# GOOGLE IT SUPPORT PROFESSIONAL CERTIFICATE from [Google](https://www.coursera.org/google-certificates/it-support-certificate)

# <b>C3 [Operating Systems and You: Becoming a Power User](https://www.coursera.org/learn/os-power-user)</b>

[Bash kernel](https://github.com/takluyver/bash_kernel/tree/master) for Jupyter:

In [10]:
# !pip install --upgrade pip
# !pip install bash_kernel
# !python3 -m bash_kernel.install

[Powershell kernel](https://github.com/vors/jupyter-powershell) for Jupyter:

In [1]:
# !pip3 install powershell_kernel
# !python3 -m powershell_kernel.install
# !python3 -m powershell_kernel.install --powershell-command pwsh

Using powershell_command='pwsh'
Installing IPython kernel spec


# <b>3.1 Basic commands</b>

<center>
    <h2><b>Table 3.1 Basic Commands</b></h2>

|Purpose|PowerShell|Bash|
|-|-|-|
|<b>Escape character</b>|backtick \`|backslash \\|
|<b>Clear the screen</b>|||
||clear|clear|
||ctrl + L|ctrl + L|
||cls||
|<b>Help</b>|||
||Get-Help \<command>|\<command> --help|
||Get-Help \<command> -Full|man \<command>|
|<b>List Directories</b>|||
||ls|ls|
|list all|ls -Force|ls -a|
|list more details||ls -l|
|<b>Changing Directories</b>|||
|print working directory|pwd|pwd|
|change directory|cd \<path>|cd\<path>|
|move a dir above|cd ..|cd ..|
|move to a home dir|cd ~|cd ~|
|<b>Make Directories</b>|||
||mkdir new_folder|mkdir new_folder|
|a name of a dir with spaces|mkdir 'new dir'|mkdir 'new dir'|
||mkdir new\` dir\`|mkdir new\\ folder\\|
|<b>Command History</b>|||
||history|history|
||arrows up and down|arrows up and down|
||ctrl + R|ctrl + R|
||#||
|<b>Wildcards</b>|||
|any number of characters|*|*|
|<b>Copying Files & Directories<b/>|||
||cp \<src> \<dst>|cp \<src> \<dst>|
|copy multiple files at once|use * in \<source>|the same|
|copy a dir with the contents|cp \<src> \<dst> -Recurse|cp -r \<src> \<dst>|
|output info on the screen|-Verbose||
|<b>Moving and Renaming Files, Directories</b>|||
|move|mv \<src> \<dst>|mv \<src> \<dst>|
|rename|mv src_path == dst_path|mv src_path == dst_path|
|<b>Removing Files & Directories</b>|||
|remove a file|rm \<src> \<dst>|rm \<src> \<dst>|
|remove a file forcibly|rm \<src> \<dst> -Force| rm -f \<src> \<dst>|
|remove a dir|rm \<src> \<dst> -Recurse|rm -r \<src> \<dst>|

## Supplemental Reading for Windows CLI & Unix Bash

For more detailed information on the modern Windows CLI, PowerShell, see the 
[official PowerShell documentation](https://docs.microsoft.com/powershell/) and the [PowerShell 101 guide](https://docs.microsoft.com/powershell/scripting/learn/ps101/00-introduction). For more on the older Windows "Command Prompt" CLI (cmd.exe) please see the link [here](https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/windows-commands).

If you want to check out more information on Bash, then click the link [here](https://www.gnu.org/software/bash/manual/bash.html).

## List Directories

### Windows

CLI - Command Line Interface

- Command Prompt: cmd.exe
- **PowerShell**: powershell.exe

Home directory is called **parent directory** (drive C) and it has **child directories**.

```powershell
ls C:\

# show all files including hidden ones
ls -Force C:\

# get help on the command
Get-Help ls

# get help in more detail
Get-Help ls -Full
```

### Linux

Home directory is called **root directory**:

```
/home/commi/Downloads
```

```bash
# list the files from root directory
ls /

# list more info
ls -l /

# list all files, including hidden ones
ls -a /

# you can combine flags
ls -la /

# help information
ls --help

# manual
man ls
```

## Changing Directories

**Absolute path** - one that starts from the main directory.

**Relative path** - the path from your current directory.

**Tab completion** - using `tab` button to complete the unput.

## Supplemental Reading for 'Size' vs 'Size of Disk' in Windows

**Windows Confidential: Just What Is ‘Size on Disk’?**

[Article](https://learn.microsoft.com/en-us/previous-versions/technet-magazine/hh148159(v=msdn.10)) 08/31/2016 Raymond Chen

_When you get the stats for the size of a folder, where, exactly, do those measurements come from?_

When you right-click to view the properties of a folder, the property sheet includes two values: Size and Size on disk. What exactly do these values mean? What are they measuring?

The property sheet performs a naïve recursive directory search for all files. It doesn’t try to filter out file names referring to the same underlying file by means of a hard link. If you don’t have access to a subdirectory, the recursive directory search will skip that subdirectory, and those files won’t be counted in the total folder size.

As it turns out, the recursive directory search has some smarts. Part of it is being smart on purpose: It detects reparse points and doesn’t recurse into them. Another part is being smart by accident: Symbolic links to files count as zero size. This isn’t because the directory search code is clever about the files. It’s because the directory entry for symbolic links reports them as having zero size. Now you know what files are counted, but where do those numbers come from?

**Size Matters**

The Size measurement is easy: It’s a running tally of the file sizes as reported by the FindFirstFile function in the WIN32_FIND_DATA.nFileSizeLow and nFileSizeHigh. Mind you, those values aren’t necessarily accurate either because of the way the NTFS file system updates directory entries. That’s a topic for another day, but the short version is that files still being written to may not report an accurate file size until the file handle is closed. Even then, it will only update the directory entry used to open the file.

The Size on disk measurement is more complicated. If the drive supports compression (as reported by the FILE_FILE_COMPRESSION flag returned by the GetVolumeInformation function) and the file is compressed or sparse (FILE_ATTRIBUTE_COMPRESSED, FILE_ATTRIBUTE_SPARSE_FILE), then the Size on disk for a file is the value reported by the GetCompressedFileSize function. This reports the compressed size of the file (if compressed) or the size of the file minus the parts that were de-committed and logically treated as zero (if sparse). If the file is neither compressed nor sparse, then the Size on disk is the file size reported by the FindFirstFile function rounded up to the nearest cluster.

The Windows 95 team originally developed the Size on disk algorithm. Their view of the file system world was biased by their MS-DOS background. There the only disk file system was FAT. There was no such thing as a hard link or alternate data stream. File contents were stored in units of clusters.

Those assumptions don't hold true for NTFS—not even the “file contents are stored in units of clusters” part. In NTFS, a file can actually consume zero clusters for its data by stashing itself into slack space in the master file table (MFT). (For more details on this, see “[The Four Stages of NTFS File Growth](https://blogs.technet.com/b/askcore/archive/2009/10/16/the-four-stages-of-ntfs-file-growth.aspx)”).

Naturally, the Size on disk algorithm doesn’t take into account other file system overhead, like the disk space occupied by the file name itself, directory entry information, file metadata and alternate data streams.

The values reported by Size and Size on disk aren’t meant to be a byte-for-byte accounting of the total impact of a directory on your disk free space. They’re just a rough estimate based on the assumption that most files are of the boring variety. By that, I mean no hard links and negligible use of alternate data streams. If you have a directory with numerous hard links—such as the Windows directory itself, for example—the values will be way off.

You can use Size on disk as a sniff-test to get a rough idea of the size of a directory, but remember that it’s a naïve calculation. If you need to keep careful tabs on disk consumption, you’d be better off using a feature like Disk Quotas, whose purpose is to more intelligently track disk consumption.

# <b>3.2 File and Text Manipulation</b>

<center>
    <h2><b>Table 3.2 File and Text Manipulation</b></h2>

|Purpose|PowerShell|Bash|
|-|-|-|
|**Display File Contents**|||
|show the doc one at a time|cat \<filename>|cat \<filename>|
|show the first 10 lines of the doc|cat \<filename> -Head 10|head \<filename>|
|show the last 10 lines of the doc|cat \<filename> -Tail 10|tail \<filename>|
|show page by page|more \<filename> + space|more \<filename> + space/arrows|
|show line by line|more \<filename> + Enter|more \<filename> + Enter|
|||less \<filename> + arrow keys|
|go to the beginning of the file||less \<filename> + g key|
|go to the end of the file||less \<filename> + G key|
|search for a word||less \<filename> + /word_search|
|quit|q|q|
|**Find in Files**|||
|searching within files|`sls` (string ls) or `Select-String`|`grep`|
|searching within directories|`ls 'path' -Recurse -Filter *.file_ext`|`grep -wr '*.file_ext' path`|
|searching in a file|`cat fname \| sls word`|`cat fname \| grep word`|
|**Input, Output, and the Pipeline**|||
|**stdin**|||
|||`cat < fname`|
|**stdout**|||
|write to a new file|`echo > fname`|`echo > fname`|
|append to the file|`echo >> fname`|`echo >> fname`|
|combine ops|`cat fname \| sls word > fname2`|`ls -la /etc \| grep bluetooth > test.txt`|
|**stderr**|||
|save error msg to a file|`rm secure_file 2> fname`|`rm secure_file 2> fname`|
|ignore error message|`rm secure_file 2> $null`|`rm secure_file 2> /dev/null`|

`1`: stdout - the output  
`2`: stderr - the error  
`$null`: nowhere in PS  
`/dev/null`: nowhere in Bash
    
See: `Get-Help about_redirection` in PowerShell

## Text editors

- Windows:
    - [notepad++](https://notepad-plus-plus.org/)
- Linux:
    - [nano](https://www.nano-editor.org/)
    - [vim](https://www.vim.org/)
    - [emacs](https://www.gnu.org/software/emacs/tour/)

# <b>3.3 Users, Administrators, and Groups</b>

|Purpose|PowerShell|Bash|
|-|-|-|
|show all users|`Get-LocalUser`|`cat /etc/passwd`|
|show current users||`w` and `who`|
|show number of current users and load||`uptime`|
|show user's attributes||`id <username>`|
|show groups|`Get-LocalGroup`|`cat /etc/group`|
|check users with administrative rights|`Get-LocalGroupMember Administrators`|`sudo cat /etc/sudoers`|
|work as a root user||`su -` substitute user (`exit`)|
|give a user sudo rights||`sudo usermod -aG sudo <username>`|
|**Passwords**|||
|change user password|`net user <name> 'password'`|`passwd <username>` (stored in `/etc/shadow`)|
||`net user <name> *` will hide password from screen||
|change pwd on the next logon|`net user <name> * /logonpasswordchg:yes`|`sudo passwd -e <uname>` (expire flag)|
|**Adding\removing users**|||
|add a new user|`net user <uname> * /add /logonpasswordchg:yes`|`sudo useradd <name>`|
|delete a user's account|`net user <name> /del`|`sudo userdel <name>`|
||`Remove-LocalUser <name>`||

## Windows GUI

- Computer Management: Control Panel -> Administrative Tools -> Local Users and Groups

- Add a new user: Users + right click `New user`

## Linux

In [1]:
cat /etc/passwd | grep root

root:x:0:0:root:/root:/bin/bash


User `root` with password `x` (stored in another file) with index `0:0`.

In [3]:
cat /etc/group | grep sudo

sudo:x:27:


- `x` is the group password which is the root's password by default,
- `27` is group id.

## Supplemental Reading: [Selecting Secure Passwords](https://learn.microsoft.com/en-us/previous-versions/tn-archive/cc875839(v=technet.10)?redirectedfrom=MSDN)

### Introduction

Although many alternatives for user authentication are available today, most users log on to their computer and remote computers using a combination of their user name and a password typed at their keyboard. There are products that use more secure technologies such as biometrics, smart cards, and one-time passwords available for all popular operating systems; but the reality is that many organizations still rely on passwords and they will continue to do so for years to come. Users often have many different computer accounts at work, for their cell phone, at their bank, with insurance companies, and so on. To make it easier to remember their passwords, users often use the same or similar passwords on each system; and given a choice, most users will select a very simple and easy-to-remember password such as their birthday, their mother's maiden name, or the name of a relative. Short and simple passwords are relatively easy for attackers to determine. Some common methods that attackers use for discovering a victim's password include:

- Guessing-The attacker attempts to log on using the user's account by repeatedly guessing likely words and phrases such as their children's names, their city of birth, and local sports teams.

- Online Dictionary Attack-The attacker uses an automated program that includes a text file of words. The program repeatedly attempts to log on to the target system using a different word from the text file on each try.

- Offline Dictionary Attack-Similar to the online dictionary attack, the attacker gets a copy of the file where the hashed or encrypted copy of user accounts and passwords are stored and uses an automated program to determine what the password is for each account. This type of attack can be completed very quickly once the attacker has managed to get a copy of the password file.

- Offline Brute Force Attack-This is a variation of the dictionary attacks, but it is designed to determine passwords that may not be included in the text file used in those attacks. Although a brute force attack can be attempted online, due to network bandwidth and latency they are usually undertaken offline using a copy of the target system's password file. In a brute force attack the attacker uses an automated program that generates hashes or encrypted values for all possible passwords and compares them to the values in the password file.

Each of these attack methods can be slowed down significantly or even defeated through the use of strong passwords. Therefore, whenever possible, computer users should use strong passwords for all of their computer accounts. Computers running versions of Windows based on Microsoft Windows NT, including Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, support strong passwords. In Windows, a strong password is a password that includes characters from at least three of the five groups in the following Character Classes table.

<center>
<b>Character Classes</b>

<div class="has-inner-focus"><table aria-label="Table 1" class="table table-sm">
<colgroup>
<col>
<col>
</colgroup>
<thead>
<tr class="header">
<th><p>Group</p></th>
<th><p>Example</p></th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td><p>Lowercase letters</p></td>
<td><p>a, b, c, ...</p></td>
</tr>
<tr class="even">
<td><p>Uppercase letters</p></td>
<td><p>A, B, C, ...</p></td>
</tr>
<tr class="odd">
<td><p>Numerals</p></td>
<td><p>0, 1, 2, 3, 4, 5, 6, 7, 8, 9</p></td>
</tr>
<tr class="even">
<td><p>Non-alphanumeric (symbols)</p></td>
<td><p>( ) ` ~ ! @ # $ % ^ &amp; * - + = | \ { } [ ] : ; " ' &lt; &gt; , . ? /</p></td>
</tr>
<tr class="odd">
<td><p>Unicode characters</p></td>
<td><p>€, Γ, ƒ, and λ</p></td>
</tr>
</tbody>
</table></div>

**Note**: Space characters do not fall under any of these five groups and do not count towards the password complexity requirements.

The passwords of particularly sensitive accounts such as those used by administrators or senior executives or for running critical network services should be composed from four or even all five of these groups. On the other hand, passwords that must be used by human beings must be easily remembered; the loss of an executive or critical administrator account password could be devastating. This document describes how passwords are stored in the Windows family of operating systems and gives guidance to Administrators on how to maximize the security of their passwords.

These contradictory requirements can be overcome by thinking about pass phrases rather than passwords. Every version of Windows that supports strong passwords supports the use of spaces and punctuation symbols in account passwords. For example, "I re@lly want to buy 11 Dogs!" is a valid pass phrase. With more than twenty characters it is a very long pass phrase, and it includes characters from 4 of the 5 possible groups. It is also easy to remember! Most password cracking tools assume the password will never exceed 14 characters, which is the limit that DOS network boot disks, Microsoft Remote Installation Services (RIS) Pre eXecutable Environment (PXE) boot disks, and older LAN Manager clients (Win9x) must utilize. Even without complexity, a very long password (>14 characters, up to 128 characters) can be the best possible protection against having an especially sensitive password broken.

Note: Do not use the example passwords within this document. Although the password discussed above, "I re@lly want to buy 11 Dogs!", is very long and complex, attackers may add it and other sample passwords in this document to their attack tools.

If administrators have legacy systems, RIS, or similar requirements to adhere to, or if they simply dislike dealing with an especially lengthy password, using a shorter password with complex characters offers good protection. However, keep in mind the longer the password the more difficult it is to break. And 

> adding both complexity and length makes it the most difficult of all to break. 

Establishing password policies for your organization will help to protect your users from attackers who try to impersonate them, thereby protecting your organization from the loss, exposure, or corruption of sensitive information.

This document explains how passwords are stored in the Windows family of operating systems, gives guidance to administrators on how to maximize the security of their passwords, and explains to users how to create new passwords that meet the complexity requirements and are still easy to remember.

The document includes information and guidance on the following topics:

- Additional details about password cracking.

- How Windows stores passwords including information about LAN Manager (LM) hashes and NTLM hashes.

- Description of Unicode characters and using Unicode characters by entering ALT key combinations.

- Requirements for legacy systems such as Windows 98.

- Establishing a password policy for your organization.

- Communicating password complexity to end users, which includes text that is ready for you to customize and forward to the people who work in your organization.

- Resources for additional information including links to Web sites with related information that may help you to establish strong password policies in your organization.

### Before You Begin

Before proceeding with the discussion of password policy creation it is important that you have a solid understanding of how password hashes are created and stored by the Windows operating system family. It will also be helpful for you to fully understand other concepts related to password complexity such as entropy, Unicode characters, and ALT characters.

### Password Storage in Windows

By default, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 never store user passwords in plaintext. Instead, passwords are stored using two different password representations, commonly called "**hashes**." The first, the **LAN Manager (LM) hash**, is much less secure than the second, the **NTLM hash**. The reason for storing both representations is for backward compatibility with older applications and operating systems such as Windows 98.

#### The LAN Manager (LM) Hash

The LM hash is technically speaking not a hash at all. It is computed as follows:

- Convert all lowercase characters in the password to uppercase

- Pad the password with NULL characters until it is exactly 14 characters long

- Split the password into two 7 character chunks

- Use each chunk separately as a DES key to encrypt a specific string

- Concatenate the two cipher texts into a 128-bit string and store the result

As a result of the algorithm used to generate the LM hash, the hash is very easy to break. First, even a password longer than 8 characters can be attacked in two discrete chunks. Second, the entire lowercase character set can be ignored. This means that most password cracking tools will start by cracking the LM hashes and then simply vary the alpha characters in the cracked password to generate the case-sensitive passwords. Note that in order to log on to a computer running Windows 2000, whether remotely or locally, you will need to use the case-preserved password.

#### The NTLM Hash

The NTLM hash is also known as the **Unicode hash** because it supports the full Unicode character set. The NTLM hash is calculated by taking the plain text password and generating a **Message Digest 4 (MD4) hash** of it. The MD4 hash is what is actually stored in either the **Active Directory database** or the local **Security Accounts Manager (SAM) database**. The NTLM hash is much more resistant to brute force attacks than the LM hash. Brute forcing an NTLM hash takes several orders of magnitude longer than brute forcing the NTLM hash of the same password.

### Entropy

Entropy is a measure of disorder in a system. The level of entropy in a password is determined by how random it is in terms of the range and order of characters in it. When selecting a password that is resistant to cracking, it is important that you carefully pick your entropy and where it appears in the password. Most brute force password cracking tools start out by search for alphanumeric characters and symbols present on most keyboards such as ` ~ ! @ # $ % ^ & * ( ) _ - + = (sometimes called the "upper row symbols" because they appear on the top row of most U.S. keyboards). With that knowledge you can make a password more resistant to cracking by using different symbols such as these: [ ] { } < >. You increase their resistance to cracking even further by using ALT key combinations. 

> Note that due to the way LM hashes are created, putting a symbol as the only entropy in the eighth position of an eight character password only has a small impact on password complexity. For maximum entropy and complexity, non-alphanumeric characters need to be present throughout the password.

### Using Unicode Characters in ALT Key Combinations

Most users should have no problem finding pass phrases that they can easily remember, but for particularly sensitive accounts such as those with domain administrator privileges it is highly recommended that Unicode characters are included in the passwords using ALT key combinations. These are characters that do not appear on standard U.S. keyboards. You enter them by holding down the `ALT` key (or the `FN` and the `ALT` key on most laptop computers) and typing a three- or four-digit number on the numeric keypad (the numeric overlay keypad on a laptop computer).

The use of these types of characters greatly strengthens passwords in two ways: 

- First, password cracking tools are often unable to test the vast majority of these types of characters. 
- Second, the use of these characters greatly increases the range of characters that may appear in your password, which strengthens the potential complexity of the password by many orders of magnitude. 

When using ALT key combinations it is very important that you remember the leading zero, if present, because leaving the zero off results in a different character. For example, `ALT+128` is `Ç`, while `ALT+0128` is `€`. The rest of this section focuses on four digit codes, which access the entire Unicode character set, and ignore the three digit codes, which only access the extended ASCII character set.

The following table lists the numerical values that can be used as ALT key combinations. Recommended values are between 0128 and 1024. Each cell in the table below shows either a single value or a range of values. For example, the first cell shows "0128-0159." This means that you could use any value between 0128 and 0159, such as ALT+0135, which corresponds to the Unicode character "‡".

