Windows Operating Systems for CompTIA A+ (220-902)
-
Meanwhile, in the Real World
I like to add this section called Meanwhile , in the Real World…, to my CompTIA courses because as a working A+ certified repair technician, you're going to be fielding questions all the time from customers and users, maybe even your boss will ask you from time to time, so you should get used to being asked questions and know how to think on your feet and apply the CompTIA troubleshooting process to give the customer the answer that is best suited for him or her. In this module, a couple questions I came up with that are relevant are, for instance, should I upgrade from Windows XP? Another question, perhaps a customer has upgraded their own operating system to Windows 8.1 and they ask, I can't stand the Start screen, how do I get my Start menu back and how do I get rid of the Start screen? We're going to revisit these questions at the end of the module. Our specific CompTIA A+ 220-902 objective is 1.1, which states that we need to compare and contrast various features and requirements of Microsoft operating systems. Now pay close attention here, we need to know about Windows Vista, Windows 7, Windows 8 and Windows 8.1. Conspicuously absent are Windows XP, which predates Windows Vista, and Windows 10, that's the latest and greatest version of Windows desktop. My guess is that CompTIA thought, correctly, that XP is a dead operating system, so they left that off the objectives, and Windows 10 wasn't released when CompTIA created these objectives, so they left that off, and also frankly maybe they thought that Windows 10 wouldn't have an appreciable market share, boy CompTIA got a surprise on that one didn't they? At any rate, let's proceed. A word of caution, we are entering the proverbial deep end of the conceptual pool. And what do I mean by that? Do I mean that the subject matter is very difficult? Not necessarily that, it's more about the volume of information that I'm going to be throwing at you. Here's word to the wise here, from me to you, you need to be a Windows power user in order to pass the 220-902 exam and if you're not a Windows power user you need to become one. And what that means is, you may not necessarily need to know deep details about every single Windows Control Panel, but you need to know a little about every single one. That's one of the best pieces of advice I received at the beginning of my career in 1997, I took a support course on Windows 95 and the instructor said that, he said, look it's a mile wide and an inch deep, you need to know a little bit about every feature.
-
Microsoft Client OS Version History
And with that, let's start. Microsoft client OS version history. Now do you need to know all of these release dates and notes, I would say no on the date released. Instead, as I present this table to you, I want you to instead just think in terms of trends and make sure that you identify the correct order of release of these OS's and the notes that I give you, I think, are useful anyway. Now although XP is not on the objectives, I'm including it here because there are still businesses and still users who run Windows XP. That OS was released in October of 2001 and it's officially obsolete. Now what I mean by that is that Microsoft is no longer supporting XP at all. The way they do support is there's a period of mainstream support where an operating system is fully supported, you might have, your business, I should say, might have an arrangement where you can file support tickets and that's already prepaid or if you're an end user you may have to pay per incident, but there's a, like I said, normally about 5 years of period of full mainstream support and then the OS starts to go away and the OS goes through a smaller period, a shorter period of extended support, well XP is past all that, so if you're in a business that runs XP, you absolutely need to upgrade because that operating system is dead. Now I give you the details on client licensing and versioning and so forth in the course notes, so let me show you where to find those. On the Pluralsight website when you're logged in and watching these videos in a browser, I want you to switch from the Table of contents tab to the Exercise files tab. For each module I have a text file in there that contains hyperlinks to all of the resources that I mentioned over the course of each module, so as you work through this course and this learning path, you're going to develop a collection of these exercise file documents and, like I said, they provide direct links to these resources as I mention them. I've received questions from students, how do I find the exercise files, so I thought it would be useful to explicitly show you. Windows Vista is going to be, it's in extended support, it's going to be dead in April of 2017, so Vista came after XP, 2007. I would again say, if this OS is used in business, you want to get off of it as quickly as possible. In my experience, the baseline operating system we have nowadays, and it's still old, is Windows 7 that was released in October 2009, that will be obsolete in 2020, so that's not too far in the future, but it's enough in the future such that customers who are running Windows 7, unless they really want to go to 8.1 or 10, as long as they can get their needs met and their computing is working for them, there's no real imperative for them to update or upgrade really. Windows 8 was released in October 2012 and Microsoft, I think, even themselves realized they made some big mistakes in Windows 8. We're going to cover a lot of this throughout the rest of this module, so I don't want to over-explain now, but the bottom line is Microsoft says that if you're running Windows 8, you need to upgrade to 8.1 by January 12, 2016. When we talk about Windows 8, we're assuming Windows 8.1 that was released in October of 2013 and they, they meaning the Windows product team, made some important tweaks to the operating system. By the way, we haven't formally defined an operating system, have we? I don't want to assume anything here. An operating system is software that servers as a junction point between your computer's hardware, your disk, your processor, your memory, and your network, and your users. On top of the operating system or your device drivers that work with your motherboard hardware and also other applications that the users use directory also and the operating system servers as a conductor or an intermediary agent. Finally, Windows 10 is the current desktop Windows version and it was released in July of 2015. It's not part of the 902 objectives, so I'm putting it here just for completeness because as your instructor I can't imagine not equipping you with current generation information.
-
32-bit vs. 64-bit
When we talk about operating systems we're talking about a pervasive piece of software, it's not like Microsoft Word where you might have it running a couple of hours a day and then you quit it and forget about it. No, an operating system is in play the whole time that the computer is turned on. So we need to understand some things between 32-bit and 64-bit Windows versions. You might hear them referred to as x86 and x64. We covered a lot of this terminology in the 220-901 hardware course. So if you haven't checked out those movies, please go ahead and do so. I taught that learning path as well. X86 is a synonym for a 32-bit operating system. Now a 32-bit version of Windows is suited for a 32-bit processor. Windows server OS's are all 64-bit exclusively, but the desktop experience Microsoft still supports 32-bit versions even though they're slower than the 64-bit versions, because Microsoft wants to allow legacy hardware to continue to be used, and also form factors that are considered novel, like a tablet form factor where you might not have the capability of running a 64-bit CPU. Now some take home messages about 32-bit or x86 Windows versions, the CPU can send data 32 bits at a time, but also, and this is a critical weakness, can only create 32-bit long RAM memory address registers. So the really big take home here is that a 32-bit computer and a 32-bit Windows version can only address up to 4 GB of RAM. That used to be enough, but as you know it's not enough now for many user cases, even on desktop Windows. X64 is a synonym for 64-bit Windows and 64-bit processors. That's the standard, as I said, for any server operating system because any server worth its salt is going to have far more than 4 GB of RAM and, as I said, with 32 bits you can't go beyond 32 bits of RAM. You want to make sure that your Windows version is matched to the processor. Can you install a 32-bit Windows on a 64-bit computer? Yeah, it's possible, but you're robbing yourself of any memory over 4 GB and you're slowing things down considerably because of course, a 64-bit processor can do 64-bit CPU words and 64-bit memory addresses, so the top line theoretical RAM limit on a 64-bit machine is 16 EB, that's a lot of RAM, but you know eventually that'll seem like small potatoes, but 64-bit is the current standard.
-
Upgrade Paths
Upgrade paths. For desktop or client OS's, this is a big deal because the user is very concerned about maintaining their documents and settings, what we in IT call the user state. The documents, of course, can be irreplaceable. You can always reinstall an operating system or reinstall applications, but the user's documents that they've created, if they lose the only copy they could be in a very big world of hurt. Settings also is as sometimes overlooked fact. In Windows user settings and computer settings are stored in the registry files and if we don't take pains to migrate those settings as well, the user is going to be, well they're going to be at a disadvantage because they're customizations to their environment will be lost and they'll have to recreate them, okay. Now as far as Windows version upgrades are concerned, Microsoft, in my opinion, has always historically overcomplicated things. Where they have different stock keeping units or skus for different editions. Like, for instance, Windows 7 as you see in the picture, there's Home Premium that's obviously intended for home use, Professional, which is mainly for business or prosumer, there's normally an enterprise edition that's used for business, volume licensed customers, and then with Windows 7 there was an ultimately edition that gave you every feature but the kitchen sink. Basically that's what these different editions are. They have different features turned on or turned off. Home Premium, for instance, in Windows 7, isn't going to allow you to join an Active Directory domain. So from a planning perspective, when you're choosing an operating system for your users, you want to consider the 32 or 64-bit situation and you also want to make sure that the edition of the OS you choose supports the use cases, if you need BitLocker drive encryption and other enterprise features, than that's your decision is going to be made for you, do you see what I mean? Now as far as what is allowed and what's now allowed with upgrading from one version of Windows to another, maybe you're going or you want to go from Windows 7 to Windows 8.1, check the documentation. You don't need to know all the rules here because it gets very complicated, check the course notes because I'll point you to the appropriate Microsoft support pages where they say, there's actually a matrix that'll show you which version of Windows and which editions can be upgrade where you keep the user's documents and settings. So there's really two issues at play here, there's upgrading the version, say Windows 8.1 to Windows 10, and there's also the question of moving from edition to edition. Because all of the features exist on the operating system, Microsoft has a feature called the anytime upgrade where you can make a payment, a credit card payment, right from within Windows to go from one stock keeping unit to another. And what that purchase does is simply unlock the additional features that have been disabled in that edition of Windows. As far as take home messages, you don't have to know all the different editions of each version of Windows, you can easily look that up, but know that the enterprise edition of Windows, and this is pretty consistent among all the versions, Windows 7, Windows 8, et cetera, are intended for businesses that are volume licensed, where you pay for a number of installations instead of going to, say, you're local electronics store and buying a single user license of a single copy of Windows 8, you see? Now as far as architecture upgrades, in terms of the 32 or 64-bit thing, if you're licensed for 32-bit Windows and you've replaced the computer with a 64-bit edition, that's going to require a migration, in other words, you're going to need to install the 64-bit version of Windows on a 64-bit machine, you're not going to be able to go install a 64-bit OS or application on a 32-bit machine. It works differently when you turn that around because of backward compatibility. Client Windows, 64-bit Windows, historically has had a support for 32-bit applications and services. But again, all the caveats that I've already mentioned apply. What are some other issues with client OS upgrade? Upgrade types. There's the in place upgrade. This is where the user's computer is not going to change and you verify that the hardware on their computer can support a new version of Windows and you just run the upgrade, as long you buy a compatible version of the newer OS, you should be able to mount the DVD and just install over the old version and it will automagically migrate documents and settings. Now wipe and load means that you're actually reformatting the user's hard drive, performing not an upgrade but a from scratch installation of the new OS, and when you do wipe and load you're going to need to take action to preserve the user's documents and settings. At left you see a screenshot from a tool called the USMT GUI. USMT is a Microsoft utility set called the User State Migration Tools. They're command line tools, so this GUI is something that some programmer developed as a way to help Windows admins who don't like command line, it's far beyond our scope to get into the specifics, but basically USMT allows you to backup a user's documents and settings and repopulate them on a new computer or a new installation. Migration is where we're taking the user's environment from one computer and slapping it on a new computer and, again, you're going to need to manually migrate documents and settings. Note that USMT is simply Microsoft's migration tool, there are 3rd party tools that make the process of migrating user's documents and settings a lot easier because as you can see, in the highlight here, I know the text is too small for you to read the details, but the user state migration tools are command line and they use a really wonky syntax. Another tool that Microsoft makes available, mainly for businesses, is the Application Compatibility Toolkit, and this is really cool if you're thinking, for instance, of upgrading a bunch of computers from one OS version to another, say from Windows 7 to Windows 8.1. What you do is you install ACT and run an inventory against your network and it will look at installed applications, it'll look at hardware profiles, it'll look at Internet Explorer versions, and then it will compare all of that data from your network against the requirements of the new operating system. So it allows you to see at a glance and most importantly see beforehand, before you actually do the upgrade, what problems you're likely to expect in terms of applications that don't work and hardware devices and drivers that won't work. Microsoft learned some big lessons there around the time Vista was released. Microsoft rushed Vista out the door so much that hardware vendors didn't have time to produce drivers that were compatible with Vista, so a bunch of customers upgraded their OS from XP to Vista and found that a lot of their hardware didn't work, that's not a good day for anybody. Yet another tool that Microsoft makes freely available, all these tools I'm mentioning, USMT, ACT, and the Windows Upgrade Advisor, are all free, Microsoft doesn't charge for any of them. The Upgrade Advisor or Assistant, depending upon what version you get, you'll download the one for the target Os, there's an Upgrade Assistant for Windows 10, for Windows 8.1, and you run it on one of your computers that runs an original down level operating system, like perhaps in this screenshot let's say we're on a Windows 7 machine, we would download the Windows 8.1 Upgrade Assistant and run a targeted check just against that box. It basically is a stripped down version of the Application Compatibility Toolkit because honestly the ACT requires that you set up a database, it's a heavier application, the Windows Upgrade Advisor or Assistant is much smaller and compact.
-
Windows User Interface Features
Now let's take a look at those Windows features. I've divided all of the features that CompTIA just lovingly dumps in a great big list on their blueprint document into categories to make it easier for you to absorb these. Now you just need to recognize these by name and know what their basic function is. I wish I had a time to give you a detailed demo of every single one, but instead I'm just giving you an overview demo on selected tools. Now let's go through these. Aero is as GUI, graphic user interface feature, that's been part of Windows since Vista that basically gives you different user interface effects, like when you hover over an icon on the taskbar, you get a little thumbnail preview about what the window is and what the application is. Aero is important for PC technicians because you can speed up a computer by disabling Aero effects. Gadgets I'm going to show you in the demo, this is a way to display little tiny applications, like a clock or a stock ticker or a notes application that's always there on the side bar on the desktop. The side bar actually is the part of the Windows desktop that hosts gadgets. So gadgets were around, again, since Vista into Windows 7. You can still install gadgets in the side bar in Windows 8.1 and Windows 10, but you need a 3rd party helper, again, check the course notes for that. Side-by-side apps is part of Aero where you can drag windows against each side of the screen, left, right, top, and instantly dock them. So if you need to have two instances of File Explorer next to each other lined up just so to do some drag and drop operations, you can do that easily. The Metro user interface is a big controversial feature that Microsoft added in Windows 8 that replaced the Start menu. Again, I'll show that to you in the demo. Pinning refers to, well, storing an application shortcut on your taskbar at the bottom of your screen or, and/or I guess I should say, you can pin the application to your Start menu if your OS supports a Start menu that is, to easily be able to get to it. Charms was introduced in Windows 8, taken out in Windows 10 because a lot of users got really confused about them, it was just one of the big user interface changes in Windows 8 that allowed you to get to say the PC settings and Control Panel. The Start screen, again, came with Windows 8, hugely controversial. I'm grateful to report that in Windows 10 Microsoft finally reinstated the Start menu, although I'm a programmer of sorts, basically an administrative scripter, and I'm very comfortable at the command line, I was livid when the Start menu went away, I don't like the Start screen myself. But your mileage may vary. Windows allows us to look at control panel items in two different views. That's important from a support standpoint because you might help your users by helping them master those two views, and then with multi-monitor taskbar, I'm using this right now as we speak, I have three monitors on my desktop set up and on my primary monitor I see my Start button and my system tray, on my monitors 2 and 3 I have the taskbar, that's handy for switching from app to app, but I don't have a Start button or a notification area, it's just something that you can configure with multi-monitor setups.
-
Demo 1: Windows Versions Quick Tour
In this first demonstration, I'm going to give you a very quick tour of the different versions of Windows on the exam objective because if nothing else you want to be accustomed to noting by site what version of Windows is being run. There's a registry hack that allows you to display the Windows version on the desktop, check the course notes for that. Now this is Windows Vista, how can you tell? Well out of the box it has a black, thin taskbar and notice that the Start button actually goes above the taskbar. There is a full fledged Start menu, but it looks much different from the one that was in Windows XP. Here is the sidebar that I mentioned with the gadgets that you can bring out, let me click plus, some users like gadgets, others like me feel that they're a drain on system resources. If you right click in the gadgets area, you can manage and close out of the sidebar if you don't need it. Aero, like I said, deals with the ability of the windows to just, to have animation effects and so on and so forth. I want you to know how to turn those off if you want to. This is Windows 7, by site you'll notice that the taskbar is semi-translucent and the Start button is fully contained in the taskbar. I really like the universal search box. I'm going to type performance and come up to adjust the appearance and performance of Windows, this is important if a user doesn't have the hardware to support Aero effects, you can pick and choose what kind of animations and effects are there, check the course notes if you want to cut off or turn off other Aero features, but the performance options can really help in that regard. As far as the Control Panel goes, let me open the Start menu again, go to Control Panel, by default Microsoft has historically displayed Control Panel as a category, which I personally can't stand. You can open and choose large or small icons to see everything, but you know what I've gotten accustomed to doing as a power user is if I'm in a Control Panel screen, come up to search and just start to type, you don't have to type names of specific control panels, although you can, notice that I've typed firewall here, and received direct click options to get to those spots, but you can actually choose options within control panels, like to join a domain. Let me type, actually use free language here, join domain, huh, maybe it's the version of Windows here that's not allowing me to do that. Let me jump over to Windows 8. Windows 8 has what looks to be a Start button, but when you click it you get a bad surprise, you see the Start screen. These applications here are full screen experiences, I can't actually run them now because my recording area is too low, you need a minimum display resolution of 1366 x 768 to run these so-called metro UI apps. Now metro is a term that CompTIA uses, but Microsoft has since changed the name of these apps several times, they were called Windows store apps for awhile, I believe universal app is the currently nomenclature. But anyway, I can do a search in Windows 8 just by typing in the Start menu, notice that I didn't press the search button, although I could. If I type an option we see rename your PC or join a domain and it'll automatically load the Control Panel. Another final point I'll make about control panels is that in Windows 8 and Windows 8.1 you'll note that the Control Panel exists both as a metro version here as well as a traditional desktop version. I like how in Windows 8.1 Microsoft has given a little bit of navigation help, in Windows 8 you don't see the switch between apps, so you're thinking how in the world do I get back to the desktop? It confused a lot of people. You have to go to the very upper left until you see a little preview of your previous window. Terrible, I don't like it at all. If you go to the lower right it brings out the charms and this allows you to get to Settings and so on and so forth. Terrible misguided approach in my humble opinion.
-
Windows Application Features
Now let's look at application related features. Windows client OS has compatibility modes built in, several layers of compatibility, but one is for applications. Let's say a user needs to install an old MS-DOS game, it just isn't running on Windows 7. You can actually configure the application shortcut to run in a legacy mode, it's an entire subsystem built into Windows. There's another legacy mode called Virtual XP Mode where, for instance, in Windows 7 you can load up a Windows XP virtual machine such that your game or your application that just won't run in your current version of Windows can go into that Windows XP virtual machine and run in that separate environment. A little bit clunky, although the underlying idea here is really smart, namely virtualization. More on that as we go along. Windows PowerShell is the command line interface for Windows nowadays, it's been around since Windows Vista and a minor complaint I have with CompTIA is that they don't give do justice to PowerShell in my humble opinion. Basically you can do all your administration, both locally and remote administration from a PowerShell console. Easy Transfer is a user friendly front end, the user state migration tools. Easy Transfer is supposed to make it as easy as possible to take documents and settings from one computer and shift them over to say your new computer.
-
Windows File System Features
File System, we have features like Shadow Copy or volume shadow copy as they're called, that enables, for instance, you to take backups of a system while you have files open. That's important in a business because in a business your users are going to store their documents on servers, not on their own computers, and a user may be working on an important Excel file, leaving Excel open when they leave at night. The backup on the server runs at midnight or 1:00 a.m. or whatever it needs to backup that Excel file. Normally a file has to be closed in order to be backed up, but Shadow Copy allows you to actually take a copy or take a backup of the most recent version of the file, even if it's open. ReadyBoost is a way to supposedly speed up I/O access on solid state flashcards and SD cards and so forth. It just is a way to change the way that the disk cache works on those removable devices. Windows has a defined file structure and path that I'll show you in our next demo, it's for instance very different from what you find in OS 10 or Linux. The Previous Versions, again, is useful in a business environment and for users who maybe are authors and do a lot of writing, where periodically Windows internally caches different versions of the file so as the file gets modified by one or more than one person, it's possible to actually pull out a previous version of the file, it's an internal version control system. It's basic, but it can be quite helpful because user A might be really mad that user B made changes to user A's file and you'll be the hero when you show them that you can access the Previous Versions client in Windows and pull out a copy of user A's original work.
-
Windows Cloud Features
Cloud utilities, OneDrive is Microsoft's cloud file storage service. I myself have used DropBox, which is a competitor of Microsoft's OneDrive. I use OneDrive as well. The advantage of OneDrive is that it's tied intimately into the Microsoft account and the Microsoft account in turn is tied intimately with later versions of Windows, like Windows 8.1 and Windows 10, so when you sign into your computer you can seamlessly save your stuff, your music, your pictures, even your documents and settings, to one of Microsoft's cloud servers and then be able to access your OneDrive content from your smart phone or your laptop or whatever, it's really cool. Windows Store is an online app store that allows you to purchase or download apps that run in that universal metro full screen way that's associated with the Start screen. Live sign-in, I'm surprised that Microsoft uses that word, it's an antiquated word but when you hear it or if you see that term on the exam, they're talking about what's now called the Microsoft account. It's your free user account that becomes associated with other Microsoft services, like the Windows Store, OneDrive, and so forth. If you attach your credit card information to your Microsoft account, you can then make purchases at the Windows Store. I'm sure you're familiar with that with your smart phone.
-
Windows Security Features
Finally we have security features and then I'll give you a second demo and then we're done. I know I'm throwing a lot of stuff at you. User Account Control was a big deal when it was first introduced in Windows Vista because it underscored the sensitive nature of an administrative account. The best practice is even if you're a network administrator, you should be using a standard user account, just like the users you support do, and you should only elevate your administrative credentials when you're doing something that requires administrative power. In Windows, even to this day, we have a little User Account Control shield that pops up whenever you see an interface option that requires administrative credentials. User Account Control is a really good thing for many reasons. By the way, let me say this, although I'll repeat it at the end of the module, you'll probably thinking Tim you're going through these utilities way too quickly, and I admit, I am going through it more quickly than I'm comfortable. I want you to rely upon the Pluralsight content library and at the end of each module, as a matter of fact, I give you a pointer to two courses that allow you to go deeper on the subject matter that we have to just, by definition and by necessity, go over in sort of a cursory way here. Anyway, proceeding, BitLocker is a drive encryption utility. You can encrypt a USB flash drive such that it can only be accessed if you know the passphrase, and it's strong industrial strength encryption. BitLocker can actually encrypt your entire hard drive, this is useful for laptop computers that in order to start the computer you have to know, say, the pin, the personal identification number and/or a passphrase and BitLocker actually travels with the drive, so if somebody steals your laptop, pulls the hard drive out, puts it into another machine, they still have to know the BitLocker unlocker key, it's pretty cool. System Restore is a way to, for instance, bring back a machine that's been crippled by malware or an application or a driver that's just hosing the system. If you have System Restore enabled, it's periodically taking snapshots of the user's state. Now System Restore does not delete files, that's going to be your number one question from your users. It will set the computer back in time in terms of installed applications and drivers though, but it won't touch user files themselves. Windows historically gives you a number of administrative tools that allow you, for instance, to control local user accounts, services, and so forth. User Account Control is intimately associated with those administrative tools, as you can imagine. Windows Defender, that's had some different names over the years, that is the built in Windows antimalware tool, so it does antivirus scanning and also looks for malicious code, Trojan horse software, any bad guy software that by definition you don't want on your computer and you certainly didn't consent to knowingly. Windows Firewall is the built in software firewall that's meant to protect your computer from unsolicited inbound connections. Security Center is part of Control Panel and it's a way to alert you if, for instance, you have firewall disabled or if you haven't run an antimalware scan in a while and so forth. The Action Center is similar to Security Center, but instead it's meant to nag you, whoops, inform you, if for instance there's disk management or operating system stuff. Maybe you haven't run Windows update in awhile, it'll nag you about stuff like that. And finally, Event Viewer is one of the administrative tools. Windows is constantly logging events, stuff that's going on in system, application events that are happening, security related events, all that stuff's being logged and you can use Event Viewer to great effect to troubleshoot and at least keep abreast of what's happening with your operating system under the hood.
