Windows System Administration and Hardware Fundamentals

Posted on Jan 11, 2026 in Computers

TPM and BitLocker Encryption

TPM (Trusted Platform Module) is a hardware-based security chip used for storing cryptographic keys, passwords, and digital certificates securely. It is used for BitLocker encryption and Secure Boot. BitLocker requires a TPM chip on the motherboard.

Launching Advanced Startup Options Menu

There are three primary ways to access the menu:

  1. Navigate to Settings > Update & Security > Recovery > Advanced startup > Restart now.
  2. Use the command: shutdown /r /o /f /t 0.
  3. Press Shift + Restart from the Start Menu.

Windows 10 Advanced Options Menu Features

The menu includes six key options:

  1. System Restore: Reverts system files and settings to the last save point; does not affect personal files.
  2. Command Prompt: For advanced troubleshooting.
  3. Startup Repair: Fixes problems that keep Windows from loading.
  4. Go back to the previous version: Reverts to a prior build.
  5. System Image Recovery: Restores the entire system and wipes everything.
  6. Startup Settings: Allows changing Windows startup behavior.

Hardware and Storage Management

To check for bad sectors, use the command chkdsk /r. The first sector of a drive is the MBR (Master Boot Record). A Sector is the smallest physical storage unit (usually 512B or 4KB), while a Cluster is a group of sectors and the smallest unit the OS uses to manage files. A zero-fill utility is used to fully wipe a drive.

In notebooks, ExpressCard is the PCIe standard for the PCMCIA slot. Memory modules replacing DIMMs in notebooks are SO-DIMMs. Common notebook drives are 2.5″ SATA. Device drivers are usually preinstalled at the factory, and a Windows 7 x86 notebook requires 32-bit drivers.

Battery Technology Comparison

  • Ni-Cad (Nickel-Cadmium): Older technology that suffers from the memory effect.
  • NiMH (Nickel-Metal Hydride): Higher capacity with less memory effect.
  • Li-Ion (Lithium-Ion): Lightweight, no memory effect; common in laptops and phones.
  • Li-Po (Lithium-Polymer): Similar to Li-Ion but lighter with a flexible shape; used in mobile devices.

Laser Printing Steps and Components

Laser printing follows a seven-step process:

  1. Processing: Page data is processed.
  2. Charging: The drum is negatively charged.
  3. Exposing: A laser writes the image on the drum.
  4. Developing: Toner sticks to written areas.
  5. Transferring: Toner is transferred to paper.
  6. Fusing: Heat and pressure bond toner to paper.
  7. Cleaning: The drum is cleaned for the next job.

Major parts include the Toner cartridge, Drum unit, Fuser assembly (for toner bonding), Transfer roller, Laser scanning assembly, and Pickup rollers. Color transfer often uses a Transfer Belt, and Duplexing Assemblies enable auto-duplex printing.

Imaging and Print Formats

A bitmap is a raster image where pixels are stored in rows and columns, each with a defined color. XPS (XML Paper Specification) replaced GDI in Windows as a vector format. Other formats include:

  • RAW: Unprocessed data sent directly to the printer.
  • PostScript: Adobe format for complex documents.
  • PCL: HP’s Printer Control Language.
  • GDI: Windows-based rendering.

Windows Boot Process and System Files

The boot sequence follows these steps:

  1. POST (Power-On Self Test).
  2. UEFI/BIOS loads the Windows Boot Manager (bootmgr).
  3. Boot Manager reads the BCD (Boot Configuration Data) store.
  4. Winload.exe (BIOS) or Winload.efi (UEFI) loads the OS kernel and drivers.
  5. Ntoskrnl.exe runs, initializing subsystems.
  6. Smss.exe (Session Manager) starts the session.
  7. Winlogon.exe handles user logon.

The Active partition is the bootable partition the BIOS searches for. A Warm boot is a restart via the OS (e.g., Ctrl+Alt+Del), while a Cold boot involves physically powering the device off and on.

Essential Windows System Files

  • Hal.dll: Hardware Abstraction Layer.
  • Pagefile.sys: Virtual memory swap file.
  • Win32k.sys: Interface between Win32 apps and the kernel.
  • Csrss.exe: Client/server runtime.
  • Services.exe: Manages services.
  • Lsass.exe: Local Security Authority.
  • Userinit.exe: Initializes the user environment.
  • Explorer.exe: Windows GUI/shell.

Network Security and Firewalls

Firewalls can be Stateless (filtering based on static rules like IP and port) or Stateful (tracking connections and packet context). Packet filtering examines source/destination IP, ports, protocols (TCP/UDP), and flags. Deep Packet Inspection (DPI) analyzes contents beyond headers to detect malware.

Next-Generation Firewall (NGFW) features include DPI, IPS (Intrusion Prevention System), application awareness, malware detection, VPN support, and content filtering. Configure settings via Control Panel > Windows Defender Firewall or the Windows Security App.

Malware Types and Security Threats

  • Virus: Attaches to files and spreads when opened.
  • Worm: Spreads independently through networks.
  • Trojan: Disguises as safe software.
  • Spyware: Monitors activity and steals info.
  • Ransomware: Locks files for payment.
  • Rootkit: Provides hidden system access.
  • Adware: Delivers unwanted advertisements.

Other threats include Zero-day exploits, Man-in-the-middle attacks, Denial of Service (DoS), Phishing, and Password Attacks. Use Strong passwords (12+ characters, mixed case, symbols, no dictionary words).

Encryption and Cloud Computing

Symmetric encryption uses a Private Key for both encryption and decryption. Asymmetric encryption uses a Public Key to encrypt and a Private Key to decrypt. EFS (Encrypting File System) allows file-level encryption within NTFS.

Cloud models include:

  • IaaS (Infrastructure as a Service): Virtualized resources like servers.
  • PaaS (Platform as a Service): Platforms for developers.
  • SaaS (Software as a Service): Web-based apps like Microsoft 365.

Windows Commands and Troubleshooting

  • sfc /scannow: Scans and fixes system files.
  • chkdsk /r: Repairs bad sectors.
  • diskpart: Disk partitioning.
  • bootrec /fixboot & /fixmbr: Repairs boot sectors.
  • bootrec /rebuildbcd: Rebuilds the BCD store.
  • Windows Indexer: Speeds up searches by indexing files.
  • Spooling: Placing print jobs in a queue.
  • APIPA: Provides a default IP if DHCP is unavailable.
  • Performance Monitor: Monitors system health.
  • Memory Diagnostics: Tests RAM.
  • Event Viewer: Checks hardware errors.
  • Chain of Custody: Documentation for evidence.

To enable boot logging, press F8 during startup and select Enable boot logging; the log is saved at C:\Windows\ntbtlog.txt. For screen orientation, mobile devices use an Accelerometer, and Capacitive Touch Screens use skin conductivity. A Virtual Machine is a software-simulated physical computer. The maximum filename path length is 260 characters.