Understanding Windows

Operating System Folder

System folder System root is the tech name given to the folder in which the OS has been INSTALLED Other important Folders C:\WINNT\SYSTEM32: where all the most critical programmes are stored Registry Stores all info about your PC on a database including information about all the hardware in the PC Registry files are called hives Accessing the Registry Registry editors are as follows:REGEDIT32.EXE REGEDIT.EXE [is only safe to do searches] This can be open by going to command prompt and typing in its name. Windows XP and Vista use Registry Editor which includes strong search functions Registry components The registry is organised in a tree structure. These are the five main subgroups or root Keys 1. HKEY_CLASSES_ROOT This defines class-objects used by windows. Class objects is a name of a group of functions that define what you can do with the object it represents 2. & 3. Windows is designed to support one or more users on the same PC. Hjdg HKEY_CURRENT_USER stores all the current users settings and HKEY_USER dgs stores all of the personalized info for all users on the PC. 4. HKEY_LOCAL_MACHINE Stores all data for systems non-user-specific configurations this includes every device and every program in your PC. 5. HKEY_CURRENT_CONFIG If the values here have more than one option such as two different monitors, this root key defines which one is currently being used
3. Dfjb

Swap Files or Page File

Windows uses a portion of the hard drive as an extension of system RAM, through what is called a RAM Cache. A RAM cache is a block of cylinder on hard drive set aside and is called a page file or a swap file.

When the computer runs on real RAM because youve loaded too many programs, the system swaps the programs from real RAM to swap file, opening more space for the programs currently active. Swap Files/Page As a programs RAM and as loaded more At a certain enough RAM to programs Files Process load and they take up more programs are RAM is used point you wont have run any more

This is where Virtual memory comes into play

It starts by creating a swap file that resides somewhere on your hard drive, it works like a temporary storage box. Windows removes the running program temporarily from RAM to the swap file so other programs can load and run To load program D needs a certain amount of RAM. Windows looks at the programs to see which one is used the least [in this case B] and then swaps it from RAM to the swap file.

If you wish to reopen program B it needs to be reloaded to RAM. Windows decides which program needs to be removed from RAM [Program C] then it loads program B into RAM

Windows slows down while swaps are taking place The swap file or page file is located at PAGEFILE.SYS in Windows 2000/XP and is a hidden system file.

Features and Characteristics of Windows 2000 and XP

OS Organisation
Microsoft takes an object-orientation approach to the OS, separating it into 3 parts: 1. The Drivers 2. The NT Executive 3. Subsystems The NT Executive is the core power of the Windows 2000/XP OS, handling all of the memory management and multitasking. The NT Executive uses HAL [Hardware Abstract Layer] to separate the system specific device driver from the rest of the OS Windows 2000/XPs robustness comes from the separation of running process into a myriad of subsystems. Each subsystem supports different types of applications in separate areas so if one application locks up, it wont cause the entire system to lock up.

Windows supports DOS and other earlier versions of Windows as well as current Window applications via these numerous subsystems. Windows 2000/XP are the only Microsoft OSs that support SMP [Symmetric Multiprocessing] providing support for systems with up to 32 CPUs

NT File System [NTFS]

NTFS offers the following excellent features: 1. Long File Names [LFN] NTFS file names can be up to 255 characters long 2. Redundancy NTFS has advanced FAT called MFT [Master File Table]. It keeps a backup of the MFT near the middle of the disc to lower the chance of a serious virus or error erasing both the original and the copy. Whenever you defragment you disk there is a large unmovable chunk, this is the backup. 3. Backward Compatibility You can copy DOS or Windows 9x/ME programs to an NTFS partition and windows will keep the LFN. 4. Recoverability Transaction logging identifies incomplete file transfers and restores the file to the original format automatically and invisibly 5. Security Three major features of NTFS security Accounts, Groups & NTFS Security: 1. Accounts You must have a username and password to login to Windows. Each Windows system has an administrator 2. Groups The admin creates other user accounts. A group is a collection of accounts which have the same compatibilities. One account can be a member of several groups. Windows provides seven built-in groups. These have a number of preset abilities and cannot be deleted. a. Administrators Primary user or anyone who is in this group has complete administration privileges b. Power Users Like administrators but cannot install new devices or look in other users files or folders c. Users Cannot edit the registry or access critical system files but they can create groups and manage them and no others.

d. Backup Operators Same as users but they can run backup programs that access any file or folder for backup purposes only e. Replicator Can replicate files and folders in a domain f. Everyone This applies to everyone who has access to a computer on the network. The group cannot be edited g. Guests Someone who has no username and password but can use this group to access the system Windows XP derives a lot from 2000. If you are running XP Pro you are offered the same 7 groups as detailed above but can access another 4 specialised groups including Help Services Group and Remote Desktop Users. When XP Home and Profession are installed on a standalone PC or connected to a network group but not a domain, they run in a specialized networking mode called Simple File Sharing this only has 3 account types: 1. Computer Admin 2. Limited User [access certain things and have limits as to where they can be saved] 3. Guest NTFS Permissions NTFS permissions define exactly what an account or group can and cant do to the file or folder on an NTFS volume. The five crucial NFTS permissions are:
3.