-
Demo 2: Windows PowerShell Quick Start
Yikes, there's so much to show you, where to begin? Well I want to spend time and I will continue to inject this throughout this learning path, just a little bit of time with Windows PowerShell. I'm on the Windows 8.1 machine now and Windows 8.1 includes a Pluralsight icon right here in the task bar, but let me come over to Windows 7, you can start Windows PowerShell by typing PowerShell in the search box. Now PowerShell is an administrative tool so an end user really shouldn't be using it. Notice that there is Windows PowerShell and PowerShell x86. Remember that x86 is your synonym for a 32 bits. It's important to remember that 64-bit Windows does allow you to install 32-bit applications, but you want to go with 64-bit wherever possible. To make sure you're running as an administrator, we can right click the icon and choose Run as Administrator. If you want to pin this item to either the taskbar or the Start menu, notice that those options are here as well. As a matter of fact, let me pin this now to the taskbar. So what I can do now is right click the icon, select Run as Administrator. Now if I was logged on as a regular user, I would be prompted for the username and password of an administrator on this computer, but because I'm already logged on as administrator, I can test that by typing whoami at the command line, I don't have to worry about it. Now as terms of the file system, let me do cls to clear the screen, now you might be thinking, Tim, cls is not a PowerShell command, that's true, but cls is a number of old Windows command line tools that the PowerShell team has created aliases for. So in other words, what I'm talking about is I can run dir to run a directory listing, but what's happening under the hood is that we're running the command Get-ChildItem, you see it's the same output. And instead of doing clear screen with cls, the actual mapping is clear host, you see what I mean? So PowerShell is intended to be comfortable from those who come from Linux or Windows command line backgrounds. The commands all have a verb/noun syntax, so I can do Get-ChildItem along the Path of just the root of c and it shows us here that in the root of drive C we have program files and program files 86, again, this speaks to the backward compatibility subsystem that we have in 64-bit Windows. If you try to install 32-bit software it will place, by default, under program files x86, if it's 64-bit it'll go under just C Program Files. Now let me clear the screen one more time and you'll notice down below I happen to have Notepad running. Let's imagine that this user's Notepad actually was hanging the system, really slowing it down. Can we use Windows PowerShell to kill that process? You might be used to, for instance, right clicking on the taskbar and selecting Start Task Manager, choosing the troublesome application and clicking End task. That'll work, but with Windows PowerShell you can actually do this remotely. Let me come over to another computer, I'm on my Windows 8.1 box right now. Let me open an administrative PowerShell prompt, I'll verify that I am on my Windows 8.1 box and check this out, I'm going to use a commandlet called Invoke-Command to say on the computer win7 I want to see all of the processes on that machine. This is called PowerShell remoting and it's one of the many reasons why you need to know PowerShell now. Now if you see red that means that there's been an error. Basically Windows 7 isn't set up for PowerShell remoting, I just fixed that problem, so it should work now. I'm going to use the up arrow to bring back my invoke command, and sure enough now I see a list of all the running processes on that remote machine and there's Notepad right there, it looks like it's process name is notepad and we'll want to remember that because what I'm going to do now is up arrow and add ProcessName notepad so I can filter just that command and then by using the pipe character, that's the character above the Enter key on your keyboard, I'm going to pipe that into Stop-Process -Force, so basically to walk you through this code, I'm saying invoke a remote command on win7 and the script, the PowerShell code I want to run is that I want to grab the notepad process and I want to force it to stop. You see how user friendly that is? Boom, instantly. Now if we come back to Windows 7, you'll notice that the icon is gone. That is powerful stuff right there and we're only scratching the surface.
-
Back to the Real World
Back in the real world, if a customer asks, should I upgrade from Windows 7? Your answer is, well XP became obsolete in 2014, so the short answer is yes, you need to get off XP because Microsoft is not going to help you if you call them, even if you offer them money. In terms of the question, how do you get rid of the Start screen in Windows 8 or Windows 8.1? You could either go to Windows 10, which includes the Start menu or there's 3rd party tools called Classic Shell and Start8. I've used both of them extensively. Classic Shell is free, Start8 is paid, but it's only like $4 or $5, well worth it, and those will fully reinstate the Start menu in Windows 8 and Windows 8.1.
-
Homework
I like to give homework in each of my modules because it gives you an opportunity to actually practice what you've learned. I would like you to investigate a hypervisor, like Oracle VirtualBox VM or frankly Windows 8 and above have Hyper-V built in, now that installation is a separate issue, check the course notes for help on that, but what this free software allows you to do is then build one or more virtual machines to play with. You can download evaluation versions of all of these Microsoft operating systems and play. You don't want to play necessarily on your work computers or your home computers because you don't want to inadvertently mess something up. So by creating a virtual machine, you have an isolated sandbox that if you totally hose the machine up, you can just scratch it and start again and you're back, you see. Microsoft is pretty generous, depending upon the OS version, they offer 30 to 90 day evals and after the evaluation, frankly you can just reinstall from scratch and reset your evaluation count.
-
For Further Learning
For further learning I would suggest you first look at Ken Mauldin's course on Windows Operating System Fundamentals. He covers Windows 7 predominantly, but the XP mode coverage, a lot of the features that he's teaching in depth about are ones that we didn't have time to cover here, I mean I've given you their names and a brief description, but I didn't do justice to them, in my humble opinion. Another course is Diane McSorley's Introduction to Windows 8.1. It's a brief course, it's just 1 hour, but it's well worth your time in terms of expanding on what we've learned in this module.
-
Summary
In summary, I want you to keep in mind what I told you at the beginning about knowing a little bit about every single feature. The way that you're going to become a Windows power user is through hands-on experience. At first it's going to be slow and non-intuitive, that's especially true for learning Windows PowerShell, but eventually you're going to develop what's called muscle memory and you're just going to be blazing on, that can intimidate your users that you support, so kind of chill out with that a little bit, but at least you'll know directly the shortest path to get to where you need to go. That's it for this module. In the next module we're going to deep dive on the installation piece of Microsoft Windows. Thanks a lot for your participation, I'll see you in the next module. Take care.
-
Windows Installation
Overview
Hello and welcome to Pluralsight. Tim Warner here welcoming you to the module entitled Windows Installation. At Pluralsight we create learning paths to help you pass IT certification exams. Our learning path for the CompTIA A+ 220-902 exam works in the following way. We have a very short introductory course that explains the certification and a bit about CompTIA. We're in the first content course called Windows OS or Windows Operating System. We then spend time in a course devoted to other non-Windows OS's, in particular Apple's OS 10 and the Linux Unix OS's. We spend time on security, software troubleshooting, and round things out with operational procedures. I want you to know that all of those courses relate directly, line item by line item, with CompTIA's published objectives for the 902 test. In the Windows Operating Systems course, I have the following modules for you. The first one covered Windows Features and Requirements, we're in module 2 covering Windows Installation, after this we'll get into Command-Line Tools, Windows Administrative Utilities, Windows Control Panel, Networking, and Maintenance Procedures. We have four objectives here in this module. First we're going to cover different boot methods. Of course, when we talk about installing Windows we need to consider on which disk we're going to boot the operating system and how we'll set up the disks along those lines. We'll cover the various ways that Windows installation goes forth, the clean installation, the upgrade installation, and we'll also take a look at how businesses or larger enterprises take care of deploying dozens, hundreds or thousands of Windows desktops. You don't want to do that manually, believe me. As I said, we need to, by definition, revisit disk setup here, and then once the operating system has been installed, what are the most common post-installation tasks that you'll want to tackle as an administrator. A lot to do here, so let's get started.
-
Meanwhile, in the Real World
Meanwhile in the real world, I have a couple questions that are very much IT related. I know that as an A+ certified repair technician you may or may not wind up in a business, in a corporation working as an IT generalist, maybe you'll be working, at least initially, in an electronic store working with end users. Nonetheless, the first question I want you to ponder here is, how in the world do I upgrade 150 PCs, do I literally need to walk around the office? With 150 PCs it's probably a large office, isn't it? And manually install Windows on each one? Another question, again very IT focused question is, I'm a small business owner and I need to take advantage of some of the redundancy features that RAID gives, how can I set up RAID in my Windows network environment as inexpensively as possible? We'll circle back and address these questions at the end of the module. Our CompTIA A+ 220-902 objective is 1.2 that says, given a scenario, install Windows PC operating systems using appropriate methods.
-
Boot Methods
Boot methods. When planning this module for you I thought, how can I best illustrate the different ways that we can boot an operating system, namely boot a computer that has an operating system installed? What you're seeing in this picture is a $35 personal computer called the Raspberry Pi, it's very popular in the hobbyist and maker communities, although it can't run Windows, you can install Linux on it and it'll run Linux pretty well, it still serves a good purpose for us. Namely I want to through the various components of a PC that can host an operating system. The most common of course is an internal hard drive. Any consumer PC you buy is going to probably have some version of Windows or Linux preinstalled and then you can take it upon yourself to upgrade the operating system or reinstall a new operating system or the same one, for that matter, on that internal hard drive. It makes for a convenient environment. You can also boot a computer using an external drive. Nowadays solid state flash drives have gotten big enough and fast enough, especially with USB version 3, that we could install Windows on a flash drive and take Windows to go. We can literally mount the flash drive in any computer and as long as the computer is UEFI or BIOS set up supports booting from external media, you can boot an operating system. The old school way to install Windows was from the optical drive where you'd have your Windows DVD, put it in the optical drive, again make sure that you boot off the DVD, and then you install Windows from there. Nowadays, in the 21st century, you still see DVD-based installs in the consumer world when individuals want to install a new operating system or reinstall their existing OS, but as I'm going to teach you in just a few minutes, in anything but the smallest of businesses, you want to look at a disk imaging solution so you can make over the network installations. Speaking of which, you need to understand what PXE and Netboot means. PXE is a networking standard called preboot execution environment and it's synonymous with Netboot. What you're doing here is the computer's network interface card has a little bit of firmware, which remember is software that's permanently encoded on the firmware chip, that allows the computer to boot from its network interface card and the PXE/Netboot standard has enough intelligence in it to actually connect to a DHCP server if you have one available, pick up an IP address, and then the idea is you would connect to a deployment server in your network and send an operating system over the network medium. That is where you want to be in terms of operating system deployment in the business, more on that later, I'm actually going to demo that for you.
-
Partition Tables
Another often confusing point with booting a computer, now I use the word boot as a synonym for start or reboot is a restart, some businesses, in particular Microsoft, get a little bit touchy with that term in their style guide, for instance, they say never refer to booting a computer, instead talk about starting a computer, and I think the reason for that is globalization. Different cultures may not understand my informal use of the word boot, but I'm thinking of a start up disk and we have two partitioned table formats that are supported in current versions of Windows. MBR stands for Master Boot Record and it's the oldest standard. An MBR hard disk has at the very beginning of the disk a map of the partitions defined on the disk, a partition is just a defined amount of storage space on a physical disk, and once of those partitions can be marked as active and an active partition is a partition that contains an operating system, so basically the long story short is on an MBR disk you're BIOS is going to look at that partition table for an active partition and then hand over control of system startup to your operating system boot files, you see? Now MBR has been around forever, since even before Windows MS-DOS. So it has the greatest compatibility. MBR partition tables can support up to four partitions per hard disk, which normally isn't a big upper limit, most consumers I've worked with have one or maybe two partitions per disk. So you think, well why aren't we still using MBR? Why are we looking at this GPT thing that we haven't defined yet? Well the big limitation of MBR is that it's limited to hard drives of 2 TB and that's approximately 2000 GB. Now every years ago it was almost inconceivable that you'd have a hard drive that was that size, but now it's not difficult at all. You can purchase a multi-terabyte drive for a reasonable amount of money and it's reachable by consumers, much less businesses and enterprises. If you buy say a 3 or 4 TB drive and you partition the disk using MBR, then any partitions you create, you might say I want just a single 3 or 4 TB partition, you're going to be limited to 2 TB and any space after the 2 TB boundary is wasted. So for that reason, the current standard, and this is analogous actually to the movement of the old school basic input/output system, BIOS, to the UEFI firmware that we talked about in the 220-901 learning path. The GUID partition table, or GPT, is a newer partition standard, a newer partition table standard, I should say, that has more features but it does have some special requirements. You can actually do up to 128 partitions on a single GPT hard drive and it will support physical disks into the ZBs, again that seems inconceivable to us now in 2015/2016, but I guarantee the day will come where we reach that boundary and have to look at another standard. Finally, you need to be using the UEFI firmware and not old school BIOS, and you also have to be running 64-bit hardware and have a version of Windows that's 64-bit. The good news is that all the way back to Windows XP and above, 64-bit versions support GPT disks. You can also use a disk using the GPT partition table as a data drive, in other words, a drive that's not going to have an active bootable partition. That feature is supported all the way back in Vista. So in the Windows world, GPT is pretty darn compatible, so you shouldn't be too worried about using it when you initialize larger disks.
-
Windows Installation Types
Windows installation types. There's three main ways to install Microsoft Windows on a PC. One is a clean installation. A clean installation is where you've received a new PC that has say a blank hard drive or maybe you've installed a new unformatted hard drive that's going to be a startup disk or maybe you're migrating a user from their original computer to a laptop, let's say, and you're going to want just to maybe format the existing hard disk, just wipe it right over and perform a from scratch installation of Windows. Another option is the upgrade, and remember here we're concerned with preserving the user's existing environment, whereas an upgrade migration is going to involve you having to take extra steps to migrate the user's documents and settings. If you're doing a same computer upgrade, like let's say the user has PC1 and they're going to stay on PC1, you just want to move them from say Windows 7 to Windows 8.1, they are, like I said, the big key is A) making sure that the operating systems work, that it is a published and supported upgrade path from Microsoft, and B) that you're preserving the user's docs and settings. A repair installation is when you reinstall Windows over an existing installation, but you don't blow it away, you don't reformat. When you start a computer from a Windows disk, a Windows 8.1 DVD let's say, there's actually a built in repair submenu. We're going to get to that later in this learning path, so I'm not going to spend any time on it now, but know that before you wipe and reload somebody's system, you might want to consider running a repair installation because may the operating system files, some of them have become corrupted and maybe you want to reset some drivers, et cetera. The other instance is the refresh or restore. Let's say a customer comes in and their computer is really messed up with malware, you may decide to refresh their computer, that's also called a wipe and load, where you'd back up their documents and settings, reformat the hard drive, do essentially a clean installation, but then your main task after installation is to restore the user's original environment as closely as you can. Now if you're thinking, Tim these terms kind of step on each other, clean, upgrade, and repair, if you're thinking that, congratulations because you're absolutely right. It's not like these installation methods are completely, well pardon the pun, partitioned from each other, it's just they're different ways to accomplish different goals.
-
Operating System Deployment
Now I've mentioned several times that depending upon where you're working as a PC repair technician, you may be working with individual users and there you will probably just take a Windows disk in hand or you may have an ISO disk image and you'll do your installation, repair, upgrade just on a one by one basis. In a business environment, you don't want to do manual installs, especially as the business gets above say 10 computers, you want to take advantage of operating system deployment or OSD and this is where you perform a remote network installation. This takes advantage of the TCP/IP protocol, in particular the multicast transmission type. Multicast is where your servers, instead of sending out many, many copies of each data packet to the target computers, it just sends one copy of each, sort of on a loop and then computers can join that multicast steam and if they miss some packets that had already come by, the client will just hang out there on the connection and eventually the packet will come back around the loop, so to speak. Basically multicast is the way to do OSD because it saves you a lot of network bandwidth. With OSD you're thinking of operating system images, so in the picture at left here, this is a Microsoft OSD environment where we have selected computers that we're either going to refresh and reinstall the operating system or let's just imagine that they're new systems that have blank hard drives, we can take advantage of that PXE boot, or preboot execution environment, such that the computers boot from their network interface, connect to DHCP and pick up an IP address configuration, and then they can hit other Windows server machines. DC stands for domain controller, DNS is your name resolution, your domain name system, and WDS stands for Windows Deployment Services, that is a multicast operating system deployment engine, it's a really cool feature and believe it or not, WDS is built into Windows server for free, it's a built in feature. And the long story short is the WDS server is going to have one or more operating system images that can then be sent out using bandwidth friendly multicast IP transmission and then depending upon what kind of operating system deployment you're doing, you could either do lite-touch where you may have to visit each of those stations that's receiving the transmission and answer some of the setup questions, or you can get to the zero-touch installation, ZTI, where it's a completely hands off installation. Now yes, this is an entire subject unto itself and at the end of this module I'm going to give you some pointers. If you want to know more about OSD we have you covered in the Pluralsight library.
-
Multi-boot
Multiboot refers to making available different versions of the Windows operating system and potentially different versions of individual applications. Here's the business case here. You might have in your business a line of business application that has a requirement on the Microsoft Internet Explorer browser and let's say it's dependent on an earlier version. So the idea is, if you upgrade your users to a newer version of Windows, it's going to have a newer version of IE and that may break the connections to the line of business app, well how can you remediate that? I've known some systems administrators who actually roll back the upgrade, that is a huge mess. Ultimately of course you want to test before you upgrade to make sure that you're not going to have these kind of problems, but if you do, there are ways to work around it. Troublesome applications that only run say in the old version of Windows, you can get them to run in a newer version of Windows by taking advantage of multiboot scenarios. Look at people who run Apple hardware, OS 10, on their iMac they might want to use a tool like Microsoft Visio, maybe they need to use Visio to do their job, but they actually have an OS 10 Mac computer. Once again, that's actually possible. Now if you want to install multiple operating systems on a computer, that can get tricky. This is how we used to work around these problems, but having the same partition with two different boot loaders and managing boot menus, I don't recommend this at all. This, like I said, used to be what you had to do to do a true multiboot. In this screenshot at right it's showing an Ubuntu grub boot loader, that allows you to boot Ubuntu Linux or Windows Vista, that is tough. OS 10 used to support that ability too where you could boot into OS 10 or Windows, that happened once Apple migrated their hardware to the Intel platform, but nowadays what I want you to focus on is virtualization. Operating system visualization and application visualization. That is how you work around this problem. So in this screenshot at right we have an OS 10 Mac computer and they're using a hypervisor called VMware Fusion to actually create a virtual machine running Windows and then on that virtual machine it looks like they've installed the Office 2013 suite and nowadays visualization on the desktop is so cool, you don't see any of the Windows Chrome, do you? You don't see a Start button or a start screen, you're able to just use the Windows applications directly in the Mac environment. Now unfortunately the reverse isn't true, in other words, running OS 10 Mac programs under Windows, you can do it theoretically, but it's not officially supported by Apple, you have to hack around. But again, this whole notion of application visualization is way beyond our scope. I just want to show you possibilities here.
-
Basic and Dynamic Disks
Disk setup. You need to know some basic disk ideas, pun intended, in terms of the hard drive. I told you about MBR versus GPT. When you initialize a hard disk in Windows, you choose one or the other and any recent version of Windows from Vista on up will support GPT and the advantage there is that you can have several partitions and you can support disks of just about any size. The basic disk, that's the old school disk layout that has been around in Windows since the beginning, maps to the MBR standard and what you can have here, as I said before, is up to four primary partitions. Primary partition is a partition that can be marked as active and can host an operating system. So in this sample disk we have three primary partitions. When you format a partition it gets a drive letter and a file system, looks like drive C and D are using NTFS and E is using the Linux EXT4. So just looking at this disk map I can say, I bet that this is a dual boot system that can boot from Windows on drive C or into Linux off drive E, and that's true. To get around the four partition limit, believe it or not that used to be an issue way back when in the 90's, you could have up to 3 primaries and 1 what's called an extended partition, and then inside that extended partition you can carve it up into what are called logical drives, and you can go up to 26 drives. Those would map to every letter of the alphabet in Windows. And I don't think ever in my career have I seen that many local partitions on a disk, but it's possible. Dynamic disks are Microsoft's next generation disk layout scheme and what you can remember, what you should remember is that you can always convert a disk from basic to dynamic using PowerShell or the disk management graphical utility or whatever, and the main thing that converting a basic disk to dynamic does is it unlocks things like software RAID. I'm assuming that you remember our discussion of RAID from the 220-901 path, if not, you need to go back and check that out. So in this example, we have a Windows computer with 3 disks, Disk 0, 1, and 2, these are physical disks, and we can take space, a partition, from each of those disks, combine them into a single drive, a single volume, a formatted drive lettered volume, and apply, in this case I would probably do a RAID 5, a redundant array of inexpensive disks, disk striping with parity, that's going to give you the ability to lose a drive and still keep the computer online. So Windows has supported software RAID for many years, it's tied with dynamic disks. The only time you'd want to look at software RAID is if you don't have the money or the expertise to buy a hardware RAID controller. I don't think it's a good idea on production servers to weigh it down with not only doing what it normally does on a daily basis, but also having to take care of in software, all of the I/O that's involved with a RAID, but your mileage may vary.
-
Disk Format Types
I said that when you partition a disk you could have just a single partition or multiple partitions, the partition in itself isn't usable, you have to format the partition. Now a hard drive as it arrives from the factory already has a low level format, which defines these 512 byte sectors. I've never low level formatted a disk. This is something that the original equipment manufacturer does. When you do an operating system level format, that's called a high level format, and what you're doing there is aggregating those sectors together into groups called clusters. So in my sample diagram, my cluster size equals 10 sectors. Now that's not necessarily reflective of what's really in Windows, I want you to just concentrate on the generate principles here, okay, and the idea is let's say your clusters are 4 kilobytes in size, that is the minimum allocation unit that the operating system will use on the disk, so if you create a 2K text file, it's still going to occupy a 4K cluster. If you create a 6K file, that's going to occupy 2 full clusters, you see what I mean? And you also want to keep in mind fragmentation, we did cover that in the latter part of the 901 learning path. As you can see, the first three clusters are contiguous or next to each other, so on mechanical hard drives it's going to give faster I/O to pick those up, but as you're deleting files, copying them, moving them, files may get spread apart where in this case let's say the file consists of four clusters, you've got a gap there, that's going to slow down disk I/O and that in a nutshell explains why mechanical hard drive disk defragmentation does have a performance issue. Now in terms of the different formats, there is ExFAT and FAT32. FAT stands for file allocation table. I suggest that you never use these unless you're dealing with a really low capacity flash drive, like a 1 GB flash drive or less. The file allocation table historically is what Windows used since the very beginning. FAT32 is a 32 bit address space, so you can go up to 4 GB for maximum file size, the maximum volume size with FAT32 is 8 TB. ExFAT is an extension of FAT32 that goes up to 128 PB, but like I said, I advise against using FAT32 or any kind of FAT unless A) you're talking about really small disks, no more than 4 GB, and also possibly for compatibility with other operating systems that may not recognize NTFS. I myself have had problems with Windows disks plugging them into Mac computers that don't like to recognize NTFS. Now you're probably wondering what is NTFS. That stands for the new technology file system, that's the baseline file system used in Windows nowadays. It's more efficient, in other words the cluster size is a lot smaller with NTFS than it is with FAT and it also supports file level security. You can actually set access permissions on individual files, with NTFS you can do auditing, NTFS is self healing, there's just so many reasons why NTFS is your go to format for Windows disks. CDFS is the compact disk file system, unless it's a CD-R or DVD-R, we're talking about just read-only access on that file system. In Unix, Linux, and OS 10 environments, NFS is network file system used in file sharing situations with NICs. Speaking of NICs, Unix, Linux, EXT3 and EXT4 are standard formats in those environments. You're going to have to take some extra steps to get a Windows computer communicating via NFS and interacting maybe locally with a drive or partition that's formatted with EXT.
-
Special Partitions
Special partitions. What we're seeing here is a little screen capture from the Windows disk management utility. You'll find that on systems that support EFI, or UEFI, there's going to be a system reserved partition that doesn't have a drive letter, it's intentionally hidden, tucked away by Microsoft, and that's where your boot files are stored. Microsoft knows that if they make boot files easy to find, there's going to be some user who comes along saying, I don't recognize these files, maybe they're a virus, I'm going to delete them, and then they'll get an unpleasant surprise the next time they start their system. You'll also find with OEMs, like Dell for instance, there'll be a separate partition that's a vendor recovery partition that may have the operating system and the drivers and everything already there, such that if you do want to reinstall your system, you can boot from the recovery partition and then you're free to reformat and reinstall on your system drive.
