FUNDAMENTALS 1

File Systems in Windows:

• Modern Windows versions use the NTFS (New Technology File System) as the default file system.

• Previous file systems include FAT16/FAT32 and HPFS.

• FAT partitions are still common in USB devices, MicroSD cards, etc.

NTFS Features:

1. Journaling:

• NTFS is a journaling file system, allowing automatic repair of folders/files in case of

failure.

2. Addressing Limitations:

• Supports files larger than 4GB.

• Allows setting specific permissions on folders and files.

• Supports folder and file compression.

• Includes encryption features (Encryption File System or EFS).

Viewing NTFS Permissions:

• Right-click file/folder, select Properties, and go to the Security tab.

• Permissions include Full control, Modify, Read & Execute, List folder contents, Read, and Write.

Alternate Data Streams (ADS):

• NTFS feature allowing files to have multiple streams of data.

• Not displayed by default in Windows Explorer.

• PowerShell can be used to view ADS.

• Malware writers may use ADS to hide data, but legitimate uses include identifying downloaded
files.

Additional Resource:

• MalwareBytes link for more information on Alternate Data Streams.

Note: It's advisable to refer to the latest Microsoft documentation for any updates or changes in features
and functionalities.

• The Windows folder (C:\Windows) traditionally contains the Windows operating system but can
be located in different drives or folders.

1
• System environment variables, like %windir%, point to essential system directories.

• Environment variables store information about the operating system environment.

• The System32 folder within the Windows directory holds critical files for the operating system.

• Caution is advised when interacting with the System32 folder, as accidental deletions can render
the Windows OS inoperable.

• Many essential tools covered in Windows Fundamentals series are located within the System32
folder.

User Account Types:

• Two types on a local Windows system: Administrator and Standard User.

• Administrators can make system-level changes, while Standard Users are limited to changes in
their user-specific folders/files.

• Identifying User Accounts:

• Methods to identify user accounts include using the "Other User" option in the Start Menu,
leading to System Settings > Other users.

• Administrators see options to add or remove users.

• Changing Account Type:

• Administrators can change account types by clicking on a local user account, accessing more
options, and selecting "Change account type."

• User Profile Creation:

• User profiles are created in the C:\Users directory upon initial login.

• The creation process includes messages on the login screen, such as the User Profile Service
message.

• User Profile Folders:

• Each user profile includes standard folders like Desktop, Documents, Downloads, Music, and
Pictures.

• Local User and Group Management:

• Accessed using "lusrmgr.msc" via the Run dialog.

• Two folders: Users and Groups.

• Groups have assigned permissions, and users inherit permissions when added to groups.

• Users can be part of multiple groups.

2
• Cautionary Note:

• Administrators should exercise caution when making changes to user accounts and system
settings, as these changes can impact the system's functionality.

• Note: The information provided is based on the context of local Windows systems and may vary
in domain environments or specific configurations.
Summary:

• Administrator Privileges and Risks:

• Many home users are logged into Windows systems as local administrators.

• Administrator accounts have the ability to make changes to the system, increasing the risk of
malware infection.

User Account Control

• Introduction of User Account Control (UAC):

• Microsoft introduced User Account Control (UAC) to protect users with administrator privileges.

• UAC was first introduced with Windows Vista and continued in subsequent Windows versions.

• UAC Functionality:

• When an administrator logs in, the current session doesn't automatically run with elevated
permissions.

• UAC prompts users for confirmation when an operation requiring higher-level privileges is
initiated.

• Exclusion for Built-in Administrator Account:

• By default, UAC doesn't apply to the built-in local administrator account.

• Program Properties and Permissions:

• Viewing program properties in the Security tab shows users/groups and their permissions.

• Standard users are typically not listed in this context.

• Installing a Program as a Standard User:

• When attempting to install a program as a standard user, a shield icon appears on the program's
default icon, indicating UAC will prompt for higher-level privileges.

• UAC Prompt Process:

• Double-clicking the program triggers the UAC prompt, with the built-in administrator account
pre-set as the user name.

• The UAC prompt requests the administrator account's password for confirmation.

3
• If the password is not entered within a specific time, the UAC prompt disappears, preventing the
program from installing.

Note: You have the username and password for the standard user. It's visible in *lusrmgr.msc.*

• Malware Prevention:

• UAC reduces the likelihood of malware compromising the system by requiring user confirmation
for actions that need elevated privileges.

• The prompt adds an additional layer of security, especially for users with administrator
privileges.

• Note: UAC is a key security feature in Windows that aims to balance user convenience with
system security by prompting for elevated privileges only when necessary.