<center>
<b>Recommended ALT Code to Use for ALT Key Combinations</b>

<div class="has-inner-focus"><table aria-label="Table 2" class="table table-sm">
<colgroup>
<col>
<col>
<col>
<col>
</colgroup>
<tbody>
<tr class="odd">
<td><p>0128-0159</p></td>
<td><p>0306-0307</p></td>
<td><p>0312</p></td>
<td><p>0319-0320</p></td>
</tr>
<tr class="even">
<td><p>0329-0331</p></td>
<td><p>0383</p></td>
<td><p>0385-0406</p></td>
<td><p>0408-0409</p></td>
</tr>
<tr class="odd">
<td><p>0411-0414</p></td>
<td><p>0418-0424</p></td>
<td><p>0426</p></td>
<td><p>0428-0429</p></td>
</tr>
<tr class="even">
<td><p>0433-0437</p></td>
<td><p>0439-0447</p></td>
<td><p>0449-0450</p></td>
<td><p>0452-0460</p></td>
</tr>
<tr class="odd">
<td><p>0477</p></td>
<td><p>0480-0483</p></td>
<td><p>0494-0495</p></td>
<td><p>0497-0608</p></td>
</tr>
<tr class="even">
<td><p>0610-0631</p></td>
<td><p>0633-0696</p></td>
<td><p>0699</p></td>
<td><p>0701-0707</p></td>
</tr>
<tr class="odd">
<td><p>0709</p></td>
<td><p>0711</p></td>
<td><p>0716</p></td>
<td><p>0718-0729</p></td>
</tr>
<tr class="even">
<td><p>0731</p></td>
<td><p>0733-0767</p></td>
<td><p>0773-0775</p></td>
<td><p>0777</p></td>
</tr>
<tr class="odd">
<td><p>0779-0781</p></td>
<td><p>0783-0806</p></td>
<td><p>0808-0816</p></td>
<td><p>0819-0893</p></td>
</tr>
<tr class="even">
<td><p>0895-0912</p></td>
<td><p>0914</p></td>
<td><p>0918-0919</p></td>
<td><p>0921-0927</p></td>
</tr>
<tr class="odd">
<td><p>0929-0930</p></td>
<td><p>0933</p></td>
<td><p>0935-0936</p></td>
<td><p>0938-0944</p></td>
</tr>
<tr class="even">
<td><p>0947</p></td>
<td><p>0950-0955</p></td>
<td><p>0957-0959</p></td>
<td><p>0961-0962</p></td>
</tr>
<tr class="odd">
<td><p>0965</p></td>
<td><p>0967-1024</p></td>
<td><p>&nbsp;</p></td>
<td><p>&nbsp;</p></td>
</tr>
</tbody>
</table></div> 

Not all Unicode characters increase password complexity because they are automatically converted to ASCII characters, resulting in a weakened password instead. The following table shows character codes that should not be used in a password and the ASCII character to which they are converted.

<center>
<b>ALT Code Not to Use for ALT Key Combinations</b>

<div class="has-inner-focus"><table aria-label="Table 3" class="table table-sm">
<colgroup>
<col>
<col>
<col>
</colgroup>
<thead>
<tr class="header">
<th><p>ALT Code</p></th>
<th><p>Unicode Character</p></th>
<th><p>Resulting Character</p></th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td><p>0175</p></td>
<td><p>¯</p></td>
<td><p>_</p></td>
</tr>
<tr class="even">
<td><p>0190</p></td>
<td><p>¾</p></td>
<td><p>_</p></td>
</tr>
<tr class="odd">
<td><p>0222</p></td>
<td><p>Þ</p></td>
<td><p>_</p></td>
</tr>
<tr class="even">
<td><p>0254</p></td>
<td><p>þ</p></td>
<td><p>_</p></td>
</tr>
<tr class="odd">
<td><p>0101</p></td>
<td><p>e</p></td>
<td><p>E</p></td>
</tr>
<tr class="even">
<td><p>0200</p></td>
<td><p>È</p></td>
<td><p>E</p></td>
</tr>
<tr class="odd">
<td><p>0202</p></td>
<td><p>Ê</p></td>
<td><p>E</p></td>
</tr>
<tr class="even">
<td><p>0203</p></td>
<td><p>Ë</p></td>
<td><p>E</p></td>
</tr>
<tr class="odd">
<td><p>0232</p></td>
<td><p>è</p></td>
<td><p>E</p></td>
</tr>
<tr class="even">
<td><p>0234</p></td>
<td><p>ê</p></td>
<td><p>E</p></td>
</tr>
<tr class="odd">
<td><p>0235</p></td>
<td><p>ë</p></td>
<td><p>E</p></td>
</tr>
<tr class="even">
<td><p>0100</p></td>
<td><p>d</p></td>
<td><p>D</p></td>
</tr>
<tr class="odd">
<td><p>0208</p></td>
<td><p>Ð</p></td>
<td><p>D</p></td>
</tr>
<tr class="even">
<td><p>0240</p></td>
<td><p>ð</p></td>
<td><p>D</p></td>
</tr>
<tr class="odd">
<td><p>0117</p></td>
<td><p>u</p></td>
<td><p>U</p></td>
</tr>
<tr class="even">
<td><p>0217</p></td>
<td><p>Ù</p></td>
<td><p>U</p></td>
</tr>
<tr class="odd">
<td><p>0218</p></td>
<td><p>Ú</p></td>
<td><p>U</p></td>
</tr>
<tr class="even">
<td><p>0219</p></td>
<td><p>Û</p></td>
<td><p>U</p></td>
</tr>
<tr class="odd">
<td><p>0249</p></td>
<td><p>ù</p></td>
<td><p>U</p></td>
</tr>
<tr class="even">
<td><p>0250</p></td>
<td><p>ú</p></td>
<td><p>U</p></td>
</tr>
<tr class="odd">
<td><p>0251</p></td>
<td><p>û</p></td>
<td><p>U</p></td>
</tr>
<tr class="even">
<td><p>0192</p></td>
<td><p>À</p></td>
<td><p>A</p></td>
</tr>
<tr class="odd">
<td><p>0193</p></td>
<td><p>Á</p></td>
<td><p>A</p></td>
</tr>
<tr class="even">
<td><p>0194</p></td>
<td><p>Â</p></td>
<td><p>A</p></td>
</tr>
<tr class="odd">
<td><p>0195</p></td>
<td><p>Ã</p></td>
<td><p>A</p></td>
</tr>
<tr class="even">
<td><p>0224</p></td>
<td><p>à</p></td>
<td><p>A</p></td>
</tr>
<tr class="odd">
<td><p>0225</p></td>
<td><p>á</p></td>
<td><p>A</p></td>
</tr>
<tr class="even">
<td><p>0226</p></td>
<td><p>â</p></td>
<td><p>A</p></td>
</tr>
<tr class="odd">
<td><p>0227</p></td>
<td><p>ã</p></td>
<td><p>A</p></td>
</tr>
<tr class="even">
<td><p>0065</p></td>
<td><p>A</p></td>
<td><p>A</p></td>
</tr>
<tr class="odd">
<td><p>0114</p></td>
<td><p>r</p></td>
<td><p>R</p></td>
</tr>
<tr class="even">
<td><p>0174</p></td>
<td><p>®</p></td>
<td><p>R</p></td>
</tr>
<tr class="odd">
<td><p>0121</p></td>
<td><p>y</p></td>
<td><p>Y</p></td>
</tr>
<tr class="even">
<td><p>0221</p></td>
<td><p>Ý</p></td>
<td><p>Y</p></td>
</tr>
<tr class="odd">
<td><p>0253</p></td>
<td><p>ý</p></td>
<td><p>Y</p></td>
</tr>
<tr class="even">
<td><p>0255</p></td>
<td><p>ÿ</p></td>
<td><p>Y</p></td>
</tr>
<tr class="odd">
<td><p>0120</p></td>
<td><p>x</p></td>
<td><p>X</p></td>
</tr>
<tr class="even">
<td><p>0215</p></td>
<td><p>×</p></td>
<td><p>X</p></td>
</tr>
<tr class="odd">
<td><p>0111</p></td>
<td><p>o</p></td>
<td><p>O</p></td>
</tr>
<tr class="even">
<td><p>0210</p></td>
<td><p>Ò</p></td>
<td><p>O</p></td>
</tr>
<tr class="odd">
<td><p>0211</p></td>
<td><p>Ó</p></td>
<td><p>O</p></td>
</tr>
<tr class="even">
<td><p>0212</p></td>
<td><p>Ô</p></td>
<td><p>O</p></td>
</tr>
<tr class="odd">
<td><p>0213</p></td>
<td><p>Õ</p></td>
<td><p>O</p></td>
</tr>
<tr class="even">
<td><p>0216</p></td>
<td><p>Ø</p></td>
<td><p>O</p></td>
</tr>
<tr class="odd">
<td><p>0242</p></td>
<td><p>ò</p></td>
<td><p>O</p></td>
</tr>
<tr class="even">
<td><p>0243</p></td>
<td><p>ó</p></td>
<td><p>O</p></td>
</tr>
<tr class="odd">
<td><p>0244</p></td>
<td><p>ô</p></td>
<td><p>O</p></td>
</tr>
<tr class="even">
<td><p>0245</p></td>
<td><p>õ</p></td>
<td><p>O</p></td>
</tr>
<tr class="odd">
<td><p>0248</p></td>
<td><p>ø</p></td>
<td><p>O</p></td>
</tr>
<tr class="even">
<td><p>0105</p></td>
<td><p>i</p></td>
<td><p>I</p></td>
</tr>
<tr class="odd">
<td><p>0204</p></td>
<td><p>Ì</p></td>
<td><p>I</p></td>
</tr>
<tr class="even">
<td><p>0205</p></td>
<td><p>Í</p></td>
<td><p>I</p></td>
</tr>
<tr class="odd">
<td><p>0206</p></td>
<td><p>Î</p></td>
<td><p>I</p></td>
</tr>
<tr class="even">
<td><p>0207</p></td>
<td><p>Ï</p></td>
<td><p>I</p></td>
</tr>
<tr class="odd">
<td><p>0236</p></td>
<td><p>ì</p></td>
<td><p>I</p></td>
</tr>
<tr class="even">
<td><p>0237</p></td>
<td><p>í</p></td>
<td><p>I</p></td>
</tr>
<tr class="odd">
<td><p>0238</p></td>
<td><p>î</p></td>
<td><p>I</p></td>
</tr>
<tr class="even">
<td><p>0239</p></td>
<td><p>ï</p></td>
<td><p>I</p></td>
</tr>
<tr class="odd">
<td><p>0169</p></td>
<td><p>©</p></td>
<td><p>C</p></td>
</tr>
<tr class="even">
<td><p>0099</p></td>
<td><p>c</p></td>
<td><p>C</p></td>
</tr>
</tbody>
</table></div>

### Password Age and Reuse

Users should also change their passwords frequently. Even though long and strong passwords are much more difficult to break than short and simple ones, they can still be cracked. An attacker who has enough time and computing power at his disposal can eventually break any password. In general, passwords should be changed within 42 days, and old passwords should never be reused.

### Developing a Password Policy for Your Organization

This section provides the following step-by-step instructions for enhancing security by creating and communicating a password policy for your organization.

- Identifying what computer operating systems are present on your organization's network

- Understanding what the limitations are for those operating systems

- Defining what the technical requirements for passwords will be on your organization's network.

- Determining how much formality is appropriate regarding the documentation and communication of the password policy for your organization

- Documenting the password policy in writing

- Communicating the password policy to the users before implementing it on your systems

- Implementing the password policy on your organization's computer systems

- Reminding users on an ongoing basis about importance of observing the password policy and other corporate security policies.

#### Identifying Existing Operating Systems

In order to specify password policies that will not cause problems for any users logging on to computers in your organization you need to know what operating systems they are using. It is possible that you already know exactly what operating systems are in use on your network. If you don't then you need to find out. You do not need to know how many of each, you do not need to create a precise inventory of all the systems on your network at this time. To be able to design a suitable password policy you only need to know if there are any legacy systems present. Computers running Windows 95, Windows 98, or Windows Millennium Edition are the legacy operating systems that you are most likely to encounter on your network.

To identify what computer operating systems are in use on your organization's network you can ask your users to check which version they are running for you, or you can walk up to each computer and check yourself. Regardless of who does the checking, this is the process:

- Click `Start`, and then click `Run`.

- In Open, type `winver.exe`, and then click `OK`. The version number is displayed in the `About` Windows dialog box.

#### Understanding the Limitations of Some Operating Systems

As explained earlier, computers running Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 all support long and strong passwords. Computers running Windows 95, Windows 98, and Windows Millennium Edition do not. If any of the computers on your network are running any of these versions of Windows, then your password policy will have to accommodate these computers.

For organization that include computers running Windows 95, Windows 98, or Windows Millennium Edition, then the user passwords cannot be longer than 14 characters and cannot include characters generated through ALT key combinations.

If all computers in your organization are running Windows NT 4.0, Windows 2000, Windows XP, or Windows Server 2003, then user passwords can be up to 128 characters long and those passwords can include characters generated through ALT key combinations.

#### Defining Technical Requirements for Passwords

For computers running Windows 2000, Windows XP, and Windows Server 2003, you can enforce up to five settings related to password characteristics.

In this step, we provide you with the setting definitions and our recommendation for these settings. You will decide what values your organization will enforce.

<center>
    <b>Technical Requirements for Passwords</b>

<div class="has-inner-focus"><table aria-label="Table 4" class="table table-sm">
<colgroup>
<col>
<col>
<col>
</colgroup>
<thead>
<tr class="header">
<th><p>Setting</p></th>
<th><p>Description</p></th>
<th><p>Recommendation</p></th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td><p><strong>Enforce password history</strong></p></td>
<td><p>Determines the number of unique new passwords a user must use before an old password can be reused. It can be set between 0 and 24; if set to 0, then enforce password history is disabled.</p></td>
<td><p>For most organizations, set to 24 passwords remembered.</p></td>
</tr>
<tr class="even">
<td><p><strong>Maximum password age</strong></p></td>
<td><p>Determines how many days a password can be used before the user is required to change it. It can be set between 0 and 999; if set to 0, then passwords never expire. Setting this too low may cause a great deal of frustration for your users, setting it too high or disabling it will give potential attackers more time to try to break users' passwords.</p></td>
<td><p>For most organizations, set to 42 days.</p></td>
</tr>
<tr class="odd">
<td><p><strong>Minimum password age</strong></p></td>
<td><p>Determines how many days a user must keep their new password before they can change it. This setting is designed to work with the <strong>Enforce password history</strong> setting so that users cannot quickly reset their password 24 times and then change their password back to the old password. It can be set between 0 and 999; if set to 0, then users will be able to immediately change their password right after changing it.</p></td>
<td><p>For most organizations, set to 2 days.</p></td>
</tr>
<tr class="even">
<td><p><strong>Minimum password length</strong></p></td>
<td><p>Determines how short passwords can be. Although computers running Windows 2000, Windows XP, and Windows Server 2003 support passwords up to 128 characters, this setting can only be set between 0 and 14 characters. If it is set to 0, then users are allowed to have blank passwords; this value should never be used.</p></td>
<td><p>Set to 8 characters.</p></td>
</tr>
<tr class="odd">
<td><p><strong>Passwords must meet complexity requirements</strong></p></td>
<td><p>Determines whether or not password complexity is enforced.<br>
When this setting is enabled user passwords will have the following requirements:<br>
</p>
<ul>
<li><p>The password is at least six characters long.</p></li>
<li><p>The password contains characters from three of the following five categories: English uppercase characters (A - Z); English lowercase characters (a - z); base 10 digits (0 - 9); non - alphanumeric (For example: !, $, #, or %); Unicode characters.</p></li>
<li><p>The password does not contain three or more characters from the user's account name. If the account name is less than three characters long then this check is not performed because the rate at which passwords would be rejected would be too high. When checking against the user's full name several characters are treated as delimiters that separate the name into individual tokens: commas, periods, dashes/hyphens, underscores, spaces, pound-signs and tabs. For each token that is three or more characters long, that token is searched for in the password, and if it is present, the password change is rejected. For example, the name "Erin M. Hagens" would be split into three tokens: "Erin," "M," and "Hagens." Since the second token is only one character long it would be ignored. Therefore, this user could not have a password that included either "erin" or "hagens" as a substring anywhere in the password. All of these checks are case insensitive.</p></li>
</ul></td>
<td><p>Enable this setting.</p></td>
</tr>
</tbody>
</table></div>

#### Documenting Your Organization's Password Policy

Next, you need to decide how formal you want to be when documenting your organization's password policy.

At a minimum, write down the settings that will be enforced on the computers in your organization's network.

Some organizations may want to record the policy in a formal policy statement. If you feel that this level of formality is suitable for your organization, you may want to take a look at the links to sample policies that appear in "Related Information" later in this document.

Some organizations may have regulatory requirements for documenting these sorts of corporate policies. If you believe that your organization has regulatory requirements, you ought to have the policy reviewed by your organization's legal counsel before implementing it and communicating it to your users.

### Communicating the Password Policy to Users

Any important policy change needs to be clearly communicated to the people who work at your organization. When changing or implementing password policies, it is extremely important that you clearly explain to the people impacted what you are doing and why.

#### Sample Password Policy for Your Use

The following text is designed for you to copy and distribute to the people you work with. Although it is ready for use as is, you may want to change specific terms to better match your own needs and specific password policy requirements.

You will notice that this sample text does not discuss or recommend the use of ALT key combinations; this is because their use may be too demanding for many users. ALT key combination use is recommended for technically savvy users who have powerful or sensitive accounts, such as administrators.

To organization members:

Weak and blank passwords are one of the easiest ways for attackers to break into your computer and our organization's network. Passwords that are used for years at a time, or passwords that are reused frequently, are also much more likely to be discovered by an attacker.

To increase the protection of your account on the network, you are required to use strong passwords when accessing corporate computer systems. You will be required to change your password periodically, and you will be required to use passwords that do not match your previous passwords.

A strong password is a password that is at least eight characters long and uses characters from three of the five following groups:

- Lowercase letters
- Uppercase letters
- Numbers (for instance, 1, 2, 3)
- Symbols (for instance, @, =, -, and so on)
- Unicode characters

Your passwords will also not be able to contain three or more consecutive letters from your user account name. You will be required to change your password every 42 days, and you will not be able to reuse passwords.

When you change your password, your new password will automatically be checked for complexity and it will be compared to your previous passwords. This may sound like a frustrating situation and you may be tempted to write down your password and paste it to your desk, computer monitor, or some other easily accessed location. However, the moment you do that you are exposing your computer and our entire organization to tremendous risk as anyone could walk up to your computer and log on to the network using your credentials. Therefore, never write down your passwords. Instead, create passwords that are easy to remember.

Below you'll find some more background information about password security as well as specific advice on how to create strong passwords that are easy to remember.

**Using Pass Phrases**

Perhaps it might be easier to think in terms "pass phrases" rather than "passwords." If your computer is running Windows NT 4.0 or earlier, Windows 2000, Windows XP, and Windows Server 2003, passwords up to fifteen or more characters are supported, including spaces. Therefore, "You can try to break this until the cows come home!" is a perfectly valid pass phrase that will be extremely difficult for an attacker to break even using the best password cracking tool around. If your computer is running one of the operating systems mentioned above, try to use a very long pass phrase that includes a mix of uppercase letters, lowercase letters, numbers, and symbols.

Note that you should not actually use the example passwords within this document, although the password discussed above, "You can try to break this until the cows come home " is very long attackers may add it and other sample passwords in this document to their attack tools. These are examples, you should always create your own unique passwords.

**More Password Tips**

The following information provides tips and do's and don'ts for creating and remembering passwords and password phrases.

- **Use more than one word**
Instead of only using the name of someone you know, such as "Allison", choose something about that person no one else knows about, for instance, "AllisonsBear" or "AlliesBear".

- **Use symbols instead of characters**
Many people tend to put the required symbols and numbers at the end of a word they know, for instance, "Allison1234". Unfortunately, this is relatively easy to break. The word "Allison" is in a lot of dictionaries that include common names; once the name is discovered, the attacker has only four more relatively easy characters to guess. Instead, replace one or more of the letters within the word with symbols that you'll easily recall. Many people have their own creative interpretations of what letter some symbols and numbers resemble. For example, try substituting "@" for "A", "!" for "l", a zero (0) for an "O", a `$` for an "S", and a "3" for an "E". With substitutions such as these, "@llis0nbe@r", "A!!isonB3ar", and "A//i$onBear" are all recognizable to you, but they would be extremely difficult to guess or break. Look at the symbols on your keyboard and think of the first character that comes to mind-it might not be what someone else would think of, but you will remember it. Use some of those symbols as substitutions for your passwords from now on.

- **Choose events or people that are on your mind**
To remember a strong password that will have to change in several months, try selecting an upcoming personal or public event. Use this as an opportunity to remind yourself about something pleasant that is going on in your life, or a person whom you admire or love. You won't be likely to forget the password if it is funny or endearing. Make it unique to you. Be sure to make it a phrase of two or more words, and continue to slip in your symbols. For example: "J0hn$Gr@du@tion".

- **Use phonetics in the words**
In general, password dictionaries used by attackers search for words embedded inside your password. As mentioned before, don't hesitate to use the words, but make sure you liberally sprinkle those words with embedded symbols. Another way to trump the attacker is to avoid spelling the words properly, or use funny phonetics that you can remember. For instance, "Run for the hills" could become "R0n4dHiLLs!" or "R0n 4 d Hills!" If your manager's name happens to be Ron, you might even get a chuckle each morning typing this in. If you are a lousy speller, you are ahead of the game already.

- **Don't be afraid to make the password long**
If you remember it better as a full phrase, go ahead and type it in. Longer passwords are much harder to break. And even though it is long, if it is easy for you to remember, you will probably have a lot less trouble getting into your system, even if you aren't the best typist in the world.

- **Use first letters of a phrase**
To create an easy-to-remember and strong password, begin with a properly capitalized and punctuated sentence that is easy for you to remember. For example: "My daughter Kay goes to the International School." Next, take the first letter of each word in your sentence, preserving the capitalization used in the sentence. In the example above "MdKgttIS" would be the result. Finally substitute some non-alphanumeric characters for some of the letters in the password. You might use an "@" to replace an "a" or use an "!" to replace an "L". After one such substitution the example password above would be "MdKgtt!S"-a very difficult password to break, yet a password that is easy for you to remember, as long as you can recall the sentence on which the password is based.

**Do's:**

- Combine letters, symbols, and numbers that are easy for you to remember and hard for someone else to guess.

- Create pronounceable passwords (even if they are not words) that are easier to remember, reducing the temptation to write down your password.

- Try out using the initial letters of a phrase you love, especially if a number or special character is included.

- Take two familiar things, and then wrap them around a number or special character. Alternatively, change the spelling to include a special character. In this manner, you get one unfamiliar thing (which makes a good password because it is easy for you and you alone to remember, but hard for anyone else to discover). Here are a few examples:

    "Phone + 4 + you" = "Phone4you" or "Fone4y0u"

    "cat + * + Mouse" = "cat*Mouse" or "cat*Mou$e"

    "attack + 3 + book" = "attack3booK" or "@tack3booK"

**Don'ts:**

- Don't use personal information such as derivatives of your user ID, names of family members, maiden names, cars, license tags, telephone numbers, pets, birthdays, social security numbers, addresses, or hobbies.

- Don't use any word in any language spelled forward or backward.