-
Post-installation Tasks
Post-installation tasks. Once you've got Windows installed and if you're wondering what are the steps to actually install Windows, I'm going to do a brief demo, so hang on. You'll want to take advantage of things like updating the device drivers. You might have the plug and play driver that Windows automagically gives you for your video card, but in order to unlock the full feature set of your card you might want to install the vendors own drivers. If you're in a business network and you're using Microsoft, you'll need to or you'll want to join the computer to an active directory domain. There's also localizing the system, time, date, region, and language. There's installing first and third party software, line of business applications, there's verifying that the disks, the OS disk, any data disks are proper, and then there's updating using Windows update to make sure that the OS is current with its security patches. If you're thinking, my gosh that's a lot of work, yes it is, that's another reason why in a business enterprise environment you sit down on one computer and you do the installation from scratch, you do all your post-installation tasks, and then you copy or clone that image, you create an image from that computer, and then that becomes your golden standard image that you put up on your servers and then the next 10 computers that come along that need a setup, you can blast that image down to them and save yourself hours upon hours of work. Now I will say that using the heavy, thick golden image is starting to become less and less important because OSD is taking on a thinner, more modular approach. I'm just putting that little bit of information in your ear, just from professional to professional. Pay attention to what I'm showing you explicitly on these slides for your exam success.
-
Demo 1: Installing Windows 8.1 with WDS
Alright in this demonstration I'm going to quickly walk you through installing Windows 8.1 and there's the added bonus that I'm going to do this in an operating system deployment way. We're looking at a Windows Server 2012 R2 Member Server on which I've installed Windows Deployment Services. I just pressed the Start button to bring up the Start screen and I'm going to type deployment ser, just enough to get the link here, and press Enter to launch the Windows Deployment Services console. Now this is not a Windows Server course, so I've already set this up. Do a search in the Pluralsight library for Windows Deployment Services and you'll get all the help you need as far as how I actually set it up. But essentially what I've got going on here is that I've created an installation disk image for Windows 8.1. I unpacked the DVD, placed it on the server, in WDS its main reasons are to do multicast transmissions and you can do operating system installations over the network and you can also use WDS to capture images, remember I told you that you will set up one computer the way you want them all to look and then you'll want to capture that OS, put it up on your WDS server for reuse. Well that's absolutely true and absolutely the case. You'll notice that we have two types of image here, we have a boot image that's used to actually to start the computer into a really stripped down version of Windows called Windows PE, for pre-installation environment. And then on my system I have just one available OS image and you can get totally crazy with this in terms of customizing images, injecting drivers, it's a whole separate thing, okay, let's just leave it at that. So we've got WDS ready. Let's switch over, I have a virtual machine that I've called blankbox that has just an empty blank hard disk. I've already gone into UEFI BIOS setup and specified to do a network boot first. I'm going to power on the computer and you're going to see, I'm sorry about the resolution shifts here, my recording area is much bigger than this default VM area, but look what's happening, it says CLIENT MAC ADDRESS, it detected the network card's hardware address and it's trying to contact a DHCP server and you see we picked up an IP address and we loaded the pre-boot environment or we are loading that boot.wim file from the server, and note that I'm doing this without any reference to the local DVD drive or CD drive or USB drive, this is all over the network. You don't have to do sneakernet. I could feasibly be in Chicago doing a remote install in Syracuse, New York, do you see what I mean? Now there was a time with operating system installation where, believe it or not, you had to walk around with floppy disks to boot the computer, you absolutely had to have the DVD, and it was always just a click by click nurse maid installation. Also, way back when, you didn't have the mouse for most of the install process, so you had to be pretty good using the Tab and Shift+Tab keys and the arrow keys on your keyboard. As you're going to see here, we're booting into Windows PE, which is a graphical environment, see I have my mouse and I can interact with WDS using standard Windows controls. I'm to click Next past the first screen, it's going to ask me to authenticate, which I'll do, I'm going to authenticate as a domain administrator. My domain is called company. Submit that, and sure enough we see that one image that we're advertising in WDS. Now remember, you can automate all this, but I specifically set it up so we have to manually complete the installation. Let's click Next and now it's just asking us the typical questions that you're normally asked when you install Windows. You're asked to choose which drive you want to use, I just have the one hard drive, and note that it's blank, its total size and its free space match, but if I do want to reformat the drive, if I'm doing a wipe and load reinstallation or a clean installation, I can come to drive options and you have the ability to mess with your partitions. On business servers, you may not even be able to get to your hard drives until you install a special driver, that's true for RAID enabled servers that have hardware RAID controllers. I'm going to, well I'm not going to do anything here, I'm not going to format because I don't need to, I'll just simply make sure that the partition is selected and we'll click Next. So the rest of this, Windows setup has gotten so much simpler than it used to be, I keep mentioning this like I'm some kind of old timer, I guess I am, but the Windows teams have done a great job of not having to force you to answer question after question after question. It's either going to give you some defaults or at the end of the installation process they'll be some options there. Now as this says, it's going to take awhile just to get the files ready and we're streaming all of that content over the network. Essentially once the installation completes, we're going to be asked to create a local user account and then we're going to see the traditional Windows 8.1 desktop. So I think we're good at this point with this demonstration.
-
Demo 2: Performing Post-installation Tasks
Once the installation is complete, it's time, like I said before, to take care of post-installation tasks. I make no bones about the fact that I'm not a fan of the Start screen or the full screen universal app experience in Windows 8.1 and Windows 10, so this is a neat little trick I have for you, if you hit the key combination Windows+X or if you right click the Start button, you get this really nifty fly out menu that has most of your common utilities just within easy reach. So for instance, we can open up Control Panel, change from category view to say large icon view, and then we can just customize the system, like I said, localization in terms of language packs, time, firewall settings, Windows update. Please take advantage as a power use of the search box. You don't want to be sitting here, now how do I make sure that I'm in the correct time zone, I guess my eyes are going to cross before I see date and time, you can come up into the search box and type specifically what you're looking for. So let me type time zone, and we have right here change the time zone. And it brings you right to where you need to be. See what I mean? So you in time should be able to buzz through Control Panel, mainly just by thinking of the options that you normally change, maybe the desktop background, right, you can just type background and there's the link for change desktop background, easy peasy. In terms of drivers and installation, another one of my favorite things to do is to invoke the run box and use commands to open up MMC consoles directly. So you can do a Windows R or we can right click the Start button and click Run and over time you should know by memory how to open some of these consoles directly. Devmgmt.msc stands for device management. That's going to be your way to get to your hardware on your drives. Again, right click, run, diskmgmt.msc is going to open up your disk management console, and speaking of which, it looks like on this system we have a disk that's uninitialized and before we could do anything with that disk we're prompted to choose MBR or GPT and there is a note that GPT isn't recognized by all previous versions of Windows, true enough. You'll note that the disk shows up as basic, when you right click the disk you can convert it to dynamic disk, you can convert it from GUID partition table back to MBR if you want, I'm going to convert it to dynamic, it's a very quick option, and note that by right clicking I can go back to Basic Disk or MBR Disk there. Still I haven't prepared this disk for use, so I can right click it and choose to create a new volume. Now notice that when it's dynamic, you have the capability of getting into the RAID levels here. These are grayed out because I don't have another partition to work with. RAID, remember, requires at least two partitions. I'm going to create a simple volume here, you do this using the wizard. You choose the amount of space you want to use, I'll make 10 GB out of the 20, click Next. You can choose a drive letter, Next. Give it a name, I'll call it DATA1, choose a file system, FAT32 or NTFS, no thank you on the FAT32. Default is where the operating system chooses the cluster size, but you can override that if you want to, I'm going to leave it at default. And I'll do a quick format, and within just a few seconds, we should have that partition available, there it is. So now we've got unallocated space that we can do whatever we want with in the future, or let's right click and Open, we can start storing data on our new volume. The final think I'll say is that it's interesting that just looking in your File Explorer, you're seeing formatted volumes, you don't know at a glance whether these are separate physical hard drives or if they're just separate partitions from the same hard drive, you see? So the disk management tool is cool because it leaves nothing to the imagination, it shows you the distinction between the physical disk and the volumes on the disk.
-
Back to the Real World
Let's go back to the real world, you know the answer to these questions now. How in the world do I upgrade 150 PCs, the answer to that is we're going to use Windows Server along with Windows Server built in tools like Windows Deployment Services and Microsoft has an entire line of applications for data center management called System Center and there are System Center tools that take OSD to very great lengths. The other question was, can we set up RAID inexpensively? We also know the answer to that is yes. You would use dynamic disks and software RAID. It works in a pinch, but it's not your best option.
-
Homework
For homework, I'm going to challenge you to take the materials you gathered in the previous module where I showed you that you can download for free a virtualization program, like Hyper-V, that's built into Windows or Oracle Box VM, and your Windows evaluation ISOs, the disk image files, and I'd like you to practice performing upgrades, say from Windows Vista to Windows 7, Windows 7 to Windows 8.1, and in practicing that that's going to allow you to confront choosing a boot partition, reformatting a drive, and also test all the features within each of those operating system versions that you learned in the previous module. Remember we want to build on our skills.
-
For Further Learning
For further learning there's Rhonda Layfield's course on Windows 8 Deployment with WDS, that is a very deep, deep dive of WDS, so if you like what we did during the demo, check that out. Greg Shields has a certification prep course for Windows Server 2012 R2 70-410, Install and Configure Servers. In particular look at his module "Configure Local Storage" for lots more information on all the storage stuff we covered here.
-
Summary
In summary, I have friends, a good friend here in Nashville named Mick, as a matter of fact, who makes a very nice living as a system center configuration manager admin, SCCM as it's called, is Microsoft's enterprise tool, well it does a lot of stuff, not just operating system deployment, but it's especially good at automating OSD and if you like deployment, you can actually build your career doing that. As I've mentioned, in the enterprise we manage herds and not pets. I didn't use that metaphor, but the idea is the same thing. Instead of installing computer by computer and taking care of the care and feeding of each individual computer as if they were your pets, instead we wan to look at operating system deployment and maintenance as a herd, as a collection of computers that has an automated process behind it, you see. Alright, well that's a lot of material, as all of these modules are. Thank you very much for your participation and I look forward to seeing you in the next module, in which we spend our time using Windows command line tools. Take care and happy studying.
-
Command-line Tools
Overview
Hi there and welcome to Pluralsight. My name is Tim Warner and this module is entitled Command-Line Tools. As usual, let me buzz through the courses that make up our Pluralsight learning path for CompTIA A+ 220-902. We have a brief introductory course and we are just getting underway with the first content domain. If you go to comptia.org and download the 220-902 objectives, you'll find that we cover every single line item there, in fact, I structured the learning path according to the 902 content domains. Once we move off of Windows, we'll deep dive into other desktop operating systems, then spend time on security, software troubleshooting, and operational procedures. Within our Windows operating system course we have the following modules, Windows features and requirements, Windows installation, we are doing command-line tools, Windows administrative utilities, Control Panel, networking, and maintenance procedures. What are we going to learn in this module? First, I'm going to give you a little bit of editorializing, but it comes from the perspective of real world experience and more on that in just a second. It's actually very important stuff for you to know. We're going to spend most of our time though covering the relevant CompTIA objectives here. CompTIA wants you to know a couple of dozen Windows command-line tools, I call it a rogue's gallery, and by the end of this module you'll be able to answer any questions regarding these tools on your exam successfully. With that, let's get started.
-
Meanwhile, in the Real World
Meanwhile in the real world, you might be asked as a CompTIA A+ certified repair technician, why should I care about command-line tools? Maybe you're working with an individual who is entering the IT field and is brand new, maybe you've already put in a couple years so you have some preliminary experience, and this customer has heard scuttlebutt about Windows PowerShell and being able to know scripting. How important is this command-line business in the days of Microsoft Windows? Another question is, yeah I see that I really need to learn PowerShell if I'm going to specialize in Windows support, on the other hand, I'm afraid of math, I don't like anything about programming, do I have to know programming in order to learn PowerShell and administrative scripting? As you've come to expect, think about these questions as we go through the material and at the end we'll circle back and you'll be able to answer them yourselves I'm quite sure. Our CompTIA A+ 220-902 objective here is 1.3 that says, given a scenario, apply appropriate Microsoft command-line tools.
-
The State of Command-line Administration
The state of command-line administration. Having been a technical trainer since 1997 or so and having taught prep courses on just about all of the main line CompTIA exams as well as the main line Microsoft IT Pro exams, I often am confronted with the question, how does the theory that you're teaching me here actually relate to the real world? The truth of the matter is is that sometimes these IT certification exams have content that can run counter to your real world industry experience. I used to call it the Microsoft answer, in other words, students who are preparing to take a Microsoft certification exam I sometimes suggest, although you have lots of real world practical experience and that's extremely valuable, you need to be prepared to give the Microsoft answer, which is what you'd find on their marketing and their TechNet literature pages, even if that answer runs counter to what you practice in the real world in the proverbial trenches. So I say that, that even though CompTIA exams are generally vender neutral, you're still going to want to give an answer that is consistent with what you'll find with a vendor and I mean I say that because on one breath CompTIA exams are vendor neutral and in the second breath we have this whole course in our learning path devoted to the Windows operating system. Speaking of the Windows operating system, Windows PowerShell is truly the current and future state of Windows administration and there are many reasons for that that we don't need to get into. I'm disappointed personally that CompTIA doesn't stress Windows PowerShell more on these objectives, so I'm going to inject it just a little bit here and there to make sure that you're not only preparing to pass and be successful on your A+ certification, but you also enter the IT industry with your eyes wide open as to what's actually happening in the trenches. To that point, let's run a quick comparison and contrast between the command-line tools that we'll be learning in this module versus Windows PowerShell. Now at first blush, both a traditional so-called DOS command prompt or Windows command prompt, behaviors very similarly to a Windows PowerShell prompt. So it's important, I think, in the name of you being a well rounded professional, to understand the basic differences. When I'm saying command-line tools, I'm talking about commands like COPY and XCOPY and ROBOCOPY that are still used a lot in business versus Windows PowerShell that uses that verb-noun syntax, like get service, stop service and so forth. Now some problems with these old command-line tools is that each one has its own syntax, so you have to build a separate learning curve for every tool you learn. Another problem is that the tools are completely unrelated to each other. If you want to, for instance, copy a bunch of files programmatically from one location to another and then delete the files that were in the source folder, those are two totally separate commands and you can't feed the output of one command into another. I mean, you can to a very limited degree, but nothing like you can in Windows PowerShell. Another problem with the command line tools is they have limited or no remote execution. Remoting is a big deal now in the 21st century. The idea is as Windows administrators, we should be able to sit at our administrative work station and manage most of our environment from, say, a Windows PowerShell prompt without ever having to actually walk down to the data center, walk down into your server room and maybe even not even walk down to the user who's experiencing problems, you may be able to fix them by using remoting technologies from a command prompt. Finally, with the command-line tools, the data is always just flat simple text, there's all that much you can do with it. In many ways these command-line tools behave like Linux/Unix command-line tools to this very day in 2016. Now Windows PowerShell, on the other hand, was designed as a successor and replacement to these old command-line tools. Like I said, it's the current and future way to do command-line administration. We have a consistent reliable syntax, that means once you learn Windows PowerShell syntax rules, you can manage just about any Windows application, service, et cetera, because you already know the underlying rules. In Windows PowerShell we have something called the pipeline that does in fact allow you to take data out of one command and feed it into another command, much like you might connect, say, Lego bricks. PowerShell is built from the ground up for remoting, so let's say you needed to change your registry value on 15 servers, you can use a couple lines of Windows PowerShell and execute those changes in just literally a blink of the eye from your desktop instead of having to maybe use remote desktop to each of those 15 boxes separately or worse yet, actually go visit them. And finally, data in Windows PowerShell is objective oriented. Instead of being just flat text like command-line output, PowerShell objects, as they're called, like if you get a list of services, say, that are running on the computer, you can perform operations on each one of those objects to stop a service, restart it, change its startup parameters, and so on. The data in Windows PowerShell is how I describe it as alive. Now let's do our first demo, very briefly, to underline a bit more some of this command-line versus PowerShell business.
-
Demo 1: Cmd.exe vs. PowerShell.exe
We're on a Windows 8.1 Enterprise Edition computer and I want to cover some of the common confusions regarding Windows PowerShell versus the cmd.exe, executable. So let me open up File Explorer, I actually have C:\Windows\System32 already preloaded on this machine. There is a lot in system 32, I have the view sorted in details view by type so we can see our applications. Now you see what are called your external command-line tools, our separate executables, like bcdboot, bcdedit, there is attrib to change the file attributes of a file, there's at.exe that's a command-line interface to the task scheduler. If I type C and continue scrolling, I'll finally reach command.exe, this is the old school command shell for Windows. The way that I normally open it up is I'll right click the Start button, go to Run, and type cmd. I'm logged on as an administrator, so it's going to open it up as an administrator, that's exactly what I want. So in summary, the command shell, the standard, old school command shell, runs as a separate executable under Windows system 32. Now under system 32 there's a subfolder called WindowsPowerShell and under v1 we see another executable called powershell.exe. So the first confusion I want to dispel is that command.exe and powershell.exe are totally separate executables. In Windows 8.1 I'm going to right click my PowerShell icon and run it as administrator. And at first blush it looks like the same thing, doesn't it? Let me arrange these windows somewhat in a user friendly way. I mean we can use commands like dir and it works in PowerShell and we can use it in cmd.exe and it also works, but you're going to run into problems because PowerShell is actually mimicking some of these cmd.exe internal commands. Dir is what's called an internal command because it exists inside the executable, as opposed to an external command like ping that runs as a separate exe, and yes you can do ping all day long in PowerShell, it recognizes external commands and that's why I would suggest, and I've said this before, under most circumstances whenever you're doing command-line administration, do it from a Windows PowerShell console. Long story short is that you can run into some problems trying to run cmd.exe internal commands, in other words, commands that exist inside cmd as opposed to external commands that are standalone executables when you try do that from within Windows PowerShell. So the last thing I'm going to show you in this first demo is that it's actually possible to interact between the two shells. In other words, if you really needed access to the cmd environment from within PowerShell, you can just start it, you see? So I've typed cmd and now I see the same preliminary text as I saw when I started cmd. Likewise, from cmd we can go into a PowerShell session, just by typing PowerShell, you see? To get out of the session, for instance, presumably I would be doing some specific cmd work here in my PowerShell session and then when I'm ready to come back to PowerShell I can use exit and you'll notice that the prompt changes, I forget to mention that. A clear indication that you're working in PowerShell is the PS prefix that is at the front of the prompt path and sure enough you see that down below, let's go down to cmd and we can exit from PowerShell and go back and forth. I hope that this demo has served to dispel some very common beginners confusions regarding those two environments.
-
Command-line Tool Parade
Comand-line tool parade or as I called it at the beginning of this module, command-line tool rogue's gallery. As an instructor I cringe when I have to throw repetitive slides at you, just bear with me as we go through here, your take home message here is you're going to need to identify each of these command-line tools by name and also understand their basic function. I seriously doubt that CompTIA will require you to know detailed syntax because, as I said earlier, these command-line tools all have different syntax rules. So the first command we need to know is TASKLIST. TASKLIST is used to get a list of running processes on your computer. Basically running programs and subprograms. You might be thinking to yourself, Tim we've got the graphical user interface GUI tool task manager, what do we care about TASKLIST? Well as I'm going to show you in the second demo, these command-line tools do have an advantage and that is we can use them for administrative scripting, to do automation. But anyway, TASKLIST will give us a list of processes and then we can invoke TASKKILL to bring that process out of memory, so if you have a rogue process that's consuming too much CPU or maybe you've identified a process that's malware, you can obtain its name, the name of the process is its file name or image name, pid stands for process ID, that may be a more accurate way to go, use TASKLIST to get the PIDs and then notice that TASKKILL you use the PID parameter and you can add multiple PIDs there in a row separated by spaces. The T switch there specifies that we want to kill all child processes, so if 130 and 333 have child processes underneath them, /T will remove them all. Now like I said, the syntax can get really wonky. Look in the course notes because I give you links to Microsoft TechNet pages that show you tables with all of the possibilities with regard to parameters. By the way, a parameter is simply a way to customize or alter the behavior of a command-line tool and parameters can either be named, like /PID space and then value, or they can be what are called switch parameters, a switch is a parameter that takes no value, it's basically on or off binary, I guess that's why it's called a switch. SHUTDOWN is just as you would expect, a way to shutdown the system from a command-line. In this syntax example -f and, again, talk about inconsistency, right, instead of / here we're using -, f is a force shutdown, r is restart, and t is a timer, so you can wait a specify number of seconds. BOOTREC is a tool we get to from the Windows recovery environment when we're trying to repair a system and we covered this earlier in the learning path actually, in the 901 learning path speaking of what, and from Windows RE launching BOOTREC allows you to fix your boot files. You notice that you can do BOOTREC with FixMBR to examine the master boot record, there is a way to scan the operating system system files, to rebuild the entire boot configuration database. So BOOTREC is used to troubleshoot systems that can't start very early in the process due to, say, a corrupted boot sector. FORMAT, a very powerful tool. We learned about disk management in the previous module, format is simply the command way to format or reformat volumes. In this example we're reformatting drive E in a quick way, in other words, we're not performing verification, we're just doing an overwrite, and the vSwitch or the vParameter allows us to add a volume label.
-
File Management Commands
Now let's look at some file management command-line tools. MD has an alias of MKDIR, RD has an alias of RMDIR and they're pretty standard. MD doesn't stand for medical doctor, it stands for make directory or make a folder. RD is just the opposite, remove a folder. Now historically, at the command line you had to be careful with RD because if you tried to remove a folder that had files in it, you'd error out, but if you throw in the /s switch it will in fact nuke the folder and its contents, so be careful about that. CD is CHDIR, you're seeing some syntactical standardization, if you don't mind the alliteration there. CD is very, very common because it's what we use to navigate through the file system from the command line. CD and then in this path, notice I'm using single quotes, you can use single or double quotes when you're surrounding paths from the command line, but the tilde forward slash is a shortcut to specify you're starting from your home folder, so in current versions of Windows it would be C Windows username, and so instead of doing C users username, you can do tilde and then use Tab complete, so ~/Dtab will quickly expand to desktop and if you had a folder named images on your desktop, you could type I or maybe im and press Tab. Definitely take advantage of Tab completion when you're doing command line work, it saves a lot of time. DEL is used to delete files. So for instance, DEL D:\docs\*.rtf means delete all of the rich text files contained in the docs folder, /f says force the operation. Notice that DEL also has a synonym called ERASE. DISKPART we looked at in the 901 objectives, this is the command line variant of the disk management graphical utility, we can manage disks, partitions, and volumes all programmatically. Now you hear me use the programmatically a lot, what that refers to is that when you're using command-line tools, often times it's not just you sitting at an open console prompt issuing ad hoc commands, I mean it can be, but most of the time, in my professional experience, you're looking to take a repeated task, get it perfectly captured in a script file, and then whenever you need to repeat the task you can simply run the script and you won't have to worry about forgetting a step, you won't have to worry about mistyping anything, because all of those actions are recorded perfectly in the script. More command-line tools. COPY, just as you would expect, this is a file copy tool, but it cannot do recursive copies out of the box. In other words, if you wanted to copy an entire directory tree, where you wanted to copy a root folder that had several subfolders that in turn contained folders and files, you're going to run out of steam there, so there's two more powerful versions of COPY. I never use COPY myself. There's the extended COPY or XCOPY that can do directory trees, and even more powerful there's ROBOCOPY that's been around in the Windows world for a long, long time. ROBOCOPY allows you to, basically you can put your propeller hat on and totally geek out in terms of how you're copying files. You can create log files that will actually follow the operation and track progress. It's a very complex tool, more than you would think initially. It's built into current versions of Windows, it's an external command-line tool, and if you look in the course notes I give you some links to some projects that have sprung off of ROBOCOPY because it's still a popular tool, even nowadays, for administrators who are constantly having to copy files around to different drives and even different computers. Somebody built a ROBOCOPY GUI front end and then Microsoft actually built a successor to ROBOCOPY called RICHCOPY. Again, those links are in the course notes. SFC stands for System File Checker. The executable is in fact called SFC.exe, in fact all of these command-line tools that I'm showing in uppercase, you can just add a .exe after them and you'll know what the executable program file name is. SFC is something you'd use if you suspect that some of your protected operating system files might have been replaced by malicious code or just corrupted or damaged. You can run SFC/scannow and what it will do is the tool will run integrity checks against all of your operating system files. Make sure that their digital signature checks out to Microsoft and not some rogue developer and if they're are any inconsistencies, you may be prompted to mount your Windows media and then SFC can replace the operating system files with fresh versions. CHKDSK we looked at in the previous learning path, 901. This is a programmatic way to display disk status and to correct errors.
