Microsoft 70-680 Study Guide

70–680 Notes Chapter 1 (pg. 45) Windows Vista Improvements * New Improved Desktop – Windows Aero * Windows Sidebar – Sidebar with gadgets * Improved Windows Firewall – Restrict OS resources if used in unusual ways * Parental Controls – Set specific sites, set times for specific users * User Access Control (UAC) – Security features that allow standard users to perform administrator functions through credential prompt * Windows Search – Search files or applications quickly from anywhere in Vista.

Real time search * Live Icons – With Windows Aero, you can preview applications by hovering over them with your mouse Windows 7 Improvements * Windows 7 Editions: Starter, Home Basic, Home Premium, Professional, Enterprise, Ultimate * Windows 7 Taskbar – Pin applications to taskbar / no Quick Launch * Jump Lists – Right click Word & go to Recent Documents, right click taskbar icon * New Preview Pane – Preview text, music, picture, HTML, video, Office (w/ Office) and PDF (w/ Adobe) files * Windows Touch – Support for touch screen Windows XP Mode – Windows XP in Virtual PC to run XP applications * Simple Home Networking (HomeGroups) – HomeGroups are just an easier way to set up a network.

We Will Write
A Custom Essay Sample On
Microsoft 70-680 Study Guide
For Only $13.90/page

All versions are supported but Starter and Home Basic can’t create HomeGroups * Device Stage – Shows a picture of a compatible connected device, supports Bluetooth and Wireless as well * View Available Networks (VAN) – Shows the networks available (wireless as well) in the notification tray * Internet Explorer 8 – Faster and more efficiently with new search features, address bars, and favorites * Instant Search – Quickly access search requests without typing in the entire search criteria. Uses browser history as well to narrow down the suggestion) * Accelerators – shortcuts (search for an address and able to view the map next to the link). * Web Slices – Instances on a website that you can access without the need of accessing the site itself * Aero Peek – Allows you to look at a window while other windows are transparent * Aero Snap – Allows you to snap windows side by side * Aero Shake – You can shake a window and have all other windows minimize * AppLocker – Prevents unauthorized software from running via policy. 86 (32–bit) vs. x64 (64–bit) * 32–bit processor supports up to 4GB RAM (Starter – 2GB) * 64–bit processor supports up to 16 exabytes of RAM * Professional, Enterprise, Ultimate: 192GB * Home Premium: 16GB * Home Basic: 8GB * Starter: Not Supported in x64 bit Windows 7 Upgrade Paths Vista requires SP1 before upgrading to Windows 7 * Vista Business => 7 Professional, Enterprise, Ultimate * Vista Enterprise => 7 Enterprise * Vista Home Basic => 7 Home Basic, Home Premium, Ultimate * Vista Home Premium => 7 Home Premium, Ultimate Vista Ultimate => 7 Ultimate * 7 Home Basic => 7 Home Premium, Professional, Ultimate * 7 Home Premium => 7 Professional, Ultimate * 7 Professional => 7 Ultimate * 7 Starter => 7 Home Premium, Professional, Ultimate Disk Space Partitioning * The System Partition – The system partition and the boot partition can be on the same partition. The system partition contains the files needed to boot the Windows 7 operating system.

