Scribd
Upload
28 views19 pages

Windows Operating Systems

The document provides an overview of Windows Operating System management, including key concepts such as Active Directory, process and memory analysis, user privileges, and the use of PowerShell. It discusses challenges like open ports and privilege mismanagement, while also highlighting opportunities for automation and enhanced security. Real-world examples illustrate the practical applications of these concepts in managing Windows environments effectively.

Uploaded by

Jaya kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
28 views19 pages

Windows Operating Systems

The document provides an overview of Windows Operating System management, including key concepts such as Active Directory, process and memory analysis, user privileges, and the use of PowerShell. It discusses challenges like open ports and privilege mismanagement, while also highlighting opportunities for automation and enhanced security. Real-world examples illustrate the practical applications of these concepts in managing Windows environments effectively.

Uploaded by

Jaya kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 19

Placeholder

Windows
Operating System
Overview of the Presentation
• Basics of Windows OS
• Process and Memory Analysis with Process Hacker
• Windows Shares and Enumeration
• Searching/Grepping for Files
• SSH and Scheduled Tasks
• User Privileges
• Introductory PowerShell
• Challenges in Windows Management
• Opportunities in Windows Management
• Use Cases in Windows OS
• Questionnaire
• Conclusion
Active Directory Definition
Active Directory is an important part of IT infrastructure. It can be used to manage devices, users, domains, and objects within a
network. Organizations use Active Directory for its seamless identity and access management capabilities. It can allow users to gain
authenticated and authorized access to devices, applications, and systems across the cloud and on-premises reliably and conveniently.
What are Active Directory Domain Services (AD DS)?
Active Directory Domain Services are the core components of Active Directory. AD DS can help network administrators authenticate
users and determine which network devices should be made accessible for those users. AD DS offers additional features such as LDAP,
Single-Sign-on (SSO), SSL, access rights management, and more.
Key features of Active Directory Domain Services
Certificate Services: Create, manage, and share encryption certificates using Domain Services. This helps users exchange information
securely over the internet.
Lightweight Directory Services (LDS): AD LDS is a Lightweight Directory Access Protocol Service (LDAP) that makes the Domain
Services more versatile and flexible.
Active Directory Federation Services (ADFS): ADFS allows employees to access multiple devices, applications, and systems with a
single login credential. This Single Sign-On solution enhances the user experience.
Rights Management Services (RMS): AD RMS provides tools to help administrators manage security services to secure their data.
These technologies include authentication, certifications, encryption, and more.
Hierarchical structure of Active Directory Domain Services
Domain services of Active Directory include a hierarchical structure consisting of the following:
•Domains: A domain consists of objects such as users, devices, groups, and databases. This tree-like structure has standard domains
and subdomains.
•Trees: A collection of domains is known as a tree. Trees are grouped together in a logical hierarchy.
•Forest: A forest contains a group of trees and is considered the highest structure within an AD. Trees within a forest share domain
configurations, catalogs, schemas, application information, and more.
•Organizational units: Organizational units organize groups and computers within a network.
•Containers: Containers are similar to organizational units. However, containers cannot link generic Active Directory with Group Policy
Object (GPO).
Basics of Windows OS
Key Concepts:

1. Open Ports:
• Logical communication endpoints used for data exchange.
• Example: Port 80 for HTTP, Port 443 for HTTPS.

2. Registries:
• A hierarchical database storing configuration settings for the
OS and software.
• Example Path: HKEY_LOCAL_MACHINE\Software.

3. Services:
• Background processes that perform system-specific tasks.
• Example: Windows Update Service (wuauserv).
Process and Memory Analysis with Process
Hacker and Content:
Definition

• Process: A running instance of a program in memory.


• Memory Analysis: Examining RAM to detect anomalies.
• Tool: Process Hacker for real-time process monitoring and memory analysis.

Real Example:

A company used Process Hacker to detect a crypto-miner process causing high


CPU usage. They terminated it and secured the system.
Windows Shares and Enumeration
Key Concepts:

1. Windows Shares: Resources shared across networks for


collaboration.
• Example: \\ServerName\SharedFolder.

2. Enumeration: The process of gathering details about system


resources.
• Tools: PowerShell commands like Get-SmbShare or third-
party tools.
What is Task Scheduler?
Task Scheduler is a built-in Windows utility that allows users to automate the execution
of programs, scripts, and various tasks at specific intervals or specific events. It
simplifies the process of running repetitive tasks, managing background processes, and
scheduling maintenance activities on a computer.
How does Task Scheduler work?
Task Scheduler works by creating tasks that contain the details of the actions to be
performed, such as running a program or displaying a message. Users can specify
triggers, like time-based schedules or system events, and actions to be taken when the
task is triggered.
Searching/Grepping for Files
Key Concepts:

1. File Search:

•Command Prompt Example: dir /s /p filename.


