System Operations
User, Group, & File Management
Creating a new user account (GUI) Deleting a user account (GUI) Modifying user account properties (GUI) PowerShell examples for user management Resetting a user password (GUI) Enabling or disabling a user account (PowerShell) Auditing user account activities (GUI) Configuring Account Lockout Policy (PowerShell) Exporting and Importing User Accounts (PowerShell) Restricting user logon hours (PowerShell)
1. Open Control Panel by searching for it in the Start menu.
2. Navigate to User Accounts > Manage Accounts > Add a new user in PC settings.
3. Follow the prompts to set up a new account, choosing between a Microsoft or a local account.
4. Fill out the form with the user's information and click 'Finish' to create the account.
1. Open Control Panel and go to User Accounts > Manage Accounts.
2. Select the account you wish to delete.
3. Click 'Delete the account'.
4. Choose whether to keep or delete the user's files and confirm the deletion.
1. Access the Control Panel and open User Accounts > Manage Accounts.
2. Click on the user account you want to modify.
3. Select 'Change the account type' to switch between Standard and Administrator.
4. You can also choose 'Change the password' or manage other settings like user credentials.
// Using PowerShell to create a user account
New-LocalUser -Name "User1" -Description "Standard user account for User1" -NoPassword
// Using PowerShell to delete a user account
Remove-LocalUser -Name "User1"
// Changing a user's account type to Administrator
Add-LocalGroupMember -Group "Administrators" -Member "User1"
// Resetting a user's password
$Password = ConvertTo-SecureString "NewPassword123" -AsPlainText -Force
Set-LocalUser -Name "User1" -Password $Password
1. Navigate to Control Panel > User Accounts > Manage Accounts.
2. Select the user whose password needs to be reset.
3. Click 'Change the password'.
4. Enter the new password, confirm it, and then finalize by clicking 'Change password'.
// Disabling a user account
Disable-LocalUser -Name "User2"
// Enabling a user account
Enable-LocalUser -Name "User2"
1. Open Local Security Policy by searching for it in the Start menu.
2. Navigate to Local Policies > Audit Policy.
3. Double-click on 'Audit account logon events' and 'Audit logon events'.
4. Configure each policy by checking 'Success' and 'Failure' to enable comprehensive auditing.
5. Apply the changes and exit the Local Security Policy window.
// Viewing current Account Lockout Policy settings
Get-LocalSecurityPolicy -Policy "Account lockout duration", "Account lockout threshold"
// Setting the Account Lockout Threshold to 5 invalid logon attempts
Set-LocalSecurityPolicy -Policy "Account lockout threshold" -Value "5"
// Setting the Account Lockout Duration to 30 minutes
Set-LocalSecurityPolicy -Policy "Account lockout duration" -Value "30"
Creating a new group (GUI) Managing user groups (GUI) Adding users to a group (GUI) PowerShell examples for group management Managing group policies (GUI) Managing group memberships (PowerShell) Managing group properties (GUI) Removing a group (GUI) PowerShell examples for advanced group management Managing group policy assignments (GUI) Assigning Group Permissions (GUI) Group Policy Object (GPO) Creation and Management (GUI) Setting Group Quotas (GUI) Automating Group Membership Updates (PowerShell) Configuring Group Membership Expiration (PowerShell)
