Few notes and answers of the Windows Fundamental from TryHackMe
Windows Fundamental 1
Notes:
- Windows uses NTFS as file system.
- Right-click on the Start Menu and click Run . Type
lusrmgr.msc
to see other users - For more learning about process in windows, check Core Windows Processes room
- Shortcut key for Task Manager Ctrl+Shift+Esc
Started by loging into RDP with remmina
Questions and Answers:
- What encryption can you enable on Pro that you can’t enable in Home?
- BitLocker
- Which selection will hide/disable the Search box?
- hidden
- Which selection will hide/disable the Task View button?
- show task view button
- Besides Clock and Network, what other icon is visible in the Notification Area?
- action center
- What is the meaning of NTFS?
- New Technology File System
- What is the system variable for the Windows folder?
- %windir%m
- What is the name of the other user account?
- tryhackmebilly
- What groups is this user a member of?
- Remote Desktop Users, Users
- What built-in account is for guest access to the computer?
- guest
- What is the account status?
- account is disabled
- What does UAC mean?
- user account control
- In the Control Panel, change the view to Small icons. What is the last setting in the Control Panel view?
- windows defender firewall
Windows Fundamental 2
Notes:
MSConfig
is the System Configuration in Windows.
Computer Management compmgmt
It has System Tools, Storage, and Services and Applications.
For more information about Event Viewers and Event Logs, please refer to the Windows Event Log room.
Local Users and Groups lusrmgr.msc
Windows Management Instrumentation (WMI) service
System Informationmsinfo32
Another method to view environment variables is Control Panel > System and Security > System > Advanced system settings > Environment Variables
OR Settings > System > About > system info > Advanced system settings > Environment Variables
.
Resource Monitor resmon
Registory Editor regedit
Questions and Answers:
- What is the name of the service that lists Systems Internals as the manufacturer?
- psshutdown
- Whom is the Windows license registered to?
- Windows User
- What is the command for Windows Troubleshooting?
- C:\Windows\System32\control.exe /name Microsoft.Troubleshooting
- What command will open the Control Panel? (The answer is the name of .exe, not the full path)
- control.exe
- What is the command to open User Account Control Settings? (The answer is the name of the .exe file, not the full path)
- UserAccountControlSettings.exe
- What is the command to open Computer Management? (The answer is the name of the .msc file, not the full path)
- compmgmt.msc
- At what time every day is the GoogleUpdateTaskMachineUA task configured to run?
- 6:15 AM
- What is the name of the hidden folder that is shared?
- sh4r3dF0Ld3r
- What is the command to open System Information? (The answer is the name of the .exe file, not the full path)
- msinfo32.exe
- What is listed under System Name?
- THM-WINFUN2
- Under Environment Variables, what is the value for ComSpec?
- %SystemRoot%\system32\cmd.exe
- What is the command to open Resource Monitor? (The answer is the name of the .exe file, not the full path)
- resmon.exe
- In System Configuration, what is the full command for Internet Protocol Configuration?
- C:\Windows\System32\cmd.exe /k %windir%\system32\ipconfig.exe
- For the ipconfig command, how do you show detailed information?
- ipconfig /all
- What is the command to open the Registry Editor? (The answer is the name of the .exe file, not the full path)
- regedt32.exe
Windows Fundamental 3
Notes:
Access Microsoft Update control /name Microsoft.WindowsUpdate
Windows Defender Firewall WF.msc
Questions and Answers:
- There were two definition updates installed in the attached VM. On what date were these updates installed?
- 5/3/2021
- Specifically, what is turned off that Windows is notifying you to turn on?
- real-time protection
- If you were connected to airport Wi-Fi, what most likely will be the active firewall profile?
- real-time protection
- If you were connected to airport Wi-Fi, what most likely will be the active firewall profile?
- public network
- What is the TPM?
- Trusted Platform Module
- What is VSS?
- Volume Shadow Copy Service