process of configuring an icon for a program on the taskbar so that it is easier to locate. It was introduced in Windows 7 and continued in Windows 8, 8.1, and 10, and for frequently used applications, it saves navigating through the Start menu or Start screen to locate the application.
To pin the program to the taskbar in Windows 7, do one of the following:
To pin the program to the taskbar in Windows 8, 8.1, and 10, follow these steps:
Prior to Windows 8, if you set up multiple monitors, you could have the taskbar only on the primary monitor, which meant you had to go back to that monitor (which may not be where you are currently engaged) to access the taskbar. In Windows 8 and 8.1, you can now have your taskbar on all monitors by selecting the option in the properties of the taskbar, as shown in Figure 6.3.
Charms are a bit like icons and were introduced with Windows 8 and the Metro UI. They are organized on a Charms bar that will appear on the right side of the screen when invoked. With the mouse you bring up the bar by moving the cursor into the right corner of the desktop; on a touchscreen, you swipe from the right edge toward the center.
There are five charms there that are like doors to other lists of options. The five charms are Search, Share, Start, Devices, and Settings. The Start charm simply opens the Start screen, which replaces the Start menu. Figure 6.4 shows the Charms bar.
One of the more controversial changes to the user interface with Windows 8 and 8.1 was removing the Start menu and replacing it with the Start screen. Shown in Figure 6.2 earlier, this is the screen that appears to be the future of all Windows operating systems, despite the resistance of many desktop and laptop users.
Identify the hardware requirements of various Windows editions and versions. These include all editions of the Windows 7, Windows 8, Windows 8.1, and Windows 10 versions.
When installing or upgrading an operating system, it is important to know what is possible and what is not. Not all systems can be directly upgraded to the newest version. Some must be completely reinstalled. In this section, we’ll look at some possible upgrade paths and other installation considerations. This section covers the following topics:
There are several things to be aware of regarding upgrade paths, including the differences between in-place upgrades, the available compatibility tools, and the Windows Upgrade Advisor.
One Windows operating system can often be upgraded to another, if compatible. With the case of Windows 7, it is even possible to upgrade from one edition of the operating system to another. When you are faced with a scenario in which you cannot upgrade, you can always do a clean installation. There’s one more thing to consider when evaluating installation methods. Some methods work only if you’re performing a clean installation and not an upgrade.
Table 6.3 lists the minimum system requirements, which are the same for the various editions of Windows 7.
Table 6.3 Windows 7 minimum hardware
Hardware | Minimum supported for all editions of Windows 7 |
Processor | 1 GHz |
Memory | 1 GB for 32-bit; 2 GB for 64-bit |
Free hard disk space | 16 GB free for 32-bit; 20 GB free for 64-bit |
CD-ROM or DVD | DVD-ROM |
Video | DirectX 9 with WDDM 1.0 (or higher) driver |
Mouse | Required (but not listed as a requirement) |
Keyboard | Required (but not listed as a requirement) |
Internet access | Not listed as a requirement |
Table 6.4 lists the minimum system requirements for Windows 8, and Table 6.5 lists the minimum system requirements for Windows 8.1. Table 6.6 lists the minimum system requirements for Windows 10.
Table 6.4 Windows 8 minimum hardware
Hardware | Minimum supported for all editions of Windows 8 |
Processor | 1 GHz with support for PAE, NX, and SSE |
Memory | 1 GB for 32-bit; 2 GB for 64-bit |
Free hard disk space | 16 GB free for 32-bit; 20 GB free for 64-bit |
CD-ROM or DVD | DVD-ROM |
Video | DirectX 9 with WDDM 1.0 (or higher) driver |
Table 6.5 Windows 8.1 minimum hardware
Hardware | Minimum supported for all editions of Windows 8.1 |
Processor | 1 GHz with support for PAE, NX and SSE |
Memory | 1 GB for 32-bit; 2 GB for 64-bit |
Free hard disk space | 16 GB free for 32-bit; 20 GB free for 64-bit |
CD-ROM or DVD | DVD-ROM |
Video | DirectX 9 with WDDM 1.0 (or higher) driver |
Table 6.6 Windows 10 minimum hardware
Hardware | Minimum supported for all editions of Windows 10 |
Processor | 1 GHz with support for PAE, NX, and SSE |
Memory | 1 GB for 32-bit; 2 GB for 64-bit |
Free hard disk space | 16 GB free for 32-bit; 20 GB free for 64-bit |
CD-ROM or DVD | DVD-ROM |
Video | DirectX 9 with WDDM 1.0 (or higher) driver |
If there is one thing to be learned from Tables 6.3 through 6.6, it is that Microsoft is nothing if not optimistic. For your own sanity, though, I strongly suggest you always take the minimum requirements with a grain of salt. They are minimums. Even the recommended requirements should be considered minimums. Bottom line: Make sure you have a good margin between your system’s performance and the minimum requirements listed. Always run Windows on more hardware rather than less!
Certain features in Windows 7 have further hardware requirements that are listed here:
http://windows.microsoft.com/en-US/windows7/products/system-requirements
The easiest way to see whether your current hardware can run Windows 7 is to download and run the Windows 7 Upgrade Advisor available here:
http://windows.microsoft.com/en-us/windows/downloads/upgrade-advisor
You can also always check hardware in the Windows 7 Compatibility Center here:
www.microsoft.com/windows/compatibility/windows-7/en-us/default.aspx
If you want to do an upgrade instead of a clean installation, review the upgrade options in Table 6.7 (it is worth pointing out again that a “No” does not mean you can’t buy the Windows 7 upgrade but rather that you can’t keep your files, programs, and settings).
Table 6.7 Windows 7 upgrade options
Existing operating system | Windows 7 Home Premium 32-bit | Windows 7 Home Premium 64-bit | Windows 7 Professional 32-bit | Windows 7 Professional 64-bit | Windows 7 Ultimate 32-bit | Windows 7 Ultimate 64-bit |
Windows XP | No | No | No | No | No | No |
Windows Vista Starter 32-bit | No | No | No | No | No | No |
Windows Vista Starter 64-bit | No | No | No | No | No | No |
Windows Vista Home Basic 32-bit | Yes | No | No | No | Yes | No |
Windows Vista Home Basic 64-bit | No | Yes | No | No | No | Yes |
Windows Vista Home Premium 32-bit | Yes | No | No | No | Yes | No |
Windows Vista Home Premium 64-bit | No | Yes | No | No | No | Yes |
Windows Vista Business 32-bit | No | No | Yes | No | Yes | No |
Windows Vista Business 64-bit | No | No | No | Yes | No | Yes |
Windows Vista Ultimate 32-bit | No | No | No | No | Yes | No |
Windows Vista Ultimate 64-bit | No | No | No | No | No | Yes |
The Enterprise editions play by different rules since they are licensed directly from Microsoft. In the case of Windows 7, both Windows Vista Business and Windows Vista Enterprise can be upgraded to Windows 7 Enterprise.
Those operating systems not listed in Table 6.7 do not include any upgrade options to Windows 7 and cannot be done with upgrade packages (you must buy the full version of Windows 7). An easy way to remember upgrade options for the exam is that you must have at least Windows Vista to be able to upgrade to Windows 7. In the real world, the Windows Vista machine should be running Service Pack 1 at a minimum, and you can always take an earlier OS and upgrade it to Vista SP1 and then upgrade to Windows 7.
As of this writing, Service Pack 1 is the latest available for Windows 7, the Windows 8.1 upgrade is the latest for Windows 8, and there is no service pack for Windows 8.1. You can find the latest here:
http://windows.microsoft.com/en-US/windows/downloads/service-packs
In the past, all service packs used to be cumulative—meaning you needed to load only the last one. Starting with XP SP3, however, all Windows service packs released have been incremental, meaning that you must install the previous ones before you can install the new one.
Microsoft created the Windows 7 Upgrade Advisor to help with the upgrade to this operating system. You can download the advisor from http://windows.microsoft.com/upgradeadvisor. It will scan your hardware, devices, and installed programs for any known compatibility issues. Once it is finished, it will give you advice on how to resolve the issues found and recommendations on what to do before you upgrade. The reports are divided into three categories: System Requirements, Devices, and Programs.
Other versions of Windows also have Upgrade Advisors!
After all incompatibilities have been addressed, the upgrade can be started from an installation disc or from a download (preferably to a USB drive). If the setup routine does not begin immediately on boot, look for the setup.exe
file and run it. When the Install Windows page appears, click Install Now.
You’ll be asked if you want to get any updates (recommended) and to agree to the license agreement. After you’ve done so, choose Upgrade for the installation type and follow the steps to walk through the remainder of the installation. I highly recommend that after the installation is complete, you run Windows Update to get the latest drivers.
New to Windows 7 was the ability to upgrade at any time from one edition of the operating system to a higher one (for example, from Home Premium to Professional) using the Windows Anytime Upgrade utility in the System And Security section of the Control Panel (it can also be accessed by clicking the Start button and choosing All Programs; scroll down the list and choose Windows Anytime Upgrade).
With Windows 8 you can upgrade based on the operating system that you are coming from. Table 6.8 lists the upgrade paths for each Windows 8 edition based on the operating system you are coming from. Those listed as “No” must be clean installations.
It’s worth mentioning that there is a version called RT that has been discontinued. It was for tablets.
Table 6.8 Upgrade paths for Windows 8
Existing operating system | Windows 8 | Windows 8 Pro | Windows 8 Enterprise |
Windows 7 Starter | Yes | Yes | No |
Windows 7 Home Basic | Yes | Yes | No |
Windows 7 Home Premium | Yes | Yes | No |
Windows 7 Professional | No | Yes | No |
Windows 7 Ultimate | No | Yes | No |
Windows 7 Pro (volume licensed) | No | No | Yes |
Windows 7 Enterprise (volume licensed) | No | No | Yes |
Windows 8 (volume licensed) | No | No | Yes |
With Windows 8.1 you can upgrade based on the operating system that you are coming from. Table 6.9 lists the upgrade paths for each Windows 8.1 edition based on the operating system you are coming from. Those listed as “No” must be clean installations.
Table 6.9 Upgrade paths for Windows 8.1
Existing operating system | Windows 8.1 | Windows 8.1 Pro | Windows 8.1 Enterprise |
Windows 8 | Yes | Yes | No |
Windows 8 Pro | No | Yes | Yes |
Windows 8 Pro with Media Center | No | Yes | Yes |
Windows 8.1 | No | Yes | No |
Windows 8 Enterprise | No | No | No |
Windows 8.1 Pro | No | No | Yes |
Although not in the table you can also upgrade Windows 7 to Windows 8.1 as well.
With Windows 10, the in-place upgrade is now a first-class deployment option and is now the preferred approach for Windows 10 deployment—even in enterprises. It allows Windows 10 installations to be initiated from within the existing Windows 7 or newer OS.
The Windows Upgrade Advisor from Microsoft can be useful in any upgrade process. It will check your system, verify that it can run the desired operating system, and give you a report of any identified compatibility issues. There are versions under various names for Windows 7, Windows 8, Windows 8.1, and Windows 10.
Several features are available to enhance the compatibility of the operating system with the applications you are running. First there is the Windows Compatibility Center, a site you can access that will scan your device for compatible device drivers, app updates, and downloads. You just enter the name of the program, and it will tell you whether it is supported; if you need a driver or an update, it will provide it.
Running the application in a compatibility mode that supports it can make the application work. Simply right-click the program file and choose Run In Compatibility Mode and then select an operating system that supports the application.
In some cases, it may not be possible to use an application without creating a shim, which is a small piece of software that communicates between the unsupported application and the operating system. This is done with an Application Compatibility toolkit. There are such toolkits for Windows 7, Windows 8, Windows 8.1, and Windows 10. Their use is beyond the scope of this book.
You can begin the installation or upgrade process by booting from a number of sources. There are eight in particular that CompTIA wants you to be familiar with:
Most systems will allow you to boot from a USB device, but you must often change the BIOS settings to look for USB first. Using a large USB drive, you can store all the necessary installation files on the one device and save the time needed to swap media.
The option most commonly used for an attended installation is the CD-ROM/DVD boot (they are identical). Since Windows 7 and newer come only on DVD, though, CD-ROM applies to older operating systems and not this one.
A DVD boot is the most common method of starting an installation.
Booting the computer from the network without using a local device creates a Preboot Execution Environment (PXE). Once it is up, it is common to load the Windows Preinstallation Environment (WinPE) into RAM as a stub operating system and install the operating system image to the hard drive.
WinPE can be installed onto a bootable CD, USB, or network drive using the copype.cmd
command. This environment can be used in conjunction with a Windows deployment from a server for unattended installations.
If boot files and installation files are located on a solid-state drive or flash drive and the device is set to look on those drives for boot files, you can boot from these devices and install the operating system in the same way that you boot from a CD or DVD drive.
NetBoot is a method developed by Apple that allows an Apple device to boot from a network location rather than from the hard drive. The device uses Dynamic Host Configuration Protocol (DHCP) to receive a network configuration and to receive the IP address of a Trivial File Transport protocol (TFTP) server from which the device will download an operating system image from a server. This entire process is similar to the way an IP phone learns through DHCP the IP address of the server from which it downloads its configuration file.
Just as boot files can be located on a USB drive, CD, DVD, and flash drive, they can also be located on an external hard drive. Most of these drives are also hot-swappable (you can connect and remove them with the devices on). As always, you will probably have to alter the boot order of the device so that it looks on the external drive before the other drives if boot files are also located in these locations.
Finally, the most common location of boot files is on the internal hard drive. These files are placed there during the installation and will be executed as long as the device is set to look for them there. By default most systems are set to look on the internal hard drive first, and even if the device is not set to look there first, it will eventually boot to those files if there are no boot files located on any of the other drives or boot sources.
Operating system installations can be lumped into two generic methods: attended or unattended. During an attended installation, you walk through the installation and answer the questions as prompted. Questions typically ask for the product key, the directory in which you want to install the OS, and relevant network settings.
As simple as attended installations may be, they’re time-consuming and administrator- intensive in that they require someone to fill in a fair number of fields to move through the process. Unattended installations allow you to configure the OS with little or no human intervention. Table 6.10 shows you four common unattended installation methods and when they can be used.
Table 6.10 Windows unattended installation methods
Method | Clean installation | Upgrade |
Unattended Install | Yes | Yes |
Bootable media | Yes | No |
Sysprep | Yes | No |
Remote install | Yes | No |
Another decision you must make is which method you are going to use to access the Windows installation files. It is possible to boot to the installation DVD and begin the installation process. However, your system must have a system BIOS that is capable of supporting bootable media.
If you don’t have a bootable DVD, you must first boot the computer using some other bootable media, which then loads the disk driver so that you can access the installation program on the DVD.
Answering the myriad of questions posed by Windows Setup doesn’t qualify as exciting work for most people. Fortunately, there is a way to answer the questions automatically: through an unattended installation. In this type of installation, an answer file is supplied with all the correct parameters (time zone, regional settings, administrator username, and so on), so no one needs to be there to tell the computer what to choose or to hit Next 500 times.
Unattended installations are great because they can be used to upgrade operating systems. The first step is to create an answer file. This XML file, which must be named unattend.xml
, contains configuration settings specific to the computer on which you are installing the OS, which means that for every installation the answer file will be unique. See the following for details on these settings:
Generally speaking, you’ll want to run a test installation using that answer file first before deploying it on a large scale because you’ll probably need to make some tweaks to it. After you create your answer file, place it on a network share that will be accessible from the target computer. (Most people put it in the same place as the Windows installation files for convenience.)
Boot the computer that you want to install on using a boot disk or CD, and establish the network connection. Once you start the setup process, everything should run automatically.
An upgrade involves moving from one operating system to another and keeping as many of the settings as possible. An example of an upgrade would be changing the operating system on a laptop computer from Windows Vista to Windows 7 and keeping the user accounts that existed.
It is also possible to upgrade from one edition of an operating system to another—for example, from Windows 7 Professional to Windows 7 Ultimate. This is known as a Windows 7 Anytime Upgrade.