1. Ownership When you create a file or folder you are the owner, therefore you can do what you want to it. 2. Take Ownership Permission Anyone who is has this permission can seize control of a folder or file. Administrators have this and can use it on anything. Even if you are the owner of the file. 3. Change Permission Anyone who has this can give or take away permissions for other accounts 4. Folder Permission Security tab that lets you set permissions 4.a. Here are the standard permissions for a folder Full Control: You can do whatever you want Modify: Do anything except delete files or subfolders Read & Execute: See contents of the folder or file and any subfolders

List folder content: See contents of the folder or file and any subfolders [seems the same as above but it is only inherited by folders]* Allow inheritable permissions from parent to propagate to this object check box. Checking this box allows you to give the same permission that you gave to the file/folder to the subfolders. File Permissions Similar to folder permissions: Full control: do anything you want Modify: Do anything you want except take ownership or change permission Read & Execute: if the file is a program you can run it Read: If the file is data you can read it Write: Enables you to write to that file
5.

The Boot Process

System files or Start up files start the OS and the rest of the OS system files. The system files consist of three required files: 1. NTLDR 2. BOOT.INI 3. NTDETECT.COM If your using and SCSI hard drive the is a 4th option 4. NTBOOTDD.SYS The Boot process where C: & D: have already been partitioned CPU Wakes up and runs system BIOS BIOS sends out a routine looking for a valid OS in the boot sector of the primary, master hard drive The MFT lives in the boot sector of the C: partition. It points to the location of 2000/XP system files which is also on C: because it is the bootable drive * Windows calls the primary, active partition the System Partition or System Volume if its a dynamic disk* Windows 2000/XP boot files consist of: NTOKRNL.EXE [the windows kernel] \WINNT\SYSTEM32\CONFIG\SYSTEM file [runs loads of device drivers] Device Drivers Even thought these files are the core of Windows XP/2000 OS, they are not capable of booting or starting the system. Thats the job of the system files NTLDR NTDETECT.COM BOOT.INI

 The system files start the PC and then at the end of that process point to the CPU to the location of the boot files The CPU talks to NTOSKRNL and the GUI starts to load. The OS is then up and running and you can do work What is odd is that Microsoft have allowed all of the OS file mobile, meaning you can move them anywhere on any partition/volume on the PC. Whichever drive holds the core OS files is called the Boot Partition.

System Partition Files

The system files are required to be in the root directory of the system partition C: Drive NTLDR [NT Loader] This is started by the MFT [master file table] or MBR [master boot record] NTLDR then launches Windows 2000/XP or another OS To find available OSs NTLDR must read the BOOT.INI configuration file, it does this mu loading its own minimal file system.

BOOT.INI File This is a text file that lists OSs availability and tells the NTLDR where to find the boot partition for each available OS.

ARC naming system [as pictured above] is designed to enable your PC to use any hard drive, including removable devices, to boot windows

How ARC naming works

E.G Mulit(0)Disk(0)RDisk(0)Partition(1)\Windows Multi(x) is the number of the adapter and always starts with 0. The adapter is determined by how you set the boot order in your CMOS settings. Disk(x) is only used for SCSI drives, but the value is required to be in the ARC format, so with ATA systems it is always 0. RDisk(x) specifies the number if disks on the adapter. On a PATA is would be (0) and slave (1). With SATA it depends on how many SATA connections. Partition(x) is the number of the partition or logical drive in an extended partition. The numbering starts from 1. \WINDOWS is the name of the folder that holds the boot files. Common switches at the end of ARC formats: /BOOTLOG tells Windows to create a log of the boot process and write to a file called Ntbtlog.txt /CMDCOM tells windows to start the recovery console /LASTKNOWNGOOD tells windows to boot the last known good files /NO EXECUTE no execute default on Windows systems to prevent unruly system lockups

NTDETECT.COM This detects the installed hardware in the system Critical Boot Files Once NTDLR finishes detections, it loads NTOSKRNL.EXE, HAL.DLL, some of the registry and some basic device drivers then it passes control to NTOSKRNL.EXE file. This completes the registry loading, starts all device drivers and then starts WINLOGON.EXE program, which displays the login screen.

Windows Versions
Windows XP Professional For office environments that support multiple users. Only version of windows that can log into a special Windows Server controlled network called a Domain. Windows XP Home Same as office but lacks the followings: Ability to logon to windows domain

 Encrypted file system Support for multiple processors Support for remote desktop Support remote NFTS access control [no permissions] Support for group policies Windows Media Centre This is a powerful PVR [personal video recorder] program which allows you to watch and recorder TV and organise all of your media from music to photos. Has the same capabilities as Windows XP Home Windows 64-Bit Versions 64-Bit-Version [supports 64-bit CPUs] Windows XP 64-Bit Edition Windows XP Professional x64 Edition This runs on any AMD or Intel processor that supports both 32 & 64 bits Microsoft Vista started the move into the 64-Bit World