Module 1 / Unit 4 Manoa on 08 Managing an OS Objectives On completion of this unit, you will be able to 1 Use GUI and command-line management interfaces to configure an operating system. 1 Explain the importance of access control features and configure user accounts. Syllabus Objectives and Content Examples This unit covers the following exam domain objectives and content examples: a 3.1 Manage applications and software, Disk management - Process management/scheduling (Kill process/end task) + Memory management + Access control/protection 1 3.2 Compare and contrast components of an operating system. Services + Processes « Utilities (Task scheduling) « Interfaces (Console/command line, GUI) Page 65Module 1 / Unit 4 Management Interfaces A management interface is a graphical or command-line tool used to perform some aspect of system configuration. A number of administrative tools are used to manage Windows: = Control Panel/Windows Settings—individual applets to configure various aspects of Windows, The Control Panel is a legacy interface; increasingly, configuration options are being moved to the touchscreen-friendly Settings app. = Management Consoles—these represent more technical system configuration options, The default Computer Management console contains a number of different administrative snap-ins. Each snap-in configures the settings for a different OS sub-system, such as disk management or user management. There are various other consoles, and you can also create custom ones with mme.exe. ie Aen wise @ >| is | Bn ae Some ny a a The default Computer Management console with the configuration snap-ins shown on the left. Screenshot used with permission from Microsoft hasan ter efit ow fis te (scene [sepiacaycometipe a ‘Registry Eaitor—most configuration changes are stored as values in the Registry database. ‘Screenshot used with permission from Microsoft Page 66m= Registry Editor (regedi t)—when you change a setting via a management ‘Managing an OS interface, you are usually changing something stored in the Windows Registry configuration database. The Registry Editor is a means of directly editing this database = Command prompt/PowerShell—settings can also be changed by typing native Windows commands or the PowerShell scripting language. g In Windows 10, the most useful system administration tools can be accessed by right-clicking the Start button or by pressing START+X, We will not go into detail in this course, but in Linux all configuration is performed by modifying text files. This can be done directly in a text editor, such as vi or nano, but many Linux distributions include graphical tools and system commands to assist with the process of making the underlying changes. Process and Service Management When a program starts (either because it has been scheduled to do so by the OS or opened by a user), the application code executes in memory as a process. g A process is the main unit governing a program and managing the memory resources allocated to it by the OS. A process may contain one or more threads, which are parts of the program scheduled for execution by the CPU. Task Manager The Task Manager utility (taskmgr) allows the user to shut down processes that are not responding. An ordinary user can end unresponsive applications. but administrative rights are required to end processes that were started by the system rather than the signed in user. This protects the system as things like malware cannot disable anti-virus software. In addition to this functionality, Task Manager can be used to monitor the PC's key resources. There are various ways to run Task Manager, including pressing CTRL+SHIFT+ESC, right-clicking the taskbar, or right-clicking the Start button (START+X). Page 67Module 4/ Unit 4 Page 68 = Fle Optons View Procists Peformance Apphision Stat-up Uses Bea Senvices om Di pps 10 A Adobe erobat 95 (2 bit) % «sana | ONBs > Ey Microsoft Edge (6) 49% 18BMB OA MBYs Bette ove BB Mort ager ona oh TE Bineontiiae) 6 ona sine ut ona @ Sapte Sa ona avanein ees ‘one Se vinden poet one background processes 7) 1 Asian icesing Sevice (2 o* @) oN CD hdsieAcopiesencel. ona istbecmesetnerhitsi= 6 O8MB| oN Bl tobe Update Service 22 bit o% 03MB) OMBis © Fewer dete 0% OM: 0 Mops OM: oMops OM: Mbps one one ono OMe: Mops Mops o o% . Enda Using Task Manger fo end a process. Screenshot used with permission from Microsoft. v Terminating a process like this (rather than using the application's Close or Exit function) is often called “killing” the process. The ‘command line option for doing this in Windows is indeed called taskkill. Always try to close or end a task normally before attempting to "kil" it Service Management A service is a Windows process that does not require any sort of user interaction and thus runs in the background (without a window). Services provide functionality for many parts of the Windows OS, such as allowing sign in, browsing the network, or indexing file details to optimize searches. Services may be installed by Windows and by other applications, such as anti-virus, database, or backup software. You can use the Services snap-in to check which services are running and to start and stop each service or configure its properties, such as whether it starts automatically at system boot time.toes gnee ‘Managing an OS i Sectaaee “DrsteAcbe tee ter ‘itcremtamach. aa sg mom epeenaonian Patchy Getlnsence _ Gasetomesence — Psitem Gacorescarirsete. haga 4 Managing services using the Computer Management console. Screenshot used with permission from Microsoft. Task Scheduler As noted above, a process (whether itis interactive or a background service) can be started either manually by the user or automatically by the operating system. In Windows, Task Scheduler, as its name suggests, sets tasks to run ata particular time. Tasks can be run once at a future date or time or according to a recurring schedule. A task can be a simple application process (including switches if necessary) or a batch file or script. Task Scheduler is accessed via its own