To begin the upgrade, insert the DVD, and the Setup program should automatically begin (if it doesn’t, run setup.exe
from the root folder). From the menu that appears, choose Install Now and then select Upgrade when the Which type Of Installation Do You Want? screen appears. Answer the prompts to walk through the upgrade.
Booting from the DVD is also possible but recommended only if the method just described does not work. When you boot, you will get a message upon startup that says Press Any Key To Boot From CD, and at this point you simply press a key. (Don’t worry that it is a DVD and not a CD.)
With a clean installation, you delete the volume where the old operating system existed and place a new one there. An example of a clean installation would be changing the operating system on a laptop from Windows 8 to Windows 10. The user accounts and other settings that existed with Windows 8 would be removed in the process and need to be re-created under Windows 10.
A repair installation overwrites system files with a copy of new ones from the same operating system version and edition. For example, a laptop running Windows 7 is hanging on boot, and the cause is traced to a corrupted system file. A repair installation can replace that corrupted file with a new one (from the DVD or other source) without changing the operating system or settings (for configuration, accounts, and so on).
Multiple operating systems can exist on the same machine in one of two popular formats: in a multiboot configuration or in virtual machines. With a multiboot configuration, when you boot the machine, you choose which operating system you want to load of those that are installed. You could, for example, boot into Windows 10, reboot and bring up Windows 7, reboot and bring up Windows 8, and test a software application you’ve created in each OS. It is possible in this scenario to have multiple editions of the same OS installed (Professional, Ultimate, and so forth) and choose which to boot into in order to test your application. The key to this configuration, however, is that you can have only one operating system running at a time.
Each installation should have its own folder. Make sure you don’t install into a folder that already contains an OS or you will overwrite it.
An alternative to multiboot that has become more popular in recent years is to run virtual machines. You could boot into Windows 7, for example, and run a virtual machine of Windows 10 and one of Windows 8 and test your application in the three environments that are all running at the same time.
Older Windows Server operating systems have a feature called Remote Installation Service (RIS), which allows you to perform several network installations at one time. Beginning with Windows Server 2003 SP2, RIS was replaced by Windows Deployment Service (WDS). This utility offers the same functionality as RIS.
A network installation is handy when you have many installs to do and installing by CD is too much work. In a network installation, the installation CD is copied to a shared location on the network. Then individual workstations boot and access the network share. The workstations can boot either through a boot disk or through a built-in network boot device known as a PXE ROM. Boot ROMs essentially download a small file that contains an OS and network drivers and has enough information to boot the computer in a limited fashion. At the least, it can boot the computer so it can access the network share and begin the installation.
Creating an image isn’t actually an objective, but it is something important that you’ll need to know how to do in the real world. Creating an image involves taking a snapshot of a model system (often called a reference computer) and then applying it to other systems (see the section “Image deployment” later). A number of third-party vendors offer packages that can be used to create images, and you can use the system preparation tool, or Sysprep. The Sysprep utility works by making an exact image or replica of the reference computer (sometimes also called the master computer) to be installed on other computers. Sysprep removes the master computer’s security ID (a process sometimes called generalization) and will generate new IDs for each computer where the image is used to install.
All Sysprep does is create the system image. You still need a cloning utility to copy the image to other computers.
Perhaps the biggest caveat to using Sysprep is that because you are making an exact image of an installed computer (including drivers and settings), all the computers that you will be installing the image on need to be identical (or close) to the configuration of the master computer. Otherwise, you would have to go through and fix driver problems on every installed computer. Sysprep images can be installed across a network or copied to a CD or DVD for local installation. Sysprep cannot be used to upgrade a system; plan on all data on the system (if there is any) being lost after a format.
Similar to Sysprep, ImageX is the preferred command-line utility for imaging Windows 7 and other version of Windows. You can find more information about it at http://technet.microsoft.com/en-us/library/cc722145(v=ws.10).
Several third-party vendors provide similar services, and you’ll often hear the process referred to as disk imaging or drive imaging. The third-party utility makes the image, and then the image file is transferred to the computer without an OS. You boot the new system with the imaging software and start the image download. The new system’s disk drive is made into an exact sector-by-sector copy of the original system.
Imaging has major upsides. The biggest one is speed. In larger networks with multiple new computers, you can configure tens to hundreds of computers by using imaging in just hours, rather than the days it would take to individually install the OS, applications, and drivers.
System images created with Sysprep and other tools can be deployed for installation on hosts across the network. The Windows Automated Installation Kit (AIK) can be useful for this purpose (http://technet.microsoft.com/library/dd349348.aspx).
In the past, many devices that were purchased with the operating system installed by the OEM came with recovery media that could be used to boot the device and recover or replace the operating system if needed. Now many come with an additional partition on the drive called a recovery partition. The users could use a specific key sequence during bootup that would cause the device to boot to the recovery partition and make available tools to either recover the installation or replace it. The downside of this approach is that if the hard drive fails or if the partition is overwritten, the recovery partition is useless. In an effort to address this concern, many OEMs now make available recovery media if requested by the user.
Windows 8, 8.1, and 10 offer three methods of dealing with a device that either won’t boot, is corrupted, or is simply performing badly. These three options are refresh, restore, and reset; and it is critical that you understand the consequences of each. When a refresh is performed, the user’s data is unaffected, while the operating system is returned to the factory default state. Although the data remains intact, any applications or programs that the user installed will be gone. All default applications that come with the system will remain, and any purchased from the Windows Store will remain as well. When a restore is performed, the system is restored to a point in time in the past. It removes no user data, but any configuration changes made or programs and service packs installed since that point in time will be gone. Finally, the third and most drastic option is the reset, which removes all data and programs and reinstalls a fresh copy of the operating system.
For a hard disk to be able to hold files and programs, it has to be partitioned and formatted. Partitioning is the process of creating logical divisions on a hard drive. A hard drive can have one or more partitions. Formatting is the process of creating and configuring a file allocation table (FAT) and creating the root directory. Several file system types are supported by the various versions of Windows, such as FAT16, FAT32, and NTFS (partitions are explored later in the discussion of disk management).
The partition that the operating system boots from must be designated as active. Only one partition on a disk may be marked active. Each hard disk can be divided into a total of four partitions, either four primary partitions or three primary and one extended partition. Some of the other possibilities are examined in the following sections.
Partitions can be made dynamic, which—as the name implies—means they can be configured and reconfigured on the fly. The big benefits they offer are that they can increase in size (without reformatting) and can span multiple physical disks. Dynamic partitions can be simple, spanned, or striped.
Dynamic partitions that are simple are similar to primary partitions and logical drives (which exist on basic partitions, discussed next). This is often the route you choose when you have only one dynamic disk and want the ability to change allocated space as needed.
Choosing spanned partitions means that you want space from a number of disks (up to 32) to appear as a single logical volume to users. A minimum of two disks must be used, and no fault tolerance is provided by this option.
Striped partitions are similar to spanned in that multiple disks are used, but the big difference is that data is written (in fixed-size stripes) across the disk set in order to increase I/O performance. Although read operations are faster, a concern is that if one disk fails, none of the data is retrievable (like Spanned, the Striped option provides no fault tolerance).
With basic storage, Windows drives can be partitioned with primary or logical partitions. Basic partitions are a fixed size and are always on a single physical disk. This is the simplest storage solution and has been the traditional method of storing data for many years.
You can change the size of primary and logical drives by extending them into additional space on the same disk. You can create up to four partitions on a basic disk, either four primary or three primary and one extended.
A primary partition contains the boot files for an operating system. In older days, the operating system had to also be on that partition, but with the Windows versions you need to know for this exam, the OS files can be elsewhere as long as the boot files are in that primary partition.
Primary partitions cannot be further subdivided.
Extended partitions differ from primary in that they can be divided into one or more logical drives, each of which can be assigned a drive letter.
In reality, all partitions are logical in the sense that they don’t necessarily correspond to one physical disk. One disk can have several logical divisions (partitions). A logical partition is any partition that has a drive letter.
Sometimes, you will also hear of a logical partition as one that spans multiple physical disks. For example, a network drive that you know as drive H might actually be located on several physical disks on a server. To the user, all that is seen is one drive, or H.
Devices that use the Unified Extensible Firmware Interface (UEFI) specification (discussed in the section “BIOS/UEFI settings” in Chapter 3,“Hardware”) instead of a BIOS also use a partitioning standard called GUID Partition Table (GPT). Since 2010, most operating systems support this and using a master boot record (MBR), which is the alternative method of booting to a legacy BIOS firmware interface. Today, almost all operating systems support it, and many only support booting from a GPT rather than from an MBR.
Moreover, GPT is also used on some BIOS systems because of the limitations of MBR partition tables, which was the original driver for the development of UEFI and GPT. MBR works with disks up to 2 TB in size, but it can’t handle larger disks. MBR also supports only up to four primary partitions, so to have more than four, you had to make one of your primary partitions an “extended partition” and create logical partitions inside it. GPT removes both of these limitations. It allows up to 128 partitions on a GPT drive.
New Technology File System (NTFS) is available with all the versions of Windows you need to know for the exam, but all versions also recognize and support FAT16 and FAT32. The file table for the NTFS is called the Master File Table (MFT).
This section lists the major file systems and the differences among them.
Extended File Allocation Table (exFAT) is a Microsoft file system optimized for flash drives. It is proprietary and has also been adopted by the SD Card Association as the default file system for SDXC cards larger than 32 GB. The proprietary nature and licensing requirements make this file system difficult to use in any open source or commercial software. This file system is supported in Windows 7, Windows 8, Windows 8.1, and Windows 10.
FAT, which stands for File Allocation Table, is an acronym for the file on a file system used to keep track of where files are. It’s also the name given to this type of file system, introduced in 1981. The largest FAT disk partition that could be created was approximately 2 GB. FAT32 was introduced along with Windows 95 OEM Service Release 2. As disk sizes grew, so did the need to be able to format a partition larger than 2 GB. FAT32 was based more on VFAT than on FAT16. It allowed for 32-bit cluster addressing, which in turn provided for a maximum partition size of 2 TB (2048 GB). It also included smaller cluster sizes to avoid wasted space. FAT32 support is included in current Windows versions.
Introduced along with Windows NT (and available on Windows 7, Windows 8, Windows 8.1, and Windows 10), NT File System (NTFS) is a much more advanced file system in almost every way than all versions of the FAT file system. It includes such features as individual file security and compression, RAID support, and support for extremely large file and partition sizes and disk transaction monitoring. It is the file system of choice for higher-performance computing. Finally, it supports both file compression and file encryption.
While not a file system that can be used on a hard drive, CD-ROM File System (CDFS) is the file system of choice for CD media and has been used with 32-bit Windows versions since Windows 95. A CD mounted with the CDFS driver appears as a collection.
Network File System (NFS) is a distributed file system protocol originally developed by Sun Microsystems. While it is supported on some Windows systems, it is primarily used on Unix-based systems; the SMB-based Common Internet File System (CIFS) is more common on Windows systems for access to resources on other devices. To support NFS, Windows systems make available the client for NFS. While the client for NFS is available in Windows 7, the Services for the Network File System (NFS) feature is available only in the Windows 8 Enterprise edition. This feature is not available in Windows 8 and Windows 8 Pro editions. It is available in Windows 10.
ext3 and ext4 are Linux file systems. While ext4 has the following advantages, it should be noted that it is not compatible with Windows, while ext3 is. The following are the strengths of ext4:
Hierarchical File System (HFS) is a file system developed by Apple for use in computer systems running MacOS. Designed for floppy and hard disks, it can also be found on read-only media such as CD-ROMs. With the introduction of MacOS X 10.6, Apple dropped support for formatting or writing HFS disks and images, which remain supported as read-only volumes.
Resilient File System (ReFS) was created for Windows 8 and was built on NTFS technology. Its main contribution is the resilience to data corruption and maintenance of integrity.
The swap partition is used by the Linux kernel in order to implement the memory-swap mechanism. Whenever there is a memory shortage, the system moves some information out of memory temporarily to the swap portion of the hard drive. When the memory crunch is over, the information is moved back to memory. Swap files in Linux are the equivalent of page files in Windows.
When you’re installing any Windows OS, you will be asked first to format the drive using one of the disk technologies just discussed. Choose the disk technology based on what the computer will be doing and which OS you are installing. For recent versions of Windows, nearly all users should choose NTFS.
To format a partition, you can use the FORMAT
command. FORMAT.EXE
is available with all versions of Windows. You can run FORMAT
by using the command prompt or by right-clicking a drive in Windows Explorer and selecting Format if Windows is already installed. However, when you install Windows, it performs the process of partitioning and formatting for you if a partitioned and formatted drive does not already exist. You can usually choose between a quick format or a full format. With both formats, files are removed from the partition; the difference is that a quick format does not then check for bad sectors (a time-consuming process).
Be extremely careful with the FORMAT
command! When you format a drive, all data on the drive is erased.
During the installation, it may be necessary to load a third-party driver that you update later. The goal during installation is to get the operating system up and running and in a state where you can interact with it. Some of the drivers included with media are not the latest from the vendor but can be used to complete the installation. Once installation is done, you can access the websites of third-party vendors and download and then install the latest drivers. To add a mass storage driver (which is what you need to access the drive), you hit the F7 key when you are prompted during the installation.
When installing an operating system, by default the device will be placed in a workgroup. This is a small group of devices that might represent, for example, a home network or a SOHO network. In an organization, however, the devices will more likely reside in a domain. A domain is Windows grouping made possible when using Active Directory, the Windows Directory service. Placing a device in a domain was covered earlier in this chapter in the section “Domain access.”
The following versions of Windows support joining a domain:
During installation of the operating system, you are asked to choose the correct settings for the local time, date, and region. As mentioned earlier, the goal during installation is to complete the process as quickly as possible, and you may need to tweak these settings later.
Once the installation is complete, there are a number of ways to change these values, the easiest of which is to right-click the clock in the lower-right corner of the taskbar and choose Adjust Date/Time. In the Control Panel, you can choose the Region And Language applet to configure date and time formats, as well as change language and location settings. Language interface packs (LIPs) are available that can be installed to modify what appears in wizards, dialog boxes, and such (see http://windows.microsoft.com/en-US/windows7/Install-or-change-a-display-language for more information).
During the installation process of Windows 7, Windows 8, Windows 8.1, and Window 10, you will be presented with the option to download any required updates and new driver packages that may have become available since the time the installation DVD was created. If the device will have an active Internet connection, you may want to take advantage of this because it will download the required files and make them part of the installation. If this is not an option, you can always perform this step by visiting Windows Update after the installation.
A recovery partition is one created in Windows that makes returning the device to its factory settings possible. This can also be used to revive the system when it fails. Although it is possible to delete this partition, it is not advisable as it will limit recovery options.
Clearly it important to properly create and format the boot drive prior to the installation. Please review the sections “Partitioning,” “File system types/formatting,” and “Quick format vs. full format.”
Prior to installing or upgrading an OS, it is advisable to ensure that the system supports all the hardware prerequisites (these were provided earlier in this chapter). It also is a good idea to check whether any additional hardware is compatible with the system. The upgrade advisors provided with many upgrade programs can assist with this as well. If you don’t check ahead of time, the installation or upgrade may fail when you attempt it.
This is another area where some prior research can be invaluable. Applications are made to work on specific operating systems. While you’ll have fewer problems with an upgrade, a new installation, especially when going from one vendor to another (Windows to Apple) may result in application incompatibility. The upgrade advisors mentioned earlier can also assess your application’s compatibility.
Keep in mind that some upgrades are not possible and require new installations. See the tables earlier in this chapter on allowable upgrade paths.
Identify the versions of Windows that support domain setup. These include Windows 7 Professional, Windows 7 Ultimate, Windows 7 Enterprise, Windows 8 Professional, Windows 8.1 Professional, Windows 10 Professional, and Windows 10 Enterprise.