1. Open Computer Management by searching for it in the Start menu.
2. Navigate to Local Users and Groups > Groups.
3. Right-click on an empty area and select 'New Group'.
4. Fill out the group name and description, then click 'Create'.
1. Open the Computer Management tool by typing "Computer Management" in the Start menu and selecting it.
2. In the left pane, expand 'Local Users and Groups' and select 'Groups'.
3. Right-click 'Groups' and choose 'New Group...' to create a new user group.
4. Enter the name and description for the group, then add members by clicking 'Add...' and selecting the users.
5. Click 'Create' to finalize the group creation.
1. Open Computer Management and go to Local Users and Groups > Groups.
2. Double-click on the group you want to modify.
3. Click 'Add' and enter the name of the user you want to add to the group.
4. Click 'Check Names' to verify the user, then click 'OK' to add them.
// Creating a new group
New-LocalGroup -Name "Group1" -Description "New group for specific users"
// Adding a user to a group
Add-LocalGroupMember -Group "Group1" -Member "User1"
// Removing a user from a group
Remove-LocalGroupMember -Group "Group1" -Member "User1"
1. Open Local Group Policy Editor by searching for it in the Start menu.
2. Navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies.
3. Here you can configure various group policies related to user rights, security options, and more.
// Listing all members of a group
Get-LocalGroupMember -Group "Administrators"
// Listing all groups a user is a member of
Get-LocalGroup -Member "User1"
1. Open Computer Management.
2. Navigate to 'Local Users and Groups' > 'Groups'.
3. Right-click the group whose properties you want to manage and select 'Properties'.
4. In the properties dialog, you can change the group description and manage its members.
1. Open Computer Management.
2. Navigate to 'Local Users and Groups' > 'Groups'.
3. Right-click the group you wish to delete and select 'Delete'.
4. Confirm the deletion when prompted to remove the group permanently.
// Modifying a group description
Set-LocalGroup -Name "Group1" -Description "Updated description for Group1"
// Deleting a group
Remove-LocalGroup -Name "Group1"
1. Press Win + R, type 'gpedit.msc', and press Enter to open Group Policy Editor.
2. Navigate to 'User Configuration' or 'Computer Configuration'.
3. Drill down to the settings you want to configure for groups.
4. Double-click a setting to modify its properties, apply it to specific groups using the 'Security Filtering' section.
1. Open Computer Management by searching for it in the Start menu.
2. Navigate to Local Users and Groups > Groups.
3. Right-click on the group you wish to modify and select 'Properties'.
4. Go to the 'Group Policy' tab, click 'Add' to assign new permissions or modify existing ones.
5. Select the permissions you want to assign and apply the changes.
1. Press Win + R, type 'gpmc.msc', and press Enter to open the Group Policy Management Console.
2. Right-click on the domain or organizational unit where you want to create a GPO and select 'Create a GPO in this domain, and Link it here'.
3. Enter a name for the new GPO and click 'OK'.
4. Right-click on the newly created GPO and select 'Edit' to configure its policies.
5. Navigate through the policy settings to configure as needed and apply the changes.
1. Open File Explorer and navigate to the drive or folder where you want to set quotas.
2. Right-click on the drive/folder, select 'Properties', then go to the 'Quota' tab.
3. Click 'Show Quota Settings', then 'Enable quota management'.
4. Set the disk space limits for the group and specify warning levels.
5. Apply the settings to manage disk usage by the group.
// Automatically adding users to a group based on criteria
Get-LocalUser | Where-Object { $_.Description -like "*criteria*" } | ForEach-Object { Add-LocalGroupMember -Group "Group1" -Member $_.Name }
// Automatically removing users from a group based on criteria
Get-LocalUser | Where-Object { $_.Description -notlike "*criteria*" } | ForEach-Object { Remove-LocalGroupMember -Group "Group1" -Member $_.Name }
Creating and managing folders (GUI) Searching for files and folders (GUI) Setting file attributes (GUI) PowerShell examples for file management Managing file permissions (GUI) File compression and decompression (GUI) Advanced File Searching (GUI) File Version History Management (GUI) Restoring Default File Associations (GUI) Automating File Backup (PowerShell) Batch File Renaming (PowerShell)