-
Network Management Commands
Now we have some network specific command-line tools, GPUPDATE is short for group policy update. In an Active Directory domain, you specify your policies and your preferences for users and computers through group policy and let's say you update the group policy in your domain, you would then programmatically on the client side, run GPUPDATE to manually refresh that computer's group policy settings. Group policy has its own rules on how refresh automatically happens, it will happen eventually automatically, but sometimes when you're troubleshooting a user's system and you just want to make sure that that system has the most recent group policy settings, you'll do a GPUPDATE, like maybe a GPUPDATE /force. GPRESULT is a good troubleshooting tool for client systems. You do this to validate that the user is receiving their correct group policy. GPRESULT/R will give you an excellent summary of who's logged on to the computer, what the computer name is, and what policies are and are not being applied to the user and computer. That whole philosophy of testing group policy results is called Resultant Set of Policy or RSoP, I mean, it can get pretty complicated because you may have in your Active Directory domain, group policies linked at various levels, the forest level, domain, organization unit, and there may even be policy applied to the local computer. How do you sort out conflicts? That's a subject for another time and actually another learning path. DIR comes out of nowhere here. This is probably the most popular command-line tool because when you open a command prompt, what's the first thing you're going to do? Run DIR to list the contents of your present working directory and if you're not in the right directory, you'll use CD to get there, right? So yeah, these command-line tools, I don't mean to skew you into thinking it's all PowerShell all the time, the core command-line tools persist in their usability, it's just that we're shifting focus away from the old antiquated way to do it into more of a more powerful consistent way. EXIT we saw in the first demo. Just as the word explains, it closes your session. If you're in a PowerShell or CMD session and you just type EXIT it's going to close the window. By contrast, if you use PAUSE in your script file, it'll keep the window open, which is sometimes helpful when you want to read the output of your script and you want to make sure that everything completed successfully. Next we have HELP. Now HELP when you run it at cmd is going to give you a list of all the internal commands. Now you might have been thinking, Tim what the heck do you mean with this internal versus external business? The way that the command interpreters worked historically, originally it was called command.com and MS-DOS, inside the actual executable were a number of core tools. They weren't separate or standalone, they were actually built into the command interpreter, and that's still the case now. Look in the course notes, I give you a link to one of my favorite sites, ss64.com, it gives you a list of all of the cmd.exe internal commands. CD is an internal command, CLS that clears the screen, COPY, DEL, DIR, really the core command set are not in the file system as external executables. An external command is a separately compiled executable that you can call from your CMD or PowerShell.exe session, okay? So that's that. HELP will give you a list of all of those internal commands. EXTRACT is a command-line tool that's sometimes helpful when we need to pull files from Microsoft cabinet files, now you've probably heard of zip files, right, compressed archives? Microsoft has their own proprietary format called cab. Now I say proprietary, but it functions very, very similarly to zip files. Personally I don't use extract, I'll just use like 7 zip, the freeware archiver tool. If I do need to work from a command line, 7 zip has a very powerful command line variant, but it is true that EXTRACT is helpful because it's built right into the interpreter. You might want to retrieve a file from a cab file, again, to replace a damaged copy that's on your system. When you type a COMMAND, that is a cmd command-line tool, /?, this is going to give you a run of the command syntax. So again, very popular when you're learning to use these command-line tools and frankly even though I've been using them myself for dozens of years, I will still habitually do a /? because I don't remember all of the syntax rules because they're different. Finally, STANDARD VERSUS ADMINISTRATIVE PRIVILEGES, you noticed in the first demo I had to double check to make sure that I was starting the cmd interpreter as an administrator. You know you are if the title bar of the window says administrator: and then the name of the window. You want to get into the habit if you have administrative privileges on a system, to always run those environments as an administrator, otherwise you're going to be seriously hobbled as to what you can do.
-
Demo 2: Creating a Shell Script
In our second demo, I'm going to use command-line tools, but I'm going to use them in the context of the real world. Let me show you what I'm talking about. I'm going to open up File Explorer and go to drive C. I have a folder called workfiles. I'm going to right click in there and create a new text document called tims-work and I'm going to open it up and just put in some dummy data here because remember this is just an example. Now let's say we want to automate taking the contents of this workfiles folder, whatever is inside of it, and we want to copy it at the end of each work day automatically to another drive on the system, I've created a folder called backups, E backups. So the two paths are C workfiles and E backups, how do we do that? Well I'm going to create a shell script. Now to set the environment up, I'm actually going to right click the Start button, go to Control Panel, and we'll open up the Folder Options Control Panel item, this is something I habitually do on systems that I work on. If you're on an end user's system, you might want to either not change this or reset it once you're finished so the user doesn't get freaked out. What I'm talking about is the hide extensions for known file types. I don't like that option because it hides the extension of the file and I want to be able to control both the file name and the file extension. I don't want them hidden here. I'm going to right click the desktop and I'm going to create what appears to be a text file, but see I have the .txt, I can actually change the file type on the fly, I'm going to call this backup.cmd. It asks us, are we sure we want to do this? Yes I am. You'll notice that the icon now changes into gears, so it's associated that cmd extension, tells Windows that this a Windows command script. When you're creating a command script for cmd, you're creating what's called a shell script. Shell refers to the command shell or cmd. Shell scripts are popular in Linux, Unix, and OS 10 worlds big time. Let me right click this guy. If I double click it, it's going to open up an instance of cmd, but it's not going to do anything. So I'm going to right click and go to Edit and in the file we'll just have it do a very simple xcopy. I'm going to Ctrl+A to select everything and adjust the font to make this easier for us to see. We're going to xcopy and even though I don't think I have any spaces here, I'm going to put a single quote around the path, that's just another pro tip. Whenever you're doing directory paths from a programming prompt, I will habitually enclose those paths in quotes even if there's no spaces. You need the quotes if there are spaces because otherwise the command interpreter is going to freak out when it sees the space. You can use single or double quotes, but I suggest single. Reasons for that are beyond our scope right now, we don't need to worry about it. We're going to go to E:\backups for our destination. And not only that, we're going to then remove all the contents from the work files folder, and I better correct that. You notice *.* says the star is an asterisk and the asterisk is a wildcard that denotes any object, any character or any sequence of characters. So if we're deleting any file and then . of any extension, we're going to clear the entire directory out. By the way, I'm using the arrow keys, the Backspace, and Delete keys to get around on this prompt. Let me click Save and exit it. Now does this work? Let's double left click, whoa, did you see that? If you blinked you probably missed the command screen. I don't have anything in the backup directories, we're doing some live troubleshooting here. We still have the file in tims-work, let's right click, go to Edit. This is actually very much a part of building command scripts and using the command-line tools, not interactively, but from a script environment.
-
Demo 3: Troubleshooting Our Script
Well to troubleshoot this, let me bring up a cmd session. By the way, I started that by right clicking the Start button in Windows 8.1, going to Run, and typing cmd. I actually ran the xcopy statement and it says file not found *.*, ah-hah. So what we'll want to do here is cls to the screen and do a /? and then read through the switches until we find one that we want or find one that suites our needs. After having done a /? we'll want to look at the syntax quickly up here. It looks like we'll put our / parameters or switches after the source and destination paths, and if I scroll down we see /E copies directories and subdirectories. I'm going to presume any files in there will be picked up as well, including empty ones, cool. So to finish this out, let's right click the script and edit it one more time. Sometimes when I'm debugging I'll test things like simple stuff like in this case maybe if I remove the quotes. The process that I'm doing here, iteratively testing and retesting the script, you're not seeing me making mistakes in the demo, I'm intentionally including all of this stuff here to let you know that debugging is a daily fact of life when you're doing administrative scripting with command-line tools, okay? So that looks pretty good now. I'd be surprised if this doesn't work. Let's do a File, Save, close the command file, double left click it, asking us here are we going to overwrite that file, yes/no/all. Ah-hah. Well let me go back in my command window and look in backups. Sure enough it looks like the file is in there, I'm going to delete it because in my previous testing I forgot to clear up the backup folder. Important tip for you to know, when you're debugging your scripts and you're at a stopping point like here and you're not sure what to do, use Ctrl+C, that's the break command, that'll take you out of the script, out of the running command interpreter, and also you don't want your script files to stop like that and ask the user for input because our goal here is to run this guy on a schedule, right. There we go, it looks like that worked that time. So the file got copied over to E backups, I'm going to right click and cut it. We should find that the workfiles folder is empty, so now let me Ctrl+V to paste that back in, good. So anyway, the final little bit I'm going to show you, it's one thing to have a command script that you've debugged and you've tested it and it's working fine now, it's another thing to put it on a schedule so that it runs, say, every night when you go home. Windows has a graphical utility, has for a long time, called the task scheduler. I went over to the Start screen by pressing the Windows key on my keyboard and I typed task sche and we have a link here for scheduled tasks. The at.exe command, as you might remember, is a way to programmatically create tasks, but it's pretty easy to do it from the GUI, so I'm just going to very briefly walk you through this. In Actions we're going to click Create Basic Task, call it Daily Backup, go Next, we'll do this every day, we're going to start it today, and we're going to have it happen at say 7:00 PM every day. It's going to start a program and it's going to launch my backup.cmd switch. It's going to start my command script and you can pass in additional arguments at runtime, you can have it start in a particular directory, I'm not going to do that, and then when we click Finish we're got ourselves a new scheduled task. Now we can see that. Believe it or not, it's not particularly obvious where to go to find the task, you click Task Scheduler Library and we should see it right here. So we can right click to run it in place, to end it if it's stopped or stuck, disable it, export the definition for sharing on another computer, and importantly go to properties where you can change. Lots of cool stuff, you can force it to run as an administrator or as another account, that can be helpful if you need administrative privileges for the script, but the user who's currently logged onto the system is not an administrator, you see.
-
Back to the Real World
Let's go back to the real world, the first question that the customer has for us is why should I care about command-line tools? Our answer is two words, administrative automation. Command-line tools are maybe slower than graphical utilities when you're just plucking along, clicking in a console, but ultimately command-line tools are much faster than their GUI equivalents because they can be programmed, scripted and automated. The second question, speaking of programming, do I need to know programming to learn PowerShell? The answer is no. To get started, you don't have to know any programming because really the beauty of PowerShell is that it hides or abstracts all of the calls it makes down to the .NET framework. The .NET framework is the runtime environment in Windows that enables programs and scripts to manage just about any part of the computer. Now ultimately as you get your c-legs with PowerShell, you can start to use it as a more formal programming language, but to get started you don't have to worry about that.
-
Homework
For homework I want you to open up an elevated console prompt, cmd prompt, on your machine and look up every one of the utilities that we covered here and run /? help just to get familiar with the ways to use the tool. You'll find that the help files give you some examples, some of the examples are more helpful than others. You may need to do some Google or Bing searching to find some additional examples. On PowerShell, I want you to research to see what PowerShell cmdlets are around that replace the command-line tools that we've covered. Is there a PowerShell cmdlet that covers every one? Let us all know on the discussion page in the Pluralsight web player.
-
For Further Learning
For further learning I want you to check out my colleague and friend, Michael Bender's course, PowerShell: Getting Started. It's a beginner's course that assumes no previous scripting or PowerShell experience, it's a great introduction. Ed Liberman in his old CompTIA course Part 4 - Operating Systems, he covers a lot of the same ground we did at the tail end of the 901 learning path and the very beginning of the 902 when we covered operating system features and tools, but I've said it before, I'll say it again, sometimes it's useful to get another instructors take on the same subject matter.
-
Summary
In summary, not every one of these utilities has a PowerShell equivalent, I guess I'm letting the cat out of the bag there. That's not to excuse you from doing those homework assignments though, know that. I imagine in time eventually you'll have almost 100% coverage, but you have to understand Microsoft's perspective, they have so many product teams and like any huge organization, not every one of those teams has the same exact level of adoption of Windows PowerShell. Scripting knowledge in general is going to be a very big differentiator for you in the IT world. If during your job interviews, you can do not only typically PC hardware troubleshooting and software troubleshooting, but you also know a bit about command shell scripting and PowerShell scripting, boy that adds tremendous value to any IT department, believe me. So that's it for this module. Thanks a lot for joining me in it. It's always a pleasure to teach you. In the next module we're going to pick up with Windows administrative utilities. Most of those utilities, you may or may not be happy to learn, are graphical user interfaces. Take good care, I'll see you then.
-
Windows Administrative Utilities
Overview
Hi there and welcome to Pluralsight. My name is Tim Warner and this module is entitled Windows Administrative Utilities. Our Pluralsight learning path for the CompTIA A+ 220-902 certification exam consists of a general introduction followed by courses that map to each respective content domain in the 220-902 test. Namely Windows operating systems, that's where we are right now, other operating systems like Linux and Mac OS 10, security, software troubleshooting, and operational procedures. Within our operating systems course we start with Windows features and requirements, Windows installation, command-line tools, we're in module 4 right now concerned with administrative utilities, then we have modules on Control Panel, networking, and maintenance procedures. Seven modules in all. Well judging by the title of this module you know we're going to talk about administrative utilities, so we're talking about programs built into Windows that are normally outside the reach of the standard user. In the previous module where we talked about command-line tools and a little bit about administrative scripting, actually a lot about administrative scripting, we mentioned that you'll want to have administrative credentials either on just an individual computer by computer basis or across the network in order to make sure you don't run into permission problems. We're going to introduce you to the built in administrative tools in current versions of Windows. We'll also cover some of the ground that we've covered thus far. There's always quite a bit of overlap in the CompTIA objectives on disk management, and then we'll round things out with system utilities. These are going to be tools that are intended for keeping up the maintenance of the operating system, but still should be run by administrators. Let's get started.
-
Meanwhile, in the Real World
Meanwhile in the real world, you may be asked in your business by a customer, by a client, someone who has aspirations of fully managing their system in other words, hey I've upgraded my system from Windows 7 to Windows 8.1 and I can no longer see my administrative tools folder because I no longer have a Start menu, where did they go? How do I get to the administrative tools in Windows 8.1? Another question, maybe by a fellow IT staffer or some other person who's new to information technology, can I create my own administrative utilities and I'll add to this question, even if I'm not a programmer? Well the questions are kind of leading. I think every one I've asked you so far in this entire learning path has yes, I'll have to think of a real world question that has no as an answer. Anyway, let's proceed. Our CompTIA A+ 220-902 objective here is 1.4 that states, given a scenario, use appropriate Microsoft operating system features and tools. This module is going to be somewhat of a departure in structure from the previous ones in this course, namely, I'm taking an entirely demo role here because I think the best way for you to be able to identify and differentiate these different administrative tools, disk tools, and system utilities, is to actually see them in context. So we'll be working in Windows 7 and Windows 8.1.
-
Demo 1: Administrative Tools
And to get this party started, let's begin with administrative tools. Here we are on a Windows 7 computer, on which, let me click the Start button, I'm logged on as a standard user account named Tim. Now how do I know that I'm a standard user account? Administrative accounts in Windows don't have special asterisks following the username or anything special, that's actually a good thing from a security standpoint. But anyway, because we have the traditional Start menu here, we can control whether the administrative tools show up on the menu or not. We can right click the Start menu, make sure it's an unoccupied area of it, and select Properties. This is a shortcut way to open up the Taskbar and Start Menu Properties Control Panel and on the Start menu page we'll click Customize and then in here the two things that I almost always turn on, on my systems anyway, let me scroll down, are the run command and also adjusting the system administrative tools. I'm going to display it on the All Programs Menu. It looks like it was already set for that, but you need to know where to find this option. So now you'll notice that I have Run available to me. Run is a great way to open up system utilities and administrative utilities. As a matter of fact, I generally use the key combination, Windows key + R, and then type what I'm looking for, it could be maybe the Computer Management console, which is compmgmt.msc, and then the Computer Management console in client versions of Windows is a great one stop shop. You'll notice here that we have a whole bunch of system tools built right in as we do the Disk Management console. You can also get to your services. So that's pretty cool. But you may be a little disturbed in that a normal user, I'm not a machine, a computer administrator here, I'm not an Active Directory domain administrator, that I can open up all programs and get to the Administrative Tools folder. Let me actually right click and choose Open from the shortcut menu, that opened up Administrative Tools from Programs, which I specified I didn't want to see. So let me come and open all programs again, right click Administrative Tools, and let's do Open all users, there we go. Now let me change the view so these icons are easier for you to see, I just opened up the View menu and chose medium icons. From the looks of it, these all do specific administrative level operations. Let's just take it from left to right, shall we? Component Services, what is that? Well Component Services gives us access to older application and network application configuration. The bottom line is, unless you're a software developer, you'll really never need to come in here and change anything, especially now that we have the .NET framework and current generation networking protocols. I've had to go in and adjust a setting here only a couple times in my career and that was with Microsoft helping me after I filed a support ticket. Computer Management is, as I said, an administrative tool that's awfully handy because it serves as, like I said, a one stop shop for some of the most common administrative subtools. Now this window that you see here with three panes, this tree pane on the left, this details pane in the middle, and this actions pane on the right is what's called Microsoft Management console, this has been around for a long time in Windows, especially business class Windows, and it's actually still used and still active, it's not going anywhere, it's a nice architecture actually because as I'm going to show you a little bit later, you can actually create your own custom MMC consoles if you want to. But basically, pretty soon I'm going to need to elevate to an administrator because we're going to start running into issues here where I don't have the privilege or permission to look at some data. You'll find that in a business network, I'm kind of ramping our content up here and kind of trying to focus it a lit bit. As an administrator you probably don't want your standard users horsing around with really any of the administrative or system tools, so you'll want to look at ways to just hide them literally. You can use group policy in an Active Directory network to literally hide them and put the controls out of the user's reach. What you're seeing here is just default behavior built into Windows 7 and, again, I'm a little surprised how much I'm able to see as a standard user. I guess security log information would be considered a little too sensitive. Notice that it says Event Viewer cannot open the event log or custom view. In that case, I would have to elevate my credentials using user account control. So let me try that again. Let me right click this time the Event Viewer console shortcut and I'm going to right click and choose the user account control, run as administrator. I'm prompted for credentials. Now this Windows 7 box is a member of an Active Directory domain, so I'm going to authenticate as domain administrator. Now I should be able to see absolutely everything in my Windows logs, yep I can, including the security elements. Now in these MMC consoles what I habitually do, and again, your mileage may vary here, is that I find the actions pane robs me of screen real estate that I like to use, so you'll notice that you can show or hide the left or right panes. I normally turn the right pane off on my system. Data sources is pretty useful actually if you're connecting to network databases. ODBC is the name of a standard called open database connectivity and it provides an interface to connect a client computer, like the one we're on, to a data source that might be a SQL Server or an Oracle Server or a MySQL Server somewhere else on the network. You may need to create an ODBC data source using this control panel in specific instances. iSCSI, I can't even open it without providing administrative credentials, is the client side of the SCSI over IP protocol, which we talk about a lot in the 220-901 learning path, essentially you use the iSCSI initiator to connect to disk storage located elsewhere on the network and you can mount those disk volumes on the local box as if it's local storage, it's pretty cool. Local security policy, again, I'm running into all sorts of problems. I'll tell you what I'm going to do, I'm going to quickly, from the Start menu here, log off and we're going to log on as an administrator so we can see the stuff. Now I was last logged on as a local user, so let me switch user, go to other user, and you notice, again, this is a troubleshooting issue, as soon as I typed administrator the logon to switched out of the domain and back to the machine, it's kind of annoying. I mean, administrator is a bad example because there is an administrator default account both in the domain as well as on the local computer, so what you can do is put the domain name\account name to make sure you're logging on with the correct credential. So I'll put in the password. We'll log on in here and let's go looking up those administrative tools again. Nope, looks like they're not on the Start menu, are they? So we know the deal here, we can go through this Taskbar and Start menu properties, come down to administrative tools, I'm going to display them on all programs and the Start menu this time. Let's click administrative tools, right click Open, and now we're back in business, right. Now what haven't we looked at? Local security policy, like I said, is where you're looking at the computer's own group policy settings focused specifically on network and security settings. Things like how many times a password can be incorrectly put in before an account is locked out, what software is not allowed on the computer, and so on.
-
Demo 2: More Administrative Tools
Perf mon or performance monitor is an excellent tool for viewing real time system statistics, your memory, your network interface, your storage, your CPU. You can load that data, you can see it live, that's what the performance monitor is, or you could create what are called data collector sets and run system performance baselines. Excellent for troubleshooting system performance. Print management is an MMC console that allows you to manage one or more printer queues that are available or being hosted on the local server. Now print management, in my experience, is best used and most often used on dedicated print servers that run a Windows Server version. Services, also called the service control manager, this is where you go to manage the services, the applications, the processes that run in the background and support larger applications. For instance, Bluetooth capability on this machine comes to us through the Bluetooth support service and if we double left click, we can set the service to startup automatically every time we log on, manual, which means that an application can start it automatically or you can come in and click Start yourself or through PowerShell you can do it, or for security performance tuning reasons, you might find some services that you know you're not going to need and you're going to actually administratively disable them. It's all well and good for us to do this on a computer by computer basis, but in a network you absolutely want to use group policy to customize all of this stuff. System configuration opens up msconfig, we've looked at msconfig in the tail end of the 220-901 learning path. This is where you can modify how the machine starts for diagnostic purposes. System config, or msconfig, also allows you to do some basic service management, just basically enabling or disabling services, items, programs that are set to start up automatically that normally run down here in the notification area, can turn those on or off, and this is actually more useful than at first blush it appears. It gives you quick access to other administrative utilities, some of which are in the formal administrative tools folder that we've seen here. Task scheduler is the way we can, and application we install can, create jobs, run procedures. They could be simple basic tasks or they could involve multiple steps and then have those procedures run on a schedule. For instance, you might want to schedule a defragment operation on your hard disks to occur 2:00 AM every morning or at least maybe once a week. Windows firewall with advanced security is the advanced view of the traditional Windows firewall. You'll notice here it uses, again, that Microsoft management console or MMC, and there's an option here right on the main pane called Windows firewall properties and this allows you to just specify, depending upon how your computer is connected, whether the firewall is turned on and off and how it's handling, by default, unsolicited inbound connections or outbound connections, and you can see here in this case, I'm actually not able to turn some of these options on or off and this information bar says, for your security some settings are controlled by group policy. So even though I'm an administrator, I still have some controls out of my view because at a higher level in the domain, I've made changes. Now the advanced security can be really complicated because you're dealing with individual inbound or outbound access rules. What you might find easier, at least when you're getting started with Windows firewall, is to open up the Control Panel and use the Windows Firewall Control Panel item. This should look familiar to you. And again, Windows 7, Windows 8 applies different firewall rules depending upon whether you're connected to an Active Directory domain, whether you're on a more trusted network, like a home network or a work network, or if you're out in an airport or coffee shop and you're connected to an untrusted public network, you see, we can go to this user account controlled option to globally turn firewall on or off. Again, those settings are managed in group policy. And you can even allow a program or feature through Windows firewall. The Windows Firewall Control Panel has these predefined rules for common programs and features and when you install additional software, you should find that additional software shows up on the list. In a business network you might have no other choice but to actually create a new rule from scratch and that rule can be mapped to an application, to ports, to IP addresses, and it can be inbound and/or outbound. That having been said, you do have a huge library of predefined firewall rules at your disposal. Okay, and then finally we have Windows memory diagnostic. You'd run this if the system you're troubleshooting is spontaneously freezing or in a reboot cycle and you suspect there may be something wrong with the RAM, maybe the user just performed an upgrade and you suspect that they have some kind of RAM mismatch or misconfiguration. The deal with Windows memory diagnostic, as you can see, you can't be in Windows to run it. You have to restart the computer into the Windows recovery environment or WinRE as it's called. So that's it as far as your introduction to administrative tools. The last thing I'll say is in Windows 8.1, remember that we don't have a Start menu, so at first blush even if you open up File Explorer, you're thinking to yourself where the heck did the administrative tools go? One thing you can do is click the Start button and just type administrative tools and we see here a link that appears and does in fact pop open the appropriate folder. Now ways that you can make this folder surfaced in Windows a little bit more, let's see, let me use the Back button here, maybe if we right click the icon in the Control Panel's list, we have an option Pint to Start, let's see if that allows us to get where we need to go. Well let's check out the Start screen, are we seeing it? Yep, we see it way over on the right hand side, it's pinned to the Start screen and there you have it. Before we end this demo, really quickly, let's just see if there's any new administrative tools in Windows 8.1 that we didn't see in Windows 7. Most of them are the same. You'll notice that the performance monitor and the resource monitor are now separated into two separate tools. We have a disk cleanup shortcut, basically allows you to clean up cache files and temporary files. There is an item to get to your defragment and optimize drives window that we talked about in the 220-901 learning path, and we have entries for the Windows PowerShell integrated scripting environment, both the 32-bit version, that's x86, and the 64-bit version.