Although the exam is on the Windows operating systems, it tests many concepts that carry over from the earlier Microsoft Disk Operating System (MS-DOS), which was never meant to be extremely friendly. Its roots are in CP/M, which was based on the command line, and so is MS-DOS. In other words, these systems use long strings of commands typed in at the computer keyboard to perform operations. Some people prefer this type of interaction with the computer, including many folks with technical backgrounds (such as yours truly). Although Windows has left the full command-line interface behind, it still contains a bit of DOS, and you get to it through the command prompt.
Although you can’t tell from looking at it, the Windows command prompt is actually a Windows program that is intentionally designed to have the look and feel of a DOS command line. Because it is, despite its appearance, a Windows program, the command prompt provides all the stability and configurability you expect from Windows. You can access a command prompt by running CMD.EXE
.
A number of diagnostic utilities are often run at the command prompt. Since knowledge of each is required for the exam, they are discussed next in the order given. The commands in this section include the following:
Some commands are used to navigate the file system. The three commands in this section are used for that purpose.
The DIR
command is simply used to view a listing of the files and folders that exist within a directory, subdirectory, or folder. The following is the syntax:
dir [Drive:][Path][FileName] [...] [/p] [/q] [/w] [/d] [/a[[:]attributes]][/o[[:]SortOrder]] [/t[[:]TimeField]] [/s] [/b] [/l] [/n] [/x] [/c] [/4]
The parameters are as follows:
[ Drive :][ Path ] |
Specifies the drive and directory for which you want to see a listing |
[ FileName ] |
Specifies a particular file or group of files for which you want to see a listing |
/p |
Displays one screen of the listing at a time. To see the next screen, press any key on the keyboard. |
/q |
Displays file ownership information |
/w |
Displays the listing in wide format, with as many as five filenames or directory names on each line |
d |
Same as /w but files are sorted by column. |
i |
Displays only the names of those directories and files with the attributes you specify |
/o [[:] SortOrder ] |
Controls the order in which DIR sorts and displays directory names and filenames |
/t [[:] TimeField ] |
Specifies which time field to display or use for sorting |
/s |
Lists every occurrence, in the specified directory and all subdirectories, of the specified filename |
/b |
Lists each directory name or filename, one per line, including the filename extension. /b does not display heading information or a summary. /b overrides /w . |
/l |
Displays unsorted directory names and filenames in lowercase. /l does not convert extended characters to lowercase. |
/n |
Displays a long list format with filenames on the far right of the screen |
/x |
Displays the short names generated for files on NTFS and FAT volumes. The display is the same as the display for /n , but short names are displayed after the long name. |
/c |
Displays the thousand separator in file sizes |
/4 |
Displays four-digit year format |
The change directory (cd
) command is used to move to another folder or directory. It is used in both UNIX and Windows. Parameters are shown below.
Unix | |
cd or cd ~ |
Puts you in your home directory |
cd . |
Leaves you in the same directory you are currently in |
cd ~username |
Puts you in username ’s home directory |
cd dir (without a /) |
Puts you in a subdirectory |
cd — |
switches you to the previous directory |
cd .. |
Moves you up one directory |
DOS and Windows
no attributes
Prints the full path of the current directory
-p
Prints the final directory stack
-n
Entries are wrapped before they reach the edge of the screen.
-v
Entries are printed one per line, preceded by their stack positions.
cd
Returns to the root dir
..
Moves you up one directory
The ipconfig
command is used to view the IP configuration of a device and, when combined with certain switches or parameters, can be used to release and renew the lease of an IP address obtained from a DHCP server and to flush the DNS resolver cache. Its most common use is to view the current configuration. Figure 6.5 shows its execution with the /all
switch, which results in a display of a wealth of information about the IP configuration.
A scenario in which this command would be valuable is when you are dealing with a device you have never touched before that is having communication issues. This command would show a wealth of information with its output.
You can use ipconfig
to release and then renew a configuration obtained from a DHCP server by issuing the following commands:
ipconfig /release ipconfig /renew
It is also helpful to know that when you have just corrected a configuration error (such as an IP address) on a destination device, you should ensure that the device registers its new IP address with the DNS server by executing the ipconfig /registerdns
command.
It may also be necessary to clear incorrect IP addresses to hostname mappings that may still exist on the devices that were attempting to access the destination device. This can be done by executing the ipconfig /flushdns
command.
If you are using a Linux or Unix system, the command is not ipconfig
but ifconfig
. Figure 6.6 shows an example of the command and its output. The ifconfig
command with the -a
option shows all network interface information, even if the network interface is down.
The ping
command makes use of the Internet Control Message Protocol (ICMP) to test connectivity between two devices. ping
is one of the most useful commands in the TCP/IP suite. It sends a series of packets to another system, which in turn sends a response. The ping
command can be extremely useful for troubleshooting problems with remote hosts.
The ping
command indicates whether the host can be reached and how long it took for the host to send a return packet. On a LAN, the time is indicated as less than 10 milliseconds. Across WAN links, however, this value can be much greater. When the -a
parameter is included, it will also attempt to resolve the hostname associated with the IP address. Figure 6.7 shows an example of a successful ping.
A common scenario for using ping
is when you need to determine whether the network settings are correct. If you can ping another device that is correctly configured, the settings are correct. The syntax is as follows:
ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r count] [-s count] [-w timeout] [-R] [-S srcaddr] [-p] [-4] [-6] target [/?]
Some switches used with ping
are in Table 6.11.
Table 6.11 ping
switches
Switch | Purpose |
t |
Pings the target until you force it to stop by using Ctrl+C |
-a |
Resolves, if possible, the hostname of an IP address target |
-n count |
Sets the number of ICMP echo requests to send (4 by default) |
-l size |
Sets the size, in bytes, of the echo request packet (32 by default) |
-f |
Prevents ICMP echo requests from being fragmented by routers between you and the target |
-i TTL |
Sets the Time to Live (TTL) value, the maximum of which is 255 |
-r count |
Specifies the number of hops between your computer and the target computer |
-s count |
Reports the time, in Internet Timestamp format, that each echo request is received and when an echo reply is sent |
The tracert
command (called traceroute
in Linux and Unix) is used to trace the path of a packet through the network. Its best use is in determining exactly where in the network the packet is being dropped. It will show each hop (router) the packet crosses and how long it takes to do so. Figure 6.8 shows a partial display of a traced route to www.msn.com.
A common scenario for using tracert
is when there is a slow remote connection and you would like to find out which part of the path is problematic.
The syntax used is as follows:
tracert [-d] [-h MaxHops] [-w TimeOut] [-4] [-6] target [/?]
Table 6.12 shows some selected switches used with tracert
.
Table 6.12 tracert
switches
Switch | Purpose |
-d |
Prevents tracert from resolving IP addresses to hostnames |
-h MaxHops |
Specifies the maximum number of hops in the search for the target (30 by default) |
-w TimeOut |
Specifies the time, in milliseconds, to allow each reply before timeout using this tracert option |
-4 |
Forces tracert to use IPv4 only |
-6 |
Forces tracert to use IPv6 only |
target |
Destination, either an IP address or a hostname |
/? |
Shows detailed help about the command |
The netstat
(network status) command is used to see what ports are listening on the TCP/IP-based system. The -a
option is used to show all ports, and /?
is used to show what other options are available (the options differ based on the operating system you are using). When executed with no switches, the command displays the current connections, as shown in Figure 6.9.
A common scenario for using netstat
is when you suspect that a host is “calling home” to a malicious server. If so, the connection would appear in the output.
The syntax is as follows:
ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r count] [-s count] [-w timeout] [-R] [-S srcaddr] [-p proto] [-4] [-6] target [/?]
Table 6.13 shows some switches used with netstat
.
Table 6.13 netstat
switches
Switch | Purpose |
-a |
Displays all connections and listening ports |
-b |
Displays the executable involved in creating each connection or listening port |
-e |
Displays Ethernet statistics |
-f |
Displays fully qualified domain names for foreign addresses (in Windows Vista/7 only) |
-n |
Displays addresses and port numbers in numerical form |
-o |
Displays the owning process ID associated with each connection |
-p proto |
Shows connections for the protocol specified by proto |
-r |
Displays the routing table |
The nslookup
command is a command-line administrative tool for testing and troubleshooting DNS servers. It can be run in two modes, interactive and noninteractive. While noninteractive mode is useful when only a single piece of data needs to be returned, interactive allows you to query for either an IP address for a name or a name for an IP address without leaving nslookup
mode.
A common scenario for using nslookup
is when a system cannot resolve names and you need to see what DNS server it is using.
The command syntax is as follows:
nslookup [-option] [hostname] [server]
Table 6.14 shows selected switches used with nslookup
.
Table 6.14 nslookup
switches
Switch | Purpose |
all |
Prints all options, current server, and host info |
[no]debug |
Provides debugging info |
[no]d2 |
Provides exhaustive debugging info |
[no]defname |
Appends a domain name to each query |
[no]recurse |
Asks for a recursive answer to the query |
[no]search |
Uses the domain to search the list |
[no]vc |
Always uses a virtual circuit |
domain= name |
Sets the default domain name to name |
To enter interactive mode, simply enter nslookup
as shown next. When you do this, by default it will identify the IP address and name of the DNS server that the local machine is configured to use, if any, and then will go to the >
prompt. At this prompt you can enter either an IP address or a name, and the system will attempt to resolve the IP address to a name or the name to an IP address.
C:> nslookup Default Server: nameserver1.domain.com Address: >
The following are other queries that can be run that may prove helpful when troubleshooting name resolution issues:
C: Nslookup Set Type=mx
some.dns.server
in the somewhere.com
domain is as follows:
nslookup somewhere.com some.dns.server
The SHUTDOWN.EXE
utility can be used to schedule a shutdown (complete or a restart) locally or remotely. A variety of reasons can be specified and announced to users for the shutdown. Three parameters to be aware of are /S
(turns the computer off), /R
(restarts the computer), and /M
(lets you specify a computer other than this one).
Deployment Image Servicing and Management (DISM.exe
) is a command-line tool that can be used to service a Windows image or to prepare a Windows Preinstallation Environment (Windows PE) image. The syntax is as follows:
DISM.exe {/Image:<path_to_image> | /Online} [dism_global_options] {servicing_option} [<servicing_argument>]
For example, to determine whether any corruption exists in the operating system, execute this command:
DISM /Online /Cleanup-Image /CheckHealth
For more information, see the following:
The System File Checker (SFC) is a command line–based utility that checks and verifies the versions of system files on your computer. If system files are corrupted, the SFC will replace the corrupted files with correct versions.
The syntax for the SFC
command is as follows:
SFC [switch]
While the switches vary a bit between different versions of Windows, Table 6.15 lists the most common ones available for SFC
.
Table 6.15 SFC
switches
Switch | Purpose |
/CACHESIZE=X |
Sets the Windows File Protection cache size, in megabytes |
/PURGECACHE |
Purges the Windows File Protection cache and scans all protected system files immediately |
/REVERT |
Reverts SFC to its default operation |
/SCANFILE (Windows 7 and Vista only) |
Scans a file that you specify and fixes problems if they are found |
/SCANNOW |
Immediately scans all protected system files |
/SCANONCE |
Scans all protected system files once |
/SCANBOOT |
Scans all protected system files every time the computer is rebooted |
/VERIFYONLY |
Scans protected system files and does not make any repairs or changes |
/VERIFYFILE |
Identifies the integrity of the file specified and makes any repairs or changes |
/OFFBOOTDIR |
Does a repair of an offline boot directory |
/OFFFWINDIR |
Does a repair of an offline Windows directory |
To run the SFC, you must be logged in as an administrator or have administrative privileges. If the System File Checker discovers a corrupted system file, it will automatically overwrite the file by using a copy held in the %systemroot%system32dllcache
directory. If you believe that the dllcache
directory is corrupted, you can use SFC /SCANNOW
, SFC /SCANONCE
, SFC /SCANBOOT
, or SFC /PURGECACHE
, depending on your needs, as described in Table 6.9, to repair its contents.
The C:WindowsSystem32
directory is where many of the Windows system files reside.
If you attempt to run SFC, or many other utilities, from a standard command prompt, you will be told that you must be an administrator running a console session in order to continue. Rather than opening a standard command prompt, choose Start ➢ All Programs ➢ Accessories and then right-click Command Prompt and choose Run As Administrator. The User Account Control (UAC) will prompt you to continue, and then you can run SFC without a problem.
You can use the Windows CHKDSK utility to create and display status reports for the hard disk. CHKDSK can also correct file system problems (such as cross-linked files) and scan for and attempt to repair disk errors. CHKDSK can be run from the command line, or you can use a version in Windows Explorer.
To use the Windows Explorer version, right-click the problem disk and select Properties. This will bring up the Properties dialog box for that disk, which shows the current status of the selected disk drive. By clicking the Tools tab at the top of the dialog box and then clicking the Check button in the Error Checking section, you can start CHKDSK.
The diskpart
command shows the partitions and lets you manage them on the computer’s hard drives. A universal tool for working with hard drives from the command line, it allows you to convert between disk types, extend/shrink volumes, and format partitions and volumes, as well as list them, create them, and so on. The diskpart
command sets the command prompt at the diskpart
prompt as follows:
Diskpart>
Then subcommands like those in Table 6.16 are used.
Table 6.16 Diskpart parameters
Parameter | Purpose |
ACTIVE |
Marks the selected partition as active |
ADD |
Adds a mirror to a simple volume |
ATTRIBUTES |
Manipulates volume or disk attributes |
ASSIGN |
Assigns a drive letter or mount point to the selected volume |
ATTACH |
Attaches a virtual disk file |
AUTOMOUNT |
Enables and disables automatic mounting of basic volumes |
BREAK |
Breaks a mirror set |
CLEAN |
Clears the configuration information, or all information |
And that’s only the beginning. You can find a list of all the available commands at http://technet.microsoft.com/en-us/library/bb490893.aspx.
The TASKKILL.EXE
utility is used to terminate processes. Those processes can be identified by either name or process ID number (PID), and the process can exist on the machine where the administrator is sitting (the default) or on another machine, in which case you signify the other system by using the /S
switch.
The /IM
parameter is used to specify the image name of a process to kill and can include wildcard (*) characters. If the process ID number is used in place of the name, then the /PID
switch is needed. The processes in question are the same that can be killed through the Task Manager.
Configuration settings on Windows devices can be controlled through the use of policies. These policies can be applied on a local basis or on a domain and organizational unit basis when a device is a member of an Active Directory domain. When changes are made by an administrator to these policies, some types of changes will not take effect until the next schedule refresh time.