1. Open File Explorer.
2. Navigate to the location where you want to create a new folder.
3. Right-click in the empty space, select 'New' > 'Folder'.
4. Enter the name for the folder and press Enter.
1. Open File Explorer.
2. Use the search box in the upper right corner to type the name of the file or folder you're searching for.
3. Press Enter to display the search results.
1. Right-click on a file or folder and select 'Properties'.
2. In the 'Attributes' section, you can set attributes such as 'Read-only' or 'Hidden'.
3. Click 'Apply' and then 'OK' to save the changes.
// Creating a new folder
New-Item -Path 'C:\NewFolder' -ItemType Directory
// Changing file attributes to read-only
Set-ItemProperty -Path 'C:\NewFolder\file.txt' -Name IsReadOnly -Value $true
1. Right-click on a file or folder and select 'Properties'.
2. Go to the 'Security' tab.
3. Click 'Edit' to modify the permissions or 'Add' to grant new user or group permissions.
4. Configure the permissions and click 'OK' to apply.
1. To compress a file, right-click it and select 'Send to' > 'Compressed (zipped) folder'.
2. To decompress, right-click the compressed folder and select 'Extract All...', then follow the prompts.
1. Open File Explorer.
2. In the search box, type advanced search operators like 'size:>10MB' to find files larger than 10 MB.
3. You can also use 'date:>=01/01/2022' to find files modified after January 1, 2022.
4. Press Enter and review the filtered search results.
1. Right-click on the file for which you want to manage versions and select 'Restore previous versions'.
2. A list of available file versions will appear. You can open, copy, or restore these as needed.
3. Select the version you want to restore and click 'Restore' to replace the current version with the selected one.
1. Open Settings by pressing Win + I.
2. Navigate to Apps > Default apps.
3. Scroll down and click 'Reset' under 'Reset to the Microsoft recommended defaults'.
4. This will restore all file type associations to their default settings.
System Maintenance & Monitoring
Viewing disk partitions (GUI) Formatting a drive (GUI) Creating and managing virtual hard disks (VHD) (GUI) PowerShell examples for disk management Implementing Disk Quotas (GUI) Resizing a Partition (GUI) Checking Disk Health and Errors (GUI) Automating Disk Cleanup (PowerShell) Monitoring Disk Performance (PowerShell) Converting a Disk from MBR to GPT (GUI) Recovering Lost Partitions (GUI)
1. Press Win + X and select 'Disk Management'.
2. The Disk Management window shows all connected disks and their partitions.
3. Right-click a partition to view properties or to perform tasks like shrink, extend, or change drive letters.
1. Open Disk Management.
2. Right-click on the drive or partition you want to format.
3. Select 'Format' from the context menu.
4. Choose the file system and allocation unit size, then proceed by clicking 'OK'.
5. Confirm the operation, understanding that this will erase all data on the drive.
1. In Disk Management, go to the 'Action' menu and select 'Create VHD'.
2. Set the location, size, and format for the VHD, then click 'OK' to create.
3. Once created, initialize and format the VHD as you would with a physical disk.
// Creating a new VHD
New-VHD -Path "C:\VHDs\MyDisk.vhdx" -SizeBytes 20GB -Dynamic
// Initializing a disk in PowerShell
Initialize-Disk -Number 2 -PartitionStyle GPT
// Creating a new partition
New-Partition -DiskNumber 2 -UseMaximumSize -AssignDriveLetter
1. Open File Explorer and right-click on the drive you want to manage.
2. Select 'Properties' and navigate to the 'Quota' tab.
3. Click 'Show Quota Settings' and then 'Enable quota management'.
4. Set the disk space limit and warning level for users and apply the settings.
1. Open Disk Management by pressing Win + X and selecting 'Disk Management'.
2. Right-click on the partition you wish to resize and select 'Shrink Volume...' to reduce its size, or 'Extend Volume...' to increase its size.
3. Enter the amount to shrink or extend the partition and click 'Shrink' or 'Next' to proceed.
4. Follow the prompts to complete the resizing.
1. Open 'This PC' in File Explorer, right-click the drive you want to check, and select 'Properties'.
2. Go to the 'Tools' tab and click on 'Check' under the Error checking section.
3. If the tool finds any errors, follow the prompts to repair them.
// Displaying disk read/write statistics
Get-Counter -Counter "\LogicalDisk(C:)\Disk Reads/sec", "\LogicalDisk(C:)\Disk Writes/sec"
1. Back up all data on the disk as this process will erase all contents.
2. Open Disk Management, right-click the disk and select 'Convert to GPT Disk'.
3. Confirm the operation to convert the disk format.
1. Open Disk Management.
2. Look for a disk marked as 'Unknown' or 'Not Initialized'.
3. Right-click on the disk and choose 'Initialize Disk' or 'Online' if it’s offline.
4. If a lost partition appears as unallocated space, right-click it and select 'New Simple Volume...' to begin the recovery process.