•PowerShell Example:
Get-ChildItem -Path C:\ -Filter *.txt –Recurse

Real Example:

IT staff used PowerShell scripts to locate outdated .log files and


automate their deletion, optimizing storage.
SSH and Scheduled Tasks
Key Concepts:

1. SSH (Secure Shell):


• A protocol for secure remote management.
• Example Command: ssh username@hostname.

2. Scheduled Tasks:
• Automates recurring actions like updates or backups.
• Real Issue: Attackers use scheduled tasks for persistence.

Real Example:
During the SolarWinds attack, malicious scheduled tasks were
used to compromise client systems.
User Privileges
Definition: Permissions assigned to user accounts based on their
roles.

Types:

1.Administrator: Full control over the system.


2.Standard User: Limited permissions for daily tasks.
3.Guest: Minimal privileges, mainly for temporary use.

Best Practice: Implement role-based access control (RBAC) to


minimize privilege escalation risks.
Introductory PowerShell
Definition: A powerful scripting tool for Windows system
management.

Common Cmdlets:

1. Get-Process – Displays all running processes.


2. Get-Service – Lists system services.
3. Test-Connection – Checks network connectivity.

Example Script:

Powershell - Get-EventLog -LogName Security -Newest 10 |


Format-Table

Displays the 10 latest security events in a table format.


Challenges in Windows Management
Defined Challenges:

1. Open Ports:

1.Definition: Open communication endpoints that attackers exploit


if not secured.
2.Example: Misconfigured SMB services led to the NotPetya
ransomware attack in 2017.

2. Privilege Mismanagement:

3.Definition: Overprivileged user accounts increase the risk of


insider threats or misuse.
4.Example: Employees installing unauthorized software caused
Challenges in Windows Management
3. Registry Vulnerabilities:

1.Definition: Incorrect registry settings can expose systems to


attacks or cause instability.
2.Example: Attackers often target the registry to escalate
privileges or disable antivirus software.

4. Misuse of Scheduled Tasks:

3.Definition: Attackers use scheduled tasks to persist malware


on systems.
4.Example: The SolarWinds attack leveraged malicious
scheduled tasks for ongoing access.
Opportunities in Windows Management
Growth Areas:

1. Automation: Use PowerShell for task automation, log analysis,


and system monitoring.
2. Enhanced Collaboration: Secure file sharing with NTFS
permissions.
3. AI-Powered Monitoring: Tools to detect process anomalies
and automate threat responses.
4. Training Programs: Educate users on best practices for
managing privileges and detecting threats.
Use Cases in Windows OS
1. Process Monitoring with Process Hacker

• Definition: Process Hacker is used to monitor and analyze running


processes, identify memory usage, and detect suspicious activities.
• Real-World Example:
A company detected high CPU usage during non-peak hours. Process
Hacker revealed a crypto-mining malware consuming resources. The
malicious process was terminated, and security measures were
strengthened.

2. Secure File Sharing with NTFS Permissions

• Definition: NTFS (New Technology File System) permissions allow


administrators to restrict access to shared folders or files.
• Real-World Example:
During remote work, a business configured NTFS permissions to grant
employees access only to specific files, preventing unauthorized data
Use Cases in Windows OS
3. Searching Files with PowerShell Scripts

•Definition: PowerShell provides powerful commands for searching and


managing files in bulk.
•Real-World Example:
IT staff used a PowerShell script to locate and delete outdated .log files
across servers, optimizing disk space and improving system performance.

4. Remote Management with SSH

•Definition: Secure Shell (SSH) enables secure remote access to systems


for maintenance or troubleshooting.
•Real-World Example:
During the pandemic, administrators managed servers remotely using SSH
on Windows 10, ensuring uninterrupted operations.
Use Cases in Windows OS
5. Preventing Persistent Threats with Task Monitoring

•Definition: Monitoring scheduled tasks ensures no unauthorized or


malicious tasks are added to the system.
•Real-World Example:
A security team discovered a malicious scheduled task exfiltrating data
nightly. Regular task audits now prevent such incidents.
Questionnaire
1. What is the purpose of Process Hacker in Windows
management?
Answer: To analyze and manage processes and memory usage
efficiently.

2. How do NTFS permissions enhance file sharing security?


Answer: By restricting access to files and folders, allowing only
authorized users to view or edit them.

3. What command is used in PowerShell to search for files?


Answer: Get-ChildItem -Path C:\ -Filter *.txt –Recurse

4. What is the primary benefit of using SSH in Windows?


Conclusion
• The Windows OS provides versatile tools such as PowerShell,
NTFS permissions, and Process Hacker for efficient and secure
management.

• Challenges like open ports, privilege mismanagement, and


malicious scheduled tasks require proactive monitoring and
mitigation.

• Opportunities in automation, AI-driven monitoring, and training


programs enable better management and security of Windows
"The art of managing systems is not just about tools but about
systems.
vigilance, knowledge, and adaptability."

You might also like