The system partition contains the Master Boot Record (MBR) and boot sector * The Boot Partition – The boot partition contains the files that are the Windows 7 operating system files. By default, the Windows operating system files are located in a folder named Windows. The partition must be marked as Active to boot * Primary Partition – A hard drive can have up to 4 primary partitions, or 3 primary partitions with one extended partition * Extended Partition – Storage volumes on an extended partition cannot be used to start the operating system Performing a Clean Install of Windows 7 Collect Information – Windows 7 gathers your local time, location, keyboard, license agreement, installation type, and installation disk partition * Install Windows – This is where the installation copies Windows 7 files to the HD and the installation is completed. This is the longest phase * Set up Windows – This phase you set up your username, computer name, password, product key, and security settings along with reviewing the date & time Troubleshooting with Installation Log Files The action log includes all of the actions that were performed during the setup process and a description of each action. These actions are listed in chronological order. The action log is stored as Windowssetupact. log * The error log includes any errors that occurred during the installation. For each error, there is a description and an indication of the severity of the error. This error log is stored as Windowssetuperr. log Creating a bootable USB * Connect the USB and go to command prompt Diskpart > list disk (identify the USB) > select disk X (where X is the number that represents the USB) > clean > create partition primary (size in MB) > select part (partition number) > format fs=fat32 quick > active (MUST do)> exit * Copy windows 7 installation DVD to the USB device User State Migration Tool (USMT) (downloadable with WAIK) * ScanState. exe (source computer) – Collects user data and settings information based on the configuration of the Migapp. xml , Migsys. xml , and Miguser. ml files and stores it as an image file. (Documents, Videos, Music, Pictures, Desktop, Start Menu, Quick Launch Toolbar, IE Favorites, ACLS) * LoadState. exe (destination computer) – Deposits the information that is collected to a computer running a fresh copy of Windows 7 USMT will not migrate hardware settings, drivers, passwords, application binaries, synchronization files, DLL files, or other executable files Windows Easy Transfer (migsetup. exe located in DVDSupportMigwiz) * To use with XP, XP must have Service Pack 2 Transfers User Accounts, Folders and Files, Program Settings, Internet Settings, Favorites, Emails, Contacts and settings * Transfer methods include Easy Transfer Cable (USB Cable), CD/DVD, Network Share, Removable USB, Direct Network Connection * Located in All Programs > Accessories > System Tools > Windows Easy Transfer (windows 7 only) * Windows Easy Transfer will not transfer encrypted files, they must be decrypted first or Windows Easy Transfer will stop Multiboot/Dual–Boot Support Only Windows NT4 (w/ SP4) and up can recognize NTFS file systems * To dual boot with Windows 9x, disk compression must be turned off * Windows 7 encrypted files will not show on Windows NT4 * Bcdedit utility is used to edit boot options in the BCD store Network Access Protection (NAP) NAP is a compliancy checking platform that is included with Windows Server 2008, Windows Vista, Windows 7, and Windows XP with SP3 Chapter 2 (pg. 104) Choosing Automated Deployment Options * Microsoft Deployment Toolkit (MDT) 2010 Administrative tools that allow for deployment of desktops and servers through the use of a common console * Zero Touch installation (ZTI) – Requires no user intervention but requires that Microsoft System Center Configuration Manager (SCCM) 2007 with the OS Deployment Feature Pack is available on the network, also requires SQL server * Lite Touch Installation (LTI) – Lets you distribute images with a small degree of user intervention and can be used when no other distribution tools are in place * To deploy Windows 7 or Server 2008, SCCM 2007 SP2 is required * To deploy previous versions, SCCM 2007 SP1 will work but cannot use Deployment Workbench to maintain the MDT database, SP2 preferred * UDI Wizard Designer allows you to enter a Welcome message text that will be displayed on the welcome screen * Thick image – Includes applications and windows updates right in the system image * Thin image – Minimal system image, often operating system only * Applications and updates are installed either manually or through the use of some other software management system such as SCCM 2007 * Hybrid image – Combination of thin and thick image types * Unattended installation * Unattended installations utilize an answer file called Autounattend. xml * You can use the Windows 7 DVD with an answer file on the root of the DVD, floppy disk, or USB drive * To automate batch files, scripts, programs and commands after deployment, use the GuiRunOnce section in Sysprep. inf. The files must be saved in the same folder as sysprep. inf Windows Automated Installation Kit (WAIK) Centrally manage volume activations by using Volume Activation Management (VAMT) * Can only be installed on Windows Vista w/ SP1 and up * Microsoft Deployment Toolkit – Allows an administrator to easily deploy and configure Windows operating systems and images * Application Compatibility Toolkit – This allows administrators to help solve issues to where applications that ran on previous versions may not work properly * Application Compatibility Manager – A SQL server–based tool that collects application information from existing computers * Compatibility Administrator – A set of application compatibility fixes that have already been verified to allow applications to work under Windows 7 * IE Compatibility Test Tool – Tests websites compatibility with IE8 * Setup Analysis Tool – Monitors application installers to test compatibility * Standard User Analyzer – Determines if an app will have problems with UAC * Microsoft Assessment and Planning (MAP) Toolkit – Locates computers on a network and then performs a thorough inventory of them * System Preparation Tool (Sysprep. exe) Used to prepare a computer for disk imaging, and then the disk image can be captured using ImageX – A new imaging management tool included in Windows 7 * Strips away security identifier (SID), event logs, and any other unique system information * Located in %windir%System32sysprep directory * Activation can be reset unlimited amount of times for Key Management Service (KMS) clients, and only up to 3 times on a non–activated KMS client * Must be part of workgroup, not domain. If joined, Sysprep will remove from domain * If files are encrypted, Sysprep will make the files unreadable and corrupt * Log File Locations Generalize pass – %WINDIR%System32SysprepPanther * Specialize pass – %WINDIR%Panther * Unattended Windows setup actions – %WINDIR%PantherUnattend * Windows System Image Manager * You can validate existing answer files against newly created images * You can include additional applications and device drivers in the answer file * You can create and edit answer files through a GUI * Answer files must have the name “Autounattend. xml” Using the Windows Preinstallation Environment * Windows PE – Sets the Windows PE specific configuration settings, as well as several setup settings such as partitioning, formatting the HD, selecting an image, and applying a product key Typically, you use copype. md script in the C:Program FilesWindows AIKToolsPETools to create the local Windows PE build directory Then you use the Oscdimg Windows AIK tool in the same subdirectory to create an ISO image of Windows PE 3. 0 You use this image to create a bootable DVD of Windows PE * Creating a bootable Windows PE Image 1. Cd “C:Program FilesWindows AIKToolsPETools” 2. Win AIKToolsPETools>Copype. cmd <x86 or x64> <destination such as C:winpe_x86> 3. C:winpe_x86> copy winpe. wim ISOsourcesoot. wim 4. C:winpe_x86> copy “C:Program FilesWindows AIKToolsx86imagex. exe” C:winpe_x86iso 5. C:winpe_x86> Oscdimg –n –b c:winpe_x86eftsboot. com C:winpe_x86iso C:winpe_x86winpe_x86. iso 6. Once logged on, type “net start” to do any network deployment installation ImageX

ImageX is a command–line tool that enables OEM and corporations to capture, modify, and apply file–based disk images for rapid deployment * ImageX is ran from WinPE * Wimscript. ini is used to exclude specified files and folders when capturing an image * To have ImageX detect Wimscript. ini, Wimscrip. ini must be saved in the same folder as ImageX Windows Deployment Services (WDS) * Updated version of Remote Installation Services (RIS) * Auto–Add policy makes the administrative approval required before clients that are not pre–staged can have an install image * Must be configured with the Preboot Execution Environment (PXE) boot files, the images to be deployed, and the answer files * Must be part of a network with AD, DNS, and DHCP Supported on Windows Server 2003 and 2008 * Requires one NTFS partition * Install image – Operating system image that you deploy to the client computer * Boot image – Windows PE image into which you boot a client before you load the install image * WDSUTIL command line tool can pre–stage a client computer Deployment Image Servicing and Management Tool (DISM) * Configure and edit images such as enabling or disabling windows features, upgrading an image to another windows edition, add, remove, enumerate packages/drivers, configure international settings, and implement powerful logging features * Supports Windows Vista with SP1 & up * DISM Commands /mount–wim – Mounts the WIM file so that it is available for servicing (/WimFile:<image_name> /index:<index number (1)> ” /MountDir:C:folder) * /commit – Applies the changes you made to the mounted images (/mountdir:<path_to_mount_directory) * /remount–wim – Recovers an orphaned WIM mount directory (/mountdir:path_to_mount_directory) * /cleanup–wim – Deletes all resources associated with a mounted WIM that has been abandoned * /get–wiminfo – Displays information about the images within the WIM (/WimFile:<image_name>) * /get–mountedwiminfo – Lists the images that are currently mounted and information about he mounted image * /add–driver – Adds driver to the specified image file (dism /image:C: estoffline /add-driver /driver:C:driver. nf or /driver:C:drivers /recurse /forceunsigned) * /get–packages – Lists the packages in the wim (dism /image:C: estoffline /get-packages) * /remove–package – Removes package from image * /remove–driver – Removes specified driver from image * /apply–unattend – Applies unattended answer file (/apply-unattend:C:answerfile. xml) * /add-package /packagepath (msu file) – Adds package to mounted image (/add-package /packagepath:C:Test. cab) * /get-featureInfo /featurename – Gets the information from the feature specified * /enable-feature or /disable-feature – Enables or disables feature specified * /get-TargetEditions – Use this to find out which higher editions you can set the edition to be * /apple-unattend – Applies an autounattend. xml file to an image