Viewing and analyzing event logs (GUI) Clearing event logs (GUI) Creating and managing custom views (GUI) PowerShell examples for event log management Monitoring real-time events (PowerShell) Automating log analysis (PowerShell) Configuring log properties (GUI) Setting up event subscriptions (GUI) Detecting Failed Logon Attempts (PowerShell) Automating Alerts for Suspicious Activities (PowerShell) Monitoring for Unusual Application Installations (PowerShell) Correlating Logon Events with Network Activity (PowerShell) Setting up Continuous Monitoring and Reporting (PowerShell)
1. Press Win + R, type 'eventvwr.msc', and press Enter.
2. Navigate through the log categories to view application, security, system, or other logs.
3. Use the 'Filter Current Log...' option on the right to filter logs based on criteria such as event level, keywords, or date.
1. In Event Viewer, right-click on a log (e.g., Application, System) and select 'Clear Log...'.
2. You can either clear the log directly or save and clear the log where it prompts.
1. In Event Viewer, right-click on 'Custom Views' and select 'Create Custom View...'.
2. Specify filters and conditions to create a view that focuses on specific events of interest.
3. Name and save the view for quick access in the future.
// Exporting an event log
Get-EventLog -LogName Application -Newest 50 | Export-Csv -Path 'C:\eventlog.csv'
// Clearing an event log using PowerShell
Clear-EventLog -LogName Application
// Using PowerShell to monitor real-time events
Get-WinEvent -LogName System -MaxEvents 100 | Where-Object { $_.LevelDisplayName -eq 'Error' }
// Automatically analyze logs for specific events
Get-EventLog -LogName System | Where-Object { $_.EntryType -eq 'Error' } | Export-Csv -Path 'C:\system_errors.csv'
1. Open Event Viewer and right-click on any log under 'Windows Logs'.
2. Select 'Properties' to open the log properties window.
3. Adjust settings such as maximum log size and when to overwrite old events.
4. Apply changes and close the properties window.
1. In Event Viewer, expand 'Subscriptions' and right-click 'Create Subscription...'.
2. Follow the wizard to specify the events to collect, the event source computers, and the destination log.
3. Adjust advanced settings such as the delivery optimization and event data to include.
4. Name the subscription and finish setup to start receiving events from other computers.
// PowerShell script to detect failed logon attempts and export the details
Get-WinEvent -FilterHashtable @{LogName='Security'; ID=4625} | Select-Object TimeCreated, Message | Export-Csv -Path 'C:\failed_logons.csv'
// Script to monitor specific security events and send an email alert
$events = Get-EventLog -LogName Security -Newest 50 | Where-Object {$_.EventID -eq 4673 -or $_.EventID -eq 4688}
if ($events) {
Send-MailMessage -From 'security@company.com' -To 'alert@company.com' -Subject 'Suspicious Activity Detected' -Body 'Please review the attached events.' -Attachments 'C:\events.csv' -SmtpServer 'smtp.company.com'
}
// Tracking installation of new applications via event logs
Get-WinEvent -FilterHashtable @{LogName='Application'; ID=11707} | Where-Object { $_.Message -match 'Installed: Application Name' } | Select-Object TimeCreated, Message
// Correlating logon events with subsequent network activity from the same user
$logons = Get-WinEvent -FilterHashtable @{LogName='Security'; ID=4624}