console and can also be found in the Computer Management console. Many of Windows’ processes come with predefined task schedules ( Defragmenter, for instance, is configured to run automatically by default), Dresher =o x fle Aten View Hep +9/ a) Os © Tet seheteroeay ¥ Bias toy ase Sr, | a cree oe Dotcom Wort Rely et yy picares Sone Samueteagansonti Rady log ont aye ana Vimires |] fieaacaeanasts- Rey Wheto ce oro ‘ Siimicencne |] Catistlanigeat any day onctoy ane Str y | FO fon, awe < >| id enweartenc Ceca! Tigger Aone Condtone Fangs sy (ata | #) NowFlte ime [Seton Up ao) | tact Oncipon [TisinkerotiayarMconOiinaiaes | | He ¥ Ran Task Scheduler. Screenshot used with permission from Microsoft. g In Linux, the cxon utility is often used to run tasks or scripts at a particular time. Page 69Mole Aine 4 Memory and Disk Management As the CPU only has a limited amount of storage space in which to store instructions, it has to work with other storage components. The two main types of these are system memory and mass storage (or fixed disk storage). m= System memory—this type of memory is volatile, meaning that it is only preserved while the system is powered up. System memory is provided by Random Access Memory (RAM) modules. m= Mass storage—to preserve data when the system is tumed off, itis written as files to a mass storage device. Every PC comes with at least one such fixed disk. The fixed disk will either be a hard disk or a Solid-State Drive (SSD). Memory Management ‘When a process executes, it takes up space in system memory. If the system runs out of memory, then processes will be unable to start, and running processes may crash because they cannot load the data they need. Be ine. Gouce Memory 6oce00% temo wer Ethernet Ty) Ste —) hatte 5 oe 37GB (292.MB) 21GB * a Bluetooth PAN | con set Fomernened Sate 47/120GB 21GB Giowceececrs| 263MB_ 177 MB ewesde | © Open ee Mont Using Task Manager to check system memory usage, Screenshot used with permission from ‘Microsoft There is not a lot to configure in terms of memory management. The OS will do the best job it can with the resources available; if there is not enough memory the only real solution is to install more or run fewer programs simultaneously. Badly written programs and malware can cause a memory leak, where the process keeps claiming memory addresses without releasing them. If the system keeps running out of memory, you would use Task Manager or another monitoring program to find the offending process and disable it from running. Page 70Tahoe = 5% Managing an OS Fie Onone vow cess Dofmance Syphiaoy Sap Ue Sask Sauces » Ohne ova ~ 2 © Free ome * TF hisson ne « BE Mma tee om > wae * Serie oe Spatech * Windouetper * Serie et Dine Pai Service m™ oy © feet aa Using Task Manager to check how much memory a process is using. n this example each browser (Firefox) tab has its own memory space—you can see that some web pages use more ‘memory than others! Screenshot used with permission from Microsoft Virtual Memory/Pagefile There are situations where the OS loads more data than can fit within the ‘amount of system memory modules installed. The OS can use the fixed disk to supplement RAM by paging it to the disk. This is called a pagefile or virtual memory, The pagefile is usually user configurable (in Windows via the Advanced system settings link in the System control panel applet), but in most circumstances you would leave the OS to manage it. Viewing vitual memory (or pagefile) settings via the System applet. The PC has 6 GB of system RAM and Windows has automaticaly allocated the same amount of space to the pagefile. ‘Screenshot used with permission from Microsoft. Page 71Module 4/ Unit 4 Page 72 v AA traditional hard drive is much, much slower than system RAM and is often a performance bottleneck. Using an SSD as the main fixed disk will greatly improve performance. Disk Management Windows provides a GU! Disk Management tool to format mass storage devices (disks and USB drives) and manage partitions. Partitions allow a single disk to be divided into muttiple different logical areas, each of which can be accessed via the OS as a separate drive. A disk must have at least one Partition for the OS to use it. Also, each partition must be formatted with a file system so that the OS can read and write files to the drive. Cc Storage and file systems are covered in more detail in Unit 3.4. Disk Management is one of the snap-ins included with the default Computer Management console, or you can open the tool directly from the START+X menu (or run diskmgr .msc). He elon ew Heb e9\ mdm» x28 Bo Simple Bice TES Hetty. ORG ARGR 7K [speemtsered | 10 I Heat ten Active [Hey [not Page Fe Ch Damp, Panay Panto) || eat Recon Paton) fase 68 is Bemerable [Rad rive (2 sasoe—||snatcons nine | ety Pray Paiten Disk Management utility. Screenshot used with permission from Microsoft The Disk Management snap-in displays a summary of any fixed and removable drives attached to the system, The top pane lists drives; the bottom pane lists disks, showing information about the partitions created on each disk plus any unpartitioned space. You can use the tool to create and modify partitions, reformat a partition, assign a different drive letter, and so on.Managing an OS A Reformatting or deleting a partition deletes any data stored on it Always back up data before using Disk Management. Command Line Interfaces ‘As you have seen, most operating systems can be operated using a Graphical User Interface (GUI) controlled via a mouse, keyboard, and/or touchscreen, but a GUI is only one type of interface or shell. A Command Line Interface (CLI) shell represents an alternative means of configuring an OS or application. Some operating systems only present a CLI and have no GUI. A CLI displays a prompt, showing that it is ready to accept a command. When you type the command plus any switches and press ENTER, the shell executes the command, displays any output associated with the execution, and then returns to the prompt. ? The term “console” is often used