An administrator can force a device to update its policies after a change by executing the gpupdate
command on the device. This is the syntax of the command:
gpupdate [/target:{computer|user}] [/force] [/wait:value] [/logoff] [/boot]
The parameters are as follows:
/target: { computer | user } |
Processes only the computer settings or the current user settings. By default, both the computer settings and the user settings are processed. |
/force |
Ignores all processing optimizations and reapplies all settings |
/wait : value |
Number of seconds that policy processing waits to finish. The default is 600 seconds. 0 means “no wait,” and -1 means “wait indefinitely.” |
/logoff |
Logs off after the refresh has completed. This is required for those Group Policy client-side extensions that do not process on a background refresh cycle but that do process when the user logs on, such as user Software Installation and Folder Redirection. This option has no effect if there are no extensions called that require the user to log off. |
/boot |
Restarts the computer after the refresh has completed. This is required for those Group Policy client-side extensions that do not process on a background refresh cycle but do process when the computer starts up, such as computer Software Installation. This option has no effect if there are no extensions called that require the computer to be restarted. |
Group policies can be applied to Windows devices at the local, organizational unit (OU), and domain levels, and when the policies are applied to the device, the results can be somewhat confusing because of variables that can affect how the policies interact with one another. If you need to determine the policies that are in effect for a particular device, you can execute the gpresult
command on the device, and it will list the currently applied and defective policies. This is the command syntax:
gpresult [/s <COMPUTER> [/u <USERNAME> [/p [<PASSWORD>]]]] [/user [<TARGETDOMAIN>]<TARGETUSER>] [/scope {user | computer}] {/r | /v | /z | [/x | /h] <FILENAME> [/f] | /?}
The parameters are as follows:
/s < COMPUTER > |
Specifies the name or IP address of a remote computer. Do not use backslashes. The default is the local computer. |
/u < USERNAME > |
Uses the credentials of the specified user to run the command. The default user is the user who is logged on to the computer that issues the command. |
/p [< Password >] |
Specifies the password of the user account that is provided in the /u parameter. If /p is omitted, gpresult prompts for the password. /p cannot be used with /x or /h . |
/user [< TARGETDOMAIN >] < TARGETUSER > |
Specifies the remote user whose data is to be displayed |
/scope {user | computer} |
Displays data for either the user or the computer. If /scope is omitted, gpresult displays data for both the user and the computer. |
[/x | /h] < FILENAME > |
Saves the report in either XML (/x ) or HTML (/h ) format at the location and with the filename that is specified by the FILENAME parameter. This cannot be used with /u , /p , /r , /v , or /z . |
/f |
Forces gpresult to overwrite the filename that is specified in the /x or /h option |
/r |
Displays summary data |
/v |
Displays verbose policy information. This includes detailed settings that were applied with a precedence of 1. |
/z : |
Displays all available information about Group Policy. This includes detailed settings that were applied with a precedence of 1 and higher. |
The FORMAT
command is used to wipe data off disks and prepare them for new use. Before a hard disk can be formatted, it must have partitions created on it. (Partitioning is done in Windows 7, Windows Vista, Windows 8, Windows 8.1, and Windows 10, using DISKPART
, discussed earlier.) The syntax for FORMAT
is as follows:
FORMAT [volume] [switches]
The volume
parameter describes the drive letter (for example, D:
), mount point, or volume name. Table 6.17 lists some common FORMAT
switches.
Table 6.17 FORMAT
switches
Switch | Purpose |
/FS:[filesystem] |
Specifies the type of file system to use (FAT, FAT32, or NTFS) |
/V:[label] |
Specifies the new volume label |
/Q |
Executes a quick format |
There are other options as well to specify allocation sizes, the number of sectors per track, and the number of tracks per disk size. However, I don’t recommend you use these unless you have a specific need. The defaults are just fine.
So, if you wanted to format your D: drive as NTFS with a name of HDD2, you would enter the following:
FORMAT D: /FS:NTFS /V:HDD2
Before you format anything, be sure you have it backed up or be prepared to lose whatever is on that drive!
The COPY
command does what it says: It makes a copy of a file in a second location. (To copy a file and remove it from its original location, use the MOVE
command.) Here’s the syntax for COPY
:
COPY [filename] [destination]
It’s pretty straightforward. There are several switches for COPY
, but in practice they are rarely used. The three most used ones are /A
, which indicates an ASCII text file; /V
, which verifies that the files are written correctly after the copy; and /Y
, which suppresses the prompt asking whether you’re sure you want to overwrite files if they exist in the destination directory.
When any sort of copy operation is performed, the file will take on the permissions of the folder in which you place it.
The COPY
command cannot be used to copy directories. Use XCOPY
for that function.
One useful tip is to use wildcards. For example, in DOS (or at the command prompt), the asterisk (*) is a wildcard that means everything. So, you could enter COPY *.EXE
to copy all files that have an .EXE
extension, or you could enter COPY *.
* to copy all files in your current directory.
If you are comfortable with the COPY
command, learning XCOPY
shouldn’t pose too many problems. It’s basically an extension of COPY
with one notable exception—it’s designed to copy directories as well as files. The syntax is as follows:
XCOPY [source] [destination][switches]
There are 26 XCOPY
switches; Table 6.18 lists some of the commonly used ones.
Table 6.18 XCOPY
switches
Switch | Purpose |
/A |
Copies only files that have the Archive attribute set and does not clear the attribute. This is useful for making a quick backup of files while not disrupting a normal backup routine. |
/E |
Copies directories and subdirectories, including empty directories |
/F |
Displays full source and destination filenames when copying |
/G |
Allows copying of encrypted files to a destination that does not support encryption |
/H |
Copies hidden and system files as well |
/K |
Copies attributes (By default, XCOPY resets the Read-Only attribute.) |
/O |
Copies file ownership and ACL information (NTFS permissions) |
/R |
Overwrites read-only files |
/S |
Copies directories and subdirectories but not empty directories |
/U |
Copies only files that already exist in the destination |
/V |
Verifies each new file |
Perhaps the most important switch is /O
. If you use XCOPY
to copy files from one location to another, the file system creates a new version of the file in the new location without changing the old file. In NTFS, when a new file is created, it inherits permissions from its new parent directory. This could cause problems if you copy files. (Users who didn’t have access to the file before might have access now.) If you want to retain the original permissions, use XCOPY /O
.
The ROBOCOPY
command (Robust File Copy for Windows) is included with Windows 7, 8, 8.1, and 10 and has the big advantage of being able to accept a plethora of specifications and keep NTFS permissions intact in its operations. The /MIR
switch, for example, can be used to mirror a complete directory tree.
You can find an excellent TechNet article on how to use Robocopy at http://technet.microsoft.com/en-us/magazine/ec85e01678.aspx.
The syntax is as follows:
robocopy <Source> <Destination> [<File>[ ...]] [<Options>]
Some of the more common switches when using the copy option are in Table 6.19.
Table 6.19 Robocopy switches
Switch | Purpose |
/s |
Copies subdirectories. Note that this option excludes empty directories. |
/e |
Copies subdirectories. Note that this option includes empty directories. |
/lev:< N > |
Copies only the top N levels of the source directory tree |
/z |
Copies files in restartable mode |
/b |
Copies files in Backup mode |
/efsraw |
Copies all encrypted files in EFS RAW mode |
/copy:< copyflags > |
Specifies the file properties to be copied. The following are the valid values for this option: |
D |
Data |
A |
Attributes |
T |
Time stamps |
S |
NTFS access control list (ACL) |
O |
Owner information |
U |
Auditing information |
/dcopy:< copyflags > |
Defines what to copy for directories. Default is DA. Options are D = data, A = attributes, and T = timestamps. |
Network shares can be mapped to drives to appear as if the resources are local. The NET USE
command is used to establish network connections via a command prompt. For example, to connect to a shared network drive and make it your M drive, you would use the syntax net use m: \servershare
. Figure 6.10 shows an example of mapped drives. This can also be done in File Explorer, as shown in Figure 6.11.
NET USE
can also be used to connect to a shared printer: net use lpt1: \printername
.
The net user
command is used to add, remove, and make changes to the user accounts on a computer, all from the command prompt. It has the following command syntax:
netuser [username [password | *] [/add] [options]] [/domain]] [username [/delete] [/domain]] [/help] [/?]
where:
netuser |
Displays a simple list of every user account, active or not, on the computer you’re currently using |
Username |
The name of the user account |
Password |
Modifies an existing password or assigns one when creating a new username |
* |
Used in place of a password to force the entering of a password in the Command Prompt window after executing the net user command |
/add |
Adds a new username on the system |
/domain |
Forces net user to execute on the current domain controller instead of the local computer |
/delete |
Removes the specified username from the system |
/help |
Displays detailed information |
You can also get help information by typing /?
after a command.
The /?
switch is slightly faster and provides more information than the HELP
command. HELP
provides information only for system commands (it does not include network commands). For example, if you enter help ipconfig
at a command prompt, you get no useful information (except to try /?
); however, typing ipconfig /?
provides the help file for the ipconfig
command.
In Windows 7, Windows 8, Windows 8.1, and Windows 10 some commands are unavailable to a user logged in with a standard privilege account. This set of commands can be executed only if the user is logged on with an administrator account or possesses an administrative account and references it by using the runas
command. When this command is used and references an administrative account, privileges for that command only are elevated.
This is the syntax of the runas
command:
runas [{/profile | /noprofile}] [/env] [{/netonly | /savecred}] [/smartcard] [/showtrustlevels] [/trustlevel] /user:<UserAccountName> "<ProgramName> <PathToProgramFile>"
The parameters are as follows:
/profile |
Loads the user’s profile. This is the default. This parameter cannot be used with the /netonly parameter. |
/no profile |
Specifies that the user’s profile is not to be loaded. This allows the application to load more quickly, but it can also cause a malfunction in some applications. |
/env |
Specifies that the current network environment be used instead of the user’s local environment |
/netonly |
Indicates that the user information specified is for remote access only. This parameter cannot be used with the /profile parameter. |
/savecred |
Indicates whether the credentials have been previously saved by this user. This parameter is not available and will be ignored on Windows Vista Home or Windows Vista Starter Editions. This parameter cannot be used with the /smartcard parameter. |
/smartcard |
Indicates whether the credentials are to be supplied from a smartcard. This parameter cannot be used with the /savecred parameter. |
/showtrustlevels |
Displays the trust levels that can be used as arguments to /trustlevel |
/trustlevel |
Specifies the level of authorization at which the application is to run. Use /showtrustlevels to see the trust levels available. |
/user:< UserAccountName > "< ProgramName > < PathToProgramFile >" |
Specifies the name of the user account under which to run the program, the program name, and the path to the program file. The user account name format should be either < User >@< Domain > or < Domain >< UserAccountName > . |
Use command-line tools and their switches. These tools include ipconfig
, ping
, tracert
, netstat
, lookup
, shutdown
, dism
, sfc
, chkdsk
, diskpart
, taskkill
, gpupdate
, gpresult
, format
, copy
, xcopy
, robocopy
, net use
, and net user
.
This objective requires you to know how to work at the command line and run common command-line utilities available with the Windows-based operating systems, as well as use administrative tools. Some of the material here overlaps with other objectives, but you’ll want to make certain you know each utility discussed.
Although most of the information presented about Windows utilities and administration should seem like second nature to you (on-the-job experience is expected for A+ certification), you should read these sections thoroughly to make certain you can answer any questions that may appear about them. The topics covered in this section include the following:
Table 6.20 lists the administrative tools, and the purpose for each, that you need to know for this objective. The majority of these run in the Microsoft Management Console (MMC).
Table 6.20 Windows administrative tools
Tool | Purpose |
Computer Management | The Computer Management Console includes the following system tools: Device Manager, Event Viewer, Shared Folders, and Performance/Performance Logs And Alerts (based on the OS you are running, you may also see Local Users And Groups or Task Scheduler). Computer Management also has the Storage area, which lets you manage removable media, defragment your hard drives, and manage partitions through the Disk Management utility. Finally, you can manage system services and applications through Computer Management as well. It also has a Storage section, which includes Disk Management and a Services and Applications section, which includes Services and WMI Control. |
Device Manager | Device Manager shows a list of all installed hardware and lets you add items, remove items, update drivers, and more. |
Local Users And Groups | If Local Users And Groups is not visible in the left pane of MMC, choose File Add/Remove Snap-in and select Local Users And Groups from the list of possible snap-ins. You can choose to manage the local computer or another computer (requiring you to provide its address). The built-in groups for a domain are a superset of local groups. Local Users And Groups is not available for Windows 7 editions lower than Professional. In all other editions, you must manage user accounts using the User Accounts applet in the Control Panel, and you cannot create or manage groups. The default users created are Administrator, Guest, and the administrative account created during the install. |
Local Security Policy | The Local Security Policy (choose Start and then enter secpol.msc ) allows you to set the default security settings for the system. This feature is available only in Windows 7 Professional, Windows 7 Ultimate, Windows 7 Enterprise, Windows 8.1 Pro, Windows 8 Ultimate, Windows 8 Professional (old Business), and Windows 8 Enterprise editions. |
Performance Monitor | Performance Monitor differs a bit between Windows versions but has the same purpose throughout: to display performance counters. Two tools are available—System Monitor and Performance Logs And Alerts. System Monitor will show the performance counters in graphical format. The Performance Logs And Alerts utility collects the counter information and then sends it to a console (such as the one in front of the admin so they can be aware of the problem) or event log. |
Services | The Services tab is illustrated and discussed later in this section. |
System Configuration | MSConfig, known as the System Configuration utility, helps you troubleshoot startup problems by allowing you to selectively disable individual items that normally are executed at startup. It works in all versions of Windows, although the interface window is slightly different among versions. |
Task Scheduler | Task Scheduler allows you to configure jobs to automatically run unattended. For the run frequency, you can choose any of the following options: Daily, Weekly, Monthly, One Time Only, When The Computer Starts, or When You Log On. You can access a job’s advanced properties any time after the job has been created. To do so, double-click the icon for the job in the Scheduled Tasks screen. In the resulting dialog box, you can configure such things as the username and password associated with the job, the actual command line used to start the job (in case you need to add parameters to it), and the working directory. At any time, you can delete a scheduled job by deleting its icon, or you can simply disable a job by removing the check mark from the Enabled box on the Task tab of the task’s properties dialog box. For jobs that are scheduled to run, a picture of a clock appears in the bottom-left corner of the icon; jobs not scheduled to run do not have that clock. |
Component Services | Component Services is an MMC snap-in that allows you to administer, as well as deploy, component services and to configure behavior such as security (Component Services is located beneath Administrative Tools). |
Data Sources | ODBC Data Source Administrator (located beneath Administrative Tools) allows you to interact with database management systems. |
Print Management | Available in Windows 7 and Windows Vista, Print Management (located beneath Administrative Tools) allows you to manage multiple printers and print servers from a single interface. Print Management is not available for Windows 7 in any edition lower than Windows 7 Professional. In all later editions of Windows (Vista, 8, 8.1, 10), you must manage individual printers using the Printers applet in the Control Panel. |
Windows Memory Diagnostics | The Windows Memory Diagnostic Tool (located beneath Administrative Tools) can be used to check a system for memory problems. For the tool to work, the system must be restarted. The two options that it offers are to restart the computer now and check for problems or wait and check for problems on the next restart. Upon reboot, the test will take several minutes, and the display screen will show which pass number is being run and the overall status of the test (percentage complete). When the memory test concludes, the system will restart again, and nothing related to it is apparent until you log in. If the test is without error, you’ll see a message that no errors were found. If anything else is found, the results will be displayed. |
Windows Firewall | Windows Firewall (Start ➢ Control Panel ➢ Windows Firewall) is used to block access from the network, and in Windows 7, it is divided into separate settings for private networks and public networks. While host-based firewalls are not as secure as other types of firewalls, this provides much better protection than previously and is turned on by default. It is also included in the Security component of the Action Center and can be tweaked significantly using the Advanced Settings. |
Advanced Security | Continuing the discussion of Windows Firewall, once you click Advanced Settings, Windows Firewall with Advanced Security opens. Here, you can configure inbound and outbound rules as well as import and export policies and monitor. Monitoring is not confined only to the firewall; you can also monitor security associations and connection security rules. Not only can this MMC snap-in do simple configuration, but it can also configure remote computers and work with Group Policy. |
User Account Management | Used to create, delete, and configure properties of user accounts in Windows 10. |
Windows employs comprehensive error and informational logging routines. Every program and process theoretically could have its own logging utility, but Microsoft has come up with a rather slick utility, Event Viewer, which, through log files, tracks all events on a particular Windows computer. Normally, though, you must be an administrator or a member of the Administrators group to have access to Event Viewer.
The process for starting Event Viewer differs based on the operating system you are running, but always log in as an administrator (or equivalent). With Windows 7, using Small or Large icons view, choose Start Control Panel Administrative Tools Event Viewer; on earlier systems, choose Start Programs Administrative Tools Event Viewer (or you can always right-click the Computer desktop icon and choose Manage Event Viewer). In the resulting window (shown in Figure 6.12), you can view the System, Application, and Security log files. If you are running Windows 7, Windows 8, Windows 8.1, or Windows 10, you will also see log files available for Setup and Forwarded Events.
These log files can give a general indication of a Windows computer’s health.
To access Event Viewer in Windows 8 and Windows 8.1, just enter event viewer in the desktop Search box, and when the option for opening Event Viewer appears, select it.