- Don't tie passwords to the month, for example, don't use "Mayday" in May.

- Don't create new passwords that are substantially similar to ones you've previously used.

### Implementing the Password Policy in Your Organization

Now that you have specified, documented, and communicated the new password policy, it is time to implement the password policies on your network. For information about enforcing password usage, see ["Password must meet complexity requirements"](https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/hh994562(v=ws.10)?redirectedfrom=MSDN).

### Related Information

For more information about developing a password policy, see the following:

- ["Password Policy"](https://go.microsoft.com/fwlink/?linkid=22205) on the SANS (SysAdmin, Audit, Network, Security) Web site. SANS has advice on creating formal corporate security policies and samples policies.

- ["Sample Generic Policy and High Level Procedures for Passwords and Access Forms"](https://go.microsoft.com/fwlink/?linkid=22206) on the National Institute of Standards (NIST) Web site. NIST has a sample password policy that many government agencies have used as the foundation for developing their own policies.

For more information about password policies, see the following:

- ["Account Passwords and Policies"](https://go.microsoft.com/fwlink/?linkid=22208) on the Microsoft TechNet Web site.

# <b>3.4 File Permissions</b>

|Purpose|PowerShell|Bash|
|-|-|-|
|check ACLs|`icacls <path to folder>`||
||`icacls /?` read on `icacls`||
|check permissions|`icacls 'C:\FolderName'`|`ls -l`|
|**Modifying Permissions**|||
|give permissions|`icacls 'C:\FolderName' /grant 'Everyone:(OI)(CI)(R)'`|`sudo chmod ugo+rwx fname` (change mode)|
|||`sudo chmod 777 fname`|
|withdraw permission|`icacls 'C:\FolderName' /remove 'Everyone:(OI)(CI)(R)'`|`sudo chmod ugo-rwx fname`|
|||`sudo chmod 000 fname`|
|change owner||`sudo chown uname fname`|
|change group||`sudo chgrp uname fname`|

## Windows

**Access Control Lists (ACLs)**
- **Discretionary Access Control Lists (DACLs)** - who can use a file and what they're allowed to do with it,
- **System Access Control Lists (SACLs)** - are used to tell Windows that it should use an event log to make a note of every time someone accesses a file or folder.

- `Read` - lets you see that a file exists and allows you to read its contents. It also lets you read the files and directories in a directory. 
- `Read and execute` - lets you read files and if the file is an executable, you can run the file. `Read and Execute` includes read, so if you select `Read and Execute`, read will automatically be selected. 
- `List folder contents` is an alias for `Read and Execute` on a directory. Checking one will check the other. It means that you can read and execute files in that directory. 
- `Write` lets you make changes to a file. It might be surprising to you, but you can have write access to a file without having read permission to that file. The `Write` permission also lets you create subdirectories and write to files in the directory. 
- `Modify` permission is an umbrella permission that includes `read`, `execute`, and `write`. 
- `Full control` - a user or group with full control can do anything they want to the file. It includes all the permissions of `Modify` and adds the ability to take ownership of a file and change its ACLs. 

Now, when we click on My username, we can see the permissions for Cindy,
Play video starting at :3:23 and follow transcript3:23
which show that I'm allowed all of these access permissions. If we want to see which ACLs are assigned to a file, we can use a utility designed to view and change ACLs called icalcs, or improved change ACLs. Let's take a look at my desktop first. icalcs desktop. Well, that looks useful, but what does it mean? I can see the user accounts that have access to my desktop and I can see that my account is one of them. But what about the rest of this stuff? These letters represent each of the permissions that we talked about before. Let's take a look at the help for icalcs. I bet that'll explain things. icalcs/? There's a description of what each one of these letters means.
Play video starting at :4:24 and follow transcript4:24
The F shows that I have full control of my Desktop folder. icalcs causes full access. We saw this in the GUI earlier as full control. These are the same permission. What are these other letters mean? NTFS permissions can be inherited as we saw from the icalcs help. OI means object inherit, and CI means container inherit. If I create new files or objects inside my desktop folder, they'll inherit this DACL. If I create new directories or containers in my desktop, they'll also inherit this DACL.

### Guest Users

- users who can use computer without a password, they are in the group "Everyone"
- all the users except for the guests are in the "Authenticated Group"

### Supplemental Reading for [Windows ACL](https://learn.microsoft.com/en-us/windows/win32/secauthz/access-control-lists?redirectedfrom=MSDN)

An [access control list](https://learn.microsoft.com/en-us/windows/desktop/SecGloss/a-gly) (ACL) is a list of [access control entries](https://learn.microsoft.com/en-us/windows/win32/secauthz/access-control-entries) (ACE). Each ACE in an ACL identifies a trustee and specifies the [access rights](https://learn.microsoft.com/en-us/windows/win32/secauthz/access-rights-and-access-masks) allowed, denied, or audited for that trustee. The [security descriptor](https://learn.microsoft.com/en-us/windows/win32/secauthz/security-descriptors) for a [securable object](https://learn.microsoft.com/en-us/windows/win32/secauthz/securable-objects) can contain two types of ACLs: a DACL and an SACL.

A [discretionary access control list](https://learn.microsoft.com/en-us/windows/desktop/SecGloss/d-gly) (DACL) identifies the trustees that are allowed or denied access to a securable object. When a [process](https://learn.microsoft.com/en-us/windows/desktop/SecGloss/p-gly) tries to access a securable object, the system checks the ACEs in the object's DACL to determine whether to grant access to it. If the object doesn't have a DACL, the system grants full access to everyone. If the object's DACL has no ACEs, the system denies all attempts to access the object because the DACL doesn't allow any access rights. The system checks the ACEs in sequence until it finds one or more ACEs that allow all the requested access rights, or until any of the requested access rights are denied. For more information, see [How DACLs control access to an object](https://learn.microsoft.com/en-us/windows/win32/secauthz/how-dacls-control-access-to-an-object). For information about how to properly create a DACL, see [Creating a DACL](https://learn.microsoft.com/en-us/windows/desktop/SecBP/creating-a-dacl).

A [system access control list](https://learn.microsoft.com/en-us/windows/desktop/SecGloss/s-gly) (SACL) allows administrators to log attempts to access a secured object. Each ACE specifies the types of access attempts by a specified trustee that cause the system to generate a record in the security event log. An ACE in an SACL can generate audit records when an access attempt fails, when it succeeds, or both. For more information about SACLs, see [Audit generation](https://learn.microsoft.com/en-us/windows/win32/secauthz/audit-generation) and [SACL access right](https://learn.microsoft.com/en-us/windows/win32/secauthz/sacl-access-right).

Don't try to work directly with the contents of an ACL. To ensure that ACLs are semantically correct, use the appropriate functions to create and manipulate ACLs. For more information, see [Getting information from an ACL](https://learn.microsoft.com/en-us/windows/win32/secauthz/getting-information-from-an-acl) and [Creating or modifying an ACL](https://learn.microsoft.com/en-us/windows/win32/secauthz/creating-or-modifying-an-acl).

ACLs also provide access control to Microsoft Active Directory service objects. Active Directory Service Interfaces (ADSI) include routines to create and modify the contents of these ACLs. For more information, see [Controlling object access in Active Directory Domain Services](https://learn.microsoft.com/en-us/windows/desktop/AD/controlling-access-to-objects-in-active-directory-domain-services).

### Supplemental Reading: File and Folder Permissions

Applies To: Windows 7, Windows Server 2008 R2

The following table lists the access limitations for each set of special NTFS permissions.

<div class="has-inner-focus"><table aria-label="Table 1" class="table table-sm">
<colgroup>
<col>
<col>
<col>
<col>
<col>
<col>
<col>
</colgroup>
<thead>
<tr class="header">
<th>Special permissions</th>
<th>Full Control</th>
<th>Modify</th>
<th>Read &amp; Execute</th>
<th>List Folder Contents (folders only)</th>
<th>Read</th>
<th>Write</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td><p>Traverse Folder/Execute File</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
<td><p></p></td>
<td><p></p></td>
</tr>
<tr class="even">
<td><p>List Folder/Read Data</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
<td><p></p></td>
</tr>
<tr class="odd">
<td><p>Read Attributes</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
<td><p></p></td>
</tr>
<tr class="even">
<td><p>Read Extended Attributes</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
<td><p></p></td>
</tr>
<tr class="odd">
<td><p>Create Files/Write Data</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td><p>x</p></td>
</tr>
<tr class="even">
<td><p>Create Folders/Append Data</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td><p>x</p></td>
</tr>
<tr class="odd">
<td><p>Write Attributes</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td><p>x</p></td>
</tr>
<tr class="even">
<td><p>Write Extended Attributes</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td><p>x</p></td>
</tr>
<tr class="odd">
<td><p>Delete Subfolders and Files</p></td>
<td><p>x</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
</tr>
<tr class="even">
<td><p>Delete</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
</tr>
<tr class="odd">
<td><p>Read Permissions</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
</tr>
<tr class="even">
<td><p>Change Permissions</p></td>
<td><p>x</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
</tr>
<tr class="odd">
<td><p>Take Ownership</p></td>
<td><p>x</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
</tr>
<tr class="even">
<td><p>Synchronize</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
<td><p>x</p></td>
</tr>
</tbody>
</table></div>

> Important: Groups or users granted Full Control permission on a folder can delete any files in that folder regardless of the permissions protecting the file.

**Additional considerations**

Although List Folder Contents and Read & Execute appear to have the same special permissions, these permissions are inherited differently. List Folder Contents is inherited by folders but not files, and it should only appear when you view folder permissions. Read & Execute is inherited by both files and folders and is always present when you view file or folder permissions.

In this version of Windows, the Everyone group does not include the Anonymous Logon group by default, so permissions applied to the Everyone group do not affect the Anonymous Logon group.

Additional references: [Managing Permissions](https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732880(v=ws.11)?redirectedfrom=MSDN)

## Linux

### `chmod`

`chmod ugo+rwx fname`:
- `u`ser 
- `g`roup
- `o`ther users<br>
<br>
- `r`ead or `4`
- `w`rite or `2`
- e`x`ecute or `1`
- `-` disabled

You can also write like this:

`chmod 754 fname`:
- 7 is 4+2+1 for user
- 5 is 4+1 for group
- 1 is 1 for other users<br>
<br>
- `s`etUID or `4`
- `g` setGID or `2`
- s`t`icky bit or `1`

### View permissions

In [3]:
ls -l

total 524
-rw-r--r-- 1 commi commi      0 Aug 26 02:27 Administrative
-rw-r--r-- 1 commi commi 423827 Aug 26 13:38 C2_The_Bits_and_Bytes_of_Computer_Networking.ipynb
-rw-r--r-- 1 commi commi 100600 Aug 30 00:59 C3_Operating_Systems_and_You.ipynb
drwxr-xr-x 3 commi commi   4096 Aug 26 02:27 [0m[01;34mdata[0m
drwxr-xr-x 2 commi commi   4096 Aug 26 14:39 [01;34mmaterials[0m


`-rw-r--r-- 1 commi commi      0 Aug 26 02:27 Administrative`

- `-` means "a regular file"
- `d` means "directory"

Then groups by three:

- `rw-` permission of the USER (`commi`)
- `r--` permission of the GROUP (`commi`)
- `r--` permission of all OTHER users

### SetUID, SetGID, Sticky Bit

#### SetUID

Changing root rights for users without giving them sudo rights.

```bash
sudo useradd example
sudo passwd example
ls -l /etc/shadow
```

`-rw-r----- 1 root shadow 1180 Aug 31 21:05 /etc/shadow`

So this file with the password is owned by root.

SetUID enables files to be run by the permissions of the owner of the file. In this case, when you run the password command, it's being run as root:

```bash
ls -l /usr/bin/passwd
```

`-rwsr-xr-x 1 root root 68248 Mar 23 17:40 /usr/bin/passwd`

Here `s` stands for `SetUID`. When the `s` is substituted where a regular bit would be, it allows us to run the file with the permissions of the owner of the file. To enable the `setuid` bit, you can do it symbolically (`s`) or numerically (`4`):

```bash
cd /tmp/
touch file1.txt
sudo chmod u+s file1.txt
ls -l file1.txt
```
`-rwSr--r-- 1 commi commi     0 Sep 14 16:16 file1.txt`

```bash
# or
sudo chmod 4755 file1.txt
ls -l file1.txt
```
`-rwsr--r-- 1 commi commi     0 Sep 14 16:16 file1.txt`

#### SetGID

In [1]:
ls -l /usr/bin/wall

-rwxr-sr-x 1 root tty 39224 Mar 23 15:02 [0m[30;43m/usr/bin/wall[0m


`tty` means the root in the tty group. 


```bash
sudo chmod g+s file1.txt
ls -l | grep file1.txt
```
`-rwsr-Sr-- 1 commi commi     0 Sep 14 16:16 file1.txt`

```bash
or
sudo chmod 2744 file1.txt
ls -l | grep file1.txt
```
`-rwxr-sr-x 1 commi commi     0 Sep 14 16:16 file1.txt`

#### `sticky bit`

stick a file or a folder down so anyone can write to it but they cannot delete anything, this can be done only by owner or root user.

Let's take a look at `/tmp` folder permissions:

```bash
ls -ld /tmp
```
`drwxrwxrwt 16 root root 20480 Sep 14 16:38 /tmp`

`t` at the end means that everyone can add and modify files in that directory but only root or the owner can delete the directory.

Let's create a folder and change its permissions to `t`.

```bash
mkdir folder1
ls -ld folder1
```
`drwxr-xr-x 2 commi commi 4096 Sep 14 16:46 folder1/`


```bash
sudo chmod +t folder1
ls -ld folder1
```
`drwxr-xr-t 2 commi commi 4096 Sep 14 16:46 folder1/`

```bash
or
sudo chmod 1744 folder1
ls -ld folder1
```
`drwxr--r-T 2 commi commi 4096 Sep 14 16:46 folder1/`

# <b>3.5 Software Distribution</b>

# 3.5.1 Software

## Windows

### Windows Software Packages

Developers have different ways to package software using software compiling tools. In Windows, software is usually packaged as a .exe (executable file). Windows software can be sourced from the Microsoft Store or downloaded directly and installed in several ways. This reading covers the most common methods software packages are installed on Windows OS.

#### Installation Package

Installation packages contain all the information the Windows Installer needs to install software on a computer. The packages include a `.msi` file (Microsoft install file) which contains an installation database, summary information, and data streams for each part of the installation. The `.msi` file may also include internal source files and external source files needed for the installation. Windows Installer uses the information contained in the `.msi` file to install, maintain, and remove programs on Windows. 

**Portable Executable**

These `.msi` files are contained within a portable executable (`PE`), which is a format specific to Windows. The file type extension for a PE is `.exe`. Although these PEs commonly include instructions for the computer to run, such as the `.msi` files, they may also have images that the program may run or computer code.

#### Self-extracting Executable

While it is common to install software using the Windows Installer, it is helpful for you to know how to install software using the command line.

Self-extractor packages are executable files (`.exe`) that are run in the Windows interface by clicking on them or running from the command line. Software installed by an IT professional onto an end user’s computer will likely use this format. Software installation package, update package, or hotfix package created with the Microsoft Self-Extractor, can be executed using the following command lines: 

`/extract:[path]`: Extracts the content of the package to the path folder. If a path isn’t specified, then a Browse dialog box appears.

`/log:[path to log file]`: Enables verbose logging (more detailed information recorded in the log file) for the update installation.

`/lang:lcid`: Sets the user interface to the specified locale when multiple locales are available in the package.

`/quiet`: Runs the package in silent mode.

`/passive`: Runs the update without any interaction from the user.

`/norestart`: Prevents prompting of the user when a restart of the computer is needed.

`/forcerestart`: Forces a restart of the computer as soon as the update is finished.

You can always type `/?`, `/h`, or `/help` from the command line to view these options. 

#### App Packager

The app packager used in the **Windows Software Development Kit (SDK)** and **Microsoft Visual Studio** includes a program called **MakeAppx.exe**. MakeAppx.exe is a tool that creates an app package from files on disk or extracts the files from an app package to disk. For Windows 8.1 and higher, this program can also create and extract app package bundles. This tool is primarily used by software developers.

#### Microsoft Store

The Microsoft Store, included in the Windows OS, is the primary source for apps, games, and videos in Windows. The Microsoft Store only contains apps and programs certified for compatibility and curated for content. Software installed through the Microsoft store is automatically updated by default. Some organizations may disable the Microsoft store on user computers to limit users’ ability to install new applications without authorization. 

While the Microsoft Store is a convenient and popular way to get programs on Windows, some software can also be downloaded directly from developers.

#### Key takeaways

Windows has many different ways to distribute, install, uninstall, and update programs and code on a computer. Depending on the organization, IT might use any of these installation options regularly.

- Installation packages contain all the information the Windows Installer needs to install software on a computer.

- While it is common to install software using the Windows Installer, it is helpful for you to know how to install software using the command line.

- The Windows Software Development Kit (SDK) and Microsoft Visual Studio include a program called MakeAppx.exe. MakeAppx.exe is a tool that creates an app package from files on disk or extracts the files from an app package to disk.

- Microsoft Store is a digital distribution storefront for apps, games, and other media.

**Resources for more information**

- Installation Package: 
https://docs.microsoft.com/en-us/windows/win32/msi/installation-package

- App packager (MakeAppx.exe): 
https://docs.microsoft.com/en-us/windows/win32/appxpkg/make-appx-package--makeappx-exe-

- Portable Executables: 
https://docs.microsoft.com/en-us/windows/win32/debug/pe-format

- Self-extractor: 
https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/command-switches-supported-by-self-extractor-package

## Mobile

### Mobile App Distribution

You are likely familiar with using either the Apple App Store or Google Play store to download and install apps on your smartphone. As an IT Support professional, you may need to deploy mobile apps across large organizations. In this reading, you will learn more about how mobile apps are distributed both publicly and privately for iOS and Android. 

#### Apple

Apple’s App Store provides apps to millions of mobile devices around the world, including the iPhone, iPad, and Apple Watch. Apple’s App Store Connect allows developers and organizations to distribute both public and private apps, provided that the app passes an intensive review process to meet Apple’s quality standards. App Store Connect also allows developers and organizations to set individualized prices for the apps, enter banking information to accept payments for apps or in-app purchases, schedule beta testing, and more. Apple recommends that developers use the Xcode integrated development environment (IDE) or Ad Hoc for developing iOS, iPadOS, and watchOS apps.

**Apple’s App Store**

Apple’s public App Store is a marketplace that reaches millions of Apple mobile device users across the world. The App Store offers developers unlimited bandwidth for hosting, handles payment processing, verifies users, etc. Developers must first register through the Apple Developer Program if they wish to distribute apps through the App Store. The Apple Developer Program offers resources, tools, and support for app development, including testing tools, beta software, analytics, etc. Apple has a long and detailed list of guidelines for all apps that developers and organizations must follow. The guidelines include rules for safety, third-party software development kits (SDKs), ad networks, trademarks and copyrights, and much more. Additionally, submitted apps cannot be copies of other developers’ products, nor can they be designed to steal users’ data. Though the Apple Store Connect review process is rigorous, the platform also provides an appeals process for rejected apps.

**Custom Apple apps**

Organizations may opt to create private customized apps to meet specific and unique organizational needs. These custom apps may be designed for the organization’s students, employees, clients, partners, franchisees, etc. Organizations can choose to offer the apps for free, for a price, or through special redemption codes. They also have the option to automatically distribute and configure apps to large numbers of registered devices using Mobile Device Management (MDM).  

Apple offers a couple of options for private and secure customized app distribution:

Apple School Manager - For educational institutions, provides the option to distribute proprietary apps for internal use and to purchase other apps in large volumes, often with educator discounts. Common apps in Apple School Manager might include those for course registration or digital textbook access. Apple School Manager also offers educational institutions the ability to create accounts for students and staff, as well as to setup automatic device enrollment.

Apple Business Manager - For businesses, offers similar features as the Apple School Manager including the distribution and purchase of private apps, as well as the automatic deployment of apps to the business’ mobile devices. As an IT Support professional, you might want to volume purchase mobile virus protection and automatically deploy the app across your business’ mobile devices. An organization can set private audience groups in App Store Connect. The audience groups will be able to see and download the organization’s custom apps through the Apps and Books or Content sections of the Apple School and Apple Business Managers. 

**Outside official Apple distribution channels**

Some developers and organizations might not want to use an Apple platform for app distribution. As an alternative, they have the option to distribute Apple “trusted developer” apps from websites or private file shares using their Apple Developer ID certificate and Apple’s notarization process.

#### Android mobile apps

Google makes considerable investments into Android development, the Google Play platform, services, tools, and marketing to support developers and organizations who choose Google Play to deploy Android apps. Android Studio is the official Android integrated development environment (IDE) for developing Android apps. Android Studio is used to compile Android Package Kit (APK) files, and the Android App Bundle is used to publish apps to Google Play. The Android App Bundle enables Google Play to automatically generate the APK files for a variety of devices and provide app signing keys. This service is a significant time saver for developers and it ensures Google Play apps will work on most Android devices. 

**Google Play Store**

Google Play revenue makes it possible for Google to offer the open Android operating system for free to device manufacturers in order to promote growth and innovation. This business model has driven Android adoption across 24,000+ device models with billions of Android mobile device users around the world. The Google Play store hosts 2 million apps and games with 140+ billion downloads per year, and growing. Google also keeps consumers safe with Google Play’s built-in protections, which require developers to adhere to high safety standards.

To distribute an app publicly through the Google Play Store, a developer will: 

1. Create a Google Play developer account.
1. Use the Google Play Console to Create App.
    - Provide preliminary information about the app.
    - Review and agree to the Developer Program Policies, Terms of Service, and documentation about export laws (where applicable).
1. Use the app’s Dashboard for guidance through the app publishing process:
    - Google Play Store listing
    - Pre-release management
    - Prepare a release
    - Testing
    - Submit app and declarations for review by Google
    - Promotion/pre-registration
    - Publish app (upon review approval) 

**Custom Android Apps**

Large organizations, or Enterprise customers, can use “managed Google Play” as a distribution tool for deploying apps to employees. Enterprise customers operate their own Google Play store to host their apps publicly and/or privately. They can grant access to select users or user groups to view and download private apps. 