-
Demo 3: Disk Management Tools
Next up, let's look at disk management tools. Okay what are the various and sundry ways that we can modify disks in Windows? What I normally do is bring up the Run box, that would right click the Start button in Windows 8.1 and go to Run or Windows key + R. Fortunately I'm logged onto this Windows 8.1 machine as an administrator, so I'm going to automatically or automagically, depending on how you like to use the language, open the tool up as an administrator. Diskmgmt.msc and this is our go to utility in Windows. You'll notice that up on top it gives you a volume list. Just looking at the top here is very similar to being in File Explorer looking at the This PC node. We see a C drive, we see our optical drive, D drive has some version of Windows, the DVD installed, drive E is a data drive that's empty, and we have a drive mapping that goes out to the network that does not appear in disk management. Disk management is only going to show local volumes. Now just looking at the volumes, you don't know, for instance, if C and E are on separate physical disks or if they're just volumes on the same disk, so if we come down to the bottom part, we can physically see we do have two separate disks, one using the basic structure, the other using dynamic, and we've created a volume here called DATA1 that uses the NTFS file system and is healthy. We see that on our boot disk, Disk 0, we have the requisite system reserved partition that, note, we cannot open unfortunately. You actually have to do some hacking to get to the boot configuration database in your UAFI firmware files that are on there, that partition is hidden by default, of course, and then we have our C drive that contains our boot file, our virtual memory page file, our crash dump file if we have memory contents dumping enabled, and the primary partition means that it's our bootable volume. We have a new stranger in town or as the Eagles sang, the new kid in town, basically a disk and it's showing up as Disk 2. This would be a case where you've shut down the computer and installed a new internal hard drive and let's assume that it's 60 GB, which it says it is, and it's blank. It hasn't been formatted, hasn't been partitioned, it's just unallocated space. Now in order to bring this disk online we have to initialize it, so let's right click it's header and click Initialize Disk. We're asked to do either MBR or GPT, we've talked about that earlier in the course. The disk in online, but there's nothing being used here of this 60 GB, so why don't we go ahead and create a small simple volume accepting most of the defaults here. Actually I'm going to back up and make this 5000 MB, which is about 5 GB. You can always change your drive letters, you want to be a little bit careful in doing that because you don't want to mess with drive mappings, network drive mappings that may have been made by a system administrator. I'll just call it EXTEND and do a quick format just to get this down here. If we needed or wanted to change this drive E to something else, maybe it was stepping on a drive mapping that needed drive E, we can right click and go to Change Drive Letter and Paths, click Change, now it's only going to give us letters that haven't been used. Notice that we go A, B, E, because C is already defined. Let's make this drive J, click OK. It warns us that some programs that rely on a static drive mapping or a drive letter might not run correctly. So you only want to change drive letters when you absolutely have to. I have had to in some cases, like I say. Now one of the neat things you can do with dynamic disks that you can't do with basic is do things like extending partitions, shrinking partitions, and doing software based RAID. So what we could do, for instance, is, well first of all, let's right click Disk 2 and make it a dynamic disk, and we're going to convert it. It warns us that if we convert the disk to dynamic, we won't be able to start an OS from the disk, except the current boot volume. Well that's fine, we're all set with our boot disk.
-
Demo 4: Working with Dynamic Disks
What we're going to do here, some of the neat things we can do with dynamic disks are, if we right click, we can extend or shrink volumes, adding the mirror means adding a RAID 1 partner, but extend means you might have a user who has applications that are configured, like Photoshop for instance, maybe is looking on the J drive as it's scratch directory, it's workspace, but the J volume is getting really full up and you're wondering, okay well we have a second disk, it is possible that we extend the volume to give it more space? The answer to that is yes, as long as it's a dynamic disk. So let's right click, go to Extend, it kicks off a little wizard here. We're going to want to bring over Disk 2, aren't we? Add that in there, determine how much space we're going to extend by, and click Finish. So now you'll notice that are J drive fills the rest of its space and now spills over to a second disk. If I seem a little awkward working through this it's because I've used this capability in industry less than five times, I would say, and I've been in the industry a pretty good length of time, since 1997. I don't trust just this extension, this volume extension because if something happens to one of the members of the set, you lose all of your data and when I'm working with users and their data is being stored on their local hard drives, I don't take those kind of chances, you see. Instead, if I'm going to use a dynamic disk feature in Windows, it'll be a RAID 1 or a RAID 5 array instead. Final thing about disks before we leave is storage spaces, let me again to the Start screen and type storage spaces and if we click that item, storage spaces is really the next generation of dynamic disks. As it tells you here, it says a storage space allows us to save files on multiple drives to protect us against a drive failure and we can also easily add more drives if we're running low. So like I just showed you that way to just clumsily extend a dynamic disk has been replaced by this newer feature called storage spaces. And notice, again, with the shield, you have to be an administrator to do this. And essentially you start with just unallocated space, which I don't actually have any left of on this system, but you throw unallocated, unformatted, unpartitioned space into storage spaces and it becomes what's called a storage pool and then from that pool you can start to build out volumes or data arrays. Now I guess I could go back to disk management and delete partitions, maybe split them into smaller chunks, but I think the point is made here. So we'll end the demo here and proceed along our trolley ride through Windows administrative tools.
-
Demo 5: System Utilities
Let's now enter the home stretch by taking a look at system utilities. We'll do this operation in Windows 7 and Windows 8.1. I'm in Windows 7 again. I tend to run system utilities, which really is a specialized from of administrative tool, from the Run box. The Registry Editor, or regedit, is not surfaced graphically. You have to know to type regedit at a command prompt or at the run prompt because it's possible to do some significant damage to the system if you're modifying registry, keys, and values without knowing what you're doing. Basically the registry is a database that tracks all of the computer settings, that would be HKEY_LOCAL_MACHINE and its contents, and then the user specific settings, the current logged on user settings stored in HKEY_CURRENT_USER, which is actually just part of the larger registry subtree called HKEY_USERS. Registry is still, even in 2015/2016, a daily task of the system's administrator. You'll want to check the Pluralsight library, do a search for Windows registry or register or registry editor or regedit to expand your learning there. Command is command.com. Let me see if I can actually run this from the run prompt. Nope, couldn't even find it. This is a really old school, 16-bit command interpreter that historically was included in older version of Windows, like Windows 98, Windows Vista, in order to maintain backward compatibility with old MS-DOS programs. I'm not even seeing command.com in here actually. The closest we can get is conhost.exe, which is the parent process of both command.exe and PowerShell.exe. Frankly I don't know why CompTIA has command.com on the objectives. We've looked at the service control manager, you can start that from administrative tools or from a command prompt services.msc. Notepad is your good old friendly, basic, plain text editor in Windows. I like it because it doesn't add any additional formatting to the text. You wouldn't want to modify configuration files in say Microsoft Word. Explorer or File Explorer is this traditional interface that you see here. Of course, you can always start Explorer from the run prompt, same thing, just moving through the file system. Explorer is also the name of the root process in Windows and I've found that if the user's desktop is all hosed up, like one of those cases where you see the dialogue box and when the user moves it around it just repeats 1000 times, it's a pretty scary thing when that happens. You can use Ctrl+Shift+Esc to open task manager or we can right click the Taskbar to start Task Manager and you can try to stop the stuck process here. Let me bring up a process, actually let me bring up an instance of Notepad. And your first line of defense would be to use End Task here that in this case works just fine, but that doesn't always work. You may have to go to the Processes tab, find the appropriate process, right click and you can actually end the entire process tree that will immediately kill that process and any dependent processes, you see. This is a pretty powerful interface here, especially when you're interested in troubleshooting malware, and like I said, stuck processes. The Services tab in Windows 7 gives you some basic information, although it's pretty darn cryptic, it gives you the actual executable name of the services instead of a friendly name here. I guess we could look at the description. We can do starts and stops by right clicking. If we click Services, it'll actually open up the Service Control Manager. Performance gives us hardware baselines, real-time stats regarding CPU and memory, one click access to resource monitor here. Networking gives us stats. This is useful for doing basic network troubleshooting, to see if a system may have been compromised by malware, you'd see a lot of activity on the Networking tab even though you know that the user is not consciously using the network very much. And then we have a list of connected users, even desktop Windows versions, like Windows 7 and Windows 8.1 can have multiple connections by using, for instance, something called remote desktop. Again, if we go to the Run button and type mstsc, that stands for Microsoft Terminal Services Console, this is a shortcut way to open the Remote Desktop Connection, and as long as your network is configured properly and that you have access permissions on the remote machine, you can actually open up a view of the full Windows desktop on that remote system. Of course, Windows PowerShell remoting tries to make that less important.
-
Demo 6: More System Utilities
Before I forget, let's go over to Windows 8.1 and bring up the Task Manager because it looks quite different. At first blush you see a very simple view here of running apps, like if I open an instance of IE, for instance, Internet Explorer, I can see it and end the task. More details greatly expands the view, where we have on our Processes tab the ability to drill in to sub-processes and see what their stats are, you can actually sort to say, for instance, which process is consuming the most CPU memory, disk, or network resources. The Performance view is also easier to read. App history shows over time resource usage for your universal apps, the Windows 8, Windows 10 full screen experience apps. We have a little bit more ability to modify startup programs from Task Manager than we did in Windows 7. We have the Users tab. Details is a tremendous amount of information regarding your processes. And Services, I find it interesting and I like the fact that you can search online for a service, because I know many, many times when I'm troubleshooting malware in particular, I'll see a service that doesn't look familiar to me and I'll want to go to Google and do a search on the name, this just makes it a little bit easier to do. Now defrag, the way you get to that tool is going to depend a little bit, we can type defrag and in Windows 8.1 we have this defragment and optimize your drives that allows you to do defrags as well as solid state trim optimization. Let me go back to Windows 7, DirectX has long in Microsoft-land and Windows-land been the way that Windows is able to adapt to different high performance video cards. If you're a gamer, then I'm sure you've heard of DirectX. Dxdiag is a diagnostic tool that can take a look at your DirectX files, make sure in this case it's asking, do you want to check if they're digitally signed? In other words that they've come from Microsoft and not from maybe a potentially untrusted third party. Dxdiag, DirectX diagnostic tool, is useful for the diagnostics that it performs, but in my experience I'll often use it just to get a quick system information picture of what's happening on the machine, what kind of drivers and statistics are happening with the graphics adapter and the sound system. Really DirectX isn't just video, it deals with supporting all multimedia in Windows. System restore has been part of Windows for a long time and system restore is a tool that will, by default, take a snapshot of your system configuration every time the machine starts or when you install a new application. The system restore recovery tool that we're looking at right now allows us to choose a restore point. Again, I didn't create these restore points manually, but it looks like at 8:57 AM on the 12th of October after doing a Windows update installation, Windows decided to take a system restore point there and then a little before 11 I installed a Windows PowerShell module, and those are potentially significant events, so if I found, for instance, that my installing the package management has caused system instability, I can choose to roll back to a previous system configuration. Now the thing to keep in mind about system restore is that it does consume space on the disk. So in Control Panel, let me do a search. We can go to create a restore point that opens up the System Control Panel, System Protection page, this allows us to determine what drives are being monitored. And you'll find that sometimes you'll look at a user's system and they have system restore protecting drives that aren't operating system or program drives, so you can come in and turn off system protection on non-OS volumes and so on. Windows update, that's everybody's friend, let's come into large icon view. The look and feel is pretty consistent through Windows 7 and Windows 8.1. Again the settings may be configured centrally by domain administrators and group policy, otherwise the user can choose how they want to handle that. Microsoft of late, with Windows 10, is moving to a much more agile structure in terms of much more frequent Windows updates. Normally Microsoft is on a monthly release cycle, the second Tuesday of every month, we IT administrators call that patch Tuesday and we can prepare about that. Alright, to finish out, I wanted to show you three web pages. I give you these URLs in the course notes. To cover tools that we've already discussed previously, but I'm mentioned them here for completeness to make sure I cover every single bullet point in the CompTIA outline. The Upgrade Assistant is a free downloadable tool, it's going to be perversion, so if we, for instance, are considering upgrading Windows 7 to Windows 8.1, we'll download the Windows 8.1 Upgrade Assistant. If we want to upgrade Windows 7 or Windows 8.1 to Windows 10, we'll run the Windows 10 Upgrade Assistant. Now the Upgrade Assistant used to be called the Upgrade Advisor, but it's the same thing. It's a small desktop app that probes the hardware and software and drivers on your machine and flags you of any potential problems before you run an operating system upgrade. In business we'll use the User State Migration Tool. These are not graphical utilities, there's scan state and load state. They're command-line tools with a really wonky syntax, as we've come to expect, that allow you to migrate user files and settings from computer to computer. Now on the consumer side, Microsoft recommends using Windows easy transfer, that's been around in Windows forever. To demonstrate that I'll come back to Windows 7, type easy transfer in the Start box, and we can select it from the list. This is a much more end user friendly front end to the user state migration tools. Notice that the way that you transfer the items is pretty flexible. You buy what's called an easy transfer cable that's essentially a double headed USB cable that has some logic in the middle here that's what you're paying for, the ability to do a peer to peer, computer to computer direct connect. You also can use TCP/IP networking or perhaps most commonly an external hard disk to migrate the data. And there you have it.
-
Back to the Real World
Back in the real world, where are the administrative tools in Windows 8? Well we want to check the Start screen because we don't have a Start menu by default. We want to look into group policy and see that the administrative tools haven't been administratively hidden and disabled, or we can use MMC. Something I didn't show you here, but will show you ultimately in this learning path is how to create your own MMC custom consoles. MMC, recall, stands for Microsoft Management Console, and these are the graphical utilities into which you can load the specific administrative and system tools that we looked at in this module. Can I create my own admin utilities? Well I think we just answered that. We can use the MMC framework. We don't have to be a programmer at all.
-
Homework
For homework, my challenge is that in your virtualized lab environment, and you have created your virtual lab, right? Using Hyper-V or VMware or Oracle VirtualBox with your evaluation versions of Windows. In those pieces of software, you can create as many virtual hard disks as you want. Those virtual hard disks are simply files in the file system of your hardware host computer. And the beauty there is that you can practice your skills by building partitions, first you'd initialize disks, then you would choose basic or dynamic, and then you would create your partitions in your volumes and go from there. Another challenge, I want you to figure out using research and the Pluralsight library how to create additional user accounts on your test computers. I'd like you to create both an admin and a standard user. I'm not assuming a domain here, these would be local accounts on a particular virtual machine and then I want you to run the administrative tools as either, to get a feel for that differentiation between running as a standard user versus running as an administrator.
-
For Further Learning
For further learning please look at Darren Mar-Elia's course on Group Policy Fundamentals. He covers, he's like the group policy guy as far as I'm concerned. He's a fantastic person and a great teacher. Look at the module "Group Policy's Capabilities." He gets way deep in the content, this one, Group Policies Capabilities, is the second module, so I think you can really derive a lot of good value from it. Secondly, Mike Halsey's Windows 10 Client Administration. I want to just put the bird in your ear that although Windows 10 isn't on the A+ exam objectives, you do need, for your industry success, need to know how to apply everything you've been learning to Windows 10.
-
Summary
In summary, administrative delegation is a big deal for Microsoft and what that means is instead of you being the administrator and then when you take a vacation the network goes to pot, instead an IT department should have delegation in place such that maybe not all the keys to the kingdom are given to every IT staff member, but if you're maybe new on the team you can be delegated control of some things, but prevented access to other things. In fact, the latest version f administrative delegation in Windows Server and Windows networking is called Just Enough Administration or JEA and it's a way to apply administrative delegation and the IT security principal of least privilege to, you guessed it, Windows PowerShell remoting. I also want you to consider, research, I should have put this under homework really, but look into how to build a custom MMC console that maybe contains only a couple tools that you use all the time. In an administrative delegation scenario, you can actually create specialized MMC consoles called task pads that give a very limited number of tasks that maybe a help desk professional can use and keep the big, high impact tasks available only to the experienced global administrators. In the next module we will still stay with system configuration, but we're going to focus in tightly on Control Panel utilities specifically. Thanks a lot for your participation. I look forward to seeing you then.
-
Windows Control Panel
Overview
Hello there and welcome to Pluralsight. Tim Warner here welcoming you to the module entitled Windows Control Panel. Very briefly, as is our custom, let me walk you through our Pluralsight learning path for the CompTIA A+ 220-902 certification exam. The first course isn't found in the exam objectives, but we always include an introduction to set expectations, define who CompTIA, study tips for the test, and so forth. We're in the first content course dealing with Windows operating system version specifically, after which we'll spend quite a bit of time on other operating systems, moving onto security, software troubleshooting, and operational procedures. We have seven modules in the Windows Operating Systems course. The first module was Windows features and requirements, then Windows installation, command-line tools, Windows administrative utilities, today we're doing Control Panel, then there is Windows networking, and common maintenance procedures. The idea here is that by the time you finish this course, you not only will be prepared to pass and answer correctly any related questions on your 220-902 exam, but you also are well on your way to being a true Windows power user if you're not already one. Now CompTIA, if you look at their blueprint for 220-902, for this objective they give a big old laundry list of Control Panel items. Now Control Panel items are certainly central to our work as Windows administrators and repair technicians, but what I've done is that I've separated them into three related groups to make them a little bit more user friendly to approach. We'll start with a demo showing you the hardware related Control Panel utilities, then we'll do networking, and then we'll do system.
-
Meanwhile, in the Real World
Meanwhile in the real world, I have a couple questions that you're probably not going to get from an end user or a retail customer, but instead you may find if you do a technical interview with a company that you're interested in working for. Normally in IT you have your traditional interviews where you're asked about your background and there's an evaluation of your personality and what kind of fit you might be for a company, but the company is also going to need to assess how much raw tech you understand. How would you answer the question, for instance, can I open Control Panel items from PowerShell? That's a question that's going to separate those who really know both GUI tools and PowerShell from those who don't. Another question, perhaps more advanced, is, how is the Control Panel related to the Windows Registry? This question requires that you understand that relationship. Pay attention to those questions, keep them in your mind as we work through the material, and we'll answer them at the end as usual. Our CompTIA A+ 220-902 objective here is 1.5 that very simply states that given a scenario, use Windows Control Panel utilities.
-
Control Panel Introduction
I'm going to use a demo format here, like we did in the previous module, I think it's the best way to just get into the material. Before we do that, I want to show you just a little bit of history. The Control Panel has been the user front end for manipulating system settings since the early versions of Windows. For instance, what you're seeing on your screen right now is the Control Panel folder as it appeared in Windows 3.1. Now this is way back when in the early 1990s when Windows wasn't a separate operating system, but instead was just a graphical layer that ran on top of MS-DOS. Windows 95 was the first true version of Windows and even that had some dependencies on MS-DOS, but what you see here with the Windows 95 Control Panel carries forward even now to 2015 and 2016. Now, let's start that demo. I'm on a Windows 8.1 computer that is not joined to an Active Directory domain. We also have a Windows 7 computer that I've intentionally taken out of the domain and placed in a peer to peer work group, you'll see why in just a moment. Now about those Control Panels, this first collection we're looking at deal with networking options. You might be thinking, Tim, why are you showing me a Windows PowerShell prompt when we're here to talk about Control Panel? Well that's a good question. Here's the deal, I'm using up arrow to move back through my command history. If you're looking for a PowerShell command use Get-Command, and there's a parameter called Noun that you can pass in a keyword surrounded by asterisks to catch all instances of, in this case, cmdlets that involve the word controlpanel, and you'll see that there's two, Get and Show. So if I do Get-ControlPanelItem, it's going to give me a list of all of the Control Panel items, logically enough right, that are available on the system. So the other cmdlet, Show-ControlPanelItem allows us to specify a name, so if we wanted system, for instance, we can just type System. If we wanted work folders, we would just type the name exactly as it appears. Now if you're going to type a name that has space in it, make sure to use your single quotes. You can use double quotes, best practice in PowerShell is to use single quotes by default. So let me go back to my original item here, System, and that will launch the Control Panel item, so there is overlap here. You can really do it all with Windows PowerShell. Now by opening the System Control Panel, if we look at the navigation up here, this is what's called a bread crumb navigation, where we can move back and forth through the file system, or in this case Control Panel hierarchy, by clicking items in there, so we have all Control Panel items, for instance, and as we've talked about before, let me double left click the title bar to expand the window, we can view the icons either large or small or if you're one of the few and you like to see the Control Panel items pre-categorized for you, why that's perfectly okay. Now Internet Options is the first Control Panel we're going to look at, right here. Now this is the Internet Properties/Internet Options dialogue box. If it looks familiar you may have seen it in the Internet Explorer web browser, let me open the gear menu here, this, by the way, let me go to About Internet Explorer, is Internet Explorer 11, but if we go to Internet Options, sure enough we see the same exact item, it's just a shortcut way to open this Control Panel and what I'm going to do is just walk you through the major options on each page in these Control Panels. The General page here allows us to set a home page, determine how the browser is going to start, from a maintenance standpoint, you want to understand the browsing history business here. The fact that you can dump, when you're troubleshooting issues especially, all of the caches used by the browser. Remember, when a user is using a browser, they're downloading every asset that they hit on each web page, so you can customize the temporary internet file cache size, how many days worth of browsing history to keep in the history, and so on, and then if we hit Delete, later versions of Internet Explorer allow you to pick and choose. For instance, I typically do not delete passwords or form data because I personally, at least on my trusted computers, am fine with having some of my credentials stored within the browser, it just makes for a more convenient browsing experience if nothing else. The security page is important because it determines how restrictive or permissions Internet Explorer is with things like browser helper objects or ActiveX controls. Basically, code that's coming down from websites to the local computer and running on the client side. So trusted sites has, it looks like a medium level, local internet would be much more trusted because it's your business. Internet should be relatively strict in terms of what it allows to run. And then of course there's restricted sites that you can browse to, but the security level is going to be very high. And notice that you can come in specifically and adjust the settings for all the different kinds of downloadable items. Just as a quick aside, Microsoft has a new version of the browser called Edge, it's a complete rewrite of Internet Explorer, it really isn't Internet Explorer, it's a new browser, and it actually doesn't allow anything like ActiveX controls and browser helper objects, that's going to inherently improve the stability of the browser. The Privacy tab is where you can customize cookies. Remember that HTTP cookies are just, I'll tell you if you don't already know, are tiny little text files, they generally don't contain personally identifiable information, but can be used to track your browsing history across sites, so we can mix settings there, there's pop up blocker built in. You might need to create exceptions or white list entries if you're users are getting blocked access to sites that use popup windows, but you know that they're okay. Essentially as I'm buzzing you through all of these pages, I just want to draw your attention to the options that you're most likely to work with with your customers when you're doing desktop support. On the Content page, you can view the certificate store. When the user is accessing e-commerce sites that use HTTPS, in order to note generate those nasty looking browser errors, you want to make sure that your users are hitting sites that are trusted and have certificates issued to them by a trusted root certification authority. AutoComplete is just to help the user out. If you're in a higher security environment, you'll want to use group policy or some other centralized management solution to restrict the kind of data that is allowed to be cached on the user's computer. Connections is where you can add dialup or VPN connections. Normally this is handled centrally in any business network, same with the LAN settings. If, for instance, your business uses a transparent proxy server, you may not even have to specify its IP address, otherwise you may have to, but you want to be careful. I once worked in a private high school in Nashville and the students learned pretty quickly that they weren't able to access social media sites because we were forcing them to go through a proxy server that we had on the edge of our network and they would just simply either uncheck this option or put in a public proxy server out on the internet and try to pipeline through that. So by centrally managing these controls, or even better using a transparent proxy server that's setting is not hard coded in here, you can get a better fix and better control over internet usage in your organization. Programs is where you can customize file associations and when you're opening different kinds of files, how do you want Internet Explorer to handle those links? Manage Add-ons is pretty cool, this is where you can customize the search providers and the other add-ons. I've never personally messed with these accelerators much, I find them to be annoying and a system resource strain more than anything else. Your mileage may vary. The tracking protection, again, it's been part of IE for awhile, I think it's pretty good. It gives you some additional controls to request that websites don't track you. Toolbars and extensions is where you can really see some system slowdown when end users who are not technically proficient are clicking around and they really should be more careful. That's an education issue. And then finally, the Advanced page gives you a whole bunch of granular options, some of them are very developer centric or web designer centric, but you may find in troubleshooting you have to turn on or turn off one of those options.