One situation that does occur with Event Viewer is that the log files get full. Although this isn’t really a problem, it can make viewing log files confusing because there are so many entries. Even though each event is time- and date-stamped, you should clear Event Viewer every so often. To do this, open Event Viewer, and in Windows 7, right-click the log, choose Properties, and click the Clear Log button; in earlier OS versions, choose Clear All Events from the Log menu. Doing so erases all events in the current log file, allowing you to see new events more easily when they occur. You can set maximum log size by right-clicking the log and choosing Properties. By default, when a log fills to its maximum size, old entries are deleted in first in, first out (FIFO) order. Clearing the log, setting maximum log size, and setting how the log is handled when full are done in the Log Properties dialog box, as shown in Figure 6.13.
You can save the log files before erasing them. The saved files can be burned to a CD or DVD for future reference. Often, you are required to save the files to CD or DVD if you are working in a company that adheres to strict regulatory standards.
In addition to just erasing logs, you can configure three different settings for what you want to occur when the file does reach its maximum size. The first option is Overwrite Events As Needed (Oldest Events First), which replaces the older events with the new entries. The second option is Archive The Log When Full, Do Not Overwrite Events, which will create another log file as soon as the current one runs out of space. The third option, Do Not Overwrite Events (Clear Logs Manually), will not record any additional events once the file is full.
A scenario for using Event Viewer would be in the case of an attempted improper login. You could use the log to identity the time, machine, and other information concerning the attempt.
The MSConfig system configuration tool features different tabs based on the Windows version you are running, but the key ones are General, Boot, Services, Startup, and Tools.
On the General tab, you can choose the startup type. There are three sets of options: Normal, Diagnostic, and Selective. A normal startup loads all drivers and services, whereas a diagnostic startup loads only the basic drivers and services. Between the two extremes is the selective startup that gives you limited options on what to load. Figure 6.14 shows the General tab.
The Boot tab shows the boot menu and allows you to configure parameters such as the number of seconds the menu should appear before the default option is chosen and whether you want go to safe boot. You can toggle on/off the display of drivers as they load during startup and choose to log the boot, go with basic video settings, and similar options. Figure 6.15 shows the Boot tab.
The Services tab shows the services configured and their current status. From here, you can enable or disable all and hide Microsoft services from the display (which greatly reduces the display in most cases). Figure 6.16 shows the Services tab.
The Startup tab shows the items scheduled to begin at startup, the command associated with them, and the location where the configuration is done (usually, but not always, in the Registry). From here, you can enable or disable all. If a particular startup item has been disabled in Windows 7, the date and time it was disabled will appear in the display. Figure 6.17 shows the Startup tab for Windows 7 and earlier.
This functionality has been moved to Task Manager in Windows 8, Windows 8.1, and Windows 10; Figure 6.18 shows the Startup tab.
The Tools tab contains quick access to some of the most useful diagnostic tools in Windows. You can launch such items as the Registry Editor as well as many Control Panel applets, and you can enable or disable User Account Control (UAC). Figure 6.19 shows the Tools tab.
A scenario for using MSConfig would be when a device is performing slowly; you can check to see what applications and services are starting at boot, and you may find spyware and other software loading that is causing the performance hit.
This tool lets you shut down nonresponsive applications selectively in all Windows versions. In current versions of Windows, it can do much more. Task Manager allows you to see which processes and applications are using the most system resources, view network usage, see connected users, and so on. To display Task Manager, press Ctrl+Alt+Del and click the Task Manager button. You can also right-click an empty spot in the taskbar and choose Task Manager from the pop-up menu that appears.
To get to the Task Manager directly in any of the Windows versions, you can press Ctrl+Shift+Esc.
In Windows 7, Task Manager has six tabs: Applications, Processes, Performance, Networking, and Users. The Networking tab is shown only if your system has a network card installed (it is rare to find one that doesn’t). The Users tab is displayed only if the computer you are working on is a member of a workgroup or is a stand-alone computer. The Users tab is unavailable on computers that are members of a network domain. In Windows 8, 8.1, and 10, there is an additional tab called Details, and the Applications tab is replaced with the App History tab. Let’s look at these tabs, in the order of their appearance, in more detail in Windows 8.1.
The Applications tab (shown in Figure 6.20) lets you see which tasks are open on the machine. You also see the status of each task, which can be either Running or Not Responding. If a task or application has stopped responding (that is, it’s hung), you can select the task in the list and click End Task. Doing so closes the program, and you can try to open it again. Often, although certainly not always, if an application hangs, you have to reboot the computer to prevent the same thing from happening again shortly after you restart the application. You can also use the Applications tab to switch to a different task or create new tasks.
The App History tab in Windows 8, Windows 8.1, and Windows 10 (shown in Figure 6.21) displays the history of the usage of Metro apps only.
The Processes tab (shown in Figure 6.22) lets you see the names of all the processes running on the machine. You also see the user account that’s running the process, as well as how much CPU and RAM resources each process is using. To end a process, select it in the list and click End Process. Be careful with this choice, since ending some processes can cause Windows to shut down. If you don’t know what a particular process does, you can look for it in any search engine and find a number of sites that will explain it.
You can also change the priority of a process in Task Manager’s Processes display by right-clicking the name of the process and choosing Set Priority.
In Windows 10, setting the priority is done on the Details tab.
The six priorities, from lowest to highest, are as follows:
Low For applications that need to complete sometime but that you don’t want interfering with other applications. On a numerical scale from 0 to 31, this equates to a base priority of 4.
Below Normal For applications that don’t need to drop all the way down to Low. This equates to a base priority of 6.
Normal The default priority for most applications. This equates to a base priority of 8.
Above Normal For applications that don’t need to boost all the way to High. This equates to a base priority of 10.
High For applications that must complete soon, when you don’t want other applications to interfere with the application’s performance. This equates to a base priority of 13.
Realtime For applications that must have the processor’s attention to handle time-critical tasks. Applications can be run at this priority only by a member of the Administrators group. This equates to a base priority of 24.
If you decide to change the priority of an application, you’ll be warned that changing the priority of an application may make it unstable. You can generally ignore this warning when changing the priority to Low, Below Normal, Above Normal, or High, but you should heed it when changing applications to the Realtime priority. Realtime means that the processor gives precedence to this process over all others—over security processes, over spooling, over everything—and is sure to make the system unstable.
Task Manager changes the priority only for that instance of the running application. The next time the process is started, priorities revert to that of the base (typically Normal).
The Services tab (shown in Figure 6.23) lists the name of each running service, as well as the process ID associated with it, its description, its status, and its group. A button labeled Services appears on this tab, and clicking it will open the MMC console for Services, where you can configure each service. Within Task Manager, right-clicking a service will open a context menu listing three choices: Start Service, Stop Service, and Go To Process (which takes you to the Processes tab).
The Performance tab (shown in Figure 6.24) contains a variety of information, including overall CPU usage percentage, a graphical display of CPU usage history, page-file usage in megabytes, and a graphical display of page-file usage.
This tab also provides you with additional memory-related information such as physical and kernel memory usage, as well as the total number of handles, threads, and processes. Total, limit, and peak commit-charge information also displays. Some of the items are beyond the scope of this book, but it’s good to know that you can use the Performance tab to keep track of system performance. Note that the number of processes, CPU usage percentage, and commit charge always display at the bottom of the Task Manager window, regardless of which tab you have currently selected.
In Windows 7 this pane has a button marked Resource Monitor, which breaks down resource usage on a per-process basis.
The Networking tab (shown in Figure 6.25) provides you with a graphical display of the performance of your network connection. It also tells you the network adapter name, link speed, and state. If you have more than one network adapter installed in the machine, you can select the appropriate adapter to see graphical usage data for that adapter.
The Users tab (shown in Figure 6.26) provides you with information about the users connected to the local machine. You’ll see the username, ID, status, client name, and session type. You can right-click any connected user to perform a variety of functions, including sending the user a message, disconnecting the user, logging off the user, and initiating a remote-control session to the user’s machine.
Windows 10 has only the functions Disconnect and Manage User Accounts.
Use Task Manager whenever the system seems bogged down by an unresponsive application.
The Details tab (shown in Figure 6.27) displays information about the processes that are running on the computer. A process can be an application that you start or subsystems and services that are managed by the operating system.
A scenario for using Task Manager is when you have a performance issue and you want to determine which compute resource (memory, disk, network, CPU) is overtaxed. By observing the percentage of use of each resource, you can first determine which resource is the problem and then locate the process that is using most of that resource.
In Windows, you can manage your hard drives using the Disk Management tool. To access Disk Management, access the Control Panel and double-click Administrative Tools. Then double-click Computer Management. Finally, double-click Disk Management.
The Disk Management screen lets you view a host of information regarding all the drives installed in your system, including CD-ROM and DVD drives. The list of devices in the top portion of the screen shows you additional information for each partition on each drive, such as the file system used, status, free space, and so on. If you right-click a partition in either area, you can perform a variety of functions, such as formatting the partition and changing the name and drive letter assignment. For additional options and information, you can also access the properties of a partition by right-clicking it and selecting Properties.
The basic unit of storage is the disk. Disks are partitioned (primary, logical, extended) and then formatted for use. With the Windows operating systems this exam focuses on, you can choose to use either FAT32 or NTFS; the advantage of the latter is that it offers security and many other features that FAT32 can’t handle. Both Windows 7 and Windows Vista can be installed only in NTFS, but they will recognize FAT partitions.
If you’re using FAT32 and want to change to NTFS, the convert
utility will allow you to do so. For example, to change the E: drive to NTFS, the command is convert e: /FS:NTFS
.
Once the disk is formatted, the next building block is the directory structure, in which you divide the partition into logical locations for storing data. Whether these storage units are called directories or folders is a matter of semantics—they tend to be called folders when viewed in the graphical user interface (GUI) and directories when viewed from the command line.
The status of a drive can have a number of variables associated with it (System, Boot, and so on), but what really matters is whether it falls into the category of healthy or unhealthy. As the title implies, if it is healthy, it is properly working, and if it is unhealthy, you need to attend to it and correct problems. In Figure 6.28 you can see in the Status column of Disk Management that all drives are healthy.
You can find a list of status states that are possible and require action at https://technet.microsoft.com/en-us/library/cc771775.aspx.
Drives must be mounted before they can be used. Within Windows, most removable media (flash drives, CDs, and so forth) are recognized when attached and mounted. Volumes on basic disks, however, are not automatically mounted and assigned drive letters by default. To mount them, you must manually assign them drive letters or create mount points in Disk Management.
You can also mount from the command line using either the Diskpart or Mountvol utility.
Initializing a disk makes it available to the disk management system, and in most cases the drive will not show up until you do this. Once the drive has been connected or installed, it should be initialized. Initializing the drive can be done at the command line using diskpart
or in the Disk Management tool. You need to know that initialization will wipe out any drive contents! To use diskpart
to perform the initialization on 2 TB drives and smaller, follow these steps:
diskpart
.list disk
.select disk X
(where X
is the number your drive shows up as).clean
.create partition primary
.format quick fs=ntfs
.assig
n.exit
.To use diskpart
to perform the initialization on drives that are 2.5 TB or larger, follow these steps:
diskpart
.list disk
.select disk X
(where X
is the number your drive shows up as)clean
.convert gpt
.create partition primary
.format quick fs=ntfs
.assign
.exit
.To use Disk Management, follow this procedure:
Disk Management
. With the drive connected, you will get the pop-up box shown in Figure 6.29.
If you didn’t get the pop-up, right-click and select to initialize the newly added drive under where it says Disk 1, as shown in Figure 6.30.
It is possible to add more space to partitions (and logical drives) by extending them into unallocated space. This is done in Disk Management by right-clicking and choosing Extend or using the Diskpart utility.
Just as you can extend a partition, you can also reduce the size of it. While this operation is generically known as splitting the partition, the menu option in Disk Management is Shrink. By shrinking an existing partition, you are creating another with unallocated space that can then be used for other purposes. You can shrink only basic volumes that use the NTFS file system (and space exists) or that do not have a file system.
It is also possible to shrink a volume from its size at creation. To do so in Disk Management, access the volume in question, right-click the volume, and select Shrink Volume, as shown in Figure 6.31.
This will open another box that will allow you to control how much you want to shrink the volume, as shown in Figure 6.32.
Mounting drives and assigning drive letters are two tasks that go hand-in-hand. When you mount a drive, you typically assign it a drive letter to be able to access it. Right-clicking a volume in Disk Management gives the option Change Drive Letter And Paths, as shown in Figure 6.33.
When removable drives are added, the Windows operating system is configured, by default, to identify them and assign a drive letter. When nonremovable drives are added, you must mount them and assign a drive letter, as mentioned earlier.
Arrays are added to increase fault tolerance (using RAID) or performance (striping). Disk Management allows you to create and modify arrays as needed.
Configuring storage spaces is a fault tolerance and capacity expansion technique that can be used as an alternative to the techniques described earlier when discussing dynamic volume types. It enables you to virtualize storage by grouping industry-standard disks into storage pools and then creating virtual disks called storage spaces from the available capacity in the storage pools. This means that, at a high level, you have to do three tasks to use storage spaces.
First let’s look at creating the pool from several physical disks. Each of the disks must be at least 4 GB in size and should not have any volumes in it. The number of disks required depends on the type of resiliency you want to provide to the resulting storage space. Resiliency refers to the type of fault tolerance desired. Use the following guidelines:
To create the pool, access the Control Panel using any of the methods discussed so far and click the applet Storage Spaces. On the resulting page, select the option Create A New Pool And Storage Space. On the Select Drives To Create Storage Pools page, the drives that are available and supported for storage pools will appear, as shown in Figure 6.34.
In this case, only one drive is eligible, so you can create only a simple type pool. Check the drive and click the Create Pool button at the bottom of the page. On the next page, give the space a name, select a drive letter, and choose the file system (NTFS or REFS), the resiliency type (in this case you can select only Simple), and the size of the pool. Figure 6.35 shows the pool as Myspace, with a drive letter of F, an NTFS file system, simple resiliency, and a maximum size of 100 GB. When you click Create Storage Space, the space will be created. Be aware that any data on the physical drive will be erased in this process!
When the process is finished, the new space will appear on the Manage Storage Spaces page. Now you have a pool and a space derived from the pool. The last step is to create a volume in the storage space. If you now access Disk Management, you will see a new virtual disk called Myspace. It will be a basic disk, but you can convert it to dynamic by right-clicking it and selecting Convert To Dynamic Disk. This will allow to you shrink or delete the existing volume if you desire.
A scenario for using diskpart
is to extend a partition that is getting full.
diskpart
.list disk
.select disk n
where n
is the partition you want to extend.list partition
.partition
n
, where n
is the partition you want to extend.extend size=n
, where n
is the size in megabytes you want to add to the partition.Table 6.21 lists the utilities CompTIA singles out as relevant to know for this section. All of these can be started from Start Run by typing the name and pressing Enter.