$networkEvents = Get-WinEvent -FilterHashtable @{LogName='Security'; ID=5156}
$logons | ForEach-Object {
$logonTime = $_.TimeCreated
$logonUser = $_.Properties[5].Value
$relatedNetworkActivity = $networkEvents | Where-Object { $_.Properties[1].Value -eq $logonUser -and $_.TimeCreated -gt $logonTime }
[PSCustomObject]@{
User = $logonUser
LogonTime = $logonTime
RelatedActivity = $relatedNetworkActivity
}
}
// Configuring a scheduled task to monitor critical event logs and generate reports
$Action = New-ScheduledTaskAction -Execute 'PowerShell.exe' -Argument '-File "C:\Scripts\LogMonitor.ps1"'
$Trigger = New-ScheduledTaskTrigger -AtLogon
$Principal = New-ScheduledTaskPrincipal -UserId "SYSTEM" -LogonType ServiceAccount -RunLevel Highest
Register-ScheduledTask -Action $Action -Trigger $Trigger -Principal $Principal -TaskName "Log Monitoring Task" -Description "Monitors critical event logs and generates security reports"
Using Task Manager for performance monitoring (GUI) Using Performance Monitor to track detailed system metrics (GUI) PowerShell commands for performance monitoring Advanced real-time performance analysis (PowerShell) Detecting high CPU utilization processes (PowerShell) Analyzing network bandwidth usage (PowerShell) Monitoring disk response times (PowerShell) Setting up alerts for performance thresholds (PowerShell)
1. Press Ctrl + Shift + Esc to open Task Manager.
2. Click the 'Performance' tab to view CPU, memory, disk, and network usage.
3. For more details, click on 'Open Resource Monitor' at the bottom.
1. Press Win + R, type 'perfmon.msc', and press Enter.
2. Expand 'Monitoring Tools' and click on 'Performance Monitor'.
3. Click 'Add' to select and add counters like CPU, Disk, Network, Memory for detailed monitoring.
// Listing system performance information
Get-Counter -Counter "\Processor(_Total)\% Processor Time", "\Memory\Available MBytes"
// Capturing performance data over time
Get-Counter -Counter "\Processor(_Total)\% Processor Time" -SampleInterval 2 -MaxSamples 10
// Monitoring system latency and process thread details
Get-Counter -Counter "\System\Context Switches/sec", "\Process(_Total)\Thread Count" -SampleInterval 1 -MaxSamples 30
// Identifying processes that are consuming more than 80% CPU
Get-WmiObject Win32_PerfFormattedData_PerfProc_Process | Where-Object { $_.PercentProcessorTime -gt 80 } | Select-Object Name, IDProcess, PercentProcessorTime
// Displaying current network bandwidth usage by process
Get-NetAdapterStatistics | Select-Object Name, ReceivedBytes, SentBytes
// Checking average disk queue length to gauge disk performance issues
Get-Counter "\PhysicalDisk(_Total)\Avg. Disk Queue Length" -Continuous
// Setting up a task to alert when memory usage exceeds a certain threshold
$Action = New-ScheduledTaskAction -Execute 'PowerShell.exe' -Argument '-File "C:\Scripts\AlertHighMemory.ps1"'
$Trigger = New-ScheduledTaskTrigger -AtStartup
Register-ScheduledTask -Action $Action -Trigger $Trigger -TaskName "High Memory Alert"
Managing Windows services through Services app (GUI) PowerShell examples for managing services Monitoring service status changes (PowerShell) Automatically restarting critical services (PowerShell) Configuring service dependencies (GUI) Enforcing service security policies (PowerShell) Implementing service monitoring and alerting (PowerShell)