Google Play Custom App Publishing API is an Application Programming Interface from Google that enables developers and organizations to create and publish private custom apps. Apps that are published through Google Play Custom App Publishing API cannot be converted to public apps. The apps will remain private permanently. Google offers a streamlined verification process for private custom apps. These apps can be available to an organization for deployment in as little as 5 minutes after verification. 

Google Play Custom App Publishing API can be used by:
- Enterprise mobility management providers (EMMs)
- Third-party app developers
- Organizations/developers that want their enterprise clients to be able to distribute private/custom apps from an EMM console, IDE, or other interface.

Enterprise customers can publish apps by: 
1. Enabling the Google Play Custom App Publishing API.
1. Creating a service account.
1. Granting publishing permission to the service account on the organization’s Play Console developer account.

Using Google Play within an organization, IT Support administrators should:
1. Use their organization’s managed version of Google Play to select and approve apps.
1. Ensure all employee Android devices are set up to use the organization’s managed Google Play account.
1. Use the organization’s Enterprise Mobility Manager (EMM) to manage employee Android devices and deploy selected apps to employees’ Android devices.

For Android devices that are owned by employees (BYODs) and not registered with the organization’s EMM: 
1. Consider Google’s recommendation to create a work profile on each device.. 
1. Show employees how to use their work profile to access the organization’s managed Google Play account. 
1. Demonstrate that employees can then view and install any of the administrator selected and approved apps. 

**Outside official Google distribution channels**

Google’s open platform policies includes allowing competitors to innovate in developing app stores. Some alternative app stores that distribute Android apps include:

- APKMirror
- Aurora Store
- Aptoide
- Amazon Appstore
- F-Droid
- Uptodown
- SlideMe
- APKPure
- Galaxy Store
- Yalp Store

Please see Fossbytes [“10 Best Google Play Store Alternatives: Websites And Apps”](https://fossbytes.com/10-google-play-store-alternatives/) for more information about each Android app store in the list above.

**Resources for more information**

- [App Store Review Guidelines](https://developer.apple.com/app-store/review/guidelines/) - Apple’s comprehensive list of guidelines developers must follow for designing and submitting apps to the Apple App Store. 

- [Distributing custom apps for business](https://developer.apple.com/business/custom-apps/) - Apple’s guide to publishing custom apps.

- [About Android App Bundles](https://developer.android.com/guide/app-bundle) - Android developer’s guide to using Android App Bundles to develop and publish apps on Google Play. 

- [Get started with custom app publishing](https://developers.google.com/android/work/play/custom-app-api/get-started) - Google’s guide to publishing custom apps.

### Mobile App Packages: App Updates

In this reading, you will learn about updating apps on mobile devices. IT Support professionals use this skill for the maintenance and troubleshooting of mobile devices. It is a best practice to keep apps updated for security purposes and to avoid any problems that affect outdated apps.  

#### Android mobile apps

It is important to note that Android is an open operating system (OS). This means mobile device manufacturers and cellular service providers can modify the Android OS to enhance, control, or restrict elements of the OS. These modifications can include how system settings are accessed. If an Android device’s Storage settings cannot be located easily, it is best to consult the device manufacturer’s manual. Mobile device manuals can often be found online.

Instructions for most Android phones and tablets (note that instructions may vary by OS version; Android 12 was used for these instructions):

**Automatic updates**

- Open the Google Play Store app.
- At the top right, tap the profile icon.
- Select Settings. 
- Open the sub-menu for Network preferences. 
- Select an option:
    - App download preference Over any network - to update apps using either Wi-Fi or mobile data (data usage charges may apply, depending on cellular plan).
    - Auto-update apps Over Wi-Fi only - to update apps only when connected to Wi-Fi.

Troubleshooting note: If the user is not logged in to their Google account on the Android device, apps may not update automatically.

**Manual updates**

- If automatic updates are toggled on, repeat steps 1 to 5 for the “Automatic updates” instructions listed above. However, for step 5, select Don’t auto-update apps.
- Open the Google Play Store app.
- At the top right, tap the profile icon.
- Select Manage apps & device. 
- In the Update available section, select See details.
- Select individual software to Update.

**Apple mobile devices**

**Automatic updates**

Apple’s iPhones and iPads are configured by default to automatically update apps stored on these devices. However, as an IT Support specialist, you may encounter a variety of reasons why automatic updates were disabled for a device, but need to be enabled again. The instructions to turn on automatic updates for installed apps may vary by OS version. Please see Apple’s website to view instructions for the specific OS version in use. 

**Manual updates**

Some IT departments have policies to test all updates before allowing the updates to be applied across the organization’s devices. In this case, you may need to configure the organization’s Apple mobile devices to use manual updates for apps. Turning on manual updates will involve turning off automatic updates. This step enables notifications to display each time an update becomes available for an app installed on the device. 

**Instructions for app updates**

The instructions for configuring automatic and manual updates for installed apps may vary by OS version. Please see the “Resources for more information” section below for links to Apple’s Support website to obtain detailed instructions. 

**Resources for more information**

For more information about updating apps on mobile devices, please visit:

- [How to manually update apps on your Apple device](https://support.apple.com/en-us/HT202180) - Instructions for configuring both manual updates and automatic updates for apps on Apple mobile devices.

- [Manage software updates for Apple devices](https://support.apple.com/guide/deployment/manage-software-updates-depc4c80847a/web) - Advanced administrative information for managing software updates for Apple mobile devices. Centered on devices enrolled in mobile device management (MDM) solutions.

- [How to update the Play Store & apps on Android](https://support.google.com/googleplay/answer/113412?hl=en) - Provides step-by-step instructions on multiple options for updating Android apps.

## Linux

### `tar` archives

`tar option(s) archive_name file_name(s)`

|Purpose|Bash|
|-|-|
|**Compression**|`-c`|
|archive files without compression|`tar -czvf file.tar file1 file2 file3`|
|"next come string" (i.e. name of the archive)|`-f`|
|verbose|`-v`|
|bzip2|`-j`|
|gzip|`-z`|
|compress|`-Z`|
|**Extract**|`x`|
||`tar -xjvf files.tar.bz2`|
|**Other**||
|add files|`tar -rf file.tar file7`|
|delete files|`tar -f file.tar --delete file1 file2`|
|list the contents of an uncompressed archive|`tar -tf file.tar`|

[Source](https://www.linfo.org/tar.html)

# 3.5.2 Packages

## DLL Files and Windows Package Dependencies

In this reading, you will learn about **dynamic link library (DLL)** files. This information includes how Windows package dependencies can break and how Microsoft has remedied these DLL dependency problems using the `.NET` framework and other methods. You will also learn about the side-by-side assemblies and manifest files for Windows applications. 

**Dynamic link library (DLL)**

Windows DLL files are vital to the core functions of the Windows operating system (OS). Some Windows-compatible applications also use DLL files to function. DLLs are made up of programming modules that contain reusable code. Multiple applications can use and reuse the same DLL files. For example, the `Comdlg32` DLL file is used by many applications to provide Windows dialog box functions. The reusable feature helps Windows conserve disk space and use RAM more efficiently, which improves the operating speed of the OS and applications. The modular structure also makes updating a DLL file fast and simple, eliminating the need to update the entire library. DLL updates are installed once for use by any number of applications. 

A few common DLLs used by Windows include:
- `.drv` files - Device drivers manage the operation of physical devices such as printers.
- `.ocx` files - Active X controls provide controls like the program object for selecting a date from a calendar.
- `.cpl` files - Control panel files manage each of the functions found in the Windows Control Panel. 

An application can use DLLs to load parts of the app as modules. This means that if the application offers multiple functions, the app can selectively load only the modules that offer the functionality requested by the user. For example, if a user does not access the Print function within an application, then the printer driver DLL file does not need to be loaded into memory. This system requires less RAM to hold the application in working memory, which improves operating speeds.   

**DLL dependencies**

A Windows package dependency is created when an application uses a DLL file. Although the Windows DLL system supports the sharing of DLL files by multiple applications, the applications’ dependencies can be broken under certain circumstances.  

DLL dependencies can be broken when: 
- **Overwriting DLL dependencies** - It is possible for an application to overwrite the DLL dependency of another app, causing the other app to fail. 
- **Deleting DLL files** - Some applications and malware may delete the DLLs needed by other applications installed on a system. 
- **Applying upgrades or fixes to DLLs** - Can cause a problem called “DLL hell” where an application installs a new version of the shared DLL for a computer system. However, other applications that are dependent on the shared DLL have not yet been updated to be compatible with the new version of the DLL. This causes the other applications to fail when the end user tries to launch them.  
- **Rolling-back to previous DLL versions** - A user may try to reinstall an older application that stopped working after a shared DLL file was upgraded by a newer app. However, the reinstallation of the app that uses the old DLL version can overwrite the new DLL file. This DLL version roll-back can cause the newer app with the shared DLL dependency to fail the next time it tries to run.  

Microsoft has remedied these problems through the use of:
- **Windows File Protection** - The Windows OS controls the updates and deletions of system DLL files. Windows File Protection will allow only applications with valid digital signatures to update and delete DLL files.  
- **Private DLLs** - Removes the sharing option from DLLs by creating a private version of the DLL and storing it in the application’s root folder. Changes to the shared version of the DLL will not affect the application’s private copy. 
- **.NET Framework assembly versioning** - Resolves the “DLL hell” problem by allowing an application to add an updated version of a DLL file without removing the older version of the DLL file. This prevents the malfunction of applications that have dependencies on the older DLL file. The DLL versions can be found in the "`C:\Windows\assembly`" path and are placed in the **Global Assembly Cache (GAC)**. The GAC contains the .NET “Strong Name Assembly” of each DLL file version. This “Strong Name Assembly” includes the: 
    - **name of the assembly** - multiple DLL files can share the assembly name 
    - **version number** - differentiates the version of DLLs 
    - **culture** - country or region where the application is deployed, can be “neutral”
    - **public key token** - a unique 16-character key assigned to an assembly when it is built

**Side-by-side assemblies**

DLLs and dependencies can also be located in side-by-side assemblies. A **side-by-side assembly** is a public or private resource collection that is available to applications during run time. Side-by-side assemblies contain XML files called **manifests**. The manifests contain data similar to the configuration settings and other data that applications traditionally stored in the Windows registry. Instead of registering this data in the Windows registry, the applications store shared side-by-side assembly manifests in the **WinSxS** folder of the computer. Private manifests are stored inside the application’s folder or they can be embedded in an application or assembly. The metadata of a manifest may include: 
- **Names** - Manages file naming.
- **Resource collections** - Can include one or more DLLs, COM servers, Windows classes, interfaces, and/or type libraries.
- **Classes** - Included if versioning is used.
- **Dependencies** - Applications and assemblies can create dependencies to other side-by-side assemblies.

As an IT Support professional, this concept should be considered when troubleshooting application issues. If the application’s configuration settings are not found in the Windows registry, they might be located in the manifest from the app’s side-by-side assembly.

## Linux Package Dependencies

In this reading, you will review how to install and manage Debian packages in Linux using the `dpkg` command. This skill may be helpful to IT Support professionals that work with Linux systems like Debian or Ubuntu. 

The following is a list of terms used in this reading:

- **Debian**: One of many free Linux operating systems (OSes), used as the foundation for other OSes, like Ubuntu. 

- **Linux packages**: A compressed software archive file that contains the files needed for a software application. These files can include binary executables, a software libraries, configuration files, package dependencies, command line utilities, and/or application(s) with a graphical user interface (GUI). A Linux package can also be an OS update. Linux OS installations normally come with thousands of packages. Common Linux package types include: 

    - `.deb` - Debian packages

    - `.rpm` - Redhat packages

    - `.tgz` - TAR archive file 

- **Linux repository**: Storage space on a remote server that hosts thousands of Linux packages. Repositories must be added to a Linux system in order for the system to search and download packages from the repository. 

- **Stand alone package**: A package that does not require any dependencies. All files required to install and run the package on a Linux system are contained inside a single package.

- **Package dependency**: A package that other Linux packages depend upon to function properly. Often, packages do not include the dependencies required to install the software they contain. Instead, package manifests list the external dependencies needed by the package. 

- **Package manager**: A tool on Linux systems used for installing, managing, and removing Linux packages. Package managers can also read package manifests to determine if any dependencies are needed. The package manager then finds and downloads the dependency packages before installing the packaged software. Several common Linux Package Managers include:

    - For Debian and Debian-based systems, like Ubuntu:
        - `dpkg` - Debian Package Manager
        - `APT` - Advanced Package Tool, uses dpkg commands
        - `aptitude` - user-friendly package manager <br>
        <br>
    - RedHat and RedHat-based systems, like CentOS: 
        - `rpm` - RedHat Package Manager
        - `yum` - Yellowdog Updater Modified, comes with RedHat
        - `dnf` - Dandified Yum

### The `dpkg` command

The Linux dpkg command is used to build, install, manage, and remove packages in Debian or Debian-based systems. 

**Syntax**

The following are a few common `dpkg` command action parameters, with syntax and uses: 
|||
|-|-|
|To install a package: |`$ sudo dpkg --install packagename`|
|To update a package saved locally: |`$ sudo dpkg --update-avail packagename`|
|To remove a package: |`$ sudo dpkg --remove packagename`|
|To purge a package, which removes the package and all files belonging to the package: |`$ sudo dpkg --purge packagename`|
|To get a list of packages installed: |`$ sudo dpkg --list`|
|To get a list of all files belonging to or associated with a package: |`$ sudo dpkg --listfiles packagename`|
|To list the contents of a new package: |`$ sudo dpkg -contents packagename`|

When an action parameter is added to the `dpkg` command, one of the following two commands are run in the background:

- **dpkg-deb**: A back-end tool for manipulating .deb files. The dpkg-deb tool provides information about .deb files, and can pack and unpack their contents.

- **dpkg-query**: A back-end tool for querying .deb files for information.

### Additional Debian package managers

There are several alternate methods for managing Debian packages. Some have command-line interfaces (CLI) while others have GUIs. The alternative options to `dpkg` include:

- **APT (Advanced Packaging Tool)** - A powerful package manager designed to be a front-end for the `dpkg` command. APT installs and updates dependencies required for proper .deb package installation. 

- **Synaptic Package Manager** – A popular GTK (GNU Image Manipulation Program ToolKit) widget with a GUI. Provides an array of package management features.

- **Ubuntu Software Center** – A GTK GUI developed by Ubuntu and integrated into the Ubuntu OS.

- **aptitude** – A user-friendly front-end for APT, with a menu-driven console and a CLI.

- **KPackage** – A part of KDE (Kool Desktop Environment) used to install and load packages that do not contain binary content. Non-binary content includes graphics and scripted extensions. 

# 3.5.3 Device Software Management

## Linux Devices and Drivers

In this reading, you will learn how devices and drivers are managed in Linux. Previously, you learned that in Linux, devices attached to the computer are recognized by the operating system as **device files**. Devices are located in the `/dev` directory in Linux. A few examples of devices you may find in the `/dev` directory include:

- `/dev/sda` - First SCSI drive
- `/dev/sr0` - First optical disk drive 
- `/dev/usb` - USB device
- `/dev/usbhid` - USB mouse
- `/dev/usb/lp0` - USB printer
- `/dev/null` - discard

Some of the Linux device categories include:

- **Block devices**: Devices that can hold data, such as hard drives, USB drives, and filesystems.

- **Character devices**: Devices that input or output data one character at a time, such as keyboards, monitors, and printers. 

- **Pipe devices**: Similar to character devices. However, pipe devices send output to a process running on the Linux machine instead of a monitor or printer.

- **Socket devices**: Similar to pipe devices. However, socket devices help multiple processes communicate with each other.

### Installing a device in Linux

There are hundreds of versions of Linux available due to the fact that Linux is an open source operating system. The methods for installing devices on Linux can vary from version to version. The instructions in this section provide various options for installing a printer and its device drivers on a Red Hat 9 Linux system running the GNOME user interface. 

**Device autodetect with udev**

**Udev** is a device manager that automatically creates and removes device files in Linux when the associated devices are connected and disconnected. Udev has a daemon running in Linux that listens for kernel messages about devices connecting and disconnecting to the machine. 

**Installation through a user interface - GNOME**

There are multiple user interfaces available for Linux. These instructions are specifically for the GNOME user interface. 

- In the GNOME user interface, open the `Settings` menu.

- On the left-side menu, select `Printers`.

- Click the `Unlock` button in the top right corner to change the system settings. Note that your user account must have superuser, sudo, or printadmin privileges to unlock the system settings for printers. 

- A dialog box will open showing a list of available printers. If your network has a large number of printers, you can search for the printer by IP address or host name. 

- Select the printer you want to install on the local system and click `Add`.

- The printer listing will appear in the `Settings` window for the Printers. 

- In the top right corner of the printer listing, click the `Printer Settings` icon and select `Printer Details` from the pop-up menu. 

- The details of the printer will open in a new window. You should have three options for installing the printer driver:

    - **Search for Drivers**: The GNOME Control Center will automatically search for the driver in driver repositories using PackageKit.

    - **Select from Database**: Manually select a driver from any databases installed on the Linux system.

    - **Install PPD File**: Manually select from a list of postscript printer description (PPD) files, which may be used as printer drivers.

**Installation through the command line**

Red Hat Linux uses the **Common Unix Printing System (CUPS)** to manage printers from the command line. CUPS servers broadcast to clients for automatic printer installation on Linux machines. However, for network environments with multiple printers, it may be preferable to manually install specific printers through the command line. 

- From the command-line, enter `$ lpadmin -p printername -m driverfilename.ppd` 

    - `Lpadmin` is the printer administrator command.

    - The `-p printername` command adds or modifies the named printer. 

    - The `-m driverfilename.ppd` command installs the postscript printer description (PPD) driver filename that you provide. The file should be stored in the `/usr/share/cups/model/` directory.

    - Enter $ man lpadmin to open the manual for the lpadmin command to find additional command line options.

### How to check if a device is installed

There are a couple of methods for checking if a device is already installed on a Linux machine:

**Through a user interface like GNOME**

1. In the GNOME user interface, open the Settings menu.

1. Browse each device set on the left-side menu. 

1. The attached devices of the selected device type will appear in the window pane on the right.

**Through the command line**

The most common way to check if a device is installed is to use the “ls” (lowercase L and S) command, which means “list”. 

- `$ ls /dev` - Lists all devices in the /dev folder

- `$ lscpci` - Lists devices installed on the PCI bus

- `$ lsusb` - Lists devices installed on the USB bus

- `$ lsscsi` - Lists SCSI devices, such as hard drives

- `$ lpstat -p` - Lists all printers and whether they are enabled

- `$ dmesg` - Lists devices recognized by the kernel

## Linux Update

Linux is a free, open-source operating system used on a wide variety of computing systems, such as embedded devices, mobile devices including its use in the Android operating system, personal computers, servers, mainframes, and supercomputers. The Linux kernel is the core interface between a device’s hardware and the rest of its processes. The kernel controls all the major functions of hardware running the Linux operating system. To keep the core operating system up to date with current security patches, new features, and bug patches, you need to update the Linux kernel. This reading covers how the Linux kernel functions and how to update Ubuntu, the most common Linux distribution. 

### Linux kernel

The Linux kernel is the main component of a Linux operating system (OS). The kernel is software located in the memory that tells the central processing unit (CPU) what to do. The Linux kernel is like a personal assistant for the hardware that relays messages and requests from users to the hardware. 

The kernel has four main jobs:

- Memory management tracks how much memory is being used by what and where it is stored. 
- Process management determines which processes can use the central processing unit (CPU), when, and for how long.
- Device drivers act as an interpreter between the hardware and processes.
- System calls and security receives requests for service from the processes.

To ensure that Linux distribution is running the most current version of the operating system, you will need to update it regularly. 

### Updating Ubuntu Linux distribution

A Linux distribution is an operating system (OS) that includes the Linux kernel and usually a package management system. There are almost one thousand Linux distributions, and each distribution has a slightly different way of updating.

The Ubuntu distribution is one of the most popular since it is easy to use. There are two ways to update the Ubuntu distribution:

- **Update Manager** is a graphical user interface (GUI) that is nearly 100% automated. When updates are available, it will open on your desktop and prompt you to complete the updates. It checks for security updates daily and nonsecurity updates weekly. You can also choose to check for updates manually.

- **Apt** is the Ubuntu package management system that uses command line tools to update a Ubuntu distribution. Apt does not check for updates automatically, you must manually run it to check for updates. You can use the following commands to check for updates and upgrade:

    - `apt-get update` To update with apt, open the terminal and use the command apt-get update. This command prompts you to enter your password, then it updates the list of system packages. 

    - `apt-get upgrade` Once the package list is up to date, use the command apt-get upgrade to actually download and install all updated versions for the packages in the list.

### Key Takeaways

- Linux is a free open-source operating system used on a wide variety of computing systems.  

- The kernel is a part of the operating system of Linux and runs communications between the computer’s hardware and its processes. 

- Unbuntu is the most popular distribution because it is easy to use and update with the update manager or the command sudo apt-get upgrade.

- As improvements to the processes are released, Linux needs to be updated to ensure the kernel communicates the right information to the hardware about the process. 

**Resources for more information**

For more information on updating various distributions of Linux, visit this [Linux Foundation article](https://www.linuxfoundation.org/blog/classic-sysadmin-linux-101-updating-your-system/). 

For more complete command information for using apt in Ubuntu, visit [Ubuntu’s guide here](https://manpages.ubuntu.com/manpages/bionic/en/man8/apt.8.html).