-
Network-related Control Panel Items
Next we have the Network and Sharing Center, right over here. This allows you, as you would expect, to see what the current networking setup is on that computer. You'll see, for instance, that my active network is with a DNS domain called company.pri, but I'm not part of an Active Directory domain. If you have internet access, that'll show. Sometimes you actually see an interactive picture that shows your computer in relation to other discovered hosts on your network. What I use in Network and Sharing Center isn't so much this graphical stuff, but I'll go into change adapter settings because this is really what I want to get to. Let me minimize this back window. And I think I've shown you the shortcut before, you can do a Windows key + R to type ncpa.cpl, each of those Control Panel programs has a discrete file name, it's a cpl file, .cpl. Look in the course notes because I give you a link that shows you the short name of every Control Panel item, so you can just start them very quickly and conveniently, but this is really what I'm most interested in as a support professional, what's going on with the network interface cards. You can double left click and go to Details to look at everything from Mac address to IPv4 to IPv6 to DNS. If you want to actually adjust the properties, you can click Properties here and then depending upon whether you're working with IPv4 or IPv6, make configuration changes from there. Let's use the Back button to come back to our Control Panel. Windows firewall has two interfaces to it, we have this, the Control Panel version, where you have various administrative functions like making rule exceptions, I actually showed you this in the previous module, so I don't need to spend a lot of time on it, turn Windows firewall on or off. It looks like in this case I don't have anything set so if I click use recommended settings, of course it's going to turn on the firewall for each of my location profiles and then I can allow an app or feature through if I want to. The other way to do Windows firewall, you'll remember, is the advanced security MMC console. If I click Start and type advanced firewall, that should be enough, if I can spell it of course, that should be enough to get us where we need. Maybe not, let's see, how about I just type firewall. Nope it looks I might have to go through administrative tools, interesting. Well the objectives are just talking about Control Panel items, so I'm comfortable that I showed you the advanced firewall MMC console in the previous movie. Go back and watch the previous module if you're still unclear about that. As far as User Accounts, this is a separate Control Panel as you see here. This is what I call the end user interface, where in a family environment they may originally start with just a single administrative user and there's some options here to change the name of the account, change the type from standard to administrator. Now this is the only administrator, so it's not letting me go back to standard. And of course, you can create and manage user accounts from this interface. And that's fine, but you know what, I like to right click the Start button, go to Run and type compmgmt.msc, that opens the computer management MMC console and as long as you're running a non-home version of Windows 7, Windows 8, you can get access to computer management and it has a whole bunch of system tools that we covered in the previous module, but look here, local users and groups. This is a much more straightforward way, in my humble opinion, to manage users. You can create a user very quickly. I'll create one called Susan, put in a password, say the user doesn't have to change password in this case, and now I can just double left click and if I had other groups defined, besides just the built in users and administrators groups, I can associate with them and she can log on and that's all there is to it. Final thing, let me again come back to All Control Panel Items, is Home Group. The reason why I took these computers out of a domain is that domain networking is largely incompatible with homegroup. The homegroup function is a way to make it easier to set up file and printer sharing between computers in say a small office/home office network or an actual home network. Now there is some limitations here, you have to change your location options to make sure that you're in the private network profile, that's just simply answering the question yes to do I want resources on this computer to be accessible. After you've resolved your network card issue, we can go to choose what you want to share and out of the box it looks like it's going to share my pictures and videos and music, but not share my documents. It's not very granular, but the idea with homegroup is that it's not supposed to be because by definition you're sharing resources with other computers on your local area network and they're all with people you trust.
-
Managing Hardware with Control Panel
Back to Windows 8, huh. Let's look at managing hardware through Control Panel. Another way we can get to Control Panel is Windows key + X or right click the Start button in Windows 8.1 and select Control Panel from the shortcut menu. We have Devices and Printers. Now this gives in big, old, jumbo icon format a way to interact with detected hardware, again, in a user friendly way. What you're seeing here in Windows are layers of abstraction. We generally will have an interface that's meant to be as user friendly as possible. I mean, if this were a real printer instead of the Microsoft XPS virtual printer, it's pretty obvious to the end user, oh if I want to manage this I better maybe double left click it and look at the print queue and see what's going on, and if I open the printer menu, I have access to the printing preferences and so forth. But that generally isn't very fast or convenient for IT pros. So they'll be a second layer, more advanced interface. Check this out, Windows key + R or right click the Start button and go to Run, we can do devmgmt.msc to open Device Manager. This is a much more granular way to get to your managed devices, including print queues and drivers, in fact what I'd suggest you do is spend time in your Device Manager, right click the different items, the detected hardware and see what kind of options are available from the shortcut menu. Failing that you can go to the properties sheet and depending on the device, this one doesn't have a really robust interface for modifying drivers, this one's probably going to be a little bit better for the display adapter, yep, I've shown you this a few times over the course of our A+ learning paths. Power options is cool, let's come back to All Control Panel Items and go to Power Options. Let me see, remember I told you before, you can always come up here and just type a keyword, and there we go, Power Options. Now as I was saying though, you have the layers of interface, like with the hardware there's the end user interface, there was the device manager, ultimately though, what all Control Panels boil down to is the process, I'm opening up regedit, by the way, the Registry Editor, is managing and manipulating keys and values in the Windows Registry. Okay so the way I've historically defined Control Panel for students is that Control Panel is a candy coated front end to modify the Registry. Everything you do with the Control Panel GUI is actually manipulating values in the Registry. And you could go directly to the Registry and change values as opposed to going through Control Panel. Sometimes you have to in troubleshooting situations. You'll find your computer settings stored within the HKEY_LOCAL_MACHINE subtree, see we have drivers, hardware, security accounts manager, and security, system, installed software. User specific settings including, you'll notice here we have an entire suite of Control Panel folders, these settings will be changed per user. So let's say Joe and Jane were sharing this Windows 8.1 computer. Joe could change the desktop wallpaper here, I don't know offhand what the name of the Registry value is, but we're pretty darn close to where it is at any rate, but anyway Joe user can change his desktop wallpaper, log off, and when Jane logs in she's going to get her HKEY_CURRENT_USER loaded and she'll be able to make Control Panel preference changes that affect only here, you see what I mean? Now sometimes, because the Control Panel is a unified interface, you may be making changes that affect the entire system, so you have to do some research to separate what settings are per user and what settings are per computer.
-
More Control Panel-based Hardware Configuration
You'll find that there's built in power plans that serve as a way to balance performance on one hand and energy consumption on the other. The two basic ones are balanced and power saver. What I normally do is change the default, which is balanced on most versions of Windows, and you can customize when the display goes off after a period of inactivity, same with going to sleep. If we go to advanced power settings, this is where you can really get jiggy with it and look at time outs, if you want the hard disk to spin down after a certain number of minutes, whether you want to allow the computer to wake if it receives network traffic, all of that granular stuff is in here, and if you're tinking that that would be tedious to set for all of your user's computers, you're thinking along the right lines because the general practice is to use group policy or some other desktop management solution to do all that. Looks like I accidentally closed the window, so let's bring it back here. Sound, pretty self explanatory. You're going to need to have an audio card installed and the proper driver to even see anything here. There's going to be a tab for playback where you can adjust levels, same with recording if you're using or the user is using a headset mic or a separate stand alone mic. Sounds is where you can customize the Windows event sounds if there's an error, if there's a battery alarm, et cetera and Communications can be useful when you're doing voice over internet, Skype or some other IP telephony, doing phone calls from your computer. You can reduce sounds. I find that my iPhone does this automatically, it'll lower my music quite a bit if I get an incoming call or alert. Finally, we have Display. Where is display? Again, I have a hard time with my eyes not crossing, going into it this way. Yet again, we have the end user super simple view. If you right click the desktop we have screen resolution and personalize. Screen resolution takes you into the screen resolution page of the Display Control Panel. If we right click the desktop and go to personalize, it takes you to a totally separate Control Panel called Personalization from which you can change, for instance, the desktop wallpaper. That's something most users want to do, unless the business has a requirement that there's a standard. But notice that in addition to some of that cosmetic stuff, we can increase accessibility for the user by adjusting the size of the default fonts, the text and the title bars, and so on and so forth. In fact, there's a whole bunch of accessibility options, I'm surprised that CompTIA doesn't require that we cover those, it's called the Ease of Access Center. And this is where you can help users who have various disabilities, maybe they have limited vision or they're deaf, there's a bunch of really cool utilities here that can help those individuals. So definitely, even though it's not on the exam objectives, I encourage you to look at these, play with them, and figure them out.
-
System-related Control Panel Items
For system utilities, what do we have here? Let's again open up Control Panel. The first one is Folder Options, this is one that means a lot to me because I will habitually on a new system come over to the View tab and make sure that I'm not hiding anything, like the menu navigation in Windows Explorer Windows, I want the full file path in the title bar so I can see exactly where I am in the file system. I absolutely want to show resources that are hidden and I also want to hide extensions for known file types. I also want to disable hide extensions for known file types. And I also want to make sure that hide protecting operating system files is unchecked. Now that's for my use. For end users, I feel very differently. In most cases they shouldn't need to see the extension, although that might be something you would want to give even to your end users for ease of troubleshooting. But yeah, hiding the system files, I think that that's a good practice on an end user's computer on general principal for sure. Let me go back and make sure we haven't missed anything in Folder Options. On the General page, we can customize how the items show up in a File Explorer window, whether you want to open up each successive item, like a folder and then you go inside it to see its contents, do you want to just stay in the same window or do you want to cascade? I like to keep things simple. Single click to open, double click to open. What items you want to see on the Navigation pane, this list over here. What I do myself, quite honestly, is I will just take a folder and drag it over to add it to Favorites and if you don't need an item on Favorites anymore, you can right click it and choose Remove. I use the Favorites all the time, every single day in my work. One neat thing you can do here on the View page is this apply to folders button. You'll want to set up a File Explorer window exactly the way you want it to be by default on the system, like in Details view, and then open up folder options and hit apply to folders. Search allows you to make minor adjustments to the built in file indexer and I just leave this at the default to be perfectly honest. I keep closing Control Panel. Let's go to System, another very popular Control Panel for systems administrators. Number one, it gives you access to just metadata about the computer, including being able to quickly change the name of the computer, let's click Change, or its membership in a domain or a work group. And then these links over here are just quick links to Device Manager, which we've already looked at, and then remote settings, system protection, and advanced are all part of this same old system properties. Once again, we have the layers of abstraction. The end user view, the technician view, and then the Registry is ultimately what's at the bottom. But the advanced System Properties here has some pretty cool stuff going for it. Number one, on the Advanced page, under performance settings, we looked at this in the previous module, where you can customize performance by turning off some of the graphical bling that's there. You can also adjust if the processor is weighted towards foreground applications or background services, and you can take control of virtual memory. Doing that is less important now than it was several years ago. We can get to our environment variables, which is useful for systems administrators and software developers because you may need to access or adjust some of these variables to make it easier to start and use programs. System Protection is tied to System Restore, we looked at that, again, in the previous module. And finally, the Remote tab allows us to turn on or turn off remote assistance or remote desktop. Remote assistance is used more for consumer environments, although I guess it's possible that a help desk may use remote assistance. Remote assistance is a way for people to ask another person, potentially across the network, but likely within the same LAN, for help and does a remote desktop connection, but it adds a chat window and some additional security so that the person who's being connected to knows exactly what's going on, because we don't want to have a customer suspicious that after we disconnect from them remotely that we've left something behind that we're still monitoring them, that's a pretty reasonable fear I think in today's age more than any other. Remote desktop, by contrast, in the business world is used although the time the establish a remote connection, not a command prompt or a Windows PowerShell console session, but to see the entire desktop of that remote system. Alright, Control Panels, we're almost finished here. Let's go down to Programs and Features, this is where we manage installed software. Any software that you install or is installed for you by your Systems administrator shows up here, you can uninstall it, you can change the options, maybe you forgot to install a particular component. You can repair the installation. A lot of good information here. From a power user standpoint, you need to be aware of this, view installed updates. This shows only Windows updates that have come from either your local Windows Server update services server or perhaps from Microsoft update directly over the web. I've found cases, I've dealt with cases where a particular Windows update actually created more instability than it did help, so if you can identify the troublesome update, you can selectively uninstall that. Finally on the left side of programs and features, there's turn Windows features on or off. This brings up a separate dialogue that shows built in Windows components that you might not have even known were there. For instance, in previous modules I've suggested that you build yourself a test lab using something like Hyper-V as a virtual desktop program. Well in Windows 8.1, notice that we have Hyper-V, you'll want to install the feature and make sure that you bring the Hyper-V management tools along for the ride as well. You need to restart to put the change into effect, but you'll find that you can then create one or more virtual machines to help you in your exam success. This is another place where you can potentially improve the security of a system as well as its performance by turning off Windows features that you don't need or your end user doesn't need. Now you'll notice that you get scary looking warning and information dialogue boxes depending upon what you've selected. This one is saying that by turning off media features we might be affecting other things, are you sure you want to continue? I guess I'm sufficiently scared so I'll answer no. And we'll close.
-
System Troubleshooters
Final thing I want to show you are the built in troubleshooters. For this let's switch over to our Windows 7 machine and I'll open up the Start menu and go to Help and Support. This is the built in, well, help engine in Windows. Now this works best when you have a live internet connection because you're able to get the most current version of the help files. This win7 machine is not connected to the internet, so I'm just going to rely upon local files, some of which may be out of date. But what I want to do is search help for troubleshooter, it gives us in Windows 7 thirty separate troubleshooters and what you'll see is that these are specific to particular Control Panel items programs and features. Let's say you're having trouble getting HomeGroup set up as you need to share a music library with your family members and it's just not getting anywhere. So if we open the HomeGroup troubleshooter, all of these function the same basic way, it's going to walk you through a troubleshooting process, for fun and for free, you don't have to pay Microsoft for this extra support, and actually let's just show you here. We've got click to open the HomeGroup troubleshooter. Alright, now there is an advanced way to go through this, but we're going to pretend that we're a typical relatively nontechnical end user. We'll click Next. And notice that is has built in detection routines and the first step here is to run additional diagnoses on the network connection and for something like HomeGroup that makes perfect sense that your likely culprit is some sort of network related problem. Just for grins I'll click Skip and it's going to just kick off specific diagnostics. This could save you money because otherwise you may have to file a paid support incident with Microsoft or you may have to hire somebody in your community to help you with that. Now this is asking us to disconnect all but your home network, so we're basically walking through traditional troubleshooting and in this step the troubleshooting wizard is suggesting that we disconnect anything that's not directly related to our home network so we can serve to better isolate the problem, you see. So it's asking us to basically reset our network location, so it's making sure that we fulfilled the system requirements for the HomeGroup feature. In this case I haven't done what it asks, so it says not fixed, not fixed. There is a detailed information page that gives more information and it's nice that you can print this out because at the very least, a good customer, or should I say a very proactive well prepared customer, will have already gone through the troubleshooter, created a print out of the results, and then when you receive the support request, you'll have a much better head start on resolving that problem.
-
Back to the Real World
Now back to the real world, the first question, can I open Control Panel items from PowerShell? Do you remember the name of the cmdlet? Of course the answer is yes, Show-ControlPanelItem. The other question, how is Control Panel related to the Registry? I hope I made it really clear to you that Control Panel is a front end to the Windows Registry and as we saw, there are sometimes more than one graphical front end that ultimately collapses down to that database of sub-trees, keys, sub-keys, values, and value data, known as the Windows Registry.
-
Homework
For your homework, I want to challenge you to set the desktop background on your lab computer to a solid color, I don't want to complicate this by choosing a wallpaper file, just set it to a solid color and then reason why is I then want you to research, go online and do some Google searching to find out where that particular desktop background setting exists in the Registry. Once you know that, I want you to open the Registry Editor and change the background to another color by editing the appropriate Registry value. Now there's one final step to your homework that's not on the slide, I didn't have enough space, but after you change the background color on the Registry, reopen the Control Panel and verify that it shows the current value. This exercise will double underscore the relationship between Control Panel and the Windows Registry.
-
For Further Learning
For further learning check out my friend and colleague Heather Ackmann's course, Windows 8 - Where'd it Go? This course is helpful in your quest to become a Windows power user. What standpoint she's coming from in that course is Windows 8 is so dramatically different in its user interface from previous Windows versions, Heather tackles all of the most common navigation issues. That's really good information for you to have in your support toolkit. Secondly, check out Scott Skinger's course Windows Vista Part 4 - Advanced Features. This is an old course and I feel very curious, let's put it that way, suggesting it to you, but this is a 5-hour deep-dive into Windows Vista, a largely forgotten operating system. It's useful to you for 2 reasons, 1) Our CompTIA objectives specifically state we need to know Windows Vista, and 2) You can see how the user interface and how Control Panel has evolved from Vista to current generations of Windows, like Windows 8.1 and Windows 10.
-
Summary
In summary, I want to reiterate that for a home environment where you might have two computers or a very small office where you might have fewer than 10 computers, you can go computer to computer to set Control Panel values, make Registry tweaks, but anything bigger than that you want to be looking at how to standardize your Control Panel policies and preferences by using group policy and I always say another technology because group policy is Microsoft's own system management infrastructure, but it's not the only one in town. Also, from a support standpoint, you've heard this aphorism, I'm quite sure I've given it to you already in this learning path, that if you give somebody a fish they eat for a day, if you teach a person to fish they eat for a lifetime. Similarly, instead of just quickly going into Control Panel, click, click, click and thank the customer, collect their payment and leave, it might be worth your while to teach the user how you solved the problem using Control Panel because some of those front ends are easy enough for a nontechnical user to remember and that will save your company a call for business and that may run counter frankly to the company's desire for profits, but I give that information to you anyway, from professional to professional. With that, that's the end of this module. The next module we're going to be going into the networking subsystem and seeing what kind of trouble we can get into. It'll be a good time. Thanks again for your participation, I'll see you then.
-
Windows Networking
Overview
Hi there and welcome to Pluralsight. My name is Tim Warner and this module is entitled Windows Networking. The module you're watching right now is part of a course and several related courses that map to a particular IT certification exam are what we at Pluralsight call a learning path. So our learning path for the CompTIA A+ 220-902 exam begins with an introduction, then gets into the content proper beginning with Windows operating systems, that's where we are now of course, we then have courses on other operating systems, security, software, troubleshooting, and operational procedures. If you've been with me through this learning path thus far and especially if you've come from the 901 learning path, then you're probably sick and tired of me repeating all this information in every single module, however we have to understand that not everybody is following the learning path and I want to make sure that somebody who just comes into this module cold knows that it's part of a larger construct. To that point, let's look at the modules that comprise this Windows Operating System course. We began with Windows features and requirements, then got into Windows installation, command-line tools, Windows administrative utilities, Windows Control Panel, we're doing Windows networking today, and the seventh and final module in the course is on common maintenance procedures. Now let's look at our learning objectives for this module. The title of it deals with Windows networking, so of course you're going to walk away with more knowledge than you had about networking, but I've divided the CompTIA objectives into three main divisions, the first, the basics of network host configuration, then we'll look at various networking environments, and then finally network connections. Now remember, just as a level set, we're dealing specifically with Microsoft networking. While most of what we learn will be fairly vendor neutral, we're skewing the content significantly here towards Microsoft, so know that if you have interest in learning about how Linux and OS 10 work, how maybe Cisco and Juniper network connectivity devices work, we have a huge library at Pluralsight and have you covered for all those other cases. For that matter, the next course that we're doing here in the 902 learning path deals with Linux and OS 10, so hang onto your hat, be patient, and let's get started.
-
Meanwhile, in the Real World
Meanwhile in the real world, a couple questions that you might get maybe as part of a stress interview or tech interview for an IT job, would be something like this, does Remote Assistance work through firewalls? Now that question is loaded because it requires that you understand what Windows Remote Assistance is, what its purpose, and a little bit about firewalls and networking. Another question might be, is there an alternative to using mapped drives to give users access to their most frequently used programs and files? Once again, unless you have some hands on experience with Windows networking, you may not even understand what mapped drives are. We'll revisit these questions at the end of the module and you'll be surprised I think at how much good practical knowledge you pick up. Our CompTIA A+ 220-902 learning objective here is 1.6 that states, given a scenario, install and configure Windows networking on a client or desktop. Now as we go along here I'm going to make sure to define key words, I don't want to just assume that you understand terms like client.
-
Network Host Configuration Overview
Network host configuration. The first definition I want to give you is just that, what is a host? H-o-s-t, host, depending upon its context could have very different definitions, but from a networking standpoint a host is defined as a node on a TCP/IP network. When I first got into IT in the mid 1990s, TCP/IP was not yet the only game in town with networking. In the Microsoft world specifically we had the NetBIOS networking stack, it was only a couple years later in the later 1990s that Microsoft realized that TCP/IP was not only the protocol suite of the public internet, but also the de facto protocol suite for internal LANs. Now what sets a host apart is that the host has to have some kind of NIC, or network interface card, that then joins or connects to a network, either wired through wired category 5 let's say or 5E or 6 Ethernet cable or a wireless using, for instance, the 802.11 Wi-Fi standards. Finally, a host needs to have either a statically assigned or a dynamically leased TCP/IP configuration in order to interoperate on a network of any type. By the way, you know that I give you pointers to specific Pluralsight courses at the end of each module, but put a bookmark in your notes please to check out our learning path for the CompTIA Network+ certification. Check the course notes, I give you the relevant links there, but my colleague and friend, Ross Bagurdes, and I give you several dozen hours of good network focused content and by definition we're able to go to much greater depth than we're doing here in the A+ path. That having been said, what you're seeing at right is a screenshot from a Windows 8.1 computer, I've gone into the properties of that network interface card, which as you can see in the title bar, is an Intel 82574L Gigabit network adapter. Now depending upon whether you're working with the plug and play drive that Windows gives you, that's what I'm actually using, or if you've installed in this case Intel's own vendor driver, you'll get greater or fewer options. Most network interface cards will have an advanced page that you see here where you can specify things like duplex, full duplex, and the speed, gigabit, 100 MB Ethernet, et cetera, wake on LAN is a capacity of modern day network interface cards where a computer could be in a sleeping state and if it receives an incoming network request, maybe from a server, maybe you're deploying Windows updates across the network, wake on LAN allows the computer to wake up based on that network traffic. QoS stands for quality of service. This is where network administrators can do bandwidth priority to reserve bandwidth. For instance, maybe your business network, your business Ethernet, is using IP telephones, so you need to reserve some bandwidth so that users can always make and accept phone calls. The good news with voice over IP is that you typically have just 64 kilobit per second channels for voice traffic. It's not like you're dealing with these huge video streams in many cases. Finally, the network interface cards of today almost always have the ability to do preboot execution, PXE, this is something that you can configure in your computer's BIOS in terms of determining BIOS boot order. We saw this actually previous in this learning path when we talked about operating system deployment. You may want to do a PXE boot off of the host's network card if you're deploying a fresh operating system to a computer that has a currently blank hard disk.
