# 1. Windows Fundamentals 1
In part 1 of the Windows Fundamentals module, we'll start our journey learning about the Windows desktop, the NTFS file system, UAC, the Control Panel, and more.

## Task 1: Introduction
The Windows operating system (OS) is a complex product with many system files, utilities, settings, features, etc. 
This module will attempt to provide a general overview of just a handful of what makes up the Windows OS, navigate the user interface, make changes to the system, etc. The content is aimed at those who wish to understand and use the Windows OS on a more comfortable level. 
The virtual machine should open within your web browser. 
If you want to access the virtual machine via Remote Desktop, use the credentials below. 
- Machine IP: 10.10.98.70
- User: administrator
- Password: letmein123!
- doc: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

## Task 2 Windows Editions

The Windows operating system has evolved significantly since its inception in 1985, becoming the leading OS for both personal and corporate use. This popularity has made it a frequent target for hackers and malware.
- **Windows XP**: A highly popular version with a long lifespan. Its end-of-life announcement caused widespread concern among users and businesses.
- **Windows Vista**: Introduced as a major overhaul but faced numerous issues and was not well-received, leading to its quick phase-out.
- **Windows 7**: Emerged as the preferred successor to XP, prompting a rush among vendors to ensure compatibility. It also had a defined end-of-support date.
- **Windows 8.x**: Had a short lifespan similar to Vista.
- **Windows 10**: The current version for desktops, available in Home and Pro editions. Microsoft has announced support until October 14, 2025.
- **Windows Server 2019**: The current server OS version, with the Standard edition noted in the attached VM.
- **Windows 11**: Released on October 5, 2021, as the latest version for end-users.

Microsoft has consistently worked to enhance usability and security with each new Windows release, despite facing criticism.

Windows operating systems come in various editions, each tailored to different user needs and environments. Below are some of the key editions:

- **Windows Home**: Designed for personal use, offering essential features for everyday tasks.
- **Windows Pro**: Includes all features of the Home edition, plus additional capabilities for business use, such as BitLocker, Remote Desktop, and domain join.
- **Windows Enterprise**: Built for large organizations, providing advanced security and management features.
- **Windows Education**: Similar to the Enterprise edition, but tailored for educational institutions.
- **Windows Server**: A version of Windows designed for server use, providing features for managing network resources and services.


**Questions**:
1. What encryption can you enable on Pro that you can't enable in Home?
   - **Answer**: BitLocker


## Task 3: The Desktop (GUI)

<img src="../images/03_Windows/img1.png" alt="Windows Desktop" style = "width: 600px; height: 320px;"/>

The above screenshot is an example of a typical Windows Desktop. Each component that makes up the GUI is explained briefly below.

1. The Desktop
2. Start Menu
3. Search Box (Cortana)
4. Task View
5. Taskbar
6. Toolbars
7. Notification Area


- The Desktop: 
   - Display settings
   - Personalization settings
- The Start Menu
   - The Start Menu is the gateway to all of your applications.
   - It is also where you can access your settings and system tools.

**Questions**:
1. Which selection will hide/disable the Search box?
   - **Answer**: Hidden
2. Which selection will hide/disable the Task View button?
   - **Answer**: Show Task View button
3. Besides Clock and Network, what other icon is visible in the Notification Area?
   - **Answer**: Action Center


## Task 4: The File System

The file system used in modern versions of Windows is the New Technology File System or simply NTFS.

Before NTFS, there was FAT16/FAT32 (File Allocation Table) and HPFS (High Performance File System). 

You still see FAT partitions in use today. For example, you typically see FAT partitions in USB devices, MicroSD cards, etc. but traditionally not on personal Windows computers/laptops or Windows servers.

NTFS is known as a journaling file system. In case of a failure, the file system can automatically repair the folders/files on disk using information stored in a log file. This function is not possible with FAT.   

NTFS addresses many of the limitations of the previous file systems; such as: 
- Supports files larger than 4GB
- Set specific permissions on folders and files
- Folder and file compression
- Encryption (Encryption File System or EFS)

On NTFS volumes, you can set permissions that grant or deny access to files and folders.