# <b>3.6 File System Types</b>

|Purpose|PowerShell|Bash|
|-|-|-|
|list disks|`DiskPart` -> `list disk`|`lsblk \| grep disk`|
|list disks and partitions||`sudo parted -l` (`quit`)|
|||`sudo parted /dev/sdX` -> `print`|
|create mbr or gpt partition table||`sudo parted /dev/sdX` -> `mklabel gpt`|
|create a partition|`DiskPart` -> `select disk X` -> `create partition primary` -> `select partition 1` -> active|(parted) `mkpart primary ext4 <start of disk> <end of disk>`|
|format disk|`(DiskPart) clean` -> `format FS=NTFS label=<name> quick`|`sudo mkfs -t ext4 /dev/sdX`|
|mount a new drive||`sudo parted mount /dev/sdX <name_of_partition>`|
|unmount a drive||`sudo umount /dev/sdX`|
|show static info about fsystem||`cat /etc/fstab`|
|check uuid (universally unique id) of partitions||`sudo blkid`|
|**Links**|||
|symbolik links|`mklink <symlink_name> <fname>`||
|soft links||`ln -s <fname> <linkname>`|
|hard links |`mklink /H <symlink_name> <fname>`|`ln <fname> <linkname>`|
|**Disk usage**|[Disk Usage utility](https://learn.microsoft.com/en-us/sysinternals/downloads/du)||
|disk usage in a directory||`du -h`|
|free space in a directory||`df -h`|
|**Disk repairing**|||
||`fsutil repair query C:`|`sudo fscheck /dev/sdX` (can damage a file system)|
|check and repair bad sectors|`chkdisk /F D:`||

Beware of using kilobytes and kibibytes. In data storage terminology **1024 bytes are called kibibytes**, not kilobytes as in other IT fields.

<div><div class="reading-title css-1hxq2bi"><h2 class="cds-108 css-1diqjn6 cds-110" tabindex="-1">Supplemental reading Mounting and Unmounting a Filesystem in Linux</h2><div class="css-1kuhxiq"></div></div><div class="rc-CML" dir="auto"><div><div data-track="true" data-track-app="open_course_home" data-track-page="item_layout" data-track-action="click" data-track-component="cml" role="presentation"><div data-track="true" data-track-app="open_course_home" data-track-page="item_layout" data-track-action="click" data-track-component="cml_link"><div data-testid="cml-viewer" class="css-1kgqbsw"><p>In this reading, you will learn how to mount and unmount file systems in Linux using the </span></span><span><strong><span>fstab</span></strong></span><span><span> table. IT Support professionals who work with Linux systems should know how to mount and unmount file systems both manually and automatically. This skill is often used when configuring Linux servers and other Linux systems to connect to network file systems.&nbsp;&nbsp;&nbsp;</span></span></p><h3 data-heading-variant="h3semibold"><span><span>File system table (</span></span><span><strong><span>fstab</span></strong></span><span><span>)</span></span></h3><p><span><span>File System Table (</span></span><span><strong><span>fstab</span></strong></span><span><span>) is a Linux configuration table. It helps to simplify mounting and unmounting file systems in Linux. Mounting means to connect a physical storage device (hard drives, CD/DVD drives, network shares) to a location, also called a mount point, in a file system table. In the past, IT Support specialists for Linux systems had to manually mount hard drives and file systems using the </span></span><span><strong><span>mount</span></strong></span><span><span> command. The</span></span><span><strong><span> fstab</span></strong></span><span><span> configuration file made this administrative task more efficient by offering the option to automate the mounting of partitions or file systems during the boot process. Additionally, </span></span><span><strong><span>fstab</span></strong></span><span><span> allows for customized rules for mounting individual file systems.</span></span></p><p><span><span>The </span></span><span><strong><span>fstab</span></strong></span><span><span> configuration table consists of six columns containing the following parameters:</span></span></p><ul><li><p><span><strong><span>Column 1 - Device:</span></strong></span><span><span> 
The universally unique identifier (UUID) or the name of the device to be mounted (sda1, sda2, … sda#).</span></span></p></li><li><p><span><strong><span>Column 2 - Mount point: </span></strong></span><span><span>
Names the directory location for mounting the device.&nbsp;</span></span></p></li><li><p><span><strong><span>Column 3 - File system type: </span></strong></span><span><span>
Linux file systems, such as ext2, ext3, ext4, JFS, JFS2, VFAT, NTFS, ReiserFS, UDF, swap, and more.</span></span></p></li><li><p><span><strong><span>Column 4 - Options: </span></strong></span><span><span>
List of mounting options in use, delimited by commas.</span></span><span><strong><span> </span></strong></span><span><span>See the next section titled “Fstab options” below for more information.</span></span></p></li><li><p><span><strong><span>Column 5 - Backup operation or dump: </span></strong></span><span><span>
This is an outdated method for making device or partition backups and command dumps. It should not be used. In the past, this column contained a binary code that signified:</span></span></p><ul><li><p><span><strong><span>0</span></strong></span><span><span> = turns off backups</span></span></p></li><li><p><span><strong><span>1</span></strong></span><span><span> = turns on backups</span></span></p></li></ul></li><li><p><span><strong><span>Column 6 - File system check (fsck) order or Pass: </span></strong></span><span><span>
The order in which the mounted device should be checked by the </span></span><span><strong><span>fsck</span></strong></span><span><span> utility:</span></span></p><ul><li><p><span><span>0 = fsck should not run a check on the file system.</span></span></p></li><li><p><span><span>1 = mounted device is the root file system and should be checked by the </span></span><span><strong><span>fsck</span></strong></span><span><span> command first.</span></span></p></li><li><p><span><span>2 = mounted device is a disk partition, which should be checked by </span></span><span><strong><span>fsck</span></strong></span><span><span> command after the root file system.</span></span></p></li></ul></li></ul><p><span><span>Example of an </span></span><span><strong><span>fstab</span></strong></span><span><span> table:</span></span></p><div class="css-1yr0py9"><table><thead><tr><th scope="col"><p><span><span>&lt;File System&gt;</span></span></p></th><th scope="col"><p><span><span>&lt;Mount Point&gt;</span></span></p></th><th scope="col"><p><span><span>&lt;Type&gt;</span></span></p></th><th scope="col"><p><span><span>&lt;Options&gt;</span></span></p></th><th scope="col"><p><span><span>&lt;Dump&gt;</span></span></p></th><th scope="col"><p><span><span>&lt;Pass&gt;</span></span></p></th></tr></thead><tbody><tr><td><p><span><span>/dev/sda1</span></span></p></td><td><p><span><span>/</span></span></p></td><td><p><span><span>ext3</span></span></p></td><td><p><span><span>nouser</span></span></p></td><td><p><span><span>0</span></span></p></td><td><p><span><span>1</span></span></p></td></tr><tr><td><p><span><span>/dev/sda2</span></span></p></td><td><p><span><span>swap</span></span></p></td><td><p><span><span>swap</span></span></p></td><td><p><span><span>defaults</span></span></p></td><td><p><span><span>0</span></span></p></td><td><p><span><span>0</span></span></p></td></tr><tr><td><p><span><span>/dav/hda1</span></span></p></td><td><p><span><span>/mnt/shared</span></span></p></td><td><p><span><span>nfs</span></span></p></td><td><p><span><span>rw, noexec</span></span></p></td><td><p><span><span>0</span></span></p></td><td><p><span><span>2</span></span></p></td></tr></tbody></table></div><h4 data-heading-variant="h4bold"><span><span>
Fstab options</span></span></h4><p><span><span>In Column 4 of the </span></span><span><strong><span>fstab</span></strong></span><span><span> table, the available options include:&nbsp;</span></span></p><ul><li><p><span><strong><span>sync or async</span></strong></span><span><span> - Sets reading and writing to the file system to occur synchronously or asynchronously.</span></span></p></li><li><p><span><strong><span>auto</span></strong></span><span><span> - Automatically mounts the file system when booting.</span></span></p></li><li><p><span><strong><span>noauto</span></strong></span><span><span> - Prevents the file system from mounting automatically when booting.</span></span></p></li><li><p><span><strong><span>dev or nodev</span></strong></span><span><span> - Allows or prohibits the use of the device driver to mount the device.</span></span></p></li><li><p><span><strong><span>exec or noexec</span></strong></span><span><span> - Allows or prevents file system binaries from executing.</span></span></p></li><li><p><span><strong><span>ro</span></strong></span><span><span> - Mount file system as read-only.</span></span></p></li><li><p><span><strong><span>rw</span></strong></span><span><span> - Mount file system for read-write operations.</span></span></p></li><li><p><span><strong><span>user </span></strong></span><span><span>- Allows any user to mount the file system, but restricts which user can unmount the file system.</span></span></p></li><li><p><span><strong><span>users</span></strong></span><span><span> - Any user can mount the file system plus any user can unmount file system.</span></span></p></li><li><p><span><strong><span>nouser</span></strong></span><span><span> - The root user is the only role that can mount the file system (default setting).</span></span></p></li><li><p><span><strong><span>defaults</span></strong></span><span><span> - Use default settings, which include</span></span><span><strong><span> rw</span></strong></span><span><span>, </span></span><span><strong><span>suid</span></strong></span><span><span>, </span></span><span><strong><span>dev</span></strong></span><span><span>, </span></span><span><strong><span>exec</span></strong></span><span><span>, </span></span><span><strong><span>auto</span></strong></span><span><span>, </span></span><span><strong><span>nouser</span></strong></span><span><span>, </span></span><span><strong><span>async</span></strong></span><span><span>.</span></span></p></li></ul><p><span><span>For more options, consult the </span></span><span><strong><span>man </span></strong></span><span><span>page for the file system in use.
</span></span></p><h3 data-heading-variant="h3semibold"><span><span>Editing the </span></span><span><strong><span>fstab</span></strong></span><span><span> table</span></span></h3><p><span><span>As an IT Support professional, you may need to expand the hard drive space on a server. Imagine that you have installed a new hard drive and the Linux server does not seem to recognize the drive. In the background, Linux has detected the new hardware, but it does not know how to display information about the drive. So, you will need to add an entry in the </span></span><span><strong><span>fstab</span></strong></span><span><span> table so that Linux will know how to mount it and display its entry within the file system. The following steps will guide you through this process:</span></span></p><ol><li><p><span><span>Format the drive using the </span></span><span><strong><span>fdisk</span></strong></span><span><span> command. Select a Linux compatible file system, like ext4. If needed, you can also create a partition on the drive with the </span></span><span><strong><span>fdisk</span></strong></span><span><span> command.&nbsp;&nbsp;</span></span></p></li><li><p><span><span>Find which block devices the Linux system has assigned to the new drive. The block device is a storage device (hard drive, DVD drive, etc.) that is registered as a file in the </span></span><span><strong><span>/dev</span></strong></span><span><span> directory. The device file provides an interface between the system and the attached device for read-write processes. Use the </span></span><span><strong><span>lsblk</span></strong></span><span><span> command to find the list of block devices that are connected to the system.</span></span></p></li></ol><p><span><span>
Example output from the </span></span><span><strong><span>lsblk</span></strong></span><span><span> command:</span></span></p><div class="css-1yr0py9"><table><thead><tr><th scope="col"><p><span><span>NAME</span></span></p></th><th scope="col"><p><span><span>MAJ:MIN</span></span></p></th><th scope="col"><p><span><span>RM</span></span></p></th><th scope="col"><p><span><span>SIZE</span></span></p></th><th scope="col"><p><span><span>RO</span></span></p></th><th scope="col"><p><span><span>TYPE</span></span></p></th><th scope="col"><p><span><span>MOUNTPOINT</span></span></p></th></tr></thead><tbody><tr><td><p><span><span>sda</span></span></p></td><td><p><span><span>8:0</span></span></p></td><td><p><span><span>0</span></span></p></td><td><p><span><span>512G</span></span></p></td><td><p><span><span>0</span></span></p></td><td><p><span><span>disk</span></span></p></td><td><p><span><span>
</span></span></p></td></tr><tr><td><p><span><span>┖ sda1</span></span></p></td><td><p><span><span>8:1</span></span></p></td><td><p><span><span>0</span></span></p></td><td><p><span><span>1G</span></span></p></td><td><p><span><span>0</span></span></p></td><td><p><span><span>part</span></span></p></td><td><p><span><span>/boot</span></span></p></td></tr><tr><td><p><span><span>sdb</span></span></p></td><td><p><span><span>8:16</span></span></p></td><td><p><span><span>0</span></span></p></td><td><p><span><span>1T</span></span></p></td><td><p><span><span>0</span></span></p></td><td><p><span><span>disk</span></span></p></td><td><p><span><span>
</span></span></p></td></tr><tr><td><p><span><span>┖ sdb1</span></span></p></td><td><p><span><span>8:17</span></span></p></td><td><p><span><span>0</span></span></p></td><td><p><span><span>128G</span></span></p></td><td><p><span><span>0</span></span></p></td><td><p><span><span>part</span></span></p></td><td><p><span><span>
</span></span></p></td></tr></tbody></table></div><p><span><span>
The seven columns in the output from the </span></span><span><strong><span>lsblk</span></strong></span><span><span> command are as follows:</span></span></p><p><span><span>a.</span></span><span><strong><span> NAME</span></strong></span><span><span> - Device names of the blocks. In this example, the device names are the existing </span></span><span><strong><span>sda</span></strong></span><span><span> drive and </span></span><span><strong><span>sda1 </span></strong></span><span><span>partition plus the new </span></span><span><strong><span>sdb </span></strong></span><span><span>hard drive and a newly formatted </span></span><span><strong><span>sdb1 </span></strong></span><span><span>partition.</span></span></p><p><span><span>b.</span></span><span><strong><span> MAJ:MIN</span></strong></span><span><span> - Major and minor code numbers for the device:</span></span></p><ol><li><p><span><span>The major number is the driver type used for device communication. A few examples include:</span></span></p><ul><li><p><span><strong><span>1</span></strong></span><span><span> = RAM&nbsp;&nbsp;</span></span></p></li><li><p><span><strong><span>3</span></strong></span><span><span> = IDE hard drive</span></span></p></li><li><p><span><strong><span>8</span></strong></span><span><span> = SCSI hard drive</span></span></p></li><li><p><span><strong><span>9</span></strong></span><span><span> = RAID metadisk</span></span></p></li></ul></li><li><p><span><span>The minor number is an ID number used by the device driver for the major number type.&nbsp;</span></span></p><ul><li><p><span><span>The minor numbers for the first hard drive can range from 0 to 15.</span></span></p><ol><li><p><span><span>The </span></span><span><strong><span>0</span></strong></span><span><span> minor number value for </span></span><span><strong><span>sda</span></strong></span><span><span> represents the physical drive.</span></span></p></li><li><p><span><span>The </span></span><span><strong><span>1</span></strong></span><span><span> minor number value for </span></span><span><strong><span>sda1</span></strong></span><span><span> represents the first partition on the </span></span><span><strong><span>sda</span></strong></span><span><span> drive.</span></span></p></li></ol></li><li><p><span><span>The minor numbers for the second hard drive can range from 16 to 31.</span></span></p><ol><li><p><span><span>The </span></span><span><strong><span>16</span></strong></span><span><span> minor number value for </span></span><span><strong><span>sdb</span></strong></span><span><span> represents the physical drive.</span></span></p></li><li><p><span><span>The </span></span><span><strong><span>17</span></strong></span><span><span> minor number value for </span></span><span><strong><span>sdb1</span></strong></span><span><span> represents the first partition on the </span></span><span><strong><span>sdb</span></strong></span><span><span> drive.</span></span></p></li></ol></li><li><p><span><span>Minor numbers for a third hard drive would range from 32 to 47, and so on.</span></span></p></li></ul></li></ol><p><span><span>c. </span></span><span><strong><span>RM</span></strong></span><span><span> - Indicates if the device is:</span></span></p><ol><li><p><span><strong><span>0</span></strong></span><span><span> = not removable&nbsp;</span></span></p></li><li><p><span><strong><span>1</span></strong></span><span><span> = removable</span></span></p></li></ol><p><span><span>d.</span></span><span><strong><span> SIZE</span></strong></span><span><span> - The amount of storage available on the device.</span></span></p><p><span><span>e. </span></span><span><strong><span>RO</span></strong></span><span><span> - Indicates file permissions:</span></span></p><ol><li><p><span><strong><span>0</span></strong></span><span><span> = read-write</span></span></p></li><li><p><span><strong><span>1</span></strong></span><span><span> = read-only</span></span></p></li></ol><p><span><span>f.</span></span><span><strong><span> TYPE</span></strong></span><span><span> - Lists the type of device, such as:</span></span></p><ol><li><p><span><strong><span>disk</span></strong></span><span><span> = hard drive</span></span></p></li><li><p><span><strong><span>part</span></strong></span><span><span> = disk partition&nbsp;</span></span></p></li></ol><p><span><span>g. </span></span><span><strong><span>MOUNTPOINT</span></strong></span><span><span> - The location where the device is mounted. A blank entry in this column means it is not mounted.&nbsp;&nbsp;</span></span></p><p><span><span>3. Use an editor, like gedit, to open the </span></span><span><strong><span>fstab</span></strong></span><span><span> file:&nbsp;</span></span></p><p><span><span>Example fstab file:</span></span></p><div class="css-1yr0py9"><table><thead><tr><th scope="col"><p><span><span>Device</span></span></p></th><th scope="col"><p><span><span>Mount Point</span></span></p></th><th scope="col"><p><span><span>File System</span></span></p></th><th scope="col"><p><span><span>Options</span></span></p></th><th scope="col"><p><span><span>Dump</span></span></p></th><th scope="col"><p><span><span>Pass</span></span></p></th></tr></thead><tbody><tr><td><p><span><span>/dev/sda1</span></span></p></td><td><p><span><span>/</span></span></p></td><td><p><span><span>ext3</span></span></p></td><td><p><span><span>nouser</span></span></p></td><td><p><span><span>0</span></span></p></td><td><p><span><span>1</span></span></p></td></tr></tbody></table></div><p><span><span>4. To add the new file system partition:</span></span></p><ol><li><p><span><span>In the first column, add the new file system device name. In this example, the device name would be </span></span><span><strong><span>/dev/sdb1</span></strong></span><span><span>.</span></span></p></li><li><p><span><span>In the second column, indicate the mount point for the new partition. This should be a directory that would be easy to find and identify for users. For the sake of simplicity, the mount point for this example is </span></span><span><strong><span>/mnt/mystorage</span></strong></span><span><span>.</span></span></p></li><li><p><span><span>In the third column, enter the file system used on the new partition. In this example, the file system used for the new partition is </span></span><span><strong><span>ext4</span></strong></span><span><span>.</span></span></p></li><li><p><span><span>In the fourth column, enter any options you would like to use. The most common option is to select </span></span><span><strong><span>default</span></strong></span><span><span>.&nbsp;</span></span></p></li><li><p><span><span>In the fifth column, set the dump file to 0. Dump files are no longer configured in the </span></span><span><strong><span>fstab</span></strong></span><span><span> file, but the column still exists.</span></span></p></li><li><p><span><span>In the sixth column, the pass value should be </span></span><span><strong><span>2 </span></strong></span><span><span>because it is not the root file system and it is a best practice to run a file system check on boot.

Your </span></span><span><strong><span>fstab</span></strong></span><span><span> table should now include the new partition:</span></span></p></li></ol><div class="css-1yr0py9"><table><thead><tr><th scope="col"><p><span><span>&lt;File System&gt;</span></span></p></th><th scope="col"><p><span><span>&lt;Mount Point&gt;</span></span></p></th><th scope="col"><p><span><span>&lt;Type&gt;</span></span></p></th><th scope="col"><p><span><span>&lt;Options&gt;</span></span></p></th><th scope="col"><p><span><span>&lt;Dump&gt;</span></span></p></th><th scope="col"><p><span><span>&lt;Pass&gt;</span></span></p></th></tr></thead><tbody><tr><td><p><span><span>/dev/sda1</span></span></p></td><td><p><span><span>/</span></span></p></td><td><p><span><span>ext3</span></span></p></td><td><p><span><span>nouser</span></span></p></td><td><p><span><span>0</span></span></p></td><td><p><span><span>1</span></span></p></td></tr><tr><td><p><span><span>/dev/sdb1</span></span></p></td><td><p><span><span>/mnt/mystorage</span></span></p></td><td><p><span><span>ext4</span></span></p></td><td><p><span><span>default</span></span></p></td><td><p><span><span>0</span></span></p></td><td><p><span><span>2</span></span></p></td></tr></tbody></table></div><p><span><span>      7. Reboot the computer and check the </span></span><span><strong><span>mystorage </span></strong></span><span><span>directory for the new partition.</span></span></p></div></div></div></div>