1. Press Win + R, type 'services.msc', and press Enter.
2. Scroll through the list to find the service you want to manage.
3. Right-click the service and choose 'Start', 'Stop', 'Pause', 'Resume', or 'Restart'.
4. For further configurations, select 'Properties' and adjust settings like startup type or logon details.
// Starting a service
Start-Service -Name "wuauserv"
// Stopping a service
Stop-Service -Name "wuauserv"
// Changing service startup type
Set-Service -Name "wuauserv" -StartupType Disabled
// Script to log any changes in service status
Register-WmiEvent -Query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA 'Win32_Service' AND TargetInstance.State != PreviousInstance.State" -Action {
$service = $Event.SourceEventArgs.NewEvent.TargetInstance
Add-Content -Path "C:\ServiceLogs.txt" -Value "Service $service.Name changed status from $($service.PreviousInstance.State) to $($service.State) at $(Get-Date)"
}
// Script to monitor and restart a service if it stops
$serviceName = 'wuauserv'
$service = Get-Service -Name $serviceName
if ($service.Status -ne 'Running') {
Start-Service -Name $serviceName
Write-Host "$serviceName service was restarted."
}
1. Open Services by pressing Win + R, typing 'services.msc', and pressing Enter.
2. Right-click on the service you want to configure and select 'Properties'.
3. Go to the 'Dependencies' tab to view or change which services start before your service.
4. Use this information to ensure proper service startup order and resolve dependency issues.
// Script to modify the logon user of a service and set its permissions
$serviceName = 'wuauserv'
Set-Service -Name $serviceName -Credential (Get-Credential)
$acl = Get-Acl -Path "HKLM:\System\CurrentControlSet\Services\$serviceName"
$rule = New-Object System.Security.AccessControl.RegistryAccessRule ("Domain\User", "FullControl", "Allow")
$acl.SetAccessRule($rule)
Set-Acl -Path "HKLM:\System\CurrentControlSet\Services\$serviceName" -AclObject $acl
// Script to monitor services and send email alerts on failure
$servicesToMonitor = @("wuauserv", "bits")
foreach ($service in $servicesToMonitor) {
$status = Get-Service -Name $service
if ($status.Status -ne 'Running') {
Send-MailMessage -From "admin@example.com" -To "alerts@example.com" -Subject "$service is not running" -Body "The $service service has stopped on $(hostname). Please check immediately."
}
}
Creating and managing scheduled tasks (GUI) PowerShell commands for scheduled tasks Configuring task triggers and actions (PowerShell) Clearing temporary files with a scheduled task (PowerShell) Monitoring system uptime and logging to a file (PowerShell) Automating critical file backups (PowerShell) Setting up event log monitoring and alerts (PowerShell)
1. Press Win + R, type 'taskschd.msc', and press Enter.
2. In the Task Scheduler Library, click 'Create Basic Task...' to start the wizard.
3. Follow the wizard to define the task's trigger, action, and other properties.
4. For more advanced options, use 'Create Task...' to access additional configurations like conditions and settings.
// Creating a new scheduled task
$action = New-ScheduledTaskAction -Execute 'Notepad.exe'
$trigger = New-ScheduledTaskTrigger -AtLogon
Register-ScheduledTask -Action $action -Trigger $trigger -TaskName "OpenNotepadAtLogon"
// Retrieving scheduled tasks
Get-ScheduledTask | Where-Object {$_.State -eq 'Ready'}
// Creating a scheduled task to scan for malware
$malwareScanAction = New-ScheduledTaskAction -Execute 'C:\Program Files\MalwareScanner\scanner.exe' -Argument '-scan -auto'
$malwareScanTrigger = New-ScheduledTaskTrigger -Daily -At 03:00AM
Register-ScheduledTask -Action $malwareScanAction -Trigger $malwareScanTrigger -TaskName "DailyMalwareScan"
// Setting up a task to clear temporary files every week
$tempCleanAction = New-ScheduledTaskAction -Execute 'PowerShell.exe' -Argument '-Command "Remove-Item C:\Temp\* -Recurse -Force"'
$tempCleanTrigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek Sunday -At 02:00AM