The permissions are:
   - Full control
   - Modify
   - Read & Execute
   - List folder contents
   - Read
   - Write

The below image lists the meaning of each permission on how it applies to a file and a folder. (credit Microsoft)

<img src="../images/03_Windows/img2.png" alt="Windows Permissions" style = "width: 600px; height: 320px;"/>

How can you view the permissions for a file or folder?
- Right-click the file or folder you want to check for permissions.
- From the context menu, select Properties.
- Within Properties, click on the Security tab.
- In the Group or user names list, select the user, computer, or group whose permissions you want to view.
- In the below image, you can see the permissions for the Users group for the Windows folder. 

<img src="../images/03_Windows/img3.png" alt="Windows Permissions" style = "width: 600px; height: 320px;"/>

Refer to the Microsoft documentation to get a better understanding of the NTFS permissions for Special Permissions.

Another feature of NTFS is Alternate Data Streams (ADS).
**Alternate Data Streams (ADS)** is a file attribute specific to Windows NTFS (New Technology File System).
- Every file has at least one data stream ($DATA), and ADS allows files to contain more than one stream of data. 
- Natively Window Explorer doesn't display ADS to the user. There are 3rd party executables that can be used to view this data, but Powershell gives you the ability to view ADS for files.
- From a security perspective, malware writers have used ADS to hide data.
- Not all its uses are malicious. For example, when you download a file from the Internet, there are identifiers written to ADS to identify that the file was downloaded from the Internet.

To learn more about ADS, refer to the following link from MalwareBytes here. 
Bonus: If you wish to interact hands-on with ADS, I suggest exploring Day 21 of Advent of Cyber 2.

link: 
# - [What's Changed in File Explorer](https://support.microsoft.com/en-us/windows/what-s-changed-in-file-explorer-ef370130-1cca-9dc5-e0df-2f7416fe1cb1)
# - [PowerShell Scripting Overview](https://docs.microsoft.com/en-us/powershell/scripting/overview?view=powershell-7.1)
# - [Introduction to Alternate Data Streams](https://blog.malwarebytes.com/101/2015/07/introduction-to-alternate-data-streams/)
# - [Advent of Cyber 2](https://tryhackme.com/room/adventofcyber2)


## Task 5: The Windows\System32 Folders

The Windows folder **(C:\Windows)** is traditionally known as the folder which contains the Windows operating system. 

The folder doesn't have to reside in the C drive necessarily. It can reside in any other drive and technically can reside in a different folder.

This is where environment variables, more specifically system environment variables, come into play. Even though not discussed yet, the system  environment variable for the Windows directory is **%windir%**.

*Per Microsoft, "Environment variables store information about the operating system environment. This information includes details such as the operating system path, the number of processors used by the operating system, and the location of temporary folders".*

There are many folders within the 'Windows' folder. See below.

<img src="../images/03_Windows/img4.png" alt="Windows Folders" style = "width: 600px; height: 320px;"/>

One of the many folders is **System32**. 

<img src="../images/03_Windows/img5.png" alt="Windows System32" style = "width: 600px; height: 320px;"/>

The System32 folder holds the important files that are critical for the operating system.

You should proceed with extreme caution when interacting with this folder. Accidentally deleting any files or folders within System32 can render the Windows OS inoperational. Read more about this action [here](https://support.microsoft.com/en-us/windows/delete-or-restore-system32-files-in-windows-10-445c2f69-f06c-449d-9c9d-8dc32d6c425f).  

Note: Many of the tools that will be covered in the Windows Fundamentals series reside within the System32 folder.

**Questions**:
1. What is the system variable for the Windows folder?
   - **Answer**: %windir%


## Task 6: User Accounts, Profiles, and Permissions

User accounts can be one of two types on a typical local Windows system: Administrator & Standard User. 
The user account type will determine what actions the user can perform on that specific Windows system. 
- An Administrator can make changes to the system: add users, delete users, modify groups, modify settings on the system, etc. 
- A Standard User can only make changes to folders/files attributed to the user & can't perform system-level changes, such as install programs.

You are currently logged in as an Administrator. There are several ways to determine which user accounts exist on the system. 

One way is to click the **Start Menu** and type **Other User**. A shortcut to **System Settings > Other users** should appear.

<img src="../images/03_Windows/img6.png" alt="Windows Other User" style = "width: 600px; height: 320px;"/>

When a user account is created, a profile is created for the user. The location for each user profile folder will fall under is **C:\Users**.
For example, the user profile folder for the user account Max will be **C:\Users\Max**.