<div><div class="reading-title css-1hxq2bi"><h2 class="cds-108 css-1diqjn6 cds-110" tabindex="-1">Supplemental Reading for Windows Paging</h2><div class="css-1kuhxiq"></div></div><div class="rc-CML" dir="auto"><div><div data-track="true" data-track-app="open_course_home" data-track-page="item_layout" data-track-action="click" data-track-component="cml" role="presentation"><div data-track="true" data-track-app="open_course_home" data-track-page="item_layout" data-track-action="click" data-track-component="cml_link"><div data-testid="cml-viewer" class="css-1kgqbsw">In this reading, you will learn about Windows paging files and their primary functions. You will also learn how to set the appropriate Windows paging file size. As an IT Support specialist, you may want to add or maintain page files to improve system performance. A paging file is an optional tool that uses hard drive space to supplement a system’s RAM capacity. The paging file offloads data from RAM that has not been used recently by the system. Paging files can also be used for system crash dumps or to extend the system commit charge when the computer is in peak usage. However, paging files may not be necessary in systems with a large amount of RAM.</span></span></p><h3 data-heading-variant="h3semibold"><span><span>Page file sizing&nbsp;</span></span></h3><p><span><span>Determining the size needed for a paging file depends on each system’s unique needs and uses. Variables that have an impact on page file sizes include:</span></span></p><ul><li><p><span><span>System crash dump requirements - A system crash dump is generated when a system crashes. A page file can be allocated to accept the Memory.dmp. Crash dumps have several size options that can be useful for various troubleshooting purposes. The page file needs to be large enough to accept the size of the selected crash dump. If the page file is not large enough, the system will not be able to generate the crash dump file. If the system is configured to manage page dumps, the system will automatically size the page files based on the crash dump settings. There are multiple crash dump options. Two common options include:</span></span></p><ul><li><p><span><strong><span>Small memory dump: </span></strong></span><span><span>This setting will save the minimum amount of info needed to troubleshoot a system crash. The paging file must have at least 2 MB of hard drive space allocated to it on the boot volume of the Windows system. It should also be configured to generate a new page file for each system crash to save a record of system problems. This history is stored in the&nbsp; Small Dump Directory which is located in the %SystemRoot%\Minidump file path.&nbsp;</span></span></p><ul><li><p><span><span>To configure a small memory dump file, run the following command using the cmd utility:</span></span></p></li></ul></li></ul></li></ul><p><span><span>Wmic recoveros set </span></span><span><strong><span>DebugInfoType</span></strong></span><span><span> = 3</span></span></p><ul><li><p><span><span>Alternatively, this option can be configured in the registry:</span></span></p></li></ul><p><span><span>Set the </span></span><span><strong><span>CrashDumpEnabled</span></strong></span><span><span> DWORD value to 3</span></span></p><ul><li><p><span><span>To set a folder as the Small Dump Directory, use the following command line:</span></span></p></li></ul><p><span><span>Wmic recoveros set </span></span><span><strong><span>MiniDumpDirectory </span></strong></span><span><span>= &lt;folderpath&gt;&nbsp;</span></span></p><ul><li><p><span><span>Alternatively, the directory option can be set in the registry:</span></span></p></li></ul><p><span><span>Set the </span></span><span><strong><span>MinidumpDir Expandable String Value</span></strong></span><span><span> to &lt;folderpath&gt;</span></span></p><ul><li><p><span><strong><span>Complete memory dump: </span></strong></span><span><span>The option records the contents of system memory when the computer stops unexpectedly. This option isn't available on computers that have 2 or more GB of RAM. If you select this option, you must have a paging file on the boot volume that is sufficient to hold all the physical RAM plus 1 MB. The file is stored as specified in %SystemRoot%\Memory.dmp by default. The extra megabyte is required for a complete memory dump file because Windows writes a header in addition to dumping the memory contents. The header contains a crash dump signature and specifies the values of some kernel variables. The header information doesn't require a full megabyte of space, but Windows sizes your paging file in increments of megabytes.</span></span></p><ul><li><p><span><span>To configure a complete memory dump file, run the following command using the cmd utility:</span></span></p></li></ul></li></ul><p><span><span>wmic recoveros set </span></span><span><strong><span>DebugInfoType</span></strong></span><span><span> = 1</span></span></p><ul><li><p><span><span>Alternatively, a complete memory dump file can be configured in the registry:</span></span></p></li></ul><p><span><span>Set the </span></span><span><strong><span>CrashDumpEnabled</span></strong></span><span><span> DWORD value to 1</span></span></p><ul><li><p><span><span>To set a memory dump file, use the following command line:</span></span></p></li></ul><p><span><span>wmic recoveros set </span></span><span><strong><span>DebugFilePath =</span></strong></span><span><span> &lt;folderpath&gt;&nbsp;</span></span></p><ul><li><p><span><span>Alternatively, the memory dump file can be set in the registry:</span></span></p></li></ul><p><span><span>Set the </span></span><span><strong><span>DumpFile Expandable String Value</span></strong></span><span><span> to &lt;folderpath&gt;</span></span></p><ul><li><p><span><span>To indicate that the system should not overwrite kernel memory dumps or other complete memory dumps, which may be valuable for troubleshooting system problems, use the command:</span></span></p></li></ul><p><span><span>wmic recoveros set </span></span><span><strong><span>OverwriteExistingDebugFile</span></strong></span><span><span> = 0</span></span></p><ul><li><p><span><span>Alternatively, the overwrite setting can be turned off in the registry:</span></span></p><ul><li><p><span><span>Set the </span></span><span><strong><span>Overwrite</span></strong></span><span><span> DWORD value to 0</span></span></p></li></ul></li></ul><ul><li><p><span><span>Peak usage or expected peak usage of the system commit charge - The system commit limit is the total of RAM plus the amount of disk space reserved for paging files. The system commit charge must be equal to or less than the system commit limit. If a page file is not in place, then the system commit limit is less than the system’s RAM amount. The purpose of these measurements is to prevent the system from overpromising available memory. If this system commit limit is exceeded, Windows or the applications in use may stop functioning properly. So, it is a best practice to assess the amount of disk storage allocated to the page files periodically to ensure there is sufficient space for what the system needs during peak usage. It is fine to reserve 128 GB or more for the page files, if there is sufficient space on the hard drive to dedicate a reserve of this size. However, it might be a waste of available storage space if the system only needs a small fraction of the reserved disk space. If disk space is low, then consider adding more RAM, more hard drive storage, or offload non-system files to network or cloud storage.</span></span></p></li></ul><ul><li><p><span><span>Space needed to offload data from RAM - Page files can serve to store modified pages that are not currently in use. This keeps the information easily accessible in case it is needed again by the system, without overburdening RAM storage. The modified pages to be stored on the hard drive are recorded in the </span></span><span><strong><span>\Memory\Modified Page List Bytes</span></strong></span><span><span> directory. If the page file is not large enough, some of the pages added to the Modified Page List Bytes might not be written to the page file. If this happens, the page file either needs to be expanded or additional page filles should be added to the system. To assess if the page file is too small, the following conditions must be true:&nbsp;</span></span></p><ul><li><p><span><span>\Memory\Available MBytes indicates more physical memory is needed.</span></span></p></li><li><p><span><span>A significant amount of memory exists in the modified page list.</span></span></p></li><li><p><span><span>\Paging Files(*)% Usage (existing page files) are almost full.&nbsp;</span></span></p></li></ul></li></ul></div></div></div></div></div>

## Files

### NTFS

Three types of links:

- **shortcuts** - for GUI,
- **symbolik links** (`mklink <symlink_name> <fname>`) - for console,
- **hard links** (`mklink /H <symlink_name> <fname>`) - a pointer to the index of the file, so you can change the name of the file and still access it.

#### [Master File Table (Local File Systems)](https://learn.microsoft.com/en-us/windows/win32/fileio/master-file-table?redirectedfrom=MSDN)

The NTFS file system contains a file called the **master file table**, or **MFT**. There is at least one entry in the MFT for every file on an NTFS file system volume, including the MFT itself. All information about a file, including its size, time and date stamps, permissions, and data content, is stored either in MFT entries, or in space outside the MFT that is described by MFT entries.

As files are added to an NTFS file system volume, more entries are added to the MFT and the MFT increases in size. When files are deleted from an NTFS file system volume, their MFT entries are marked as free and may be reused. However, disk space that has been allocated for these entries is not reallocated, and the size of the MFT does not decrease.

The NTFS file system reserves space for the MFT to keep the MFT as contiguous as possible as it grows. The space reserved by the NTFS file system for the MFT in each volume is called the **MFT zone**. Space for file and directories are also allocated from this space, but only after all of the volume space outside of the MFT zone has been allocated.

Depending on the average file size and other variables, either the reserved MFT zone or the unreserved space on the disk may be allocated first as the disk fills to capacity. Volumes with a small number of relatively large files will allocate the unreserved space first, while volumes with a large number of relatively small files allocate the MFT zone first. In either case, fragmentation of the MFT starts to take place when one region or the other becomes fully allocated. If the unreserved space is completely allocated, space for user files and directories will be allocated from the MFT zone. If the MFT zone is completely allocated, space for new MFT entries will be allocated from the unreserved space.

The MFT itself can be defragmented. To reduce the chance of the MFT zone becoming fully allocated before the defragmentation process is complete, leave as much space at the beginning of the MFT zone as possible before defragmenting the volume. If the MFT zone becomes fully allocated before defragmentation has completed, there must be unallocated space outside of the MFT zone.

The default MFT zone is calculated and reserved by the system when it mounts the volume, and is based on volume size. You can increase the MFT zone by means of the registry entry detailed in [Microsoft Knowledge Base Article 174619](https://support.microsoft.com/kb/174619), but you cannot make the default MFT zone smaller than what is calculated. Increasing the MFT zone does not decrease the disk space that users can use for data files.

To determine the current size of the MFT, analyze the NTFS file system drive with Disk Defragmenter, then click the View Report button. The drive statistics will be displayed, including the current MFT size, and number of fragments. You can also obtain the size of the MFT by using the [FSCTL_GET_NTFS_VOLUME_DATA](https://learn.microsoft.com/en-us/windows/win32/api/winioctl/ni-winioctl-fsctl_get_ntfs_volume_data) control code.

#### [Creating Symbolic Links](https://learn.microsoft.com/en-us/windows/win32/fileio/creating-symbolic-links)

The function [CreateSymbolicLink](https://learn.microsoft.com/en-us/windows/desktop/api/WinBase/nf-winbase-createsymboliclinka) allows you to create symbolic links using either an absolute or relative path.

Symbolic links can either be absolute or relative links. **Absolute links** are links that specify each portion of the path name; **relative links** are determined relative to where relative–link specifiers are in a specified path. Relative links are specified using the following conventions:

- Dot (. and ..) conventions—for example, "..\" resolves the path relative to the parent directory.

- Names with no slashes (\)—for example, "tmp" resolves the path relative to the current directory.

- Root relative—for example, "\Windows\System32" resolves to the "current drive:\Windows\System32". directory

- Current working directory-relative—for example, if the current working directory is "C:\Windows\System32", "C:File.txt" resolves to "C:\Windows\System32\File.txt".

> Note: If you specify a current working directory–relative link, it is created as an absolute link, due to the way the current working directory is processed based on the user and the thread.

A symbolic link can also contain both **junction points** and **mounted folders** as a part of the path name.

Symbolic links can point directly to a remote file or directory using the UNC path.

Relative symbolic links are restricted to a single volume.

**Example of an Absolute Symbolic Link**

In this example, the original path contains a component, 'x', which is an absolute symbolic link. When 'x' is encountered, the fragment of the original path up to and including 'x' is completely replaced by the path that is pointed to by 'x'. The remainder of the path after 'x' is appended to this new path. This now becomes the modified path.

X: "C:\alpha\beta\absLink\gamma\file"

Link: "absLink" maps to "\\machineB\share"

Modified Path: "\\machineB\share\gamma\file"

**Example of a Relative Symbolic Links**

In this example, the original path contains a component 'x', which is a relative symbolic link. When 'x' is encountered, 'x' is completely replaced by the new fragment pointed to by 'x'. The remainder of the path after 'x', is appended to the new path. Any dots (..) in this new path replace components that appear before the dots (..). Each set of dots replace the component preceding. If the number of dots (..) exceed the number of components, an error is returned. Otherwise, when all component replacement has finished, the final, modified path remains.

X: C:\alpha\beta\link\gamma\file

Link: "link" maps to "..\..\theta"

Modified Path: "C:\alpha\beta\..\..\theta\gamma\file"

Final Path: "C:\theta\gamma\file"

#### [Hard links and junctions](https://learn.microsoft.com/en-us/windows/win32/fileio/hard-links-and-junctions)

The NTFS file system supports three types of file links: 
- hard links, 
- junctions, and 
- symbolic links. 

This article is an overview of hard links and junctions. 

**Hard links**

A **hard link** is the file-system representation of a file by which more than one path references a single file in the _same_ volume. To create a hard link, use the [CreateHardLinkA](https://learn.microsoft.com/en-us/windows/desktop/api/WinBase/nf-winbase-createhardlinka) function.

Any changes made to a hard-linked file are instantly visible to applications that access it through the links that reference it. The attributes on the file are reflected in every hard link to that file, and changes to that file's attributes propagate to all the hard links. However, the directory entry size and attribute information of the file are visibly updated only at the link through which the change was made. For example, if you clear the read-only attribute flag on a particular hard link so you can delete that hard link, and there are multiple hard links to the file, the other hard links display that the read-only attribute is still set, which isn't true. To change the file back to the read-only state, you must set the read-only flag on the file from one of its remaining hard links.

For example, in a system where `C:` and `D:` are local drives and `Z:` is a network drive mapped to `\\fred\share`, the following references are permitted as a hard link:
```
C:\dira\ethel.txt linked to C:\dirb\dirc\lucy.txt
D:\dir1\tinker.txt linked to D:\dir2\dirx\bell.txt
C:\diry\bob.bak linked to C:\dir2\mina.txt
```

The following references aren't permitted:
```
C:\dira linked to C:\dirb
C:\dira\ethel.txt linked to D:\dirb\lucy.txt
C:\dira\ethel.txt linked to Z:\dirb\lucy.txt
```

To delete a hard link, use the [DeleteFileA](https://learn.microsoft.com/en-us/windows/desktop/api/FileAPI/nf-fileapi-deletefilea) function. You can delete hard links in any order regardless of the order in which they're created.

**Junctions**

A **junction** (also called a **soft link**) differs from a hard link in that the storage objects it references are _separate directories_. A junction can also link directories located on different local volumes on the same computer. Otherwise, junctions operate identically to hard links. Junctions are implemented through [reparse points](https://learn.microsoft.com/en-us/windows/win32/fileio/reparse-points).

Assuming the same conditions in the Hard Links section, the following references are permitted as junctions:
```
C:\dira linked to C:\dirb\dirc
C:\dirx linked to D:\diry
```

The following references aren't permitted:
```
C:\dira\one.txt linked to C:\dirb\two.txt
C:\dir1 linked to Z:\dir2
```

### Linux

- soft links - links to a file on a hard drive,
- hard links - links to an Inode which is stored in Inode table. When you delete a file all the hard links still work.

In [1]:
cd /tmp/
touch file2
ls -l file2

-rw-r--r-- 1 vadim vadim 0 Sep 25 10:50 file2


`1` means the number of hardlinks the file has.

Let's create a soft link:

In [5]:
ln -s file2 file2_softlink
ls

[0m[01;35mf77aaecf40700f79a08a649693945053-{87A94AB0-E370-4cde-98D3-ACC110C5967D}[0m
f79d601e26a782fd149b3ffb098aae9f-{87A94AB0-E370-4cde-98D3-ACC110C5967D}
file2
[01;36mfile2_softlink[0m
[01;34mplasma-csd-generator.OKVuMk[0m
qtsingleapp-clemen-d211-3e8-lockfile
[01;35msddm-:0-NDYnBK[0m
[01;35msddm-auth63806520-33fd-4314-892c-2349e90c904c[0m
[01;34msnap-private-tmp[0m
[01;34msystemd-private-3bd048e7f6e14df7b6671b7cef7a107d-ModemManager.service-Ez731z[0m
[01;34msystemd-private-3bd048e7f6e14df7b6671b7cef7a107d-fwupd.service-p06SKa[0m
[01;34msystemd-private-3bd048e7f6e14df7b6671b7cef7a107d-systemd-logind.service-Ur8Bo2[0m
[01;34msystemd-private-3bd048e7f6e14df7b6671b7cef7a107d-upower.service-uV7Pvt[0m
[01;34myandex-disk-5d2012049ed40bb7bb97f77d149e74d2eb055c94s[0m
yandex_browser_updater.log


In [15]:
ls -l file2

-rw-r--r-- 1 vadim vadim 0 Sep 25 10:50 file2


and a hard link:

In [16]:
ln file2 file2_hardlink
ls

[0m[01;35mf77aaecf40700f79a08a649693945053-{87A94AB0-E370-4cde-98D3-ACC110C5967D}[0m
f79d601e26a782fd149b3ffb098aae9f-{87A94AB0-E370-4cde-98D3-ACC110C5967D}
file2
file2_hardlink
[01;36mfile2_softlink[0m
[01;34mplasma-csd-generator.OKVuMk[0m
qtsingleapp-clemen-d211-3e8-lockfile
[01;35msddm-:0-NDYnBK[0m
[01;35msddm-auth63806520-33fd-4314-892c-2349e90c904c[0m
[01;34msnap-private-tmp[0m
[01;34msystemd-private-3bd048e7f6e14df7b6671b7cef7a107d-ModemManager.service-Ez731z[0m
[01;34msystemd-private-3bd048e7f6e14df7b6671b7cef7a107d-fwupd.service-p06SKa[0m
[01;34msystemd-private-3bd048e7f6e14df7b6671b7cef7a107d-systemd-logind.service-Ur8Bo2[0m
[01;34msystemd-private-3bd048e7f6e14df7b6671b7cef7a107d-upower.service-uV7Pvt[0m
[01;34myandex-disk-5d2012049ed40bb7bb97f77d149e74d2eb055c94s[0m
yandex_browser_updater.log