Microsoft Assessment and Planning (MAP) Toolkit MAP is a utility that will locate computers on the network and then perform a thorough inventory of them. * MAP uses Windows Management Instrumentation (WMI), Remote Registry Service, and the Simple Network Management Protocol (SNMP) * Advises you of any available upgrades for hardware and drivers * Supports Windows XP Professional, Windows Vista w/ SP1 & up * Requires SQL Server 2005 Express Edition, Microsoft Word/Excel 2003 w/ SP2 or 2007 Chapter 3 (pg. 150) File Systems * NTFS * NTFS can have volume size up to 16TB with 4KB clusters or 256TB with 64 clusters * Windows 2K uses NTFS 3. 0 Windows XP, Vista, 7, and Server 2003 uses NTFS 3. 1 * FAT32 * FAT32 can have volume size up to 32GB and does not support local security, encryption support, disk quotas, or compression * All windows editions can detect FAT32 * Maximum file size is just under 4GB * Maximum volume size is 32GBDynamic disk * Supported by Windows 2K, XP, Vista, 7, Server 2003, and Server 2008 and allows storage to be configured as volumes * Supports up to 2K dynamic volumes per disk * Speed improved by striping across multiple disks * Reliability improved by mirroring data across multiple disks * Simple Volume * Nothing but a single volume on a dynamic disk * Spanned Volume Consists of disk space on two or more dynamic drives; up to 32 dynamic drives * Data is written sequentially, filling space on one physical drive at a time * You do not need to allocate the same amount of space on each drive * No performance increase * If one disk fails, all goes out * Striped Volume (RAID 0) * Stores data in equal stripes between two or more (up to 32) dynamic drives * Used by administrators when wanting to combine the space of several physical drives into a single logical drive and increase disk performance * If one drive goes out, all striped volume is lost * Consists of space from two or more dynamic drives * GUID Partition table (GPT) GPT disk partitioning system uses the GUID Partition Table to configure the disk * GPT header and partition table is written to both front and back of disk for better redundancy * Allows a volume size larger than 2TB (256TB max) and up to 128 partitions * Includes Cyclical Redundancy Check (CRC) for greater liability * GPT drive can only be converted if the disk is empty and unpartitioned Using the Disk Management Utility The MMC console contains three panes: a console tree on the left, a details pane in the middle, and an optional Actions pane on the right. There are three MMC Modes are: * User Author Mode – Full Access * Gives the user full access to window management commands, but they cannot add or remove snap–ins or change console properties * User Mode – Limited Access, Multiple Window Allows users to create new windows but not close any existing windows. Users can access only the areas of the console tree that were visible when the console was last saved * User Mode – Limited Access, Single Window * Allows users to access only the areas of the console tree that were visible when the console was last saved, and they cannot create new windows * Managing Administrative Hard Disk Tasks * View disk properties, view volume and local disk properties, add a new disk, create partitions and volumes, upgrade a basic disk to dynamic disk, change a drive letter and path, delete partitions and volumes On a dynamic disk, you manage volume properties. On a basic disk, you manage partition properties.

On volume/disk properties, the Security and Quotas tab will only appear in NTFS volumes. The Previous Versions tab is from System Restores. Only Administrators can install a new drive. Any basic partition can be converted to a dynamic disk but only formatted space can be converted to a GTP disk Once a volume is extended, no portion of the volume can be deleted without losing data on the entire set, but you can shrink it * Disk Management Status Codes * Online – Indicates that the disk is accessible and that it is functioning properly (Default) * Online (Errors) – Used only with dynamic disks. Indicates that I/O errors have been detected. Possible fix is to right click > reactivate disk which will only work if the I/O rrors were temporary * Healthy – Specifies that the volume is accessible and functioning properly * Healthy (At Risk) – Used to indicate that a dynamic volume is currently accessible but I/O errors have been detected on the underlying dynamic disk * Offline or Missing – Used only with dynamic disks indicating that the disk is not accessible. Causes are disk corruption or hardware failure. If the disk was originally offline and then changed to missing, it indicates that the disk has become corrupted, powered down, or disconnected * Unreadable – This can occur on dynamic or basic disks. Indicates the disk is inaccessible and might have encountered hardware errors, corruption, or I/O errors or that the system disk configuration database is corrupted * Failed – Basic or dynamic disks specifying that the volume can’t be started.

Can be damaged disk or corrupted file system * Unknown – Used with basic and dynamic disks if the boot sector for volume is corrupted or no disk signature is created for the volume * Incomplete – Occurs when you move some, but not all, of the disks from a multi disk volume * Foreign – Occurs if you move a dynamic disk from any OS (besides Windows 7) to a Windows 7 computer. It’s caused because the configuration data is unique to computers where the dynamic disk was created. Right click > Import Foreign Disks Disk Compression If you copy or move a compressed folder or file to a FAT32 partition, Windows 7 automatically uncompresses the file or folder. The only way to cancel an NTFS conversion prior to reboot is to edit the registry setting for HKLMSystemCurrentControlSetControlSessionManager to autocheck autochk *.

Conversions cannot be reversed * Compact CLI Utility – Offers you more control over file and folder compression than Windows Explorer (such as with a batch script or for files that only meet specific criteria) * /c – Compresses the specified file or folder * /u – Uncompresses the specified file or folder * /s:dir – Used to specify which folder should be compressed or uncompressed * /a – Displays any files that have been hidden or system file attributes * /i – Indicates that any errors should be ignored * /f – Forces a file to be compressed * /q – Used with reporting, to report only critical information * /? – Displays help Encrypted File System For Windows 7 computers that are part of a Windows Server 2008 AD domain, the domain administrator user account is automatically assigned the role of DRA * For Windows 7 computers that is installed as stand–alone computers or if the computer is part of a workgroup, no default DRA is assigned and all access to the files will be lost * To begin, create a recovery agent and assign it a password using the commands below > Then import the certificate in Group Policy by navigating to the GP and right clicking Encrypting File System > Add data recovery agent * Cipher <command> <filename> * /E – Specifies that files or folders should be encrypted. Any files that are subsequently added to the folder will be encrypted * /D – Specifies that files or folders should be decrypted.

Any files that are subsequently added to the folder will not be encrypted * /S:dir – Specifies that subfolders of the target folder should also be encrypted or decrypted based on the option specified * /I – Causes any errors that occur to be ignored. By default, the Cipher utility stops whenever an error occurs * /H – By default, files with hidden or system attributes are omitted from display. This option specifies that hidden and system files should be displayed * /K – Creates a new certificate file and certificate key * /R:recoveryagent – Used to generate a recovery agent key and certificate for use with EFS (recovery agent works AFTER using the command) * /X – Used to back up the EFS certificate and key into the specified file name Understanding Redundant Array Independent Disk (RAID) In RAID, you can only recover from a single disk failure.