-
TCP/IP Configuration
Now your servers and core infrastructure devices, like network printers and wireless access points, switches, firewalls, routers, are all going to need a statically assigned TCP/IP configuration. After all, if your server is changing its IP address every few days no other device on the network will easily be able to connect to it. When you're doing static configuration, you have to manually assign stuff like the IP address, the subnet mask, the default gateway, DNS servers, and possibly alternate IPs. As it happens, you can bind more than one IPv4 to IPv6 address to a single network interface card. Now as far as your client devices are concerned, it would be way too cumbersome to do static configuration there. So what you're going to use is dynamic host configuration protocol and dynamic addressing. Now let me draw your attention to the picture at left. If you go into your network adapter card properties in Windows and if you go into the IPv4 properties, you have the General tab and the Alternate Configuration tab. The General tab is where you can specify DHCP or static and if you're doing static you can plug in all the appropriate values. I've never really had occasion to use the alternate configuration. The use case here is you have, say, a laptop computer that goes between networking environments. For instance, during the day you're plugged into the corporate network where you're using, let's say, a static address and then when you go home you want to do DHCP. So the alternate configuration allows you to specify a second configuration, as simple as that, for when you're in two different environments. Now the reason why I've never used alternate configuration, maybe I've used it once or twice, but it's really an edge case configuration, is that dollars to donuts, I'm using DHCP wherever I am. If I'm at the corporate LAN, I'm pulling DHCP address, if I'm home I'm receiving a private IP address from my NAT router, if I'm out and about and connecting to a public Wi-Fi hotspot, same difference. Nonetheless, CompTIA wants you to know that this exists so I'm doing it. Now Windows, since Windows 7 or so, has had this notion of network locations. Depending upon the IP address in use, whether it's a private non-routable IP address or a public address or when you first connect to a new network you're asked, and depending upon how the user answers that question, each network connection is assigned to a location profile. This notion of network location awareness, or NLA, is important because Windows firewall behavior will change depending upon the profile that's being used. I gave the example of a laptop connected to say a Starbucks public Wi-Fi, you'll be prompted to assign that connection to a location, definitely choose public because the default Windows firewall settings are much more restrictive than they are than if you choose work network or private network. Finally, when a computer is joined to an active directory domain, the domain profile is the active one and then any centralized settings regarding Windows firewall can be configured by the domain administrator, you see. And at left you're seeing the network and sharing center control panel in Windows 8.1 and you see that my single network interface card is currently connected to the company.pri domain network.
-
Workgroup vs. Domain Networking
Now let's move to Network Environments. In the CompTIA Network+ learning path we get into networking from soup to nuts in terms of the bus, star, ring topologies and so forth, but for our purposes now constraining ourselves to Microsoft networks, we need to differentiate between workgroup networking and domain networking. Now you notice that I put workgroup and HomeGroup next to each other. They're basically the same thing. The workgroup is the default network type in Windows, if you're not joined to a domain, then by definition you're part of a workgroup. Now your computers, let's say in your home office, your small office/home office, you have three or four computers, the fact that the default workgroup name is Workgroup makes it a little bit easier to find other computers on your local network, but it's still largely meaningless, in my humble opinion. HomeGroup is a way to make it easier to share resources in a home network or in a very small business network. HomeGroup relies upon a single shared password and then devices can join HomeGroup by going through the HomeGroup control panel and, like I said, make it easier and more transparent to share stuff like documents, movie files, music files, and so on. The main point here though is that in a workgroup or HomeGroup, this is peer to peer networking, there's no central server and each machine is an island unto itself with its own collection of user accounts. So if I'm just in a plain old workgroup, forget about HomeGroup for a moment, but just in a workgroup, and I'm on Computer A and I want to connect to Computer B, I may use any number of mechanisms to do that condition, but I'll be prompted for a username and password that exists on Computer B, the target machine, you see. Now that can get very difficult when your network goes beyond say a handful of hosts. For that reason, in Microsoft networks, it suggested that anything but the smallest of networks, say 10 or fewer may be okay for a workgroup, if you have more than 10 computers to manage, consider an Active Directory domain. This is what's called client server networking, you're going to need at least one computer running a server version of Windows. Windows Server 2012 R2 is the current released version, and then unfortunately there's additional costs, besides paying the server license costs, you'll have to pay for each client access license that's involved. By the way, that term client, we're referring to the device and not the user, okay. Client server, client may be a Windows 7, Windows 8.1 or Windows 10 computer that then enrolls or joins into the domain and becomes a managed object in that domain. So with domains we have a centralized user account database with single sign on, so it's much easier by definition because you're logging into your computer using an account that exists in the domain and then when you're granted access to resources in the domain, you don't have to re-authenticate by retyping a username and password as long as that domain user account has permissions to those resources, you'll be seamlessly and transparently granted that access.
-
Windows Firewall and Proxy Settings
More on networking environments, Windows firewall is the default built-in software firewall in both client and server editions of Windows. I've used Windows firewall in demos so far in a few different contexts. Some systems administrators I know will, through Active Directory group policy, disable Windows firewall because let's face it, unless you create an exception for specific types of traffic, then hosts on the network will not be able to communicate on those ports, you see what I mean? So to that point, the Windows firewall has this user front end that you see on the slide right now with a whole bunch of prebuilt profiles for different applications and you can just tick the box for private, public location profiles, whether you want to allow that exception, you're basically poking pinholes through the firewall, that's what exceptions are. Another concept in networking that you run into, mainly in business, is the proxy server and proxy settings. The word proxy refers to a device standing in place of other devices. Let me show you a Microsoft Visio drawing I've done in that regard. It's a pretty picture, isn't it? I like Microsoft Visio and I hope you do too. What we have in this environment is a business network, a business LAN, and the hosts in that environment may be connected through switches and wired Ethernet. They also could be using Wi-For instance, 802.11 Wi-Fi protocols, to establish secure wireless connections. A protected business network is referred to as the network that's behind the firewall. Normally any business worth its salt, I would say, will have a firewall device on the edge of its network that's going to protect all of the internal business network hosts from unsolicited communications from say the internet. Now the proxy server, you can either hard code proxy server IP addresses on the client computers or you can force the clients to go through a proxy transparently, where the users don't know they're actually having all of their outbound internet traffic funneled through the proxy. So in this case, the transparent proxy servers as a place holder for all internal business users. So let's say you have rules on your transparent proxy on where these users can and can't go on the internet. You might have various defined restricted websites, like social media sites, that you just don't want to lower the productivity of your users by allowing them to connect. The transparent proxy can take care of that, it actually does a whole lot of things. Now what I've found, and I think I told you this in earlier modules, working in the education space a lot, some students are very tricky and they realize that they can go to these websites that publish lists of public proxy servers that are maybe unsecured by their owners and that if they can get their computer communicating with the public proxy, unless the transparent proxy black lists the public proxy, then as far as your transparent proxy is concerned, that user is having legitimate communications with some internet host that's not being explicitly restricted, you see? And that public proxy will then allow the user to go anywhere on the internet they want, including restricted websites. For that reason, transparent proxies and web filters will give you the opportunity to put black lists in of public proxy lists to circumvent that kind of unauthorized internet usage.
-
Demo 1: Windows Workgroup Computing
Let's just do a little work here with workgroup and domain networking. I'm on a Windows 8.1 machine now and I'm right clicking the Start button and coming up to the System Control Panel. This area right here allows us to modify computer name, domain, and workgroup settings. I'll click Change settings and then click Change here and this is where you can adjust a computer's host name if you need to and also flip the switch. As I said, the default workgroup name is workgroup, that supposedly makes it easier to browse your network from say File Explorer. Now you'll notice that File Explorer has a node called Network and by default it's saying that network discover is turned off based on my location profile, I can click this to change and turn on network discovery. It must be that I have my current network adapter set to a private network profile. I'm going to switch that over to a better setting, and we're seeing discovering take place. These are the local machines. This is my Win8.1 box, but I'm not seeing any other machines, I'm seeing my VMware host, this is a virtual machine that I'm running, but I'm not seeing my Win7 machine. I have another workgroup computer named Win7. I don't like to go browsing through the File Explorer, I find that it's very slow and clunky. So in a workgroup, as long as I know the IP address or the host name of a target system, what I'll do is do a Windows key+R or right click the Start button and go to Run. And I'll use universal naming convention syntax, it's called UNC, you do double backslash and then the name of the computer, in this case it's Win7, and as it happens let me backslash and do c$, administrative shares are shared resources on a computer that are invisible from browse lists, so they would never show up, for instance, in File Explorer in your HomeGroup or your network nodes. This is especially handy when you're using domain networking. I'm not even sure if it's going to work here in a workgroup environment, but anyway, by using this universal naming connection path, as long as this path does exist, like if Win7 had a folder shared called, let's say music, I could add that to the UNC path and click OK. As a matter of fact, it just occurred to me that I have created a folder on my Win7 box and I've shared it out as music. And the reason why that popped up for me immediately rather than asking me for a username or password, is because, and this is just dumb luck, I'm logged on with the same username and the same password on both Win8.1, my local machine, as well as Win7, my Win7 machine. But if I were logged onto Win7 using a different user account, then when I made that initial connection, let me bring up the Run box one more time, to \\win7\music, I would have been prompted for a username or a password, okay. Now you saw in the System Control Panel that we can join a domain that way, another way to do it, of course, is through Windows PowerShell. I happen to have an administrative PowerShell instance open and the cmdlet you use for that is Add-Computer and then you can use the hyphen to bring up your parameter list and use your Tab key to tab through the various options. You don't need them all, fortunately, there's just a few that are necessary. You can use Shift+Tab to move backwards through the list. Let me try that right now. There we go. And I'm going to say this is company.pri is my domain. Let me tray another one, ComputerName, I don't want to change that, my LocalCredential, I won't need that but what I do need is a network credential, which is going to be a domain administrative account, I'm going to put in the domain administrator here, and it's going to be under that security context that I'm allowed to join the domain and I'm going to throw restart on at the end. Now I'm not actually going to go through this here because I need to stay in a workgroup to set up our next demo, but I just wanted to show you how easy it is to join a domain. Now this is assuming, you know what they say about assumptions, that you can connect to the domain controller in your Active Directory domain. As it happens, let me close this Remote Desktop session, I do happen to have a Windows Server 2012 R2 domain controller up and it has DNS, it has DHCP, and DHCP is a very friendly protocol inasmuch as a DHCP server will hand out IP addresses even to workgroup computers. So I've really done all of the necessary background work to get us here to where we could easily join this domain. I'm going to hit Ctrl+C to break the command and just let you know that the opposite is true, you can do Remove-Computer, I'm using Tab, by the way, again to tab through the different matches, cmdlet matches, and it takes most of the same parameters. We need to specify again an administrative, a domain administrative credential to unjoin from the domain, we'll need to specify a local credential that exists as an administrator on the local machine, and then throw in restart and you've got yourself a domain unjoin as long as you have the permissions.
-
Network Connections
Network Connections. Here is another Visio drawing I wanted to show you that neatly sums up what CompTIA wants us to know about various network connections. Now these look like they're all specifically external remote access connections. Again, we have at left our business network and we have one or more edge devices, in other words, devices on the edge of our personal private network and bordering on the public unsecured internet, which is definitely a dangerous place, and we're talking about a router to route IP traffic, we're talking about a firewall to protect and limit network traffic, and VPN stands for Virtual Private Network, this is an extremely common client server system for allowing remote employees a secure connection across the internet to the private business network. So that's what we have in the top remote user. Maybe this is a remote salesperson who's on business, they're on the other side of the country or the other side of the world, and they establish an internet connection from their hotel room, and then they create a tunnel through the internet using their virtual private network software. They're authenticated at the VPN concentrator at the edge of the business network, and then anything the user does from there will be as if the user was in the internal business network. Mapped drives will work, universal naming conventions will work, shared folders will become available, it's an excellent way to securely do remote access. Now before VPNs, all we had for remote access was a fairly secure, but very slow and unreliable, analog modem dial-up where the remote employee, say their laptop has a PC card modem, connects to an RJ11 jack in the wall in their hotel. Nowadays a lot of hotels won't even allow you Public Switched Telephone Network, or PSTN, access from your modem, but anyway, here you're literally creating a phone call through the telephone infrastructure and that call is going to be picked up by another modem at the edge of your network and then from there, once again, remote access is remote access. Finally we have the cellular networks where the user has an AT&T, a Verizon, Virgin, Rogers, whatever, cell card in their laptop computer and from there it basically works like a VPN because the cellular service gives them access to the internet cloud and then using their VPN software they'll be authenticated at the edge of the network and allowed remote access.
-
Mapped Network Drives and Printer Sharing
Mapped network drives refers to taking a shared folder that's on a server somewhere, maybe each user in the business network has their own folder that's located on a file server and that's their default save location for all of their work. An easy way to make that shared folder always available to the user on their client computer is to do a drive mapping, which you can do through the Windows GUI or just as easily as you see at step 1 in my first screen shot, we can use the net command, net use drive letter, and then universal naming convention path to map a path to a drive letter. Now I mentioned administrative shares, I didn't tell you everything about them though. In a domain network, as an administrator, I use administrative shares all the time. Let's say we're sitting at our desk and we need to verify that some files exist in a user's Windows System 32 directory. Now that System 32 directory is not going to be directly shared on the client computer, it's a security problem, but in a domain the root of every drive, drive C, D, E, F, and so on, are shared administratively, they're invisible in the file system, and you get to them by appending a $ to the drive letter. So in this example, I'm mapping drive M on my administrative work station to the root of the C drive on my mem1 server and it looks like that command completed successfully so that at step 2 we can browse our M drive, we can save to the M drive, we can copy files to and from depending upon our permissions, by accessing the drive and then finally in step 3 we can see and interact with the file system. The user doesn't even know that the administrator is connected in that context, that's why it's called an administrative or hidden share. You can actually append the $ to any shared resource to make it invisible. Print Sharing, of course a new printing is a prime candidate for network access, otherwise you would have to have a separate printer for each user using say a USB connection. That's not cost effective. What we're looking at here is the print management MMC console available in Windows Server and Windows client. In my experience I'll run this on a server, and we can centralize network print queues. For instance, in this example I have a Hewlett-Packard color laser jet that is a node on my network, in other words, it has statically assigned IP address or maybe a DHCP reservation, so it's available over the network to users, but I'm managing that print and the print queue centrally by loading it into my server's print management console and to answer the question, how do I make this printer available on my user's computers? Well you can simply right click it here, as you see in the screenshot, and deploy these print queues using group policy, and once again, I've said this so many times, group policy is the main way to do user and device configuration in Active Directory networks. Now yes, in the PowerShell world we have desired state configuration and there are some other technologies that are sneaking up on group policy, but group policy certainly has the most miles on it, it's the most mature systems management technology.
-
Remote Desktop
Finally we have Remote Desktop and Remote Assistance. Again, these are ways for you as an administrator from your desk to be able to interact with servers that are in a data center, maybe not even in your building, maybe you're collocating and your data center is 10 miles away from your campus, how in the world can you make remote connections to those servers? Well you can do a Start, Run and type mstsc, that is the file name for the Remote Desktop connection. Fill in your connection details and you notice that the tabs across the top allow you to customize how rich that Remote Desktop connection is. As you see it, right, I am sitting at a Windows Server 2012 R2 box, that's the one with the green wallpaper, at least I think it's green, and I've created a Remote Desktop connection to another server that I can manage as if I were sitting at that remote server's keyboard. Now once again, full disclosure, the Windows Server team at Microsoft is strongly encouraging us to get more into Windows PowerShell remoting, which allows you the same degree of remote access, but without the overhead of the graphical user interface.
-
Remote Assistance
Remote assistance is used for consumers, although frankly I've seen Remote Assistance used in businesses as well. Both for Remote Desktop and Remote Assistance, this has to be explicitly enabled on the client computer. This is done through the System Control Panel you see up above, Remote Assistance can either be turned on or turned off. Remote desktop can not only be turned on and turned off, but you can also add another layer of security with network level authentication. What network level authentication or NLA is, it requires that the connecting user authenticates themselves before the session is established with the server. The protocol that's used for Remote Assistance and Remote Desktop is the RDP protocol, the Remote Desktop Protocol, and it operates over TCP 3389. So if you're doing Remote Assistance with a customer who's on the public internet, maybe they have a Comcast internet connection, you may have to instruct them to forward traffic on TCP 3389. The good news is that Windows firewall will helpfully ask the user if it can create an exception for that traffic. I'm going to do a brief demo on this so you can see more of what it looks like.
-
Demo 2: Using Remote Assistance
We'll start with Remote Desktop. I'm going to right click the Start button on this Windows Server machine. I already have mstsc put in there, and like I said, we'll show options, you specify the IP address or the host name of the remote machine, you can store credentials in this RDP file. In fact, if I connect to the same machines habitually, I will actually save the file, I'll call this say mem1, get saved as an RDP file, there it is, and so now in the future I can double left click that to make a Remote Desktop connection. You can customize the connection size, full screen, whatever, what resources can be shared. I tend to really like being able to copy and paste between the sessions. You can script a program to run whenever you start your RDP connection. Performance, again, it deals with how much graphical bling you want to put over that network connection. If you're doing an RDP with a machine in another continent, you probably don't care about seeing the desktop wallpaper and all that kind of stuff, animations and so forth. And then Advanced allows you to specify the strength of the network layer authentication that takes place. Let's click Connect. It asks us, do we trust this connection, yeah I do, so I'm going to Connect. I already stored the username and password, so there you have it. Now does the user on mem1 know that I'm connected? For instance, notice that I've started the System Control Panel here. Well now let's switch over to mem1. Now it locked the machine, didn't it? Before I did the RDP connection I was just looking at my desktop. Let's unlock the machine. Now it says administrator is signed in remotely from DC1. Uh-oh. What do you think is going to happen if I log in? Well there it is, there's the System Control Panel, but what happens if I come back to DC1? I got bumped off. The bottom line is if you're in a team with multiple administrators, you want to let each other know if you're going to RDP into a box, otherwise somebody walking up to the keyboard is going to bump you off. Now it is possible using a Windows Server feature called Remote Desktop Services that you can boost the number of sessions and have multiple administrators working remotely on the same machine, and you can find some notes on that in the course notes. Now let's look at our second case, and this is something I do with my dad all the time. I live in Nashville, Tennessee, he lives in Syracuse, New York, if he has a computer problem, what he'll do is send me a Remote Assistance request. Once again, he's made sure in his System Control Panel, I'm going to bring that up really quickly, under Remote settings, that he has Remote Assistance allowed on the box, and next what he'll do is I think he's memorized the steps by now, at least I hope so, I have him type Remote Assistance and then start the program. We're going to invite someone to help us. Now I don't have email connectivity and I don't have an easy connect cable, all I can do is save the invitation as a file, and I'm going to save it on my desktop as, let's say, win7. It gets saved as an msrcIncident file, now this file is going to be time stamped and protected with a password. So there's the password. I'm going to make sure to copy that into my clipboard. I'll come over to my Windows 8.1 machine, this is the helper machine. I'm going to open up Notepad from the Run box, do a Ctrl+V to make sure that that password is secured, and then there's our file. So now what you would do presumably is email this to the helper or make it available through whatever file transfer method you have available. I already have this music shared folder, so let me just pop it in there and then we'll come over to my win1 box, open up my Run box, Do a win7\music, like I did before, and there's the file. Let me double left click it, it's going to ask me for the password to connect to the remote computer, I'll select Copy into my clipboard, and then Ctrl+V it into the Remote Assistance window. Let's click OK. Let's switch over to the Win7 box and the user is going to have to click Yes to allow my remote user, the helper on Windows 8.1, to make the connection. I haven't explicitly stated this, but Microsoft did a great job with Remote Assistance because I would imagine anybody with any computer literacy is worried about allowing somebody to make a Remote Desktop connection to them. Of course, there's the fear, will the person install a backdoor where they can turn on my Webcam and spy on me? Will they will be able to connect without my permission and so on? And the answer to those is no. Like I said, that incident file, that invitation file, I think, defaults to an hour, it might be less, and the person who's asking for help always has control, okay, so I'm going to allow that connection. It says your helper can now see your desktop and if I go back to Win8.1, see I do in fact have a view of the user's computer. Now I'm clicking, I can't open their Start menu and I can't actually do anything until I request control and I actually see the prompt that's showing up on the Win7 side, let me switch over to Win7 and I'm going to say Yes the trainer can have control of this desktop, they even can respond to User Account Control prompts and now it says your helper is sharing control of your computer and now from the helper's machine I can do the troubleshooting that I may want or need to do. I have full access to the system and if I open up a window like I've opened File Explorer here, let's come back to Win7, we see the same thing. So the person being helped can see everything that the helper is doing and there's even a chat functionality built in here. I'll say thank you for helping and then we'll come over here and we can respond. Like I told you, the username on both these machines is trainer, so it's a little bit confusing that you see trainer: Thank you! and trainer: You're welcome! But I hope you get the idea. And then when we're finished, we, the person being helped, then resumes controls of their computer. Alternatively the helper can stop sharing to let go of the control, and then to end the session, the helped person can simply close out of Remote Assistance and now they're done, they have full control of their system, and when we come back to the helper's computer the Remote Assistance connection is ended and they would stop as well.
-
Back to the Real World
Now back in the real world, remember the first question, does Remote Assistance worth through firewalls? The answer is yes, Windows firewall will automagically create an exception for the port being used, 3389. Fouling that, you may have to instruct the customer on how to do a port forward on their router to allow that traffic. Second question, is there an alternative to using mapped drives? Well your first response may be, well what's wrong with mapped drives? But they do have problems. I mean, they'll typically be deploying using what's called a logon script, that every time a user logs on the script runs and it runs the net use commands and it sets up their drive mappings. There's a lot of things that can go wrong there. If that script fails to run or bombs out, the user doesn't have access to their files. So what we're finding now in more recent times is that content management systems, like Microsoft SharePoint, take the place of drive mappings. SharePoint is a web portal where you can have document libraries that look and act a lot like mapped drives, but they're centrally located and they're accessible via a web browser. So consider that.
-
Homework
For homework, this is an advanced homework assignment I must admit. First of all, consider setting up a HomeGroup. Have two virtual machines in your test lab set up, they're not joined to a domain. I give you a link to a really excellent HomeGroup tutorial in the next slide, so using that as your guide, set up a HomeGroup and share documents between workgroup computers, that'll give you some good hands on experience. If you're really brave, consider installing Windows Server on a virtual machine, installing an Active Directory domain controller, create a shared folder, put some stuff in it, and try accessing it from another computer in your virtual network. If you can do all that stuff now, more power to you, you're going to ace this part of the A+ 902 test.
-
For Further Learning
For further learning check out Mike Halsey's Windows Client Administration Fundamentals course, in particular look at Configuring Networking and Sharing. The other course is Ken Mauldin's Windows Operating System Fundamentals: Managing and Maintaining. There see the module File and Print Sharing Basics. Between these two courses you'll get a lot of experience in terms of how peer to peer workgroups work, how HomeGroups work, as well as domain networks.
-
Summary
In summary, everybody uses networking nowadays, even if they're not entirely aware of it. So even though you might be thinking, well I'm just going for the A+ because I love to build and maintain computer hardware, that's fine, that's great, but you're not going to escape networks, you've got to get comfortable with them and develop that proficiency. Also Active Directory has a huge presence in the corporate world, there was a time that Active Directory wasn't around, frankly, and even when it first came around it took a little while to start to ramp up. There were other directory services around, like Novell directory services, have since gone the way of the dodo, thanks to Active Directory. And in other environments that we'll look at in the upcoming course, we have Open Directory, these are all similar data stores, they use lightweight directory access protocol and they make networking and network management a lot easier. In the next module we're going to review common maintenance procedures on Windows computers. Thanks a lot for hanging in, I know that this was a lot of material. And I look forward to seeing you in the next module. Take good care.
-
Common Maintenance Procedures
Overview
Hi there and welcome to Pluralsight. Tim Warner here welcoming you to the module Common Maintenance Procedures. Let's quickly buzz through our Pluralsight learning path for the CompTIA A+ 220-902 certification exam. The first course is a brief one, global introduction, then we get into the content that's mapped line item by line item to every objective on the CompTIA exam blueprint, and you can download that blueprint from comptia.org, check the course notes for more information on that. We're finishing the Windows Operating System course right now, after this if you're following the learning path in order, I hope you are, we'll cover other operating systems, then security, software, software troubleshooting, and operational procedures. As I said, this is the seventh and final module of the Windows Operating Systems course. Congratulations for staying the course and brushing up, expanding, and deepening your Windows OS support knowledge. We began with a module on Windows features and requirements and then proceeded through Windows installation, command-line tools, Windows administrative utilities, Windows Control Panel, Windows networking, and then finally common maintenance procedures. This module is important for us, I think, because in performing maintenance procedures, we're interacting with our customers data and a recurring theme I have for you over the course of this module is the sacredness of the user's own data. We have two main objectives here, first looking at best practices in Windows support, and then what tools, basically what first party built in utilities there are for enacting those common maintenance procedures. Let's get started.