Table 6.21 System utilities
Utility | Purpose |
MSCONFIG |
Discussed previously, the MSConfig configuration utility is useful for looking at start-related settings. |
REGEDIT |
Used to open and edit the Registry. Regedit does not have save or undo features (though you can import and export); once you make a change, you’ve made the change for better or worse, and this is not a place to play around in if you’re not sure what you’re doing. The Registry is divided into five “hives” that hold all settings. The two main hives are HKEY_USERS (which contains settings for all users) and HKEY_LOCAL_MACHINE (which contains settings for the machine itself). HKEY_CURRENT_USER is a subset of HKEY_USERS, holding information only on the current user. HKEY_CURRENT_CONFIG and HKEY_CLASSES_ROOT are both subsets of HKEY_LOCAL_MACHINE for the current configuration. |
COMMAND |
Starts a command prompt window intentionally designed to have the look and feel of a DOS command line. Because it is, despite its appearance, a Windows program, the command prompt provides all the stability and configurability you expect from Windows. |
SERVICES.MSC |
An MMC snap-in that allows you to interact with the services running on the computer. The status of the services will typically be either started or stopped, and you can right-click and choose Start, Stop, Pause, Resume, or Restart from the context menu. Services can be started automatically or manually, or they can be disabled. If you right-click the service and choose Properties from the context menu, you can choose the startup type as well as see the path to the executable and any dependencies. |
MMC |
Starts the management console, allowing you to run any snap-in (such as SERVICES.MSC ) |
MSTSC |
Remote Desktop Connection Usage is used to configure remote desktop connections. |
NOTEPAD |
Starts a simple editor. You can edit a file that already exists or create a new one. |
EXPLORER |
Starts the Windows interface, allowing you to interact with files and folders |
MSINFO32 |
The System Information dialog box, this tool displays a thorough list of settings on the machine. You cannot change any values from here, but you can search, export, save, and run a number of utilities. It is primarily used during diagnostics because it is an easy way to display settings such as IRQs and DMAs. |
DXDIAG |
The DirectX Diagnostic tool (which has the executable name dxdiag) allows you to test DirectX functionality, with a focus on display, sound, and input. When started, you can also verify that your drivers have been signed by Microsoft. DirectX is a collection of APIs related to multimedia. |
Defrag |
Defrag is a tool that can be used to reorganize the data on a drive such that all parts of each file are located in the same place, improving performance. |
System Restore |
System Restore is a tool that can be used to create restore points, or snapshots of a system at certain points in time that can be returned to when a system gets corrupted. When a restore is performed, it leaves all data unaltered but returns the operating system settings to the state they were in when the restore point was created. |
Windows Update |
Windows Update is a tool that can be used to automate the process of checking for updates and patches. Once the feature is enabled, the system will check with the Update website for missing patches on a schedule and keep the device up-to-date. You have four choices for the update process: Install Updates Automatically downloads the updates and installs them when they are available; Download Updates And Let Me Choose When To Install downloads the updates and notifies the user; Check For Updates But Let Me Choose Whether To Download And Install Them just notifies the user an update is available; Never Check For Updates stops all update notifications. |
Describe the Administrative tools in Windows. These tools include Computer Management, Device Manager, Users and Groups, Local Security Policy, Performance Monitor, Services, System Configuration, Task Scheduler, Component Services, Data Sources, Print Management, Windows Memory Diagnostics, Windows Firewall, Advanced Security, and User Account Management.
The Control Panel is often the first place to turn for configuration settings. The applets contained within it allow you to customize the system and personalize it for each user.
Among the applets that every version of Windows has in common, CompTIA specifically singles out a number of them for you to know. The topics covered in this chapter include the following:
The configuration settings for Internet Options provide a number of Internet connectivity possibilities. The tabs here include Connections, Security, General, Privacy, Content, Programs, and Advanced.
As the name implies, from this tab you can configure connections for an Internet connection, a dial-up or VPN connection, and LAN settings, as shown in Figure 6.36.
A scenario for using this tool would be when a user needs you to configure his laptop with a VPN connection to the office.
On the Security tab, as shown in Figure 6.37, you can choose both a zone and a security level for the zone. The zones include Internet, Local Intranet, Trusted Sites, and Restricted Sites. The default security level for most of the zones is between High and Medium-High, but you can also select lower levels.
A scenario in which you would use this tool is when a user wants more secure settings on his Internet connection while loosening the settings somewhat for his home network.
On the General tab, as shown in Figure 6.38, you can configure the home page that appears when the browser starts or a new tab is opened. You can also configure the history settings, search defaults, what happens by default when new tabs are opened, and the appearance of the browser (colors, languages, fonts, and accessibility).
A scenario for using this tool is when a user would like to change his home page to the company intranet site.
Privacy settings, as shown in Figure 6.39, allow you to configure the privacy level, choose whether you want to provide location information, use Pop-up Blocker, and disable toolbars (and extensions) when InPrivate Browsing starts.
A scenario for using this tool would be when a user needs to disable pop-ups for a site that requires them to function properly.
On the Programs tab, as shown in Figure 6.40, you specify which browser you want to be the default browser, what editor to use if HTML needs editing, and what programs to associate with various file types. You can also manage add-ons from here.
A scenario for using this tool is when a user has an unusual file type that his system doesn’t recognize. You could use this tool to associate the file type with the application that opens it.
On the Advanced tab, as shown in Figure 6.41, you can reset settings to their default options. You can also toggle configuration settings for granular settings not found on other tabs.
A scenario for using this tab would be when a user has played with the settings and would like to get them back to the default; this tool will do it.
Display or Display Settings can be found by right-clicking the desktop and selecting Display Settings.
The resolution settings vary based on the OS, but when you need to set the resolution, this is the place to do it. The documentation that comes with the computer will prescribe a Recommended setting that you should not exceed.
Color depth is either the number of bits used to indicate the color of a single pixel, in a bitmapped image or video frame buffer, or the number of bits used for each color component of a single pixel. In Windows 7, this can be set on the Monitor tab of the properties of the adapter, as shown in Figure 6.42.
In Windows 8, 8.1 and Windows 10, color depth, resolution, and refresh rate are all the same drop-down box and are found after clicking the List All Modes button on the Adapter tab of the display, as shown in Figure 6.43.
The refresh rate is the number of times in a second that a display updates its buffer and is expressed in hertz. In Windows 7, the refresh rate is set using a drop-down box just above the setting for color depth (see Figure 6.42). In Windows 8, 8.1, and 10, the setting is located as described in the previous section, “Color depth.”
This dialog box lets you create and manage user accounts, parental controls, and related settings. The default users created are Administrator, Guest, and the administrative account created during the install.
This dialog box lets you configure how folders are displayed in Windows Explorer.
On the View tab, shown in Figure 6.44, beneath Advanced Settings, you can choose the option Show Hidden Files, Folders, And Drives, and this will allow you to see those items. The opposite of this—the default setting—is Don’t Show Hidden Files, Folders, Or Drives. Radio buttons allow you to choose only one of these options.
A related check box that you should also clear in order to see all files is Hide Protected Operating System Files (Recommended) (Not shown in Figure 6.44.) When this check box is cleared, those files will also appear in the view you are seeing.
Hiding these files is recommended so that users do not inadvertently delete or change these critical files. Hiding them is the default setting.
On the View tab, shown in Figure 6.44, you must clear the check box Hide Extensions For Known File Types in order for the extensions to be shown with the files.
You can configure the layout on the General tab of Folder Options (shown in Figure 6.45). Browsing options allow you to choose whether each folder will open in its own folder or the same folder. The Navigation Pane setting allows you to control what items are included in the tree structure that appears to the left when using File Explorer.
Along with the setting that allows you to hide or show file extensions and to show hidden files are a number of other settings that affect what you see when you use File Explorer (as shown in Figure 6.44 earlier).
Always Show Icons, Never Thumbnails Always show icons, rather than thumbnail previews of files. Use this setting if thumbnail previews are slowing down your computer.
Always Show Menus Always show menus above the toolbar. Use this setting if you want access to the classic menus, which are hidden by default.
Display File Icon On Thumbnails Always shows the icon for a file in addition to the thumbnail (for easier access to the related program).
Display File Size Information In Folder Tips See the size of a folder in a tip when you point to the folder.
Hide Protected Operating System Files See all system files that are usually hidden from view.
Hide Empty Drives In The Computer Folder Show removable media drives (such as card readers) in the Computer
folder even if they currently don’t have media inserted.
Launch Folder Windows In A Separate Process Increase the stability of Windows by opening every folder in a separate part of memory.
Restore Previous Folder Windows At Logon Automatically open the folders that you were using when you last shut down Windows whenever you start your computer.
Show Drive Letters Hide or show the drive letter of each drive or device in the Computer
folder.
Show Encrypted Or Compressed NTFS Files In Color Display encrypted or compressed NTFS files with unique color coding to identify them.
Show Pop-Up Description For Folder And Desktop Items Turn off the tips that display file information when you point to files.
Show Preview Handlers In Preview Pane Never show or always show the contents of files in the preview pane. Use this setting to improve the performance of your computer or if you don’t want to use the preview pane.
Use Check Boxes To Select Items Add check boxes to file views for easier selection of several files at once. This can be useful if it’s difficult for you to hold down the Ctrl key while clicking to select multiple files.
When typing into list view, there are two radio buttons.
Automatically Type Into The Search Box Automatically puts the cursor in the search box when you start typing.
Select The Type Item In The View Does not automatically put the cursor in the search box when you start typing.
This utility allows you to view and configure various system elements. From within this one relatively innocuous panel, you can make a large number of configuration changes to a Windows machine. The different versions of Windows have different options available in this panel, but they will include some of the following: General, Network Identification, Device Manager, Hardware, Hardware Profiles, User Profiles, Environment, Startup/Shutdown, Performance, System Restore, Automatic Updates, Remote, Computer Name, and Advanced. System is found in Control Panel.
The General tab gives you an overview of the system, such as OS version, registration information, basic hardware levels (Processor and RAM), and the service pack level that’s installed, if any.
Performance settings are configured on the Advanced tab, as shown in Figure 6.46. Clicking the Settings button allows you to change the visual effects used on the system and configure Data Execution Prevention (DEP). Data execution prevention is a security feature that prevents the execution of certain processes in key files. You can also configure virtual memory on the Advanced tab. Virtual memory is the paging file used by Windows as RAM.
In most cases you should never change the virtual memory section but in cases where performance is lagging you can try to dedicate more disk space for this function.
On the Remote tab, as shown in Figure 6.47, you can choose whether to allow Remote Assistance to be enabled.
On the System Protection tab, as shown in Figure 6.48, you can choose to do a system restore as well as create a manual restore point and see the date and time associated with the most recent automatic restore point.
As the name implies, the Windows Firewall applet can be used to manage the firewall included with the operating system. Figure 6.49 shows an example. In this case, the computer’s firewall settings are being managed by the domain administrator. When the computer is outside of that network, the firewall settings are available to the user of the computer.
Here you can configure different power schemes to adjust power consumption, dictating when devices—the display and the computer—will turn off or be put to sleep. Through the Advanced Settings, you can configure the need to enter a password to revive the devices, as well as configure wireless adapter settings, Internet options (namely, JavaScript), and the system sleep policy. Common choices include the following:
Power plans are collections of power settings that determine when various components in the device are shut down. There are some built-in plans available, or you can create your own. There are three default plans: Balanced, which strikes a balance between performance and saving power; Power Saver, which errs on the side of saving power at the expense of performance; and High Performance, which errs on the side of performance over power saving. These options appear on the opening page when you open Power Options, as shown in Figure 6.50. To create a power, select Create A Power Plan from the tree menu on the left.
This applet, shown in Figure 6.51, allows you to manage the credentials you have saved when prompted if you would like to save them for a site. The web passwords (which are cut off for security reasons) appear in a list below the heading “Web passwords.” When you select the Windows credentials icon, the same list for Windows credentials appears.
Formerly known as Add/Remove Programs, this tool allows you to manage the programs running on the machine and the Windows features as well. Windows Features are tools and utilities that come with the operating system that may or may not be installed and running. You can uninstall any program you have installed here. When you select Turn Windows Features On Or Off from the menu on the left, you get a box that allows you to enable and disable Windows features, as shown in Figure 6.52.
In Windows 7, 8, 8.1, and 10 is an applet called HomeGoup. The purpose of HomeGroup (Start Control Panel HomeGroup) is to simplify home networking (the sharing of files and printers). Figure 6.53 shows the Homegroup applet for a device that is not currently connected to its home network. Windows 7 Starter can only join a HomeGroup, while all other editions of Windows 7 can both join and create a HomeGroup. The location must be set to Home.
Shared files can include libraries (a big feature of Windows 7). All computers participating in the HomeGroup must be running Windows 7, Windows 8, or Windows 8.1, and the network cannot extend outside of the small group.
If a Windows 10 computer is part of a domain, the user can only join an existing Homegroup, not create one.
In Windows 7, Windows 8, Windows 8.1, and Windows 10 the Devices And Printers applet is now the place where printers and other devices are managed. This tool is divided into three sections with printers in one, multimedia devices in another, and other devices in a third, as shown in Figure 6.54. To manage any device, you right-click the device and select its properties. The printers also can be double-clicked, and you can see what’s printing, manage the print queue, and adjust additional settings.
Windows 7, Windows 8, Windows 8.1, and Windows 10 have a Control Panel item called Sound that is used to manage all sound settings. You can manage the input devices (microphones, lines in) and the output devices (speakers, headphones) in one place. Moreover, you can enable and disable the various Windows sounds that you hear when certain events occur. Figure 6.55 shows the Sound applet.
Available in Windows 7, 8, 8.1, and 10, this applet (Start ➢ Control Panel ➢ Troubleshooting) is used to provide a simple interface to attack many common problems. All links preceded by a shield require administrator permissions to run and are often tied to UAC prompts before continuing. Most of the problems found will be “automatically fixed” without any prompts. For example, clicking the link Improve Power Usage will start the Power Troubleshooter and then fix problems that it identifies. Clicking the link to get help from a friend brings up Remote Assistance, allowing someone to connect to this computer.
You can also offer to be the one helping another. Figure 6.56 shows this applet.
In Windows 7, 8, 8.1, and 10, all network settings have been combined in an applet called Network And Sharing Center, where many sharing functions have also been relocated. While most of the tools are dedicated to creating and managing both wireless and wired network connections, some Advanced sharing functions are available in this applet. Figure 6.57 shows this applet.
Device Manager has been discussed in several sections so far, including in Table 6.20 and under objective 1.5 earlier in this chapter. Figure 6.58 shows this applet.
The BitLocker Drive Encryption Control Panel applet is used to turn on, suspend, or turn off BitLocker whole-drive encryption on your hard drives and flash drives. This applet is not available in Windows 10 but is found in all others. It is shown in Figure 6.59.
The Sync Center Control Panel applet is used to manage synchronization activity between your local computer and another location. Sync Center is available in Windows 8, Windows 7, and Windows 10. It is shown in Figure 6.60.
Identify the purpose of Control Panel utilities. These tools include Internet Options, Display/Display Settings, User Accounts, Folder Options, Windows Firewall, Power Options, Credential Manager, Programs And Features, HomeGroup, Devices And Printers, Sound, Troubleshooting, Network And Sharing Center, Device Manager, BitLocker, and Sync Center.
When installing applications, there are a number of considerations. This objective consists of the following topics:
Every application has minimum system requirements with regard to computing resources. The two most critical to proper operation are covered in this section.
Consult the documentation of the software to determine the minimum amount of disk space required to hold the installation. These minimums are not suggestions; the software will simply not install if they are not met.
The minimum of RAM required should be viewed as just that, a minimum. Make sure you have more than required for satisfactory performance.
Beyond the disk space and RAM, there are operating system considerations as well.
As mentioned earlier, applications are written to be compatible with various operating systems and the compatibility with your system must be ensured.
There are a couple of ways the installation files may be introduced to your system. Let’s look at the two most common.
Outside of the enterprise, most installations are done by using the CD that came with the software or by placing these same files on a USB stick and accessing them from the USB drive.
In most enterprises, installations are done by placing the installation files in a network location and accessing and running them from the network location. This saves administrative effort involved in visiting each machine manually with the installation CD.
Keep in mind that administrative privileges will be required to install software. This is typically not an issue in the home since users are typically administrators of their local machine. In the enterprise, however, that may not be the case and should be a consideration when deploying software.
When a network location has been configured as an installation point, ensure that users that will be accessing the share have the proper permissions to the folder holding the installation files. They must be able to execute the files in the folder.
Applications can serve as a security opening to hackers. Always research and consider the relative security of an application.
Some software can be compromised in such a way as to potentially allow compromise of the entire device. Consider the application’s reputation in the industry with regard to such weaknesses.
While it’s bad enough that a software compromise can lead to device compromise, it can also lead to a compromise of multiple devices on the network.
Identify methods of installation and deployment. These methods include local (CD/USB) and network-based.
Understand critical system requirements Identify the system resources that must be fulfilled during each installation including RAM, CPU, and disk space.