In [17]:
ls -l file2

-rw-r--r-- 2 vadim vadim 0 Sep 25 10:50 file2


<div><div class="reading-title css-1hxq2bi"><h2 class="cds-108 css-1diqjn6 cds-110" tabindex="-1">Supplemental Reading for Linux Filesystem Repair</h2><div class="css-1kuhxiq"></div></div><div class="rc-CML" dir="auto"><div><div data-track="true" data-track-app="open_course_home" data-track-page="item_layout" data-track-action="click" data-track-component="cml" role="presentation"><div data-track="true" data-track-app="open_course_home" data-track-page="item_layout" data-track-action="click" data-track-component="cml_link"><div data-testid="cml-viewer" class="css-1kgqbsw"><p><span><span>In this reading, you will learn how to use the file system consistency check or </span></span><span><strong><span>fsck</span></strong></span><span><span> command to repair data corruption in file systems on Linux machines. As an IT Support specialist, you will most likely encounter instances of data corruption in onsite systems. It is critical for you to know how to recover corrupted data, file systems, and hard drives.&nbsp;</span></span></p><p><span><span>A computer file system is software that provides structure for storing the operating system (OS) and all other software installed on system hard drives. A hard drive must be formatted with a file system before the operating system can be installed. Since Linux is an open source OS, innovators have created nearly 100 file systems that support Linux OS installations. Several common file systems that are used for Linux systems include ext, ext2, ext3, ext4, JFS, XFS, ZFS, F2FS, and more.&nbsp;</span></span></p><p><span><span>Like all software, software-based computer file systems can experience corruption. File system corruption can impede the computer’s ability to locate files stored on the hard drive, including important OS files. File locations are stored as i-nodes (index nodes) in Linux. Every file in a Linux system has its own i-node identifier. The i-node stores metadata about the storage block and fragment location(s) where each file is stored. The i-node metadata also holds information about the file type, size of the files, file permissions, links to the file, and more.</span></span></p><h3 data-heading-variant="h3semibold"><span><span>Symptoms of data corruption</span></span></h3><p><span><span>Symptoms of data corruption can include:&nbsp;</span></span></p><ul><li><p><span><span>System suddenly shuts down</span></span></p></li><li><p><span><span>Software program will not launch or it crashes when opening a corrupted file. May also give an error message saying:&nbsp;</span></span></p><ul><li><p><span><span>“File format not recognized” </span></span><span><em><span>or&nbsp;</span></em></span></p></li><li><p><span><span>“(file name) is not recognized”&nbsp;</span></span></p></li></ul></li><li><p><span><span>Corrupted files and folders may no longer appear in the file system.&nbsp;</span></span></p></li><li><p><span><span>The operating system (OS) may report bad sectors when failing to execute commands.</span></span></p></li><li><p><span><span>Damaged platter-based hard drives can make clicking sounds or unusual vibrations.
</span></span></p></li></ul><h3 data-heading-variant="h3semibold"><span><span>Causes of data corruption</span></span></h3><p><span><span>Data corruption on system hard drives and file systems can be caused by:&nbsp;</span></span></p><ul><li><p><span><strong><span>Software errors</span></strong></span><span><span> -&nbsp;</span></span></p><ul><li><p><span><span>Software errors can be any software event that interferes with normal hard disk read/write operations.</span></span></p></li><li><p><span><span>Viruses and malware can be designed to intentionally cause corruption to data.&nbsp;</span></span></p></li><li><p><span><span>Antivirus software can damage files if the software experiences problems while scanning or repairing the files.</span></span></p></li></ul></li><li><p><span><strong><span>Hardware malfunctions</span></strong></span><span><span> -&nbsp;</span></span></p><ul><li><p><span><span>Larger files are more likely to experience corruption than smaller files. Large files occupy more disk space, making them statistically more likely to cross a bad sector on the hard drive.&nbsp;</span></span></p></li><li><p><span><span>Hard drives that contain platters are at risk of experiencing malfunctioning read/write heads. Damaged heads can corrupt multiple files and directories in a single read/write transaction. Hard drives with moving mechanical parts are more likely to experience failures from moving parts that wear out over time.&nbsp;</span></span></p></li></ul></li><li><p><span><strong><span>Electrical damage</span></strong></span><span><span> - Can happen when a power failure occurs while the system is writing data to a hard drive.</span></span></p></li></ul><h3 data-heading-variant="h3semibold"><span><span>Data corruption repair</span></span></h3><p><span><span>The most critical first step, after data corruption has been identified or suspected, is to shut down the affected hard drive(s). The reason for this step is to stop the cause of the corruption from writing to the hard drives. The longer the corruption activity continues, the more difficult recovering the data becomes.&nbsp;</span></span></p><p><span><span>Precautions should be taken before powering up a corrupted hard drive to run repair tools. It is important to minimize any read/write operations on the disk other than those produced by data recovery tools. One method to prevent further damage could be to have a corrupted Linux system boot from an external device or network (PXE boot). An alternative method might be to attach the corrupted hard drive as an external hard drive to a healthy system running Linux. A hard drive adapter or drive docking station can be used to convert an internal drive into an external device.&nbsp;</span></span></p><p><span><span>Before connecting a corrupted drive to a healthy system, the </span></span><span><strong><span>automount</span></strong></span><span><span> service must be disabled. The</span></span><span><strong><span> fsck</span></strong></span><span><span> command will not repair corruption on a mounted file system. In fact, mounting a corrupted file system can cause the healthy Linux system to crash. Although the corrupted file system should not be mounted, the device file for the corrupted hard drive in the </span></span><span><strong><span>/dev directory </span></strong></span><span><span>must be readable for the </span></span><span><strong><span>fsck </span></strong></span><span><span>command to access the drive.&nbsp;</span></span></p><h3 data-heading-variant="h3semibold"><span><span>The </span></span><span><strong><span>fsck</span></strong></span><span><span> command</span></span></h3><p><span><em><strong><span>Important Warning:</span></strong></em></span><span><em><span> The</span></em></span><span><em><strong><span> fsck</span></strong></em></span><span><em><span> command should NOT be used:</span></em></span></p><ul><li><p><span><em><span>on a hard drive that was a member of a RAID array.</span></em></span></p></li><li><p><span><em><span>on a mounted file system (must be unmounted).&nbsp;</span></em></span></p></li></ul><p><span><span>An important command line data recovery tool offered in the Linux operating system is the</span></span><span><strong><span> fsck </span></strong></span><span><span>command. It should be run anytime a Linux system malfunctions. The </span></span><span><strong><span>fsck </span></strong></span><span><span>command can check the file system and repair some, but not all, inconsistencies found. In some cases, </span></span><span><strong><span>fsck </span></strong></span><span><span>may recommend deleting a corrupted file or directory. The default setting for the </span></span><span><strong><span>fsck </span></strong></span><span><span>command is to prompt the user to approve or deny the repair of any problems found. The user running the</span></span><span><strong><span> fsck </span></strong></span><span><span>command must have write permissions for the corrupted file or directory to be able to approve a repair. If the user does not choose to repair inconsistencies found, the file system will remain in a corrupted state.&nbsp;</span></span></p><p><span><span>The </span></span><span><strong><span>fsck</span></strong></span><span><span> command will check for inconsistencies and and prompt the user to make decisions on whether or </span></span><span><strong><span>fsck</span></strong></span><span><span> should repair for the following problems:</span></span></p><ul><li><p><span><span>Block count is not correct</span></span></p></li><li><p><span><span>Blocks and/or fragments that are:</span></span></p><ul><li><p><span><span>allocated to multiple files</span></span></p></li><li><p><span><span>illegally allocated</span></span></p></li></ul></li><li><p><span><span>Block and/or fragment numbers listed in i-node metadata that are:</span></span></p><ul><li><p><span><span>overlapping</span></span></p></li><li><p><span><span>out of range</span></span></p></li><li><p><span><span>marked free in the disk map</span></span></p></li><li><p><span><span>corrupted</span></span></p></li></ul></li><li><p><span><span>Map inconsistencies on the disk or in the i-node.&nbsp;&nbsp;</span></span></p></li><li><p><span><span>Directory:</span></span></p><ul><li><p><span><span>contains references to a file but that number does not equal the number of links listed in the same file’s i-node metadata.</span></span></p></li><li><p><span><span>sizes are not multiples of 512</span></span></p></li></ul></li></ul><p><span><span>The following checks are not run on compressed file systems.</span></span></p><ul><li><p><span><span>Directory checks:</span></span></p><ul><li><p><span><span>Directories or files that cannot be located or read.</span></span></p></li><li><p><span><span>The i-node map has an i-node number marked as being free in the directory entry.&nbsp;</span></span></p></li><li><p><span><span>The i-node number in the metadata is out of range.</span></span></p></li><li><p><span><span>The . (current directory) or .. (parent directory) link is missing or does not point to itself.&nbsp;</span></span></p></li></ul></li><li><p><span><span>Fragments found in files larger than 32KB.</span></span></p></li><li><p><span><span>Any fragments that are not listed as the last address of the file in an i-node metadata file. 
</span></span></p></li></ul><h3 data-heading-variant="h3semibold"><span><span>How to use the fsck command</span></span></h3><ol><li><p><span><span>Enter </span></span><span><strong><span>fsck</span></strong></span><span><span> as a command line instruction. Syntax:</span></span></p></li></ol><p><span><strong><span>fsck</span></strong></span><span><span> [ </span></span><span><a target="_blank" rel="noopener nofollow noreferrer" href="https://www.ibm.com/docs/en/aix/7.2?topic=f-fsck-command#fsck__row-d3e118376" class="css-gcjbqe"><span><strong><span>-n </span></strong></span><svg aria-labelledby="cds-react-aria-326-title" fill="none" focusable="false" height="16" role="img" viewBox="0 0 16 16" width="16" class="css-1lzqdox" id="cds-react-aria-326"><title id="cds-react-aria-326-title">Opens in a new tab</title><path fill-rule="evenodd" clip-rule="evenodd" d="M1.5 3.5H6v1h3.5v9h9V10h2v4.5h-11v-11zM13.5 2.5h20v-1h4.5V6h-1V2.5z" fill="currentColor"></path><path fill-rule="evenodd" clip-rule="evenodd" d="M6.646 8.646l7-7 .708.708-7 7-.708-.708z" fill="currentColor"></path></svg></a></span><span><span>] [ </span></span><span><a target="_blank" rel="noopener nofollow noreferrer" href="https://www.ibm.com/docs/en/aix/7.2?topic=f-fsck-command#fsck__row-d3e118436" class="css-gcjbqe"><span><strong><span>-p </span></strong></span><svg aria-labelledby="cds-react-aria-327-title" fill="none" focusable="false" height="16" role="img" viewBox="0 0 16 16" width="16" class="css-1lzqdox" id="cds-react-aria-327"><title id="cds-react-aria-327-title">Opens in a new tab</title><path fill-rule="evenodd" clip-rule="evenodd" d="M1.5 3.5H6v1h3.5v9h9V10h2v4.5h-11v-11zM13.5 2.5h20v-1h4.5V6h-1V2.5z" fill="currentColor"></path><path fill-rule="evenodd" clip-rule="evenodd" d="M6.646 8.646l7-7 .708.708-7 7-.708-.708z" fill="currentColor"></path></svg></a></span><span><span>] [ </span></span><span><a target="_blank" rel="noopener nofollow noreferrer" href="https://www.ibm.com/docs/en/aix/7.2?topic=f-fsck-command#fsck__row-d3e118508" class="css-gcjbqe"><span><strong><span>-y </span></strong></span><svg aria-labelledby="cds-react-aria-328-title" fill="none" focusable="false" height="16" role="img" viewBox="0 0 16 16" width="16" class="css-1lzqdox" id="cds-react-aria-328"><title id="cds-react-aria-328-title">Opens in a new tab</title><path fill-rule="evenodd" clip-rule="evenodd" d="M1.5 3.5H6v1h3.5v9h9V10h2v4.5h-11v-11zM13.5 2.5h20v-1h4.5V6h-1V2.5z" fill="currentColor"></path><path fill-rule="evenodd" clip-rule="evenodd" d="M6.646 8.646l7-7 .708.708-7 7-.708-.708z" fill="currentColor"></path></svg></a></span><span><span>] [ </span></span><span><a target="_blank" rel="noopener nofollow noreferrer" href="https://www.ibm.com/docs/en/aix/7.2?topic=f-fsck-command#fsck__row-d3e118344" class="css-gcjbqe"><span><strong><span>-f </span></strong></span><svg aria-labelledby="cds-react-aria-329-title" fill="none" focusable="false" height="16" role="img" viewBox="0 0 16 16" width="16" class="css-1lzqdox" id="cds-react-aria-329"><title id="cds-react-aria-329-title">Opens in a new tab</title><path fill-rule="evenodd" clip-rule="evenodd" d="M1.5 3.5H6v1h3.5v9h9V10h2v4.5h-11v-11zM13.5 2.5h20v-1h4.5V6h-1V2.5z" fill="currentColor"></path><path fill-rule="evenodd" clip-rule="evenodd" d="M6.646 8.646l7-7 .708.708-7 7-.708-.708z" fill="currentColor"></path></svg></a></span><span><span>] [ </span></span><span><em><span>FileSystem1name</span></em></span><span><span> - </span></span><span><em><span>FileSystem2name ...</span></em></span><span><span> ]</span></span></p><ul><li><p><span><span>The </span></span><span><strong><span>-n</span></strong></span><span><span> flag - Sends a “</span></span><span><strong><span>n</span></strong></span><span><span>o” response to all </span></span><span><strong><span>fsck</span></strong></span><span><span> questions and does not allow </span></span><span><strong><span>fsck </span></strong></span><span><span>to write to the drive.&nbsp;</span></span></p></li><li><p><span><span>The </span></span><span><strong><span>-p</span></strong></span><span><span> flag - </span></span><span><strong><span>P</span></strong></span><span><span>revents error messages for minor problems from displaying while automatically fixing those minor errors. Outside of recovering from data corruption, it is a best practice to run the </span></span><span><strong><span>fsck -p</span></strong></span><span><span> command regularly at startup as a preventative measure.&nbsp;</span></span></p></li><li><p><span><span>The </span></span><span><strong><span>-y</span></strong></span><span><span> flag - Sends a “</span></span><span><strong><span>y</span></strong></span><span><span>es” response to all </span></span><span><strong><span>fsck </span></strong></span><span><span>questions to automatically attempt to repair all inconsistencies found. This flag should be reserved for severely corrupt file systems only.&nbsp;</span></span></p></li><li><p><span><span>The </span></span><span><strong><span>-f</span></strong></span><span><span> flag - Runs a </span></span><span><strong><span>f</span></strong></span><span><span>ast check that excludes file systems that were successfully unmounted for shutdown before the system crashed.&nbsp;</span></span></p></li><li><p><span><em><span>FileSystem#name - </span></em></span><span><span>If you do not specify a file system, the </span></span><span><strong><span>fsck</span></strong></span><span><span> command checks all file systems in </span></span><span><strong><span>/etc/filesystems, </span></strong></span><span><span>where the </span></span><span><strong><span>check </span></strong></span><span><span>attribute is set to </span></span><span><strong><span>true</span></strong></span><span><span>.</span></span></p></li><li><p><span><span>To see more advanced flags, use the </span></span><span><strong><span>man fsck</span></strong></span><span><span> command.</span></span></p></li></ul><p><span><span>                  a. To have the </span></span><span><strong><span>fsck</span></strong></span><span><span> command check all of the default file systems and prompt the user on how to handle each inconsistency found, simply enter at a command line:</span></span></p><p><span><span>                 b. For ext, ext2, ext3, and ext4 file systems, the </span></span><span><strong><span>e2fsck</span></strong></span><span><span> command can be used:</span></span></p><p><span><span>                c. To have the </span></span><span><strong><span>fsck</span></strong></span><span><span> command check specific file system(s) and automatically fix any inconsistencies found, enter:&nbsp;</span></span></p><p><span><span>2. The </span></span><span><strong><span>fsck</span></strong></span><span><span> command outputs an exit value, or code, when the tool terminates. The code is the sum of one or more of the following conditions:
</span></span></p><ul><li><p><span><span>0 = All scanned file systems have been restored to a functional state.</span></span></p></li><li><p><span><span>2 = </span></span><span><strong><span>fsck </span></strong></span><span><span>did not finish checks or repairs due to an interruption.</span></span></p></li><li><p><span><span>4 = File system has changed and the computer needs to be rebooted.&nbsp;</span></span></p></li><li><p><span><span>8 = </span></span><span><strong><span>fsck</span></strong></span><span><span> could not repair some or all file system damage.
</span></span></p></li></ul><h3 data-heading-variant="h3semibold"><span><span>How to run </span></span><span><strong><span>fsck</span></strong></span><span><span> on the next boot or reboot</span></span></h3><p><span><span>In many Linux OS distributions, the </span></span><span><strong><span>fsck</span></strong></span><span><span> utility will automatically run at boot under certain circumstances, including:</span></span></p><ul><li><p><span><span>When a file system has been labeled as “dirty”, meaning that data scheduled to be written to the file system is different from what was actually written or not written to the disk. This could occur if the system shut down during a write operation.&nbsp;</span></span></p></li><li><p><span><span>When a file system has been mounted multiple times (can be set to a specific value) without a file system check.</span></span></p></li></ul><p><span><span>Configuring the </span></span><span><strong><span>fsck </span></strong></span><span><span>command to run automatically on boot and reboot differs depending on which brand and version of Linux is installed on the system. As a root or sudo user, use vi (visual instrument) to add the </span></span><span><strong><span>fsck</span></strong></span><span><span> command to the boot sequence.</span></span></p><ol><li><p><span><span>In Debian and Ubuntu,</span></span></p><ol><li><p><span><span>Edit the </span></span><span><strong><span>rcS</span></strong></span><span><span> file: \$ sudo vi /etc/default/rcS</span></span></p></li><li><p><span><span>Add the following command to the </span></span><span><strong><span>rcS</span></strong></span><span><span> file: FSCKFIX=yes</span></span></p></li></ol></li></ol><p><span><span>      2. In CentOS,&nbsp;</span></span></p><p><span><span>                  a. Create or edit a file named autofsck: $ sudo vi /etc/sysconfig/autofsck</span></span></p><p><span><span>                  b. Add the following command to the autofsck file: AUTOFSCK_DEF_CHECK=yes
</span></span></p>

# <b>3.7 Processes</b>

Windows processes can operate independent of their parents. Linux processes have a parent-child relationship. 

|Purpose|PowerShell|Bash|
|-|-|-|
|stopping processes|[taskkill](https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/taskkill)||
|**show processes**|`tasklist` (cmd.exe) and `Get-Process` ([PS](https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-process?view=powershell-5.1))|[ps](https://man7.org/linux/man-pages/man1/ps.1.html)|
|||`ps -x`|
|||`ps -ef` (`e` show the processes from all the users, `f`ull details)|
|||`ls -l /proc`|
|||`cat /proc/<PID>/status`|
|show top processes|`Get-Process \| Sort CPU -descending \| Select -first <name> -Property ID,ProcessName,CPU`|`top`|
|show system loadness||`uptime`|
|time of last system boot|`who -b`|
|show opened files||`lsof`|
|**Signals**|||
||`SIGINT`, [`Process Explorer`](https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer)||
|interrupt proccess|`ctrl` + `C`|`ctrl` + `C`|
|kill the process||`kill <PID>`|
|||`kill -KILL <PID>`|
|suspend the process||`kill -TSTP <PID>`|
|continue||`kill -CONT <PID>`|
||||
||||
||||
||||
||||
||||
||||
||||

## Linux: Reading Process Information

### `ps`

In [4]:
ps -x | grep jupyter-lab

   2043 pts/2    Sl+    0:11 /home/vadim/.local/pipx/venvs/jupyter/bin/python /home/vadim/.local/bin/jupyter-lab
   4040 pts/4    S+     0:00 grep jupyter-lab


`ps -x`:

- `R`unning,
- s`T`opped,
- interruptible `S`leep.

In [3]:
ps -ef | grep jupyter-lab

vadim       2043    2030  0 14:22 pts/2    00:00:11 /home/vadim/.local/pipx/venvs/jupyter/bin/python /home/vadim/.local/bin/jupyter-lab
vadim       4019    2506  0 14:59 pts/4    00:00:00 grep jupyter-lab


`ps -ef` :

- user
- PID
- PPID (parent PID)
- C number of children
- STIME
- TTY
- TIME
- CMD

In [5]:
cat /proc/2043/status

Name:	jupyter-lab
Umask:	0022
State:	S (sleeping)
Tgid:	2043
Ngid:	0
Pid:	2043
PPid:	2030
TracerPid:	0
Uid:	1000	1000	1000	1000
Gid:	1000	1000	1000	1000
FDSize:	256
Groups:	24 25 29 30 44 46 100 106 111 113 117 1000 
NStgid:	2043
NSpid:	2043
NSpgid:	2043
NSsid:	2030
VmPeak:	  689988 kB
VmSize:	  631196 kB
VmLck:	       0 kB
VmPin:	       0 kB
VmHWM:	  136500 kB
VmRSS:	  129120 kB
RssAnon:	  110364 kB
RssFile:	   18756 kB
RssShmem:	       0 kB
VmData:	  175504 kB
VmStk:	     132 kB
VmExe:	    2764 kB
VmLib:	   12588 kB
VmPTE:	     372 kB
VmSwap:	       0 kB
HugetlbPages:	       0 kB
CoreDumping:	0
THP_enabled:	1
Threads:	6
SigQ:	0/63465
SigPnd:	0000000000000000
ShdPnd:	0000000000000000
SigBlk:	0000000000000000
SigIgn:	0000000001001000
SigCgt:	0000000100004202
CapInh:	0000000000000000
CapPrm:	0000000000000000
CapEff:	0000000000000000
CapBnd:	000001ffffffffff
CapAmb:	0000000000000000
NoNewPrivs:	0
Seccomp:	0
Seccomp_filters:	0
Speculation_Store_Bypass:	thread vulnerable
SpeculationIndirec

In [None]:
man ps

PS(1)                            User Commands                           PS(1)

NAME
       ps - report a snapshot of the current processes.

SYNOPSIS
       ps [options]

DESCRIPTION
       ps displays information about a selection of the active processes.  If
       you want a repetitive update of the selection and the displayed
       information, use top instead.

       This version of ps accepts several kinds of options:

       1   UNIX options, which may be grouped and must be preceded by a dash.
       2   BSD options, which may be grouped and must not be used with a dash.
       3   GNU long options, which are preceded by two dashes.

       Options of different types may be freely mixed, but conflicts can
       appear.  There are some synonymous options, which are functionally
       identical, due to the many standards and ps implementations that this
       ps is compatible with.

       Note that ps -aux is distinct from ps aux.  The POSIX and UNIX
       standards requi

### `kill`

In [2]:
kill -l

 1) SIGHUP	 2) SIGINT	 3) SIGQUIT	 4) SIGILL	 5) SIGTRAP
 6) SIGABRT	 7) SIGBUS	 8) SIGFPE	 9) SIGKILL	10) SIGUSR1
11) SIGSEGV	12) SIGUSR2	13) SIGPIPE	14) SIGALRM	15) SIGTERM
16) SIGSTKFLT	17) SIGCHLD	18) SIGCONT	19) SIGSTOP	20) SIGTSTP
21) SIGTTIN	22) SIGTTOU	23) SIGURG	24) SIGXCPU	25) SIGXFSZ
26) SIGVTALRM	27) SIGPROF	28) SIGWINCH	29) SIGIO	30) SIGPWR
31) SIGSYS	34) SIGRTMIN	35) SIGRTMIN+1	36) SIGRTMIN+2	37) SIGRTMIN+3
38) SIGRTMIN+4	39) SIGRTMIN+5	40) SIGRTMIN+6	41) SIGRTMIN+7	42) SIGRTMIN+8
43) SIGRTMIN+9	44) SIGRTMIN+10	45) SIGRTMIN+11	46) SIGRTMIN+12	47) SIGRTMIN+13
48) SIGRTMIN+14	49) SIGRTMIN+15	50) SIGRTMAX-14	51) SIGRTMAX-13	52) SIGRTMAX-12
53) SIGRTMAX-11	54) SIGRTMAX-10	55) SIGRTMAX-9	56) SIGRTMAX-8	57) SIGRTMAX-7
58) SIGRTMAX-6	59) SIGRTMAX-5	60) SIGRTMAX-4	61) SIGRTMAX-3	62) SIGRTMAX-2
63) SIGRTMAX-1	64) SIGRTMAX	


In [1]:
man kill

KILL(1)                          User Commands                         KILL(1)

NAME
       kill - send a signal to a process

SYNOPSIS
       kill [options] <pid> [...]

DESCRIPTION
       The  default  signal  for kill is TERM.  Use -l or -L to list available
       signals.  Particularly useful signals include  HUP,  INT,  KILL,  STOP,
       CONT,  and  0.   Alternate  signals may be specified in three ways: -9,
       -SIGKILL or -KILL.  Negative PID values may be  used  to  choose  whole
       process  groups; see the PGID column in ps command output.  A PID of -1
       is special; it indicates all processes except the kill  process  itself
       and init.

OPTIONS
       <pid> [...]
              Send signal to every <pid> listed.

       -<signal>
       -s <signal>
       --signal <signal>
              Specify  the  signal to be sent.  The signal can be specified by
              using name or number.  The behavior of signals is  explained  in
              signal(7) manua

## Resource Monitoring in Linux

Balancing resources keeps a computer system running smoothly. When processes are using too many resources, operating problems may occur. To avoid problems from the overuse of resources, you should monitor the usage of resources. Monitoring resources and adjusting the balance is important to keep computers running at their best. This reading will cover how to monitor resources in Linux using the load average metric and the common command.

**Load in Linux**

In Linux, 

> a **load** is the set of processes that a central processing unit (CPU) is currently running or waiting to run. 

A load for a system that is idle with no processes running or waiting to run is classified as a `0`. Every process running or waiting to run adds a value of `1` to the load. This means if you have `3` applications running and `2` on the waitlist, the load is `5`. The higher the load, the more resources are being used, and the more the load should be monitored to keep the system running smoothly. 

**Load average in Linux**

The load as a measurement doesn’t provide much information as it constantly changes as processes run. To account for this, an average is used to measure the load on the system. The **load average** is calculated by finding the load over a given period of time. Linux uses three decimal values to show the load over time instead of the percent other systems use. An easy way to check the load average is to run the `uptime` command in the terminal. The following image depicts the load values returned from the `uptime` command. 


![Load average values returned in the Linux terminal](data/images/Screenshot_20231004_132730.png)


The command returns three load averages:

- **Average CPU load for last minute**, which corresponds to 0.034. This is a very low value and means an average of 3% of the CPU was used over the last minute. 

- **Average CPU load for last 5 minutes** corresponds to the second value of 0.036. Again, this can be thought of as, on average, 4% of the CPU was being used over the past five minutes. 

- **Average CPU load for last 15 minutes** corresponds to 0.038, meaning on average, 4% of the CPU has been used over the last 15 minutes. 

**Top**

Another way you can monitor the load average in Linux is to use the **`top` (table of processes)** command in the terminal. The result of running the `top` command is an in-depth view of the resources being used on your system. 

![Detailed process load average output in Linux terminal](data/images/Screenshot_20231004_133346.png)

The first line displayed is the same as the load average output given using the uptime command. It lists what percent of the CPU is running processes or has processes waiting. The second line shows the task output and describes the status of processes in the system. The five states in the task output represent:

1. **Total** shows the sum of the processes from any state. 

1. **Running** shows the number of processes currently handling requests, executing normally, and having CPU access.

1. **Sleeping** shows the number of processes awaiting resources in their normal state. 

1. **Stopped** shows the number of processes ending and releasing resources. The stopped processes send a termination message to the parent process. The process created by the kernel in Linux is known as the **Parent Process**. All the processes derived from the parent process are termed as **Child Processes**.

1. **Zombie** shows the number of processes waiting for its parent process to release resources. Zombie processes usually mean an application or service didn't exit gracefully. Having a few zombie processes is not a problem. 

The `top` command gives detailed insight on usage for an IT individual to gauge the availability of resources on a system. 

**Key Takeaways**

- Computers need to balance the resources used with the resources that are free. Ensuring that the CPU is not overused means that a system will run with few issues. 

- The load in Linux is calculated by adding `1` for each process that is running or waiting to run. 

- Monitoring the average load of Linux allows an IT professional to identify which processes are running to determine what to end in order to balance the system. A balanced system runs with fewer problems than one that is using too high of a percent of resources. 

- The load average uses three time lengths to determine the use of the CPU: one minute, five minutes and fifteen minutes. 

The `top` command can give detailed information about the resource usage of tasks that are running or waiting to run.