-
Meanwhile, in the Real World
Meanwhile in the real world, you may be asked by a nervous customer who's handing over their broken computer to you, will System Restore delete my files? Maybe the user realizes that after installing a piece of software that they've downloaded from an illegitimate site, maybe a torrent tracker or whatever, that their machine is likely hosed up with malware and they're considering running System Restore, but they've been afraid to because they don't want any of their own document data deleted. Another question is, the customer may ask you, I keep seeing advertisements on the web for all in one driver update software, is it worth it? The software appears to be free and it seems like a convenient way to make sure my system is current with its device drivers. As you've come to expect, pay attention to these questions, keep them in your mind as we work through this module's content, and we'll revisit at the end. Our CompTIA A+ 220-902 objective here is 1.7. This says that we need to be able to perform common preventative maintenance procedures using the appropriate Windows operating system tools. When you hear the term first party software, we're referring to software that's made by the vendor directly. So in Microsoft Windows, all of the Control Panel items and additional programs and features that ship with the operating system are all called first party tools, and that's what we're staying with in these objectives.
-
What Is a 'Best Practice'?
Best practices. Well you know, as your instructor I never want to take for granted that you understand all of these fundamental vocab terms, so I wanted to spend just a minute formally defining a best practice. You see this term a lot in the information technology literature and the definition that we'll work with is as follows: A best practice is a method or technique that has consistently shown results superior to those achieved with other means, so thus a best practice is used as a benchmark. This definition comes to us by way of Wikipedia.
-
Client-side Backups
Now diving right in, what are the Microsoft best practices with regard to preventative maintenance? Now of course this list of best practices is a bit skewed because by definition we're constraining ourselves to first party inbox software. Of course Microsoft is going to recommend their own tools, but that having been said, the first issue is that of taking regular scheduled backups. Really on its face that's a best practice regardless of your operating system platform. From a client perspective, remember from the previous module that a client isn't a user, a client refers to a computer system that's part of a network, and the screen shot here shows a method called File History that's part of Windows 8.1 and Windows 10. It's a direct competitor to Apple's Time Machine technology, and the way this works is you turn it on in Control Panel and you point it to another volume on your computer, maybe you have a USB external disk that's maybe ginormous, it's a few terabytes in size, so this is meant to be a set and forget kind of thing where in the background any changes you make to your libraries, your documents, your movie files, your desktop folder, your contacts, your Internet Explorer favorites, automatically gets copied out to your File History drive and then if you need to restore any of that data, it's available. In a sense File History is like a local version of One Drive or DropBox, those are two good public cloud services that can have the same benefit of you synchronizing content on your own computer so that it's saved off box. Can't stress this enough how important it is, not only in your own computing, but also strongly suggesting for all of your users to make sure they're never storing their personal data or any data that can't be replaced on just one hard drive, that's not what you ever want to do. Now the scheduling component in Windows is a little bit tricky because File History is meant to just run all the time and strangely enough there is not an inbox backup tool built into Windows Client. As you'll see in just a moment, backup is a core part of Windows Server, but Windows Client you'll probably have to go the third party software route if you want to take control of scheduled backups. The scheduling engine in Windows, as you see here, is the task scheduler, you can run any job on a task with it, and if you're a command line person, there's the AT.EXE tool that's been in Windows since the very beginning.
-
Server-side Backups
On the server side it's a different thing because look, when you're in a business anything but the smallest SOHO business, you need a centralized solution for backups. You don't want to mess around with having all of your users store their data on their own work stations and leave them responsible to back up their files. Absolutely not. You want to use a server tool, like the built in Windows backup that you see here, to go out across the network and backup all volumes that contain user data. So the idea here, globally, is that you want all of your users work data stored on one or more file servers and then you'll run first or third party enterprise backup software to collect those backups, alright. Now the built in Windows Server backup has historically been a little bit anemic, it's not really a centralized solution if you have a whole bunch of servers to back up. You'll notice I'm calling out on screen right now that the Windows Server backup tool that's built into Windows Server links up to Microsoft Azure backup. Azure is Microsoft's public cloud subscription service and as it happens, using Azure backup allows you to take your backups and then shuttle them directly to the cloud so they're off box. Check the Pluralsight library for more information on all of these features that I'm telling you. We're just doing a survey at this level. I will do a couple demos that will light up some of this stuff, but you'll want to go into the Pluralsight library to deep dive if that's what you're interested in. I've mentioned too many times that Windows PowerShell is the way to do true multi-server administration, and this, that is to say using the backup PowerShell cmdlets along with scripting, can save you a lot of work horsing around with the Windows backup graphical user interface. As you see here, this pipeline, I'm grabbing all of the commands that have nouns that start with WB, that's Windows backup, and I'm just basically grabbing just the names of the commands and I'm formatting them in three columns to save space. You can do a whole lot with backups through Windows PowerShell. Again, with scheduling, we have Task Scheduler and AT.EXE as the built in choices.
-
Scheduled Disk Maintenance
As far as options for scheduled disk maintenance, we've looked at a lot of this thus far in the learning path, both for 220-901 and now 902. Windows Defender is the first party inbox antimalware scanner. It's had a long history. I used to use the product before Microsoft had Windows Defender. My favorite antimalware years ago was a piece of software called Giant Anti-Spyware. Microsoft bought the company through an acquisition and they still have that engine running as the Windows Defender. Now antimalware means that the software is going to look not only for your traditional viruses, worms, and Trojan horses, but it'll also look for spyware, basically any malicious code where malicious code, malicious software or to bring the words together, malware, denotes code that you're not explicitly granting permission to run and likely does something bad. Another tool is Disk Cleanup. It's been in Windows for a long, long time and this is something you can schedule or just run ad hoc to free up disk space on the user's computer. Where Windows Defender is meant to clean malicious code, Disk Cleanup allows you to remove temporary files, downloaded program files, and so forth, logs. Nowadays with disk space being as inexpensive as it is, tools like Disk Cleanup aren't as important, in my opinion, as they were in years past. We've already gone over the optimized drive tools in Windows 8.1 and the fact that for standard mechanical drives we can do traditional defragmentation. In this screenshot all four of those volumes are solid state, so we can't do traditional defragmentation, but instead, you'll remember, we can run trim commands against those SSDs. And then finally, we have the Programs and Features Control Panel. You can get really used to this tool because this is where you can inventory and manage installed programs on a user's computer. Now something that a lot of administrators miss, I'm going to highlight it on the screen right now, is that this is also where you can turn built-in Windows features on or off. You may have Windows built-in features running on a user's system, occupying processor and RAM, and all of that resource use when the user doesn't even use those programs or features. So by going in and customizing those built in features, which are turned on and which are turned off, you can reduce the attack surface of your customer's computers as well as save resources. Finally the view installed updates link is important for troubleshooting Windows updates. If a Windows update is actually causing a conflict on a customer's system, as long as you find the knowledge base or KB number of the update, you can go in there and uninstall it quickly and easily.
-
Windows Updates
Now what about Windows updates, so called Patch Management? You're accustomed to Microsoft delivering security updates, feature updates, definition updates for Windows Defender, any new code, fixed code, enhanced code, Microsoft wants to send you over the internet for download and ingestion on your computer. Now Windows 10, the latest client version of Windows, turns this on its head, it uses a peer to peer model for updates. Check the Pluralsight library for our Windows 10 Client courses for more info. Remember that the 220-902 does not include Windows 10, so we're limiting ourselves to say Windows 7 and Windows 8.1 principally. But anyway, take a look at this company network, we have desktop clients as well as servers that all need to download and install those Windows updates. The way the Windows Update Control panel normally works is that the host will go out through the internet periodically and query Microsoft Updates, their web servers and their content servers. Now if you have 50, 100 or more client devices, that is a lot of internet bandwidth that's being used. Because each of those 50 desktop systems, for instance, is going to pull down a couple hundred MBs every month, that is just not an efficient use of bandwidth number one, and it's really not safe number two because as I said, sometimes you may have a conflict browser a Windows update and an existing line of business application or device driver that you're using because another point to consider actually is that Windows Update can give you more than just Windows updates, it can also deliver updated vendor device drivers, you see. So the way that we do this in the enterprise, de facto, is that we install Windows Server Update Services or WSUS, we stand up at least one Windows Server machine and it goes out to the internet and downloads the content from Microsoft update and then you as an administrator can test that software, test the updates, against some lab machines or maybe you'll use the IT department computers as guinea pigs and then you as an administrator can selectively approve or block those updates before scheduling them for installation on your company network machines. Now how do those company network machines know that they need to go to the WSUS server inside the corporate perimeter as opposed to Microsoft update? You guessed it, group policy, which I've mentioned so many times over the course of this training.
-
Driver/Firmware Updates
As I said, Windows update can deliver driveware and even firmware updates, so in summary, Windows update can handle that. That having been said, you're going to get the best fidelity if you download and install the vendor's own device drivers. A classic example is the Catalyst Control Panel that's published by AMD in support of their radian graphics cards. For instance, this is the Control Panel I have on my Windows 8.1 station and you see they have a supported over-clocking feature called OverDrive. You're not going to get that capability using the traditional plug and play inbox driver in all likelihood. Same goes for printers and multifunction devices. I would suggest that you avoid these driving updating utilities. The definitive why is from one of my favorite websites, howtogeek.com, check the course notes because I give you all the appropriate links, but basically howtogeeks perspective matches my perspective. In testing some of these driver update utilities that supposedly allow you to install their client software for free, it will detect all of your out of date or missing drivers and offer to fetch them for you for no cost. Well of course, there are lots of hidden costs that these software companies don't tell you about. Basically they'll tell you what you're missing and then in order to get the updates you have to pay a license fee. I think that's a pretty tricky way to do business. If I'm going to sell you software, I'm going to explain how the licensing works right up front.
-
Anti-malware Updates
With regard to antivirus and antimalware, I showed you Windows Defender. Any antimalware scanner is only as effective, any antimalware scanner is only as effective as the recency or how current its definition updates are. That's going to be a buying decision. I've had good luck using Windows Defender, but when you're in an enterprise and you need to protect everybody's computer centrally, you'll probably wind up going to a third party like Symantec Endpoint Protection Manger that you see at right. Normally these tools have a web-based console, this screenshot shows a thick client application that you use to administer it, but the bottom line is you're centralizing the download of all of the definitions and you're locking down the client, the agent software that you install on every host in your network. After all, you don't want to give Joe user or Jane user the ability to turn off scanning to uninstall the software and so on. So this is a particularly important type of client server software in the enterprise.
-
Demo 1: Windows Update and WSUS
I want to do our first demo on Windows update and Windows server update service. Now knowing the ins and outs of WSUS is way beyond your scope, so instead what I want you to focus on as we're working is just the basic workflow. Pay more attention to the client side of the equation. I've opened up an administrative PowerShell console and I can type wuapp in Windows Server 2012 R2 or Windows 8.1 to quickly open the Windows Update Control Panel, as you see here. On the main page it tells us if we have updates available, when the last check was, when the last installation took place. We'll want to come over here to do an update check or just as importantly change settings. Now on an individual consumer basis, if you're working say in a repair shop and you're working with consumer users who just have a couple computers at their home, then this is where you'll go to change your Windows update settings. Because this computer is part of an Active Directory domain, I'm already centrally managing Windows updates and you'll notice here, even though I'm logged on as an administrator, I don't have the ability to change options like, for instance, what kind of update policy I have going on, what time those updates come down, and so on and so forth. So in an enterprise, like I said, the server side of the equation is to use a server role built into Windows Server called Windows Server Update Services and I already have the tool set up on this machine. Basically setting it up involves pointing your server to Microsoft Update and then downloading the updates from Microsoft. You can see that they're classified in different categories. As you can see, the updates that I've downloaded are classified in different classifications, critical updates, security updates, WSUS updates, and what you do here is you test out these by deploying them selectively to maybe you've created a computer group called test computers, that's the other side of the equation with WSUS. You're managing and organizing all of the updates that you've brought down from Microsoft and then you selectively approve them and deploy them to particular computer groups, you see. You can really scale out WSUS by creating streams of servers, you might have a master WSUS server that pulls down the content across the internet from Microsoft and then you may have a local WSUS server in each of your branch offices that pull their content from the master WSUS server. Microsoft has been at this for a long time, it works really, really well. And of course there's a whole bunch of prebuilt reports. So you can see, for instance, what computers are behind in their updates, maybe a user has a company issued laptop and they've been on vacation and the machine's been turned off and unplugged, you can spot those exceptions to the rule fairly quickly, you see. When you right click a column, you see the tremendous amount of metadata available for the updates that you've downloaded from Microsoft and you can change the view very, very quickly to look at, for instance, just those updates that you've approved or declined and so forth. If you're wondering, well how do we link the client computers to the WSUS server, I actually told you that, you'll remember, a little bit earlier. I'm going to open up the Run box and type gpmc.msc to open the Group Policy Management Console and in my Default Domain Policy, let me go to Settings, we can look at a report of what I've set. I'm going to click show all to show everything, and if I come down under computer configuration Administrative Templates, Windows Update, you can see that I've enabled some options here. I've specified the Automatic Update detection frequency, I've cut to down to every hour, just because I'm in a lab and I want to make it really obvious when updates are ready and I've configured the client side settings here. The most important setting for WSUS is the specify internet Microsoft update service location and I've pointed that to my dc1, that's the machine we're on right now. Long story short, once your client devices have ingested this group policy, they'll be looking at the WSUS Server and downloading only approved updates from now on.
-
System Restore
Now we'll turn our attention to tools. To be honest, we've been using tools thus far, but I had to think of some way to divide up the content. Don't mind the man behind curtain, right, anyway here's System Restore. This is an awfully useful technology, but not used anywhere near to the degree I think it should, for understandable reasons that we'll discuss in just a moment. System Restore comes to us from Windows 7 and above, also called System Protection in Windows 8.1 and Windows 10. The big thing I want you to know is that System Restore allows you to dial back, basically restore your system state to a previous time, a previous date and time, potentially. And this is useful if configuration changes have resulted in unwanted behavior. It's a good first line of troubleshooting defense before you consider backing up all of the user's personal data and then wiping and reloading the operating system. Here's the thing, I include in the course notes a link to a Microsoft knowledge base article that explains exactly what is and is not included in a System Restore restore point. What you need to drill into your user's heads in a loving way is that System Restore affects only programs, features, and drivers, not user data, and you configure this through the System Control Panel, the System Protection tab, as you see here, and you enable or disable System Restore on a per drive basis. Because we're dealing with programs and the operating system and the drivers and the registry, I've historically turned this on only on drive C. Notice that we can configure when System Restore automatically takes restore points and we can also create our own restore points manually before making a big configuration change, for instance, and then the restore piece can be had right here through the System Properties dialogue or by restarting your system into repair mode, Windows RE, and launching it from there.
-
System Image Backup
System Image Backup is also pretty cool. It's a technology that allows you to backup your entire C drive, so you're backing up the actual state of your system. I'm talking from soup to nuts, yes, this includes personal data, yes this includes all programs, drivers, everything. You're essentially taking a snapshot of the entire C drive. The issue though is that it can be difficult to find System Image Backup in Windows 8.1. I don't know why Microsoft makes it difficult to find, but they do. You can get to it from the File History Control Panel and what you do is just point your backup to a disk, a disk volume, besides drive C, of course, that has enough free space to accommodate your C drive, and then by booting the computer into repair mode, Windows RE, you can restore that image. Now be careful, when you do a System Image Recovery, it slam dunks on top of your C drive and unless you've included all of your files in the image or you've backed up your files elsewhere, that system image is going to overwrite them, maybe that actually is why Microsoft seems to downplay this, because they've probably received support calls from angry customers who thought, well I see this System Image utility, I figured I could use it to restore my system, but maybe they got confused between System Image Backup and System Restore, ah-hah.
-
Demo 2: System Restore and System Image Recovery
In our second demonstration I want to run through System Restore and System Image Recovery. First let's do System Restore. I'm going to open up Control Panel again, you know I like that right click the Start button trick, and I'm going to search Control Panel for System Restore, I'm going to click System and then click System protection, and finally we come to the appropriate dialogue box. Alright, so it looks like I've got my C drive turned on and if I go to Configure I can adjust the cache, the amount of space that's being used for system protection. Now I don't want to, I want to be careful changing it, let's putting it this way, because if I adjust the slider it's going to delete old restore points. You can also, for security reasons, manually delete although of them. Note that the location of those restore points is hidden, it's not very obvious to see where the restore point data is actually stored on disk. Check the course notes, I know I sound like a parrot with that, but I'll give you a link if you're interested in geeking out to that degree. You can also create a manual restore point. And let's actually do that. Let's click Create and I'm going to call this Pre-Altaro and then click Create. It takes just a moment to create the restore point and the reason why I'm creating the point, it was created successfully, that's cool, is that I'm now going to install a piece of software called Altaro VM Backup. And I just grabbed the first random piece of software I could find in my lab environment, it doesn't matter what this software is, it's just being used here as a case study. Now no offense, I love the people at Altaro, but we're going to pretend that installing this software has created system instability and we're going to use System Restore to restore the system to the state it was prior to this software being loaded. Now there's files in the program files directory and I would hazard a guess that if I opened the Service Control Manager by typing services.msc, yep there's a number of system services that are configured for automatic startup that may be hosing things up. Can System Restore help us? Well the answer of course is yes. Let's come back to the System Protection dialogue. If you can't boot your system, you can still get to System Restore by booting into WinRE, we're going to do that in just a moment. But for now, let's open the System Restore client and step through the wizard. We see a list of previous System Restore events, we've got one that we just manually created. The operating system will automatically create restore points every time the computer is started, there's a whole list, check the course notes, you don't need to know all the specifics, but you can check the course notes for details on that, but for our purposes we want to click Pre-Altaro, and look here, scan for affected programs. That's a really useful button to press because remember you're setting the user's computer back in time and let's say Altaro is causing us problems, well what if we installed other software besides Altaro, will that go away? Yes it will. So this affected programs report tells us what programs and drivers will be deleted and what programs and drivers were included in the system restore that might actually come back, you see what I mean. So don't overlook that scan for affected programs. Let me click Next. It asks us, are you sure you want to do this? Yes I do. And it gives us a final warning that we can't interrupt this once we start, do we want to continue? The answer is yes. Of course I'm going to pause, it's going to restart, I'm going to pause the video right now so you don't have to sit here and wait for this with me. Okay we've come back from that restart. So let me go ahead and log in on that Windows 8.1 box and we'll quickly verify that yes, it says it right here actually, System Restore completed successfully, your documents have not been affected. Well thank you very much for that. Let's bring up the Service Control Manager and verify that the Altaro services are gone. Yes they are. Okay so that's that. The other thing is the Windows System Image Recovery. I mentioned that Microsoft kind of hides that option. Let's see if we can get to it from Control Panel. I'll do a search for system image, and no items match your search. See I wasn't fooling when I said that Microsoft is hiding this. How about if I do a search for File History and I'll open the Control Panel and down here we have System Image Backup, very much hidden. Now this is the tool you use to create the system image, okay, so you'll want to select not a DVD of course, but you'll want to choose a disk volume that has adequate space on it, click Next, it takes awhile to do, so go get yourself some coffee while the backup is being taken. I'm going to browse to my J drive and we can see a folder created called WindowsImageBackup, win81, and then there's a whole bunch of metadata. There's a huge 11 GB vhdx file. These are the virtual hard disks. This is the system reserved partition and this is my actual C drive. I've never tried to mount this in Hyper-V, but that would be an interesting thing to try. Bottom line is, you don't want to touch these files. Instead you want to get to them from Windows RE. Let's go to the Start screen. Now to go into repair mode and to get to the safe mode options, remember we've covered that earlier in the learning path, what a pain in the neck it is. Don't try restarting and doing the F8 dance, you're not going to get very far. You could boot the computer off of the Windows DVD or you can do the Shift trick, which is my favorite, hold down Shift, click the Power button, hit Restart. It brings you into Windows RE immediately where we're going to go into Troubleshoot. Now Refresh and Reset are interesting. I don't think we've talked about these. As a drive by I'll quickly say it, if System Restore is not getting you there and you don't actually want to restore a System Image Backup or if you don't have a System Image Backup, you can do a refresh, which is where you don't lose any of your files, it's just that the operating system is reinstalled on top of itself. A reset is what you would do before selling the computer, for instance. That's going to reset the computer to its operating system defaults and it's going to nuke all personal files, so you want to be very careful before running reset. We actually want to go into Advanced Options, System Image Recovery. The system restarts. It says preparing system image recovery. We're asked to log on. Now this is a local account here, a local administrator on the system, so let me select it, add its password, press Enter, and we have the ability to re-image our computer. What it's going to do, what Windows RE is going to do, is look on all locally mounted drives for an image and it's going to give you the latest one by default, but if you've taken more than one system image, you can select. Now here's a gotcha, you've got to do some hacking around to store more than one system image on the same volume. So I would suggest that if you're going to use this that you recreate the image every few months after you validate that the system is stable, so that you do just have one latest image as to go along. Now we're not going to proceed through here because I don't want to lose the current operating system, but essentially you're just prompted to confirm that this is what you want to do and then you just sit back and wait and you've effectively taken your computer completely back in time, preferably to a known stable state.
-
Back to the Real World
Now back in the real world, these questions should be a breeze for you right now. Will System Restore delete my personal files? The answer, of course, no. System Restore ignores user data. Now I will add that System Image Backup does do a full overwrite, so you absolutely want to be very careful about user data in that case. The other question, is driver update software worth it? Now I'm telling you no, but understand that ultimately this is the world according to your trainer, Tim Warner. If you've discovered driver update software that works really well, then that's wonderful, disregard what I said, but in my research and my friends at howtogeek feel the same way, the majority of that software is scamware. It doesn't really do what it's advertised to do and the documentation is poor.
-
Homework
For homework, this is going to be a pretty invasive homework assignment, assuming that you have your lab network set up, I want you to add a second virtual disk to one of your lab VMs, add it as a data disk. Remember that these virtual disks are simply files on your hard drive and even though you may create the virtual disk at like 60 GB, it's not going to occupy that amount of space, that's just logically what it's max is from the perspective of the VM. The reason I want you to add that virtual disk is because I want you to use the tools that I've showed you to create a system image. That will take some time, like I said. Once you've created the image, make some configuration changes to your VM and then go into Windows RE and restore the system. I don't have it on this homework slide because I didn't want to put too many instructions, but I'd also suggest you practice with System Restore. You'll be using these maintenance tools a lot in supporting your users, especially non-business consumer end users.
-
Summary
In summary, remember that user data is sacred. You can always reinstall an operating system, we can always reinstall applications, but a user's document library, their photo library, their music, that may be the only set of files that exists on this planet and if you make a blunder that results in that data being permanently deleted, you've got some problems professionally and perhaps personally. Along those lines, I haven't explicitly mentioned this, I'm glad to think to mention it now, it's really important to respect your customer's privacy. There's really a lot of trust, even in a business world where an employee knows that anything on their system data wise is subject to inspection by IT, it's important to respect the user's privacy. You might even want to let them know, look I'm not going to look at any of your data, I'm going to make sure that it's backed up and protected, but I respect your privacy and your data is yours. A lot of users and customers I've helped thanked me for that level of transparency. So let's keep this conversation going. This is the end of the first course in the 220-902 learning path. In the Pluralsight web player what you'll want to do is click over to the Discussion tab and if you don't have a Live Fire account, create one, they're free, and ask me any questions that you have. You see that my account is PluralsightTim and I will address your questions. That's what I'm here for after all. With that, thank you for hanging in there and sticking through this course. I know it's a lot of material. Congratulations to you, but let's keep the momentum going and proceed into the next course, which is also an operating systems course, but it's called Other Operating Systems and we'll concern ourselves with Linux, Unix, OS 10, and mobile OS's. I'll see you then. Take good care.