If multiple disks fail, RAID will no longer be an option * RAID 0 (Striped Volume) * No data recoverability but used for better performance * Requires a minimum of two hard disks and these two works as a single volume. Because of this, they use their own read/write heads, giving better performance * If either disk is lost, you lose the entire striped volume. Best for temp files or noncritical data * Writes data from disk to disk back & forth * RAID 1 (Mirroring) * Allows two disks to mirror each other * If you lose one of the disks, you can boot to the second disk (the mirror) to recover data * More expensive than other RAID options * RAID 5 Volume * Stripe set with party Uses a minimum of 3 disks (max of 32 disks) that works as one volume * Uses a parity bit, which allows you to recover data in event of hard disk failure * Writes data back & forth from disk to disk Chapter 4 (pg. 203) Virtual memory is “overflow” memory for RAM. When memory is filled, the oldest data in RAM gets put into virtual memory. This way the system does not need to look at an entire hard drive for that data. It goes straight to the virtual memory for it Registry Keys * HKEY_CURRENT_USER – Configuration information for the user who is currently logged on to the computer. It’s a sub key of HKEY_USERS key * HKEY_USERS – Configuration information for all users of the computer * HKEY_LOCAL_MACHINE (HKLM) – Computer hardware configuration information.

This computer configuration is used regardless of the user who is logged in * HKEY_CLASSES_ROOT – Configuration information used by Windows Explorer to properly associate file types with applications * HKEY_CURRENT_CONFIG – Configuration of the hardware profile that is used during system startup Configuring Remote Connections * Remote Assistance – Provides a method for inviting help by IM, email, file, or now Easy Connect * EasyConnect – Uses Peer Name Resolution Protocol (PNRP) to set up direct peer–to–peer transfer using a central machine on the Internet to establish a connection. PNPR uses IPv6 and Teredo tunneling to register a machine as globally unique. After the option is selected and the network connectivity is verified, PNRP will put the user’s information into a cloud in the internet space. The user’s contact information is entered into the PNRP cloud and an associated password is created and displayed to the user.

The user relays the password to the remote assistance helper. The user waits for the expert to send the request and then have to accept the connection * Remote Desktop – Windows 7 is using the latest version of RDP, RDP 7. 0 New features includes: RDP Core Performance Enhancements, True Multi–Monitor Support, Direct 2D and Direct 3D 10. 1 Application Support, Windows 7 Aero Support, Bi–directional Audio Support, and Multimedia and Media Foundation Support * Virtual Private Network – Allows a public network to connect to a private network. Tunneling protocols include (greatest security to least): * IKEv2/VPN Reconnect (Internet Key Exchange) – Supports IPv6 and NAT–friendly.

Supported in Windows 7 & Server 2008 R2 * Secure Socket Tunneling Protocol (SSTP) – Newest of the tunneling protocols when tunneling with Server 2008. SSTP allows encapsulated PPP packets to be transmitted over an HTTP connection. SSTP is the best choice for secure VPN connections. Supported in Vista SP1 & up * Layer 2 Tunneling Protocol (L2TP) – Tunneling protocol that has no encryption included. L2TP uses IPSec to make L2TP secure. Supported in Windows 2K & up * Point–to–Point Tunneling Protocol (PPTP) – One of the predecessors to SSTP and also allows PPP packets to have encryption for secure connections. PPTP uses TCP/IP for encryption. Supported in Windows 2K & up Configuring Mobile Computing Sleep power state – Combines the speed of standby with the features of hibernation mode * Sleep – New power state introduced with Windows 7 that combines the features of hibernate and stand by. When a computer enters the sleep power state, data including window locations and running applications is saved to the hard disk, and the computer is put in a low power–saving state Configuring Power Plans * Commands * Powercfg –devicequery wake_from_any – Allows you to query the devices that can wake the computer up * Powercfg –energy – Creates an energy policy report to energy–report. html in the command it was run * Powercfg –export export_name GUID – Exports a power plan * Powercfg import filename GUID – Imports a power plan * Balanced – Provides a balance between power savings and performance * By default: Display turns off after 20 minutes, puts computer to sleep after 1hr idle time * Wireless adapters set to maximum performance * Power Saving – Optimized for power savings * By default: Display and hard drive turns off after 20 minutes inactivity * High Performance – Provide maximum performance for portable computers * By default: never enters sleep mode, but display turns off after 20 minutes * Multimedia settings are configured with the “Allow the Computer to Enter Away Mode”, which allows the computer to enter a new power state called Away Mode.

Away mode configures the computer to look asleep but remains accessible for media sharing ReadyBoost ReadyBoost allows for the use of multiple nonvolatile flash memory devices and as an additional memory cache. When the physical memory devices become full on a computer with ReadyBoost configured, data is written to the flash device instead of to the hard drive. This improves performance because data can be read faster from flash devices than from the hard drive. ReadyBoost tab is displayed on the device properties dialog that can be used to configure ReadyBoost * ReadyBoost Requirements * The device must have a storage capacity of at least 256MB * The device must support USB 2. 0 The device must support a throughput of 2. 5MB/sec for 4k random reads and 1. 75MB/sec for 512K random writes ReadyDrive * A technology included in Windows 7 that you can use to speed up the boot process, resume from hibernation state faster, and conserve battery power for mobile computers when used in conjunction with ReadyDrive capable hard drives * Relies on new hybrid hard disks, which use flash memory technology in conjunction with mechanical hard disk technology * Data is written to flash memory instead of the mechanical hard disk, saving battery power because of less read/write actions Chapter 5 (pg. 269) Installing and Updating Device Drivers

The driver takes a standard instruction from the operating system and issues the command to the hardware to perform the desired function Uninstalling a device driver does not delete the driver files from the machine; uninstalling the device drivers only removes the operation system configuration for the hardware * Sigverif. exe – Will verify that all drivers on the machine are verified with signatures. SIGVERIF. TXT is the log file that it generates to * Verifier. exe – Driver Verifier Manager * Pnputil. exe – Tool to manage the driver store * –a <driver file name> to add driver to store * –i <driver file name> to install the driver –e <driver file name> shows all third party drivers * –d <driver file name> deletes a driver from the store * –f <driver file name> forces deletion from driver store Managing I/O Devices You can eject a device through Device and Printers, as well as through the Taskbar icon Managing Printers Removing a printer will remove the software configuration but necessarily the files (drivers and software) from the local machine * Printer pooling – Gives the IT staff the ability to configure multiple print devices (using identical drivers) to appear as one printer to connected users. The print jobs will be printed on one of the devices in the pool (first available print device prints the job).