The creation of the user's profile is done upon initial login. When a new user account logs in to a local system for the first time, they'll see several messages on the login screen. One of the messages, User Profile Service, sits on the login screen for a while, which is at work creating the user profile. See below.

Once logged in, the user will see a dialog box similar to the one below (again), indicating that the profile is in creation.

<img src="../images/03_Windows/img7.png" alt="Windows User Profile" style = "width: 600px; height: 320px;"/>

Each user profile will have the same folders; a few of them are:
- Desktop
- Documents
- Downloads
- Music
- Pictures

Another way to access this information, and then some, is using **Local User and Group Management**. 

Right-click on the Start Menu and click Run. Type **lusrmgr.msc**. You should see two folders: Users and Groups.

<img src="../images/03_Windows/img8.png" alt="Windows Local User and Group Management" style = "width: 600px; height: 320px;"/>

If you click on Groups, you see all the names of the local groups along with a brief description for each group. 
Each group has permissions set to it, and users are assigned/added to groups by the Administrator. When a user is assigned to a group, the user inherits the permissions of that group. A user can be assigned to multiple groups.

Note: If you click on Add someone else to this PC from Other users, it will open Local Users and Management. 

**Questions**:
1. What is the name of the other user account?
   - **Answer**: tryhackmebilly
2. What groups is this user a member of?
   - **Answer**: Remote Desktop Users,Users
3. What built-in account is for guest access to the computer?
   - **Answer**: Guest
4. What is the account description?
   - **Answer**: window$Fun1!

## Task 7: User Account Control

The large majority of home users are logged into their Windows systems as local administrators. Remember from the previous task that any user with administrator as the account type can make changes to the system.

A user doesn't need to run with high (elevated) privileges on the system to run tasks that don't require such privileges, such as surfing the Internet, working on a Word document, etc. This elevated privilege increases the risk of system compromise because it makes it easier for malware to infect the system. Consequently, since the user account can make changes to the system, the malware would run in the context of the logged-in user.

To protect the local user with such privileges, Microsoft introduced **User Account Control (UAC)**. This concept was first introduced with the short-lived Windows Vista and continued with versions of Windows that followed.

Note: UAC (by default) doesn't apply for the built-in local administrator account. 

How does UAC work? When a user with an account type of administrator logs into a system, the current session doesn't run with elevated permissions. When an operation requiring higher-level privileges needs to execute, the user will be prompted to confirm if they permit the operation to run. 
Let's look at the program on the account you're currently logged into, the built-in administrator account—Right-click to view its Properties.
In the Security tab, we can see the users/groups and their permissions to this file. Notice that the standard user is not listed.

<img src="../images/03_Windows/img9.png" alt="Windows User Account Control" style = "width: 300px; height: 600px;"/>


Log in as the standard user and try to install this program. To do this, you can remote desktop into the machine as the standard user account. 
Note: You have the username and password for the standard user. It's visible in lusrmgr.msc.
Before installing the program, notice the icon. Do you see the difference? When you're logged in as the standard user, the shield icon is on the program's default icon. 
This shield icon is an indicator that UAC will prompt to allow higher-level privileges to install the program.
Double-click the program, and you'll see the UAC prompt. Notice that the built-in administrator account is already set as the user name and prompts the account's password. See below.

<img src="../images/03_Windows/img11.png" alt="Windows User Account Control" style = "width: 300px; height: 600px;"/>
<img src="../images/03_Windows/img10.png" alt="Windows User Account Control" style = "width: 100px; height: 100px;"/>


After some time, if a password is not entered, the UAC prompt disappears, and the program does not install. 

This feature reduces the likelihood of malware successfully compromising your system. You can read more about UAC [here](https://docs.microsoft.com/en-us/windows/security/identity-protection/user-account-control/how-user-account-control-works).


## Task 8: Settings and the Control Panel

**Questions**:
1. In the Control Panel, change the view to Small icons. What is the last setting in the Control Panel view?
   - **Answer**: Windows Defender Firewall

## Task 9: Task Manager

The Task Manager provides information about the applications and processes currently running on the system. Other information is also available, such as how much CPU and RAM are being utilized, which falls under Performance.

You can refer to this blog post for more detailed information about the Task Manager.
# - [Task Manager](https://www.howtogeek.com/405806/windows-task-manager-the-complete-guide/)

**Questions**:
1. What is the keyboard shortcut to open the Task Manager?
   - **Answer**: Ctrl + Shift + Esc