# <b>3.8 Remote Access</b>

## Remote Connections in Windows

Connecting securely to remote machines is an important task for deploying services. **Secure Shell (SSH)** was developed in the 1990s to address this issue. This reading will cover what SSH is, the features it enables, and common SSH clients and their key features in Windows.

**SSH**

> **Secure Shell (SSH)** is a network protocol that gives users a secure way to access a computer over an unsecured network. 

SSH enables secure remote access to SSH-enabled network systems or devices and automated processes. It also allows for secure remote access to transfer files, use commands and manage network infrastructure.

**OpenSSH**

**OpenSSH** is the open-source version of the Secure Shell (SSH) tools used by administrators of Linux and other non-Windows for cross-platform remote systems management. OpenSSH has been added to Windows (as of autumn 2018) and is included in Windows Server and Windows client.

**Common SSH Clients**

An SSH client is a program that establishes secure and authenticated SSH connections to SSH servers. The following common SSH clients are Windows compatible:

|SSH client|Description|Features|Protocols|
|-|-|-|-|
|[PuTTY](https://www.putty.org/)|a terminal emulator and the inspiration for all subsequent remote access systems|Telnet, SSH, Rlogin (A remote login tool for use with UNIX-based machines on your network), and raw socket connections plus Secure File Transfer Protocol (SFTP) and Secure Copy Protocol (SCP) for file transfers between two hosts|SCP, SSH, Telnet, rlogin, and raw socket connection|
|[SecureCRT](https://www.vandyke.com/cgi-bin/releases.php?product=securecrt)|a remote access system available for macOS, Linux, iOS, and Windows|terminal emulation and file transfer through an SSH tunnel. It enables connections through many protocols and has usability features like tabbed sessions and customizable menus|SSH1, SSH2, Telnet, and Telnet/SSL|
|[SmarTTY](https://sysprogs.com/SmarTTY/download/)|a free SSH client with a multi-tabbed interface to allow multiple simultaneous connections|This tool includes SCP capabilities for file transfers. It also includes usability features like auto-completion, file panel, and package management|SSH, SCP|
|[mRemoteNG](https://mremoteng.org/download)|a remote desktop system with a tabbed interface for multiple simultaneous connections|The system enables connections with Remote Desktop Protocol (RDP), Telnet (two-way text communication via virtual terminal connections), Rlogin, Virtual Network Computing (VNC, a graphics-based desktop sharing system), and SSH|RDP, VNC, SSH, Telnet, HTTP/HTTPS, rlogin, Raw Socket Connections, Powershell remoting|
|[MobaXterm](https://mobaxterm.mobatek.net/download.html)|a remote access system built for Unix and Linux, and Windows|Features include an embedded X server (a graphical interface akin to windows), X11 forwarding (a way to run applications over a remote connection), and easy display exportation to let X11 applications know which screen to run on|SSH, X11, RDP, VNC|

**Key Takeaways**

- Secure Shell(SSH) is a way to securely connect two remote machines over an unsecured network.

- You can use SSH to remotely control, transfer files from, and manage network resources for SSH-enabled clients.

- OpenSSH is an open-source version for cross-platform management.

- There are many common Window-compatible SSH clients with various features to fit any need, including PuTTY, SecureCRT, SmarTTY, mRemoteNG, and MobaXterm.

# <b>3.9 Virtualization</b>

## Virtual Machines

Virtualization creates a simulated computer environment for running a complete operating system (OS). The simulated computer environment is called a virtual machine (VM). On a VM, you can run an OS as if it were running directly on your physical hardware. This reading explains how virtual machines work and introduces some tools for creating a VM.

**How VMs work**

Virtual machine software creates a virtualized environment that behaves like a separate computer system. The VM runs in a window on the operating system of your physical computer. The operating system that runs on your physical computer is called the “host” OS. Any operating systems running inside a VM are called “guests.” In the virtual environment, you can install your guest OS, and it will function like it’s running on a physical machine. Whenever you want to use the guest OS, open your VM software and run the guest OS in a window on your host desktop.

Using a virtual machine lets you experiment with different operating systems without having to uninstall or replace your host OS. For example, you can try a Linux OS as a VM on your Windows computer to see how the two OSs compare, or you can use a VM on your Linux system to run a Mac software package. 

Another advantage of VMs is that they are isolated from the rest of your system. Software running inside a VM doesn’t affect the host OS or other VMs on your system. This isolation makes VMs a safe place to test software even when there is a risk of negative effects on a system.

A key advantage of VMs is significant reduction in hardware and electricity costs. You can run many VMs on a single host by dividing available hardware resources among each virtualized environment. Modern computer hardware offers a lot of computing power in a single device. But a typical OS will require only a fraction of the computing resources available in a computer. This means you won’t have to run those systems on several physical computers that are only partially used.

VM software divides hardware resources among virtualized environments by designating a portion of resources as virtual resources. When you create a VM you may be asked to specify the amount of physical hard drive space you want to set apart for your VM to use. The VM software will create a virtual hard drive for your VM of the specified size. VM software may have you also specify the amount of RAM you want to allocate for your VM. After you create the VM, you can usually adjust resource allocations. If you want more drive space or RAM for your VM, you can adjust the settings in the VM software to allocate more of those resources.

**VM software**

Some common Virtual Machine software used to create VMs:

- **VirtualBox** runs on Windows, Linux, Macintosh, and Solaris hosts. VirtualBox supports various guest operating systems, including Windows, Linux, Solaris, OpenBSD, and macOS. VirtualBox is open-source software available for free on the VirtualBox [download page](https://www.virtualbox.org/wiki/Downloads).

- **Hyper-V** is a Microsoft's virtualization platform. It is available as an integrated feature on the Windows operating system. Hyper-V supports Windows, Linux, and FreeBSD virtual machines. It does not support macOS. See [Microsoft’s Hyper-V for Windows documentation](https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/) for information on how to access Hyper-V on recent versions of Windows.

- **VMware** desktop software runs on Windows, Linux, and macOS hosts. VMware Workstation Player is the VMware software that lets users run multiple operating systems on a single physical personal computer. It is freely available for non-commercial use on the [VMware Workstation Download page](https://www.vmware.com/products/workstation-player/workstation-player-evaluation.html).

- **Red Hat Virtualization (RHV)** is a business-oriented platform developed for virtualization in enterprise computing contexts. RHV supports a variety of guest systems. Red Hat charges an annual subscription fee for product access, updates, patches, and technical support. See [Red Hat’s RHV Datasheet](https://www.redhat.com/en/resources/red-hat-virtualization-datasheet) for information on how to implement RHV on existing hardware infrastructures.

**Key takeaways**

- Virtualization lets you create a simulated computer environment for running a complete operating system. 

- Virtual machine (VM) software creates a virtualized environment that behaves like a separate computer system.

- Virtualization lets you experiment with different operating systems without having to uninstall or replace your host OS and provides a safe place to test software.

- VM software divides hardware resources among virtualized environments by allocating  portions of available resources as virtual resources.

A variety of Virtual Machine software are available for creating VMs.

More resources
For step-by-step instructions on how to create a virtual machine using VirtualBox, see the [VirtualBox manual](https://www.virtualbox.org/manual/ch01.html).

# <b>3.10 Logging</b>

|Purpose|PowerShell|Bash|
|-|-|-|
|logs|`eventvwr.msc`|`ls /var/log`|

# <b>3.11 Opertating System Deployment</b>

## OS Deployment Methods

In this reading, you will learn about operating system (OS) deployment methods, including the use of disk cloning. A cloned disk is an identical copy of a hard drive. Cloning is often used when an Enterprise company purchases a large number of identical computers. The IT Support Administrators for the company are responsible for installing and configuring the computers to meet the needs of the company and its network. Disk cloning is used to save time on this type of deployment. IT Administrators will select one of the new computers to install and configure needed items, such as the OS, utilities, tools, network settings, software, drivers, firmware, and more. Then they make a clone of this first hard drive. The cloned disk is used to copy the entire disk image over to the remaining new computers so that the IT Admins do not need to repeat the same installation and configuration steps on each new computer. They may keep a copy of the original disk from this deployment to reimage the systems if a clean OS install is required (e.g., following a virus or malware infection, OS corruption, etc.).  

Cloned disks have uses beyond deploying OSs. They can be used to test new software and configurations in a lab environment before applying the updates to similar production systems. Cloning can also be used for system migrations, data backups, disk archival, or to make a copy of a hard drive for investigative or auditing purposes.  

### Tools for duplicating disks

#### Hard disk duplicator

**Hard drive duplicators** are machines that can make identical copies of hard drives. The original drive is inserted into the duplicator machine along with one or more blank hard drives as targets. Disk duplicators can have anywhere from a single target bay for limited disk cloning (example use: law enforcement investigations) up to 100+ target bays for industrial use (example use: computer manufacturing). If the target drives are not blank, the duplicator machine can wipe the drives. The target drives usually need to share the same characteristics (e.g., interface, form factor, transfer rate) of the original drive. The targets should also have the same or greater storage capacity than the original. 

The hard drive duplicator may have an LCD interface built-in to the machine and/or a management software/HTML interface, the latter of which can be accessed over a networked or directly-connected computer or server. The duplicator interface can be used to initiate and manage disk cloning and/or disk wiping (reformatting). Most duplicators copy data  sector-by-sector. The time to transfer data from the original to the target drives depends on multiple variables. The machine’s user manual should be consulted to calculate duplication time.

#### Disk cloning software

Hard drives can also be cloned using software. This method allows the original and target to be different media from one another. For example, a hard drive can be cloned from an IDE drive to an SSD drive, a CD-ROM/DVD, removable USB drive, cloud-based systems, or other storage media, and vice versa. Software cloning supports full disk copies (including the OS, all settings, software, and data) or copies of selected partitions of the drive (useful for data-only or OS-only copies). Disk cloning software is often used by IT Administrators who need to deploy disk images across a network to target workstations or to cloud-based systems. Cloud platforms normally offer a virtual machine (VM) cloning tool as part of their services. VM cloning is the most efficient method for cloning servers and workstations. VM cloning takes a few seconds to deploy new systems. 

A few examples of disk cloning software include:

- **NinjaOne Backup** - Cloud-based cloning, backup, and data recovery service designed for managed service providers (MSPs) and remote workplaces. 

- **Acronis Cyber Protect Home Office** - Desktop and mobile device cloning software that works with Windows, Apple, and Android systems. Designed for end users. Supports backup, recovery, data migration, and disk replication. Includes an anti-malware service that can overcome ransomware attacks. 

- **Barracuda Intronis Backup** - Cloud-based cloning and backup service on a SaaS platform. Designed for MSPs who support small to mid-sized businesses. Can integrate with professional services automation (PSA) and remote monitoring and management (RMM) packages.

- **ManageEngine OS Deployer** - Software for replications, migrations, standardizing system configurations, security, and more. Can create images of Windows, macOS, and Linux operating systems with all drivers, system configurations, and user profiles. These images can be saved to a locally stored library. The library is available to deploy OSs to new, migrated, or recovered systems as needed. 

- **EaseUS Todo Backup Free** - Free Windows-compatible software for differential, incremental, and full backups, as well as disaster recovery. Supports copying from NAS, RAID, and USB drives.

### Methods for deploying disk clones

The sections above have described disk clone deployment through copied hard drives, image libraries, network storage, and cloud-based deployments. There are some other options for cloned disk deployments: 

**Flash drive distribution**

OSs can be distributed on flash drives. IT professionals can format flash drives to be bootable prior to copying a cloned disk image to the flash drive. Target systems should be set to boot from removable media in the BIOS. After inserting a flash drive containing the OS into an individual computer, restart the system and follow the prompts to install the OS. Microsoft offers this method as an option for Windows installations. Linux systems can also be booted and installed from flash drives. 

**The Linux `dd` command**

The Linux/Unix `dd` command is a built-in utility for converting and copying files. On Linux/Unix-based OSs, most items are treated as files, including block (storage) devices. This characteristic makes it possible for the `dd` command to clone and wipe disks.

**Key takeaways**

Hard drives can be duplicated by:

- Hard disk duplicator machines

- Disk cloning software. Examples:

    - NinjaOne Backup

    - Acronis Cyber Protect Home Office

    - Barracuda Intronis Backup

    - ManageEngine OS Deployer

    - EaseUS Todo Backup

- Operating systems can be deployed through:

    - Cloned hard drives

    - Hard drive image libraries

    - Network storage

    - Cloud-based deployments

    - Flash drive distributions

    - In Linux, using the dd command

Resources for more information
For more information on disk cloning and OS deployment techniques, please visit:

- [How to clone a hard drive on Windows](https://www.tomsguide.com/how-to/how-to-clone-a-hard-drive-on-windows) - Step-by-step guide with screenshots on how to clone a hard drive using the software Macrium Reflect Free.
- [Best Hard Drive Duplicator/Cloner Docking Station for 2022](https://nerdtechy.com/best-hard-drive-duplicator-cloner-docking-station) - Comparison guide to popular hard drive duplicator machines.
- [OS deployment methods with Configuration Manager](https://docs.microsoft.com/en-us/mem/configmgr/osd/deploy-use/methods-to-deploy-enterprise-operating-systems) - Microsoft’s guide to options for deploying Windows in a network environment. 
- [dd(1) - Linux manual page](https://man7.org/linux/man-pages/man1/dd.1.html) - The manual for the Linux dd command, which describes how to use the command and lists the available optional flags. 

## Windows Troubleshooting

In an IT support environment, it’s common to come across issues that you can resolve using the log analysis tools. These tools can help with application crashes, a slow boot or startup, application hangs, or unexpected reboots.  In this reading you will learn how to resolve application crashes through the Windows’ graphical user interface (GUI) and your system log files. 

**Solving the problem**

When you begin to troubleshoot an IT issue, you should begin by researching the root of the problem. You might ask yourself these questions:

- Is the problem unique to one computer or all computers on the network? 

- Does the problem affect a single user or all users? 

- Is the problem related to a particular application? Is that application up-to-date?

Information in your system and application logs can help you answer these questions.

Once you have figured out the problem, decide how you are going to fix it. You first attempt at fixing it might not be the right solution. This is okay and you are keeping the problem-solving process moving forward and helping to develop your technical troubleshooting skills.

After you have solved the issue and have figured out how to fix it, educate others on your team and in your company about what you discovered. Educating others about IT issues that are happening will help prevent them from happening again.

It’s also important to document your solution to a problem. Many organizations have a structured documentation process in place for IT. This documentation is a place for you to record the issues you have encountered and the solutions you discovered.  If they don’t already have a documentation system, it is an opportunity to create a documentation system for your company and follow it. Documenting issues that arise, and solutions to those issues, will save the company and other IT support professionals time and resources in the future.

**An example scenario**

Consider this situation: One of the commonly-used software applications at your company continuously crashes around the same time every day. You use information in the Windows log files to investigate the issue and see events as they happen live. There are several types of logs you may analyze. A good way to start is by analyzing the system and application logs.

**Accessing logs through the Windows GUI tool**

In Windows you can access logs through the GUI using the **Event Viewer** tool. You can launch the Event Viewer through the Windows start menus or by typing `eventvwr.msc` from the run box. The Event Viewer records a lot of information about the system. With a custom view, you can create a filter that will look across all the event logs and focus the view on just the information you're interested in. 

In the scenario above, you’re interested in a crash event that happens around the same time every day. You may create a custom view to filter only events that happen around the time of your crash event. Select the “error” and “critical” checkboxes to limit the view to include crash events. You can also select specific logs to view. The system log is a good place to start. Name the new view and save it for future reference.
 
![Image of Event Viewer’s “Create Custom View” interface, for specifying filtering parameters.](data/images/oDOJzTZkRr2aZvjg2vcawQ_df1eaf8ab7b940baa3b63929e8c473f1_4_yjV5vFHJjjvZS4ov56A9_EwKN0qfvT6W_6xGunRZ2c1ffo7Kq_jCizrGLVniztSlwQugjooMp4gbPi5oe5ZFdCfzOxVghcHMGKaV759-DLsrE-fcy7X05D0MrL3dUj4M8GUcHuyML63YJ06HPdC2wdkYPVEY3rdj5ErRl04odOATmycdqHVZgVZn7J5bM.png)

**Interpreting the log file**

Once you have accessed your logs and focused on those parts that contain information most relevant to your crash event, you can examine the logs to find the root cause of the issue. Since you’re concerned with the crash of a specific application, you might scan the log file for the word “error” or the application name. Check the timestamps of these error logs for crashes that happen around the time that you suspect your crashes are happening. These parts of your system logs are most likely to offer clues about what’s causing your problem and how to fix it.

You may have to examine the logs a few times to collect the data you need. You may also have to try multiple different solutions before finding the right one. Then once you have, you can document it so others don’t have to go through the same process again. 

**Key takeaways**

- Good problem solving skills will help expedite the troubleshooting process and increase productivity.

- When faced with a problem, analyze the situation to determine what steps to take.

- There are two key tools that can help you resolve application errors:
    - 1. Access to logs through the Windows GUI
    - 2. Log analysis<br>
<br>
- After reaching your conclusions about a problem, communicate your findings.

- Document your solution to every problem.

## Windows Troubleshooting Example

**Troubleshooting a problem in Windows**

As an IT Support professional, you will likely run into problems caused by a full primary hard drive, where the OS is installed. An affected computer may display an error message stating there is insufficient space on the drive to save new files, apply an update, or install new software. In some cases, the computer might not provide an informative error message at all. Instead, the system may experience performance issues, hang, crash, or it might not even load the OS after booting. Note that it is a best practice to routinely perform maintenance and clean-up of computer hard drives to free storage space, improve system performance, and prevent the myriad of issues that can arise when the primary hard drive is full.

Imagine that you are an IT Support Specialist for an organization. An employee reports that their computer is running very slowly and keeps hanging. You know that Windows Update had been scheduled to run overnight to update all of the organization’s systems with multiple patches, updates, and fixes. Although it is possible for these changes to cause system problems, there is only one employee reporting a problem. So, it is more likely that the system did not have adequate storage space to install all of the updates on that employee’s computer system. You suspect that the primary hard drive could be full. Your troubleshooting and repair steps might include:

1. **Check how much free storage space remains**. A quick and easy troubleshooting step for system performance issues is to check if the primary hard drive is full. In this scenario, you discover that the employee’s hard drive has less than 5 GB of space left. Microsoft recommends giving Windows 10 at least 20 GB of free space for normal OS processes. You will need to find at least 15 GB of files to delete or move to another storage location. 

1. **Delete temporary and unneeded files**. There are a few methods for cleaning out junk files from Windows. Two system maintenance tools for this purpose, found in several versions of Windows, include:

    - **Storage Sense**: Use the Windows Storage Sense tool to delete unnecessary files like temporary files, offline cloud files, downloads, and those stored in the Recycle Bin. You can also configure Storage Sense to regularly and automatically clean the hard drive for proactive maintenance. 

    - **Disk Cleanup**: A simple alternative tool to Storage Sense. Disk Cleanup performs most of the same operations as Storage Sense, plus it offers a drive compression utility. Note: If you run Disk Cleanup on a drive, but the computer is still reporting “Low Disk Space”, the Temp folder is most likely filling up with Microsoft Store .appx files. In this case, you will need to clear the cache for Microsoft Store.

1. **Reset Windows Update**. Since you know the employee’s computer went through a Windows Update overnight and possibly did not complete this process fully, it may be wise to perform a Windows Update reset. The reset tool can check whether a system reboot is required to apply the updates, security settings were changed, update files are missing or corrupted, service registrations are missing or corrupt, and more.This utility can be found in the Windows system Settings menu, under Troubleshoot > Other troubleshooters >  Windows Update.

1. **Move files off of the primary hard drive and onto** (one or more of the following): 

    - **Internal or external storage device**: Install an additional hard drive or add an external storage device, like a USB drive or SD card, to hold user files.

    - **Network storage**: Network storage space is often available in network environments in the form of Network Attached Storage (NAS) appliances or large Enterprise Storage Area Networks (SANs). In these environments, end users should have network drive space mapped to their workstations for file storage, instead of saving files to their local hard drives. 

    - **Cloud storage (OneDrive, File Explorer, Google Drive, etc.)**: Providing cloud storage space to end users is a lower cost alternative to network storage. However, this option is less secure than onsite NAS or SAN storage.

In Windows **System Storage**, under **Advanced storage** settings, set the new drive storage as the destination for “Where new content is saved.”   

1. Set any cloud storage solutions to be online-only. This will prevent cloud files from downloading an offline or cached version of the files to the hard drive. 

1. Uninstall apps that are not needed (including Windows Store apps). This is an effective way to free up large amounts of storage space. 

1. Run antivirus and antimalware software. Some viruses and malware intentionally fill up hard drives with garbage data.

1. Wipe hard drive and reinstall the OS. If none of the suggestions listed above solve the problem with slow system performance and hanging, consider wiping the hard drive and reinstalling the OS. This is the best method for repairing failed system updates.


**Resources**

- [Free up drive space in Windows](https://support.microsoft.com/en-us/windows/free-up-drive-space-in-windows-85529ccb-c365-490d-b548-831022bc9b32#WindowsVersion=Windows_10) - Microsoft article for Windows 10 and 11 that provides step-by-step instructions for freeing storage space on a hard drive. 

- [Low Disk Space error due to a full Temp folder](https://www.coursera.org/learn/os-power-user/supplement/5LdXl/supplemental-reading-for-windows-troubleshooting-example) - Steps to clear the cache for Microsoft Store and reset Windows Update for Windows 10 and 11.

- [Manage drive space with Storage Sense](https://support.microsoft.com/en-us/windows/manage-drive-space-with-storage-sense-654f6ada-7bfc-45e5-966b-e24aded96ad5) - Instructions for configuring this Windows tool to automatically remove temporary files, downloads, offline cloud files, and empty the Recycle Bin.

- [How to use Event Viewer on Windows 10](https://www.windowscentral.com/how-use-event-viewer-windows-10) - A walkthrough tour of Windows Event Viewer with screenshots and detailed explanations of each part of the tool.

- [How do I reset Windows Update components?](https://www.coursera.org/learn/os-power-user/supplement/5LdXl/supplemental-reading-for-windows-troubleshooting-example) - Steps for troubleshooting problems with Windows Update.