If a print device fails, the others will keep working * Printer spooling – Software components that buffers the print job until the print devices can complete it Windows XP Mode * Requirements: Windows 7 Professional, Enterprise, or Ultimate Windows Virtual PC 2007 * Requirements: * 400 MHz Pentium–compatible processor (1 GHz or faster recommended) * 35MB free disk space * Windows 7, Windows Vista with SP1 (Enterprise, Business, Ultimate), or Windows XP with SP3 The shim (known as Shim Infrastructure) is a coding fix that allows applications to function properly. It consists of application programming interface (API) hooking Overview of Internet Explorer 8 (IE8) * Accelerators – Allow you to gain access to internet services with a click.

By highlighting a word within a web page and clicking the accelerator icon, you have access to a range of various services by default and can add more accelerators if desired * Managed by IE8 > Tools > Manage Add–ons > Accelerators * Web Slices – Allows IE8 to check for updates to web page content you may frequently want to have * You can add the piece of the web page with the content you’re looking for to the new favorites bar and IE8 will check it for you and give you a visual clue when the contents changes * You can control how often IE8 checks for changes as well as have IE8 play a sound when Web Slice content is found on a page and even when an update to the content is discovered * If there is web slice content available on a web page, the green web slice icon will become active on the favorites toolbar as well as when you hover the web slice content on the page itself * Compatibility View – Displays a web page the way it would have been displayed in IE7 * Once you select this for one site, it will remember it for the next time you go there (IE > Tools > Compatibility View Settings) * Compatibility View Settings page has the default setting for all intranet sites to be displayed in Compatibility View * You have the choice to display all websites in Compatibility View * Domain Highlighting – Gives users more feedback about the website they’re visiting * When a user surfs to a website, they normally types in the URL in the form of www. google. com. This is displayed in the address bar of the browser, and then the user can see it during the entire browsing session * In IE8, the displayed URL is shown to the user with the domain highlighted * As users surf to other pages within the domain, the domain portion remains clear and the other text softens to grey * Scripting filter – Attempts to detect XXS attacks and disable the harmful scripts. If the user surfs to a website that has been compromised, the problem can be detected and IE8 can modify the request, avoiding the potential risk.

A message will appear on top of IE8 indicating to the user that “IE has modified this page to help prevent cross–site scripting” * SmartScreen Filtering – If an unsafe website is chosen from Microsoft’s database, IE8 will block the user’s request and present a page displaying the fact that the page has been identified as unsafe and changing the background color of the address bar to reflect the same. (This website has been reported unsafe. Disregard or go back) * InPrivate Browsing – Prevents the browsing history from being recorded nor will temporary internet files be retained. Cookies, usernames, passwords, and form data will be cleared after closing InPrivate session.

Can be opened by new tab, safety > start InPrivate session, and ctrl + shift + p from a normal instance * InPrivate Filtering – You are given the option to have IE8 automatically block some third–party content or choose to let the user select which third–party providers will receive the user’s browsing information * Protected Mode – Forces IE8 to run in a protected mode, isolated memory space preventing malicious code from writing data outside the Temporary Internet Files directly unless the program trying to write the information is specifically granted access by the user. Enabled by default. Turned off from security tab in IE properties Defending Against Cross–Site Scripting and Click–Jacking Cross–site scripting attacks attempt to exploit vulnerabilities that exist in the websites you use. They are set up by inserting an address to a malicious website in a link a user might click on in an email. The data in the link directs the browser to a legitimate website that has been compromised to contain malicious code that can capture keystrokes, letting the cybercriminal capture a user’s logon credentials. Chapter 6 (pg. 335) * Local Logon Process When the user authenticates with the machine locally, it is assigned an access token Access tokens are used to identify the user and the group which associated * If group changes, user must re–log for reassignment of access token * Policy is refreshed * User Accounts in Control Panel also includes: * Change User Account Control Settings – Allows you to set the level of notification when changes are made to your computer * Manage Your Credentials – Set up credentials that allow you to easily connect to websites that require username and passwords or computer that require certificates * Link Online IDs – Allows you to link an online ID with your Windows account.

This makes it easy to share files with other computers * Manage Your File Encryption Certificates – Allows you to manage file encryption certificates * Configure Advanced User Profile Properties – Brings you directly to the User’s profile dialog box * Username rules and conventions * A username must be from 1 to 20 characters * It must be unique among all other users and groups stored on the computer * Cannot contain special characters * Cannot consist exclusively of periods or spaces Username and Security Identifiers * Security settings get associated with SIDs and not user accounts, making it possible to rename an account while maintaining security settings and user properties. SIDs ensure that if you delete and re–create a user account with the same username, the new user will not have any of the properties of the old account because it’s a new SID * Users can be created through the command–line utility NET USER * Renaming an account does not rename the user’s home folder. Must be done manually * NTUSER. DAT – File that contains directory links to the user’s desktop items * NTUSER. MAN – A file that contains the mandatory profile settings * Group names must be unique to the computer, different from all other group names and usernames that exist on the computer * Group names can be up to 256 characters * SIDs are associated with user accounts along with groups as well Profiles * Roaming profiles are copied to the local machine each time the roaming profile is accessed. These profiles are stored on a network server * Mandatory profiles are profiles that cannot be modified by the user.

Only members of the administrators group can manage mandatory profiles. They can modify different desktop preferences while logged on, but the changes will not be saved upon logoff. Mandatory profiles only apply to roaming profiles * Super mandatory profile – When mandatory profiles are not available, temporary profiles are created. When super mandatory profiles are configured, temporary profiles are not created when mandatory profiles are not available * When copying profiles, the Favorites, cookies, documents, start menu items, and other unique registry settings are copied * %username% can be used when setting up home folders in the Profile tab of an account properties Group Policy Objects

Group Policy Result Tool (gpresult), also known as Resultant Set of Policy (RSoP) is a tool that tells you policy is applied to your machine via command–line Policies that have been linked through AD will, by default, take precedence over any established local group policy. Local group policies are typically applied to computers that are not part of a network or are in a network that does not have a DC Domain administrators can disable LGOPs by enabling the “Turn Off Local Group Policy Objects processing” domain GPO setting Comp ConfigurationAdministrative TemplatesSystemGroup Policy * GPResult Switches * /f – Forces gpresult to override the file name specified in the /x or /h command * /h – Saves the report in an HTML format * /p – Specifies the password for the given user context * /r – Displays RSoP summary data /s – Specifies the remote system to connect to * /u – Specifies the user context under which command should be executed * /v – Specifies that verbose information should be displayed * /x – Saves the report in XML format * /z – Specifies that the super verbose information should be displayed * /user – Specifies the username for which the RSoP data is to be displayed MLGPOs are applied in a certain hierarchical order: 1. Local Computer Policy – Includes computer and user settings; the other LGOPs contain only user settings. This applies to all users of the computer 2. Administrators and Non–Administrators Local Group Policy – New to vista & 7.