interchangeably with "command line" or "command prompt" but has different technical meanings in Windows and UNIX/Linux. ‘Adminitrator Command Promet Windows command prompt (cmd.exe). Screenshot used with permission from Microsoft. Note that there may be more than one CLI environment included with an operating system. For example, Windows provides both the Windows Command Prompt (cmd.exe) and PowerShell CLIs. Linux usually presents the Bash (Bourne Again SHell) but there are alternatives. Page 73Module 4/ Unit 4 Page 74 BI Windows Powershell Windows PowerShell command prompt. Screenshot used with permission from Microsoft. Access Control and Protection Access control means that a computing device (or any information stored on the device) can only be used by an authorized person, such as its owner. ‘Access control on workstation operating systems is usually enforced by the ‘concept of user accounts. Each user of the device is allocated an account and uses a password (or other credential) to authenticate to that account. The OS can restrict the privileges allocated to an account so that it is not able to reconfigure settings or access certain data areas. Admi istrator and Standard User Accounts When the OS is first installed, the account created or used during setup is a powerful local administrator account. The account is assigned membership of the local Administrators group. Generally speaking, you should only use this, account to manage the computer (install applications and devices, perform troubleshooting, and so on). You should create ordinary user accounts for day-to-day access to the ‘computer. This is done by putting additional users of the computer in the Standard users group. Standard users cannot change the system configuration and are restricted to saving data files within their own user profile folder or the Public profile. For example, a user named David could only save files within C:\Users\David or C:\Users\Public. Administrators can access any folder on the computer.Least Privilege and User Account Control Managing an OS The principle of least privilege is that users should have only sufficient permissions required to perform tasks and no more. User Account Control (UAC) is Windows’ solution to the problem of elevated privileges. In order to change important settings on the computer (such as installing drivers or software), administrative privileges are required. Early versions of Windows make dealing with typical administrative tasks as an ordinary user very difficult, meaning that most users were given administrative privileges as a matter of course, This makes the OS more usable, but it also makes it much more vulnerable, as any malicious software infecting the ‘computer would run with the same administrative privileges. UAC counters this by running accounts in a protected sandbox. When users need to exercise administrative rights, they must explicitly confirm use of those rights by entering the administrator's credentials or by clicking through an authorization dialog, The desktop darkens into a special secure mode to prevent third-party software from imitating the authorization dialog Windows Powershell ‘ernea putter Mcoson windows Ye UAC requiring confirmation of the use of administrator privileges. Screenshot used with permission {rom Microsoft Note that options in Control Panel and menus and dialogs with the § icon on or next to them may require you to authorize use of the command through UAC. Page 75Module 4/ Unit 4 Page 76 Creating Other User Accounts Windows supports two types of user accounts: = Local accounts—these are defined on one computer only. = Microsoft accounts—these are connected to Microsoft's cloud services. A Microsoft account can be used to sign in on multiple devices and synchronize settings, apps, and data between them. To create a new account, open Settings then click Accounts, Select Family & other people then click Add someone else to this PC. Mirocft account How will this person sign in? Enter the email adgress or phone number of the person you want to add. IF they use Windows, Office, Outlook.com, OneDrve, Skype or Xbox, enter the email address or phone number they use to signin. idan have thie deredn's sign in intone Creating a new account. Screenshot used with permission from Micrasof. Enter the user's email address for their Microsoft account, click Next and click Finish. The user must complete the process of signing in themselves, v To create a local account, you would click the I don’t have this person's sign-in information link.Managing User Accounts anacing on 08 Users can manage their own account from Settings. In the Accounts node, they can select and configure options on the following tabs: = Your info—enables you to configure options such as a picture for your account. = Email & app accounts—allows you to associate accounts with email and other apps on the local computer, such as a Microsoft Outlook or Gmail account = Sign-in options—allows you to enable and configure advanced sign in options, such as Windows Hello (biometrics), Picture password, and PIN sign in, = Access work or schoolfrom here, you can define additional accounts that you use to access other networks, such as a work account or an account used for accessing school resources. In professional/enterprise Windows editions, administrators can use the Local Users and Groups snap-in within the Computer Management console to configure accounts. Options include setting a user's password, disabling/enabling an account, unlocking an account after too many bad passwords, configuring group membership, or specifying login scripts and profile paths. Bi admit Bun seco inteing. ues Breen cf i Deteutscce. aps Bao detrei | anton Bue rg Biveaci Configuring local user accounts. Screenshot used with permission from Microsof. g This desoribes managing accounts on a standalone computer. On a corporate network, such as a Windows domain, accounts, privileges, and permissions are managed on a centralized server rather than on each workstation. Page 77