CompTIA offers a number of exams and certifications on networking (Network+, Server+, and so on), but to become A+ certified, you must have good knowledge of basic networking skills as they relate to the Windows operating system.
It’s important to know how network addressing works and the features offered in the Windows operating systems to simplify configuration. CompTIA expects you to have a broad range of knowledge in this category, including some obscure features (such as QoS). The topics covered in this chapter include the following:
As you learned in the previous objective, HomeGroup offers a simplified way to set up a home network. It allows you to share files (including libraries) and prevent changes from being made to those files by those sharing them (unless you give them permission to do so).
All computers participating in the HomeGroup must be running Windows 7, 8, 8.1, or 10, and the network can never grow beyond a limited size. While all editions of Windows 7 can join a HomeGroup, not all can create a HomeGroup. Windows 8 and Windows 8.1 clients can do both.
An alternative to make sharing easier in the home is to add all the computers to a peer-to-peer network. A peer-to-peer network, one of two network types you can create in Windows (also known as a workgroup), consists of a number of workstations (two or more) that share resources among themselves. The resources shared are traditionally file and print access, and every computer has the capacity to act as a workstation (by accessing resources from another machine) and as a server (by offering resources to other machines).
The other network type is client-server (or a domain). The primary distinction between workgroups and client-server networks is where security is controlled: locally on each workstation or centrally on a server. A domain is a centrally managed group of computers, and physical proximity does not matter; the computers within a domain may all be on the same LAN or spread across a WAN.
The advantage of a peer-to-peer network is that the cost is lower; you need only add cards and cables to the computers you already have if you’re running an operating system that allows such modifications. With a server-based network, you must buy a server—a dedicated machine—and thus the costs are higher. It’s never recommended that a peer-to-peer network be used for more than 10 workstations because the administration and management become so significant that a server-based network makes far greater sense.
In a domain (also known as a client-server network), users log on to the server by supplying a username and password. They’re then authenticated for the duration of their session. Rather than requiring users to give a password for every resource they want to access (which would be share-level), security is based on how they authenticated themselves at the beginning of their session. This is known as user-level security, and it’s much more powerful than share-level security.
Enterprise networks join servers, workstations, and other devices into security associations called domains or realms. These associations are made possible through the use of directory services such as Active Directory. These associations are what make the concept of single sign-on possible. This means that any user can log into the network using any device that is a domain member and receive all his assigned rights and privileges by using a single logon.
Joining a computer to the domain can be done during the installation in some cases, but most administrators do this after the successful installation of the operating system. An example of how this is done in Windows 10 is shown in Figure 6.61. This is done on the Computer Name tab of System Properties by clicking the Change button. To navigate to System Properties, open Control Panel and select the System icon (using icon view). Then select Advanced System Settings from the menu on the left side of the page. This opens the System Properties dialog box shown in Figure 6.61.
Network shares can be mapped to drives to appear as if the resources are local. The NET USE
command is used to establish network connections via a command prompt. For example, to connect to a shared network drive and make it your M drive, you would use the syntax net use m: \servershare
. This can also be done in File Explorer, as shown in Figure 6.11 earlier.
NET USE
can also be used to connect to a shared printer: net use lpt1: \printername
.
An administrative share is one that is hidden to those file browsing. To connect to these drives, you must reference the name of the drive. While you can create a hidden drive at any time simply by adding a dollar sign at the end of its name, there are some default administrative drives.
Table 6.22 gives information on the default administrative drives.
Table 6.22 Default administrative drives
Share name | Location | Purpose |
ADMIN$ |
%SystemRoot% |
Remote administration |
IPC$ |
N/A | Remote interprocess communication |
print$ |
%SystemRoot%System32spooldrivers |
Access to printer drivers |
C$ , D$ , E$ and so on |
The root of any drive | Remote administration |
In Chapter 3, “Hardware” in the section “Public/shared devices,” you learned how to share a printer that is connected locally to a computer. It is also possible to connect to a network printer that is not tied to a computer but has its own IP address and probably built-in print server. To connect or map a user’s device to one of these devices, follow the procedure to add a shared printer, and on the page you normally enter the UNC path to the shared printer, select the option Add A Printer Using A TCP/IP Address Or Hostname, as shown in Figure 6.62, and click Next.
Enter the IP address or the hostname of the printer, as shown in Figure 6.63, and click Next.
If the IP address is correct and can be reached, the printer driver will download, and the printer will be added to the printer’s area of Control Panel.
When configuring the connection method for accessing the Internet, the three choices Windows offers are This Computer Connects Directly To The Internet, This Computer Connects Through A Residential Gateway Or Another Computer, and Other. If you choose the first option, you can turn on Internet Connection Sharing (ICS) and allow this machine to serve as a proxy. The network connection you configure can be wireless or wired, dial-up, or a virtual private network (VPN).
VPN A VPN is used when you want to connect from a remote location (such as home) to the company’s network (authenticating the user and encrypting the data).
Dial-ups Dial-up connections are used when a modem must be used to gain access. Typically, the dial-up connection is to an Internet service provider (ISP) and used in remote locations where faster forms of access are not available.
Wireless A wireless connection uses one of the 802.11 technologies, along with encryption to connect to the network.
Wired A wired connection uses a wire to connect the computer to the network. Typically, this is an Ethernet cable, such as 100BaseT, which connects to a hub or switch and offers network access to the host.
WWAN (Cellular) A wireless wide area network (WWAN) connection is one that uses cellular to connect the host to the network. A wireless service provider (such as AT&T, Sprint, or T-Mobile) will provide a card that is plugged into the host to make the cellular connection possible.
The choices will vary slightly based on the version of Windows you are using, but those commonly available are shown in Table 6.23.
Table 6.23 Network connection options
Option | Purpose |
Connect To The Internet | Use for connection to a proxy server or other device intended to provide Internet access. This includes wireless, broadband, and dial-up. |
Set Up A Wireless Router Or Access Point | If the wireless device will be connected to this machine, this is the option to use. |
Manually Connect To A Wireless Network | If you have a wireless network already in place and the device (such as the router) is not directly connected to this machine, use this option. |
Set Up A Wireless Ad Hoc (Computer-To-Computer) Network | This is meant for peer-to-peer resource sharing via wireless network cards and is typically a temporary connection. |
Set Up A Dial-Up Connection | If you live someplace where the only way to access a network is by using a dial-up modem, this is the option to select. |
Connect To A Workplace | If you need to dial into a VPN from a remote location, this is the option to use. |
Regardless of which option you choose, you will need to fill out the appropriate fields for the device to be able to communicate on the network. With TCP/IP, required values are an IP address for the host, subnet mask, address for the gateway, and DNS information.
Proxy settings identify the proxy server to be used to gain Internet access. The proxy server is responsible for making the Internet access possible and may utilize Network Address Translation (NAT) to translate between the public network (Internet) and the private network (on which the host sits). These settings are configured by using the LAN Settings button in the Connections tab to open the dialog box shown in Figure 6.64.
Remote Desktop, which is not included in the Home editions of the operating systems, allows members of the Administrators group to gain access to the workstation. (You can specifically allow other users as well.) By default, Remote Desktop is not enabled on Windows 7, but you can enable it from Remote Settings in the Control Panel applet System And Security. To enable Remote Desktop connections in Windows 7, follow these steps:
To enable Remote Desktop connections in Windows 8, 8.1, and 10, follow these steps:
Remote Assistance is a tool that allows you to connect to a remote computer to provide assistance to another user currently logged into that computer. When you connect via Remote Assistance, you do not have to log into that computer; instead, invitations are sent from the host computer to you so you can take over the computer. You can use the remote computer (the host computer) as if you are sitting in front of it. The user on the other end can watch your activities on-screen. At any time, either user can terminate the session. To configure this feature, follow these steps:
A user on the host computer can now send an invitation to you to allow you to connect to that computer for repair or training purposes.
In Windows 7, 8, 8.1, and 10 when you make a new connection, you are asked to identify whether it is a home network, work network, or public network. If you choose one of the first two, network discovery is on by default, allowing you to see other computers and other computers to see you. If you choose Public, network discovery is turned off.
Network discovery, when enabled, is a security issue, and this function should not be used on untrusted networks.
In Figure 6.68, you can see that the device is connected to a public network.
Windows Firewall (Start ➢ Control Panel ➢ Windows Firewall) is used to block access from the network. In Windows 7, 8, 8.1, and 10, it is divided into separate settings for private networks and public networks.
Exceptions are configured as variations from the rules. Windows Firewall will block incoming network connections except for the programs and services that you choose to allow through. For example, you can make an exception for Remote Assistance to allow communication from other computers when you need help (the scope of the exception can be set to allow any computer, only those on the network, or a custom list of allowed addresses you create). Exceptions can include programs as well as individual ports.
A scenario for using exceptions would be when you want to block all traffic with the exception of only required traffic. You define each allowed traffic type as an exception and disallow all others by default.
Most of the configuration is done as network connection settings. You can configure both ICMP and Services settings. Examples of ICMP settings include allowing incoming echo requests, allowing incoming router requests, and allowing redirects. Examples of services often configured include an FTP server, Post-Office Protocol Version 3 (POP3), and web server (HTTP).
A scenario for using this setting is to disallow ICMP traffic to prevent ping sweeps. This type of network probing is used to discover the devices in your network.
On the General tab of Windows Firewall, it is possible to choose the radio button Off (Not Recommended). As the name implies, this turns Windows Firewall completely off. The other radio button option, On (Recommended), enables the firewall. You can also toggle the check box Don’t Allow Exceptions. This option should be enabled when you’re connecting to a public network in an unsecure location (such as an airport or library), and it will then ignore any exceptions that were configured.
A scenario where you might choose to turn the firewall off is when you are using another firewall product instead. You want to use only one firewall.
Windows 7, 8, 8.1, and 10 all allow the use of an alternate IP address. This is an address that is configured for the system to use in the event the first choice is not available. The first choice can be either a dynamic or static address, and the alternate is used only if the primary cannot be found or used, such as when the DHCP server is down.
The Properties dialog box for each instance of IPv4—on any of the Windows operating systems this exam focuses on—contains an Alternate Configuration tab. To make changes, you must click it.
A scenario for using this is when your corporate network uses a DHCP server while you use a static address at home. You can set for DHCP and then make the alternate address the static address required at home.
Two radio buttons appear on the Alternate Configuration tab, as shown in Figure 6.69 Automatic Private IP Address and User Configured. The default is the first, meaning that the alternate address used is one in the APIPA range (169.254.x.x). Selecting User Configured requires you to enter a static IP address to be used in the IP address field. The entry entered must be valid for your network for it to be usable.
When you select the User Configured radio button on the Alternate Configuration tab, you must enter a value in the Subnet Mask field. This value must correspond with the subnet values in use on your network and work with the IP address you enter in the field above (see Chapter 2, “Networking” for more information on subnet addresses).
When you select the User Configured radio button on the Alternate Configuration tab, you should also enter values in the fields Preferred DNS Server and Alternate DNS Server. These entries are needed in order to translate domain names into IP addresses (see Chapter 2 for more information on DNS).
When you select the User Configured radio button on the Alternate Configuration tab, you must enter a value in the Default Gateway field. This value must correspond with the subnet values and the IP address you enter in the fields above. This address identifies the router to be used to communicate outside the local network (see Chapter 2 for more information on default gateways).
Like other devices, network cards can be configured to optimize performance. Configuration is done through the Properties dialog box for each card.
Duplexing is the means by which communication takes place.
Duplexing is set using the Advanced tab on the Properties of the network card, as shown in Figure 6.70.
The speed setting allows you to configure whether the card should run at its highest possible setting. You often need to be compatible with the network on which the host resides. If, for example, you are connecting a workstation with a 10/100BaseT card to a legacy network, you will need to operate at 10 MBps to match the rest of the network. Speed is set along with duplex, as shown in Figure 6.70.
Wake-on-LAN (WoL) is an Ethernet standard implemented via a card that allows a “sleeping” machine to awaken when it receives a wakeup signal from across the network.
Quality of Service (QoS) implements packet scheduling to control the flow of traffic and help with network transmission speeds. No properties can be configured for the service itself.
While some older devices may have network cards installed in slots, most devices now have integrated or built-in network interfaces on the motherboard. While these interfaces will be recognized and set up automatically, if you find you do not see an integrated interface when you go to Network And Sharing, you may need to enable the interface in the BIOS. The steps to locate this setting are specific to the BIOS on the machine, but if you identify the BIOS vendor and the version, you should be able to look up the steps on the BIOS vendor website.
Join a computer to a domain. Describe the steps involved in placing a computer in a domain using a directory service such as Active Directory.
In your career, you are almost certain to come in contact with both the Linux and MacOS operating systems (since 2001, the MacOS system has been called OS X, so you may consider those terms interchangeable). Although these systems constitute only a small percentage of the total number of devices found in the enterprise, the proponents of both of these systems are cult-like in their devotion to their operating systems. Linux is probably used more often, in part because many proprietary operating systems that reside on devices such as access points, switches, routers, and firewalls are Linux-based. In this section of the chapter, you will be introduced to some of the common features and functions in these operating systems. The subobjectives covered in this section include the following:
Like any operating system, Linux and MacOS will function better and with more reliability when given the proper care. This section will discuss some of the best practices that have been developed over the years for using these operating systems.
In Linux, backups of data can be scheduled using the rsync
utility from the command line. While there is another utility, cp
, that can be used, rsync
prevents unnecessary copying when the destination file has not been changed. It also can operate both locally and remotely. It also encrypts the transfer. The basic syntax is as follows, where the -a
switch tells rsync
to work in “archive” mode:
rsync -a [source dir] [destination dir]
As with any command-line utility, you can create batch files and schedule these backups.
In MacOS, you can also use rsync
, but another tool is available. With Time Machine, you can back up your entire Mac, including system files, apps, music, photos, emails, and documents. When Time Machine is enabled, it automatically backs up your Mac and performs hourly, daily, and weekly backups of your files.
Because Linux systems manage the disk differently than Windows, they need no defragmentation. There is a maintenance task you may want to schedule in Linux. From time to time you should run a file system checker called fsck
. This is a logical file system checker.
The MacOS needs defragmentation in only a small number of cases. If the user creates large numbers of multimedia files and the drive has been filling for quite some time, the system may benefit from defragmentation. However, in most cases, this is not required.
One task that is beneficial to execute from time to time is to check the health of the disk using the Disk Utility’s Verify Disk functionality. While many disk operations (including the use of Time Machine) require booting to a different drive to perform the operation on the drive in question, Disk Utility can perform a live verification without doing this.
Many of the versions of Linux now make updates much easier than in the past. Both Ubuntu and Fedora offer a GUI tool (shocking!) for this. In Ubuntu, for example, choosing System ➢ Administration and then selecting the Update Manager entry will open Update Manager. When it opens, click the Check button to see whether there are updates available. Figure 6.71 shows a list of available updates.
Of course, you can still do this from the command line. Follow these steps:
sudo apt-get upgrade
.In MacOS, updates can come either directly from Apple or from the Apple Store. To make updates automatic, access Software Update preferences, where you can set it to daily, monthly, or weekly, as shown in Figure 6.72.
While in the past patch management in Linux and MacOS presented more of a challenge than with Windows, today the same tool used to manage patches with Windows (System Center Configuration Manager) can now be used to patch additional systems such as Linux and Mac. There are also third-party tools such as Spacewalk that can manage updates.
Updating drivers and firmware in Linux can be done either during the installation or afterward. Some versions, such as Red Hat, recommend installing first and then performing the upgrade. While the upgrade process varies from version to version, in Ubuntu either you can wait until a new version of the OS is released (which is once every six months) and get the update from the Software Update Center, or you can access what is called a personal package archive (PPA). These PPAs are repositories containing drivers that can be easily made available to the Ubuntu Update Manager by adding the PPA to the local system. Once added, the drivers will appear as available when you access the local Ubuntu Update Manager, as shown in Figure 6.73.