The Administrators LGOP is applied to users who are members of the built–in local Administrators group 3. User–Specific Group Policy – Makes it possible for specific policy settings to apply to a single user Setting Password Policies * Enforce Password History – Prevents users from repeatedly using the same password. Max is remember 24 passwords * Maximum Password Age – Forces users to change their password after a maximum password age is exceeded. 0 means it will never expire. Max password length is 127 characters and 999 days is the max it will hold * Minimum Password Age – Prevents users from changing their passwords several times in a rapid succession in order to defeat the purpose of Enforce Password History.

Min password age can be set to 998 at the max * Minimum Password Length – Ensures that users create a password and specifies the length requirement for that password * Password Must Meet Complexity Requirements – Passwords must be six character or longer and cannot contain the user’s account name or any part of the user’s full name * English uppercase characters (A through Z) * English lowercase characters (a through z) * Decimal digits (0 through 9) * Symbols (such as ! , @, #, $, and %) * Store Passwords Using Reversible Encryption – This is required for Challenge Handshake Authentication Protocol (CHAP) through remote access or Internet Authentication Services (IAS) and for Digital Authentication with Internet Information Services (IIS) Setting Account Lockout Policies

The account lockout policies specify how many invalid logon attempts should be tolerated so that after x amount of unsuccessful logon attempts within x amount of minutes, the account will be locked out for x amount of time or until administrator unlocks it * Account Lockout Duration – Specifies how long an account will remain locked if account lockout threshold is reached. 30 minutes by default, 99,999 max. 0 means administrator have to unlock it * Account Lockout Threshold – Specifies number of invalid attempts allowed before account is locked out. Maximum is 999 attempts, minimum is 0 * Reset Account Lockout Counter After – Specifies how long counter will remember unsuccessful logon attempts Setting Audit Policies Audit policies can be implemented to track the success or failure of specified user actions such as user creation, successful and unsuccessful logon attempts Assigning User Rights User rights apply to the system. Permissions apply to specific objects Windows Defender

Microsoft SpyNet is an online community that can help you find out how others respond to software that has not yet been classified by Microsoft Using BitLocker Drive Encryption BitLocker encrypts the entire system drive. New files added to this drive are encrypted automatically, and files moved from this drive to another drive or computer is decrypted automatically * Requirements * Windows 7 Enterprise or Ultimate * Trusted Platform Module (TPM) version 1. 2 or higher to store a security key. A TPM is a chip that is found in newer computers. If no hardware supports it, you can store the key on a removable USB drive * Only works on the OS drive or internal HD.

Files on other types of removable drives must be encrypted using BitLocker To Go * Requires that you have a hard disk with at least two partitions with NTFS (one partition will be the system partition that will be encrypted, other will be active that is used to start the computer which is unencrypted) * If the TPM discovers a potential security risk, such as a disk error or changes made to the BIOS, hardware, system files, or startup components, the system drive will not be unlocked until you enter the 48–digit BitLocker recovery password or use a USB drive with a recovery key as a recovery agent * Must be set up within Local Group Policy editor or through the BitLocker icon in Control Panel * Can prevent any unencrypted data from being copied onto a removal disk * Manage–bde gives CLI options for managing BitLocker Encryption NTFS Permissions

Traverse folders gives you the ability to access files and folders in lower subdirectories, even if you do not have permissions to access specific portions of the directory path Permissions are inherited by default in Windows 7 When an object is initially created on an NTFS partition, an associated security descriptor is created. A security descriptor contains the following information The most restrictive set of permissions wins * The user or group that owns the object * The users and groups that are allowed or denied access to the object * The users and groups whose access to the object will be audited Dir /q will display ownership of a directory from command prompt * ICACLS – Command–line utility that can also be used to display or modify user access rights * /grant – grants permission * /remove – revokes permission * /deny – Denies permission /setintegritylevel – Sets an integrity level of Low, Medium, or High Determining NTFS permissions for Copied or Moved Files * If you move a file within the same volume, it will retain NTFS permissions * If you move it to another any volume, it will treat it as a copy * If you copy a file/folder to another file/folder on the same volume, it drops permissions and inherit from destination hierarchy * If moved or copied from NTFS to FAT, it will not retain any NTFS permissions Audit Object Access * The result from this is recorded in the Security event log. It’s turned via GP Chapter 7 (pg. 427) Windows Server 2008 Active Directory Network Microsoft domains are represented as triangles * When setting up child domains, the parent and child domains already establish a trust relationship. Trust allows users to be granted access to resources in a domain even when their accounts reside in another domain * Transitive two–way trusts means all domains within the same forest automatically trust each other * There are no such thing as PDC or BDC in Server 2008 * Member Server – A server that is a member of a domain based network but does not contain a copy of Active Directory * Standalone Server – Not a member of a domain, usually used for virtualization * DNS Server – Hosts DNS services. Required for AD Forward Lookup – Hostname to IP * Reverse Lookup – IP to hostname * Can resolve IPv4 and IPv6 because of Link Local Multicast Name Resolution (LLMNR), which allows IPv6 and IPv6 hosts to perform name resolution for hosts on the same local network * DHCP Server – Runs the DHCP service that assigns TCP/IP information to computers dynamically * 169. 254. x. x means the client was not able to connect to the DHCP server, called Automatic Private IP Addressing (APIPA) * Windows 7 clients continues to search for a DHCP server every 5 minutes * Global Catalog – A database of all AD objects without the attributes. GC pretty much indexes the AD domain.

When you need to find a resource in the domain, you can search the Global Catalog to find its location Wireless Security * WPA * WPA2–Personal allows you to set up WPA2 by using a shared password key * WPA2–Enterprise allows you to set up WPA2 by using a server for verification * Cards that are compatible with 802. 11b can only connect to 802. 11b or 802. 11b/g access devices configured to accept b * Cards that are compatible with 802. 11a can only connect to 802. 11a or 802. 11a/b/g access devices configured to accept a TCP/IP * TCP/IP provides reliability by verifying that each data segment is received and passed to the application requiring the data by retransmitting lost information * TCP/IP is designed to be fault tolerant.

It’s able to dynamically reroute packets if network links become unavailable (assuming alternate paths exist) * IPv6 includes IPSec, allowing a more robust network protocol * Logical and physical multihoming, enabling multiple IP addresses on a single or multiple network adapters, usually associated with routing for internetwork connectivity * Default Gateway must be configured to communicate outside of local network IPv4 Address Types * Broadcast address –Read by all hosts that hear it. Does not go across a router. 255. 255. 255. 255 * Multicast address – A special address that one or more devices will listen for by joining a multicast group. Multicast addresses usually have a value between 224 and 239 in the first octet *

Unicast address – Uniquely identifies a computer or device on a network * Class Assignments * Class A supports up to 16,777,214 hosts * Class B supports up to 65,534 hosts * Class C supports up to 254 hosts * Extra ipconfig commands * /release6 – Releases an IPv6 address that has been assigned through DHCP * /renew6 – Renews an IPv6 address through DHCP * /registerdns – Refreshes DHCP leases and re–registers DNS names * /displayDNS – Displays the contents of the DNS Resolver Cache * /showclassid – List the DHCP class IDs allowed by the computer * Private Addresses * 10. 0. 0. 0 – 10. 255. 255. 255 * 172. 16. 0. 0 – 172. 31. 255. 255 * 192. 168. 0. 0 – 192. 168. 255. 255 IPv6 Global Unicast Address – IPv6 equivalent of IPv4 public addresses and are globally routable and reachable on the IPv6 Internet * Link–Local Addresses – IPv6 equivalent of IPv6 addresses allocated through APIPA * Site–Local Addresses – IPv6 equivalent of IPv6 private addresses * Special Address – Loopback address 0:0:0:0:0:0:0:1 or (::1) * IPv6 Multicast Address – Enables an IPv6 packet to be sent to a number of hosts, all which have the same multicast address. * IPv6 Anycast Address – Assigned to multiple interfaces. Packets sent to an anycast address are forwarded by the routing infrastructure to the nearest of these interfaces Windows Remote Management

Windows Remote Management (WinRM) utility is Microsoft’s version of the WS–Management Protocol. You can use the WinRM utility on both Windows–based OSes and non–windows based OSes. It creates a WinRM exception in firewall, and creates a WinRM listener to allow incoming connections. Sets the service to start automatically * Three ways to access the WinRM utility * WinRM command–line tool * WinRM scripting objects * Windows Remote Shell command–line * Must be enabled via command line or group policy * Winrm set winrm/config/client @{TrustedHosts=”XXXX”} (needed to enable remote management via powershell) * WinRM Commands * WinRM get – Retrieves management information * WinRM set – Modifies management information WinRM create – Creates a new instance on the managed resources * WinRM delete – Removes an instance from a managed resource * WinRM enumerate – Lists all instances of a managed resource * WinRM invoke – Executes a method on a management resource * WinRM identity – Determines whether a WS–Management implementation is running on a remote machine * WinRM quickconfig – Configures a machine to accept WS–Management commands from a remote machine * WinRM configSDDL – Modifies an existing security descriptor for a Uniform Resource Identifier (URI) * WinRM helpmsg – Displays error message for an error code * WinRS –r:<server> <command>s * Windows Powershell – A command–line scripting utility that allows you to remotely execute commands on a Windows 7 machine * A cmdlet is a command that is built into Windows PowerShell Understanding BranchCache, DirectAccess, and AppLocker * BranchCache – is a new technology that allows an organization with slower links between offices to cache data so downloads between offices does not have to occur each time a file is accessed. * The BranchCache – Content Retrieval (Uses HTTP) – If this rule is not available, create the rule that allows inbound and outbound traffic on TCP port 80.

This rule is required for both Hosted Cache and Distributed Cache Mode * The BranchCache – Peer Discovery (Uses WSD) – If this rule is not available, create the rule that allows inbound and outbound traffic on UDP port 3702. Only used for Distributed Cache Mode * The BranchCache – Hosted Cache Client (HTTPS-OUT) – If this rule is not available, create the rule that allows outbound traffic on TCP port 443. This rule is required only when using Hosted Cache Mode * Distributed Cache Mode – All windows 7 client machines cache the files locally on the client machine * Uses inbound & outbound UDP port 3702 * Supports Windows 7 Enterprise or Ultimate Must install a Server 2008 R2 content server at main office first * Clients have BranchCache installed by default but must be enabled and configured along with firewall exceptions * Hosted Mode – The cache files are cached on a local Server 2008 R2 Enterprise / Datacenter machine * Uses outbound port TCP 443 * Uses an SSL certificate during setup * Supports Windows 7 Enterprise or Ultimate * Must install a server 2008 R2 hosted cache server at main office first * When client downloads data from main cache server, the host cache server at the branch obtains a copy of the downloaded data for other users to access * Cache server must obtain a server certificate so clients in branch can identify cache servers * DirectAccess – Enables a remote user to work on their corporate network when they’re away without the need of VPN.

DirectAccess connects to the corporate network automatically once connected to the internet with no user intervention * Takes place soon as a user turns on the computer, not after the logon * Supports Windows 7 Enterprise and Ultimate * Can be integrated with Network Access Protection (NAP) * Uses IPv6 * Bidirectional VPN connection * Must be added to the DirectAccess security group to connect via DirectAccess * Requires a minimum of one domain controller and one DNS server running Server 2008 SP2 or Server 2008 R2 * CA that will issue computer certificates, smart cards, or health certificates * IPSec policies to specify protection for traffic * IPv6 on the DirectAccess server that uses ISATAP, Teredo (for clients behind a NAT) , or 6to4 * AppLocker – is used to configure a Denied list nd an Allowed list for applications in Group Policy (Application Control Policies) * Provides granular application control to help prevent execution of unauthorized software * Supports Windows 7 Enterprise and Ultimate * Relies on the use of the Application Identity service * Enable the Application Identity service before configuring GPO * AppLocker Rules * Path Rule – Based on the file path * File Hash – Based on the unique file hash and used when a file is not signed * Publisher Rule – Based on digital signatures Virtualization * Hypervisor – Is a 64–bit mechanism that allows Hyper–V to run multiple virtual machines on the same physical machine.