In Red Hat, driver and firmware updates, download the driver update RPM package from the location specified by Red Hat or your hardware vendor. Then locate and double-click the file that you downloaded. The system might prompt you for the root password, after which it will present the Installing packages box, shown in Figure 6.74. Then click Apply.
On MacOS, firmware and driver updates are obtained from the Apple Support site. After the update finishes downloading, the system will restart, and while a gray screen appears, the update will be applied.
All the major antivirus and antimalware vendors create products for both Mac and commercial versions of Linux. Updates to the engines and definitions for these applications are done in a similar fashion to Windows. Checks for updates can be scheduled just as is done in Windows.
Tools exist to perform maintenance, some of which I have already mentioned. This section will cover some of these utilities and functions.
For all Linux versions, backup tools are available for free and for a fee. You can also use the tar
and cpio
command-line utilities to construct full or partial backups of the system. Each utility constructs a large file that contains, or archives, other files. In addition to file contents, an archive includes header information for each file it holds. Table 6.24 lists the parameters of the tar
command.
Table 6.24 tar
parameters
Option | Effect |
––append (–r) |
Appends files to an archive |
––catenate (–A) |
Adds one or more archives to the end of an existing archive |
––create (–c) |
Creates a new archive |
––delete |
Deletes files in an archive, not on tapes |
––diff (–d) |
Compares files in an archive with disk files |
––extract (–x) |
Extracts files from an archive |
––help |
Displays a help list of tar options |
––list (–t) |
Lists the files in an archive |
––update (–u) |
Like the –r option, but the file is not appended if a newer version is already in the archive |
On MacOS you can use Time Machine, discussed earlier in the section “Scheduled Backups.” Figure 6.75 shows this tool and some of its options.
In Linux, the snapshot feature provides the ability to create a volume image of a device at a particular instant without causing a service interruption. When a change is made to the original device (the origin) after a snapshot is taken, the snapshot feature makes a copy of the changed data area as it was prior to the change so that it can reconstruct the state of the device. You can use the -s
argument of the lvcreate
command to create a snapshot volume.
To restore a snapshot, first change the directory to where the snapshots are located. Once there, change to the hidden subdirectory called .snapshot
. There you will find directories such as nightly.0, nightly.1, nightly.2, hourly.0, hourly.1, ..., and hourly.10
(use the ls to
command to see them). Change to the directory that still contains your file and copy it to its original location.
You can use the Time Machine tool to restore files in Mac. The steps are as follows:
Recovering an entire image in either system is not different from restoring a single file. In Linux, you can use the rsync
utility to restore a snapshot. On Mac you use Disk Utility in conjunction with a backup of the system and the OS media. To do this, follow these steps:
.dmg
image, you’ll need to click the drive you saved the image to (do not drag it), click Image, and select the disk image from the drive you stored it on.While I covered the disk maintenance utilities in the various sections earlier, Table 6.25 summarizes the tools discussed.
Table 6.25 Disk maintenance utilities
Tool | Function |
rsync |
Backs up and restores files |
Time Machine | Backs up and restores files and images |
Fsck |
File system checker |
Disk utilities | Verifies disk health and restores images |
Tar |
Backs up files |
lvcreate |
Creates a snapshot volume |
In Linux, a shell is a command-line interface, of which there are several types. A terminal is a window that appears when you press Ctrl+Alt+T. They both accept commands, but they are two separate programs. The following are some differences:
MacOS calls the shell Terminal, and you can find it under Applications ➢ Utilities ➢ Terminal, as shown in Figure 6.76.
In Linux, you can share a screen with others by using third-party tools, but you can also do it using the following procedure as a root user: change permissions to allow users to be added to the session by typing chmod u+s /usr/bin/screen
(which allows a user to run an executable file of the specific owner who is launching the screen).
chmod 755 /var/run/screen
.Screen
to start the new screen.':multiuser on' //
.':acladd acl name' //
. For example, use :acladd jack -
.screen -x name_of_screen_session
.In Mac, a screen-sharing tool is built in. In OS X Yosemite, the process is as follows:
Force Quit can be used on a Mac to stop an unresponsive application. To use this function, follow these steps:
In Linux you can use the xkill
feature to kill a program you click. To do this, follow these steps:
gnome-terminal
to open a terminal session.sudo xkill
, and then click any window to kill it.Now that you have looked at maintenance on these systems, let’s examine some of the key features you will find in the MacOS and Linux variants. You can find many of these features in Windows with different names and different combinations of functions.
In Apple, Mission Control provides a quick way to see everything that’s currently open on your Mac. To use Mission Control, do one of the following:
Regardless of how you invoke Mission Control, all your open windows and spaces are visible, grouped by app. You can also use the tool to create desktops that are called spaces and place certain apps in certain spaces. Moreover, you can switch between the spaces in the same session.
When you enter Mission Control, all your spaces appear along the top of your screen. The desktop you’re currently using is shown below the row of spaces. To move an app window to another space, drag it from your current desktop to the space at the top of the screen.
To switch between spaces, do one of the following:
In Linux you can do this using what are called workspace switchers, which must be activated. For example, Figure 6.78 shows the activation window in Ubuntu Unity. Once it’s activated, you can create and populate workspaces and use Workspace Switcher to move from one to another, much like you do in Mac.
Keychain is the password management system in OS X. It can contain private keys, certificates, and secure notes. In MacOS X, keychain files are stored in ∼/Library/Keychains/
, /Library/Keychains/
, and /Network/Library/Keychains/
. Keychain Access is a MacOS X application that allows a user to access the Keychain and configure its contents.
Spot Light is a search tool built into Mac systems. To open Spot Light, click the magnifying glass icon in the upper-right corner of the menu bar, or press Command+spacebar from any app. Spot Light results can include dictionary definitions, currency conversions, and quick calculations. It will search the Web as well, but you can limit its scope to just search the local computer.
iCloud is Apple’s cloud storage solution, much like OneDrive in Windows. It also allows for the automatic synchronization of information across all devices of the user. In addition, it can be used to locate an iPhone and can be a location to which a backup can be stored. All Mac users are provided with 5 GB of free storage and then can purchase additional storage for a monthly fee.
Gestures are used in Mac to interact with a touchscreen. The system is based on using multitouch, which allows you to touch the screen in more than one place and initiate specific subroutines called gestures such as when expanding or reducing a photo.
While Finder can also be used on a Mac to search for files, its main function is a file system navigation tool, much like Windows Explorer. To open a new Finder window, click the Finder icon in the Dock and then select File ➢ New Window. Figure 6.79 shows a Finder window.
Remote Disk is an icon that appears under Devices as well as under Computer that allows you to see which computers on the same network have drives available to share with your Mac. When computers on the same network have disk sharing enabled and are online, you can highlight that icon to see a list of them. To share optical discs from a Mac that has a built-in or external optical drive, use these steps:
The Dock is the series of icons that appear usually on the bottom of the screen on a Mac. It provides quick access to applications that come with the Mac, and you can add your own items to the Dock as well. In many ways, it is like the taskbar in Windows. It keeps apps on its left side. Folders, documents, and minimized windows are kept on the right side of the Dock. Figure 6.80 shows the Dock.
Boot Camp is a utility on a Mac that allows you to create a multiboot environment. While Apple only supports using the tool to install a version of Windows, it has been used to also create a bootable version of Linux. The Boot Camp Assistant, shown in Figure 6.81, guides the user through the process of setting up the system.
While you may not be expected to be an expert in Linux, you will be responsible for knowing some basic Linux commands. This section will go over the main ones you need to know.
The ls
command lists information about the files in the current directory. Its syntax is as follows:
ls [OPTION]... [FILE]...
While the file options are too numerous to mention here, they mostly specify the format of the output. For a complete listing and their use, see http://linuxcommand.org/man_pages/ls1.html.
The grep
command is used to search text or to search the given file for lines containing a match to the given strings or words. Its syntax is as follows, where PATTERN
is the pattern you are trying to match:
grep [OPTIONS] PATTERN [FILE...]
It has options that govern the matching process as well as options that specify the output. For more information on the options and their use, see www.computerhope.com/unix/ugrep.htm.
The cd
command is used to change the current directory just as it does at the Windows command line. Its syntax is as follows:
cd [option] [directory]
The parameters that can be used with this command are as follows:
-L |
This option forces symbolic links to be followed. In other words, if you tell cd to move into a directory that is actually a symbolic link to a directory, it moves into the directory the symbolic link points to. |
-P |
This option uses the physical directory structure without following symbolic links. In other words, change into the specified directory only if it actually exists as named; symbolic links will not be followed. This is the opposite of the -L option, and if they are both specified, this option will be ignored. |
-e |
If the -P option is specified and the current working directory cannot be determined, this option tells cd to exit with an error. If -P is not specified along with this option, this option has no function. |
The shutdown
command brings the system down in a secure way. Its syntax is as follows:
shutdown [-akrhPHfFnc] [-t sec] time [message]
There are too many parameters to list here. For more information, see www.computerhope.com/unix/ushutdow.htm.
While the passwd
command changes passwords for user accounts, the pwd
command prints the full path name of the current working directory. The syntax for the passwd
command is as follows:
passwd [options] [LOGIN]
For information on the numerous options that can be used, see www.computerhope.com/unix/upasswor.htm.
The syntax for the pwd
command is as follows:
pwd [OPTION]...
The options that can be used are as follows:
-L , ––logical |
If the contents of the environment variable PWD provide an absolute name of the current directory with no . or .. components, then output those contents, even if they contain symbolic links. Otherwise, fall back to the default -P handling. |
-P , ––physical |
This prints a fully resolved name for the current directory in which all components of the name are actual directory names and not symbolic links. |
––help |
This displays a help message and exits. |
––version |
This displays version information and exits. |
While the mv
command can be used to move or rename a file in Linux, it’s usually used to move a file. In that scenario, the syntax is as follows:
mv [OPTION]... [-T] SOURCE DEST
For information on the parameters that can be used, see www.computerhope.com/unix/umv.htm.
The cp
command is used to copy files and directories. Its syntax is as follows:
cp [OPTION]... SOURCE... DIRECTORY
For information on the parameters that can be used, see www.computerhope.com/unix/ucp.htm.
The rm
command removes (deletes) files or directories when it is combined with the -r
option. The syntax is as follows:
rm [OPTION]... FILE...
For information on using parameters, see www.computerhope.com/unix/urm.htm.
The chmod
command is used to change the permissions of files or directories. Its syntax is as follows:
chmod options permissions filename
For information on using parameters, see www.computerhope.com/unix/uchmod.htm.
The cmkdir
command is used to create a Cryptographic File System (CFS) directory. These directories are stored in encrypted format. The command will prompt you for a password that will be used to encrypt the directory. The syntax of the command is as follows:
cmkdir [option] directory
For information concerning possible options, see www.linuxcertif.com/man/1/cmkdir/.
The chown
command is used to change the ownership of a file. The syntax is as follows, where new_owner
is the username or the numeric user ID (UID) of the new owner and object
is the name of the target file, directory, or link:
chown [options] new_owner object(s)
The ownership of any number of objects can be changed simultaneously.
The options are as follows:
-R
operates on file system objects recursively.-v
(verbose) provides information about every object processed.-c
reports only when a change is made.The ifconfig
and iwconfig
commands are used to configure network interfaces. While the ifconfig
command is dedicated to wired connections, the iwconfig
command is used on wireless interfaces. Here is the syntax of the two commands:
iwconfig interface [essid X] [nwid N] [mode M] [freq F] [channel C] [sens S ] [ap A ] [nick NN ] [rate R] [rts RT] [frag FT] [txpower T] [enc E] [key K] [power P] [retry R] [commit]
and
ifconfig interface [aftype] options | address ...
For information on the options, see
www.linuxcommand.org/man_pages/iwconfig8.html
and
The ps
command displays information about a selection of the active processes. Its syntax is as follows:
ps [options]
For information on the use of the options, see http://linuxcommand.org/man_pages/ps1.html.
The q
command is used to quit the Unix full-screen editor called vi. It can be used in two ways:
q |
Quits vi without saving, provided no changes have been made since the last save |
q! |
Quits vi without saving, leaving the file as it was in the last save |
The sudo
command can be added at the front of a command to execute the command using root privileges. For example, to remove a package with root privileges, the command is as follows:
sudo apt-get remove {package-name}
The su
command is used to change from one user account to another. When the command is executed, you will be prompted for the password of the account to which you are switching, as shown here:
$ su mact password: mact@sandy:∼$
apt-get
is the command-line tool for working with Advanced Packaging Tool (APT) software packages. These tools install packages on your system. The syntax of the command is as follows:
apt-get [-asqdyfmubV] [-o=config_string] [-c=config_file] [-t=target_release][-=architecture] {update | upgrade | dselect-upgrade | dist-upgrade |install pkg [{=pkg_version_number | /target_release}]... | remove pkg... | purge pkg... | source pkg [{=pkg_version_number | /target_release}]... | build-dep pkg [{=pkg_version_number | /target_release}]... | download pkg [{=pkg_version_number | /target_release}]... | check | clean | autoclean | autoremove | {-v | –version} | {-h | –help}}
For additional information on its use and the options, see www.computerhope.com/unix/apt-get.htm.
The vi command is used to invoke the vi editor (mentioned in the section about the q
command), which is a full-screen editor with two modes of operation: command mode that causes action to be taken on the file and insert mode in which entered text is inserted into the file. To enter vi, you use vi
filename
. If the file named filename
exists, then the first page (or screen) of the file will be displayed; if the file does not exist, then an empty file and screen are created into which you may enter text. To exit this mode when done, use one of the following commands, based on your intentions:
x |
Quits vi , writing out the modified file to the file named in the original invocation |
wq |
Quits vi , writing out the modified file to the file named in the original invocation |
q |
Quits (or exits) vi |
q! |
Quits vi even though the latest changes have not been saved for this vi call |
The dd
command copies a file, converting the format of the data in the process, according to the operands specified. Its syntax is as follows:
dd [OPERAND]...
or as follows:
dd OPTION
To send any signal to a process from the command line, use kill
.
To list all available signals, use the -l
option. Frequently used signals include HUP
, INT
, KILL
, STOP
, CONT
, and 0. Signals may be specified in three ways.
-9
, where the process ID is 9)SIG
prefix (for example, -SIGKILL
)SIG
prefix (for example, -KILL
)For information on the available operands and options, see www.computerhope.com/unix/dd.htm.
Identify basic Linux commands. These command include ls
, grep
, cd
, shutdown
, pwd
, passwd
, mv
, cp
, rm
, chmod,
cmkdir
, chown
, iwconfig
, ifconfig
, ps
, q
, su
, sudo
, apt-get
, vi
, dd
, and kill
.
You can find the answers in the Appendix.
Which of the following is an interface that offers a glass design that includes translucent windows?
Which of the following are mini programs, introduced with Windows Vista, that can be placed on the desktop (Windows 7) or on the Sidebar (Windows Vista)?
Into which tool has the Security Center been rolled in Windows 7?
What is the name of the user interface in Windows 8 and 8.1?
What is the minimum RAM required for 64-bit Windows 7?
Which version of Windows 7 can be upgraded to Windows 8?
Which Windows command is used to view a listing of the files and folders that exist within a directory, subdirectory, or folder?
net use
dir
cd
ipconfig
Which Windows command is used to move to another folder or directory?
net use
dir
cd
ipconfig
Which Windows tool shows a list of all installed hardware and lets you add items, remove items, update drivers, and more?
Which Windows tool tracks all events on a particular Windows computer?
Which of the following is either the number of bits used to indicate the color of a single pixel, in a bitmapped image or video frame buffer, or the number of bits used for each color component of a single pixel?
Which of the following is the number of times in a second that a display updates its buffer and is expressed in hertz?
Which of the following should you exceed for good performance?
Which type of installation is most likely to take place in a SOHO?
Which of the following offers a simplified way to set up a home network?
Which of the following can be used to connect to a shared printer?
net use
net user
robocopy
xcopy
Which of the following is a command-line interface in Linux?
shell
domain
cmd
DOS
Which of the following provides a quick way to see everything that’s currently open on your Mac?