The hypervisor’s job is to create and manage partitions between virtual machines. It’s a thin software layer that sits between the virtual machine and the hardware * CTLR + ALT+ DEL = Right ALT + DEL * Full Screen = Right ALT + Enter * To release the mouse, press the right Alt key Chapter 8 (pg. 505) Windows 7 Performance Optimization Performance monitor – Used to measure the performance of a local or remote computer on the network * Create baselines * A snapshot of how your system is currently performing from the first baseline * Identify system bottlenecks * A system resource that is inefficient compared with the rest of the computer system as a whole * Determine trends With reactive management, you focus on a problem when it occurs * With proactive management, you take steps to avoid the problem before it happens * Test configuration changes or tuning efforts * Create alert thresholds Optimizing Windows 7 with Performance Monitor With performance monitor you can do the following; * Collect data from local or remote computers concurrently * View data as it’s being collected in real time, or historically from collected data * Create HTML pages for viewing data * Determine which format the data will be viewed in – In line, histogram bar, or report views Data collector sets are used to collect data into a log so that the data can be reviewed.

Data sets can collect the following data: * Performance counters – Records data about hardware usage and the activity of system services * Event trace data * System configuration information Windows 7 includes four data collector sets that are stored within the System subfolder * LAN Diagnostics * System Diagnostics – used to troubleshoot an unreliable system * System Performance – used to troubleshoot a system that’s not performing well (disk, ram network, processor) * Wireless Diagnostics Resource Monitor The resource monitor can be accessed via Performance Tab in Task Manager, in control panel, or Start > All Programs > Accessories > System Tools > Resource Monitor * Tabs Overview – Gives you a fair amount of detail in terms of a graphical representation on the right side * CPU – Displays individual process currently running on the machine as well as the process ID (PID), a brief description, the running status of the process, the number of threads the process is running, currently CPU utilization, and average CPU utilization * Memory – Shows the process information as displayed in the CPU tab with an overview of memory allocation in the form of a graphical representation * Disk – Used to display the disk activity of your machine. Also shows a real–time graphical representation of Disk transfer in KB/sec and Disk Queue Length * Network – Shows network utilization as well as network protocol information. The items available for detailed information includes Process with Network Activity, TCP Connections, and Listening Ports as well as real–time graphical information for Network data transfer There are four main subsystems that you should monitor. You should configure counters in your data collector set for each of the following: * The memory subsystem Physical memory – The physical RAM you have installed on your computer * Page file – Logical memory that exists on your hard drive * Memory > AvailableMBytes – Measures the amount of physical memory that is available to run processes on the computer – If below 20% of installed memory, indicates shortage of physical memory or app not releasing memory properly * Memory > Pages/Sec – Shows the number of times the requested information was not in memory and had to be retrieved from disk – Should stay below 20, for optimal performance, it should be 4. 5. if higher than 20, consider adding memory * Paging File > %Usage – Indicates the percentage of the allocated page file that is currently in use – If above 70%, consider adding more memory or increasing page file * The processor subsystem Processor bottlenecks can develop when the threads of a processor require more processing cycles than are currently available * Processor > %Processor Time – Measures the time that the processor spends responding to the system requests – Should stay below 85% * Processor > Interrupts/Sec – Shows average number of hardware interrupts received by the processor each second – Should stay below 3k, if above, indicates there’s hardware or program problem generating interrupts * System > Processor Queue Length – Used to determine whether a processor bottleneck is due to high levels of demand for processor time * The disk subsystem * Disk access is the amount of time your disk subsystem takes to retrieve data that is requested by the OS * Physical Disk/Logical Disk > % Disk Time – Shows the amount of time the disk is busy because its servicing read or write requests – If busy more than 90%, recommended adding another disk * Physical Disk / Logical Disk gt; Current Disk Queue Length – Indicate the number of outstanding disk requests that are waiting to be processed – Should stay less than 2 * Logical Disk > % Free Space – Specifies how much free disk space is available – Should indicate at least 15% * The network subsystem * Network bottlenecks are indicated when network traffic exceeds the capacity that can be supported by the LAN – Typically monitored by Network Monitor solution * Network Interface > Bytes Total/Sec – Measures the total number of bytes sent or received from the network interface and includes all network protocols * TCPv4 > Segments/Sec – Measures the number of bytes sent or received from the network interface and only includes the TCPv4 protocol Using Reliability Monitor

Reliability monitor is a new stand–alone feature in Windows 7 that provides an overview of the stability of your computer. The upper half of the graphical display indicates the relative reliability of your windows 7 machine on a scale of 1 to 10 (1 being horrible and 10 being completely reliable) * Application failures – Programs that hang or crash * Windows failures – Includes operating system and boot failures * Miscellaneous failures – Includes unexpected shutdowns * Warnings – Items that are detrimental, but not failures * Information – Informational messages that Windows 7 uses (includes recent installed applications) * Reliability History can be saved in XML format Using Windows 7 Tools to Discover System Information System Information – Shows details about hardware, software, and resources – Accessed from msinfo32 * Task Manager – Shows more information about opened applications, processes, services, performance, networking, and users * Set Affinity – Allows you to choose which process is operated by which processor * Performance Information and Tools – Provides a numerical score that lets you know how well your system performs * Processor, based on calculations per second * Memory (RAM), based on memory operations per second * Graphics, based on Windows Aero performance * Gaming Graphics, based on 3D graphics performance * Primary Hard Disk, based on disk transfer rate Using Event Viewer

Windows 7 version of Event Viewer contains the following Windows Logs: * Application log – Used to log events relating to applications, such as whether an application, driver, or service fails * Security log – Used to log security events, such as successful or failed logon events * Setup log – Used only by domain controllers, so it doesn’t have much practical use in Windows 7 * System log – Used to log events related to the operating system and related services * Forwarded Events – Used to collect events that have been forwarded from other computers * Administrative Event view – Contains critical, error, and warnings from all logs, enabling you to easily view only the most important events Chapter 9 (pg. 559) Using Advanced Boot Options Boot Logging – Creates a log file that tracks the loading of drivers and services. When you enable this option, windows 7 loads normally and not in safe mode * Log file is written to WindowsNtbtlog. txt * Allows you to log all of the processes that take place during a normal boot sequence * Enable Low–Resolution Video (640×480) – Loads a standard VGA driver without restarting the computer in safe mode. This mode bails you out by loading a default driver, providing access to video so that you can properly install and test the correct driver * Safe Mode – Loads all the basic drivers f

Hi there, would you like to get such a paper?
How about receiving a customized one?
Check it out
For Only $13.90/page