Register-ScheduledTask -Action $tempCleanAction -Trigger $tempCleanTrigger -TaskName "WeeklyTempCleanup"
// Monitoring system uptime and logging to a file
$uptimeAction = New-ScheduledTaskAction -Execute 'PowerShell.exe' -Argument '-Command "Get-Uptime | Out-File C:\Logs\Uptime.log -Append"'
$uptimeTrigger = New-ScheduledTaskTrigger -AtStartup
Register-ScheduledTask -Action $uptimeAction -Trigger $uptimeTrigger -TaskName "LogSystemUptime"
// Backing up critical files to a network location daily
$backupAction = New-ScheduledTaskAction -Execute 'Robocopy.exe' -Argument 'C:\CriticalFiles \\NetworkLocation\Backup /MIR'
$backupTrigger = New-ScheduledTaskTrigger -Daily -At 01:00AM
Register-ScheduledTask -Action $backupAction -Trigger $backupTrigger -TaskName "DailyNetworkBackup"
// Monitoring event logs for specific critical events and alerting via email
$eventAlertAction = New-ScheduledTaskAction -Execute 'PowerShell.exe' -Argument '-Command "Get-WinEvent -FilterHashtable @{LogName=\'Security\'; ID=4625} | Send-MailMessage -From alert@example.com -To admin@example.com -Subject \'Critical Security Event Detected\' -Body \'A critical security event has occurred.\'"'
$eventAlertTrigger = New-ScheduledTaskTrigger -AtLogon
Register-ScheduledTask -Action $eventAlertAction -Trigger $eventAlertTrigger -TaskName "SecurityEventAlert"
Introduction to Backup and Recovery Creating system restore points (GUI) Using Windows Backup to create backups (GUI) PowerShell commands for backup operations (PowerShell) Automating system restore point creation (PowerShell) Incremental backup using PowerShell Recovering data from system restore points (GUI) Restoring files from Windows Backup (GUI) Backup to network location with encryption (PowerShell) Scheduled cleanup of old backups (PowerShell) System image creation for disaster recovery (GUI)
Backup and Recovery tools in Windows help ensure your data is safe from hardware failures, malware attacks, and accidental deletions.
1. Press Win + R, type 'SystemPropertiesProtection', and press Enter.
2. In the System Properties window, click 'Create' under the System Protection tab.
3. Name the restore point and click 'Create' to start the process.
1. Open Control Panel, go to 'System and Security' > 'Backup and Restore (Windows 7)'.
2. Click on 'Set up backup' and follow the wizard to select backup destination and the files or directories you want to backup.
3. Schedule the backup frequency according to your needs.
// Creating a backup using wbAdmin
wbAdmin start backup -backupTarget:E: -include:C: -allCritical -quiet
// Automatically creating a system restore point daily
$Action = New-ScheduledTaskAction -Execute 'PowerShell.exe' -Argument '-Command "Checkpoint-Computer -Description \'Daily Restore Point\' -RestorePointType \'MODIFY_SETTINGS\'"'
$Trigger = New-ScheduledTaskTrigger -Daily -At '3AM'
Register-ScheduledTask -Action $Action -Trigger $Trigger -TaskName "DailySystemRestorePoint"
// Creating incremental backups of critical directories
$source = "C:\ImportantData"
$destination = "D:\Backup\ImportantData"
$timestamp = Get-Date -Format 'yyyyMMddHHmm'
robocopy $source $destination /mir /zb /eta /log:"D:\Backup\Logs\$timestamp.txt"
1. Navigate to 'Control Panel' > 'System' > 'System Protection'.
2. Click 'System Restore...' and follow the prompts to choose a restore point.
3. Select the restore point that corresponds to a date before the issue occurred and proceed with the restoration.
1. Open Control Panel and go to 'System and Security' > 'Backup and Restore (Windows 7)'.
2. Click 'Restore my files' and follow the wizard to select the files or directories you want to restore.
3. Choose the location to restore the files to and complete the restoration process.
// Backing up to a network location with AES 256-bit encryption
$backupPath = "\\NetworkShare\Backups"
$credential = Get-Credential -Message "Enter Credentials for Network Share"
$secureBackup = @{
Path = $backupPath
Credential = $credential
EncryptionAlgorithm = "AES256"
}
Backup-WindowsImage -Create -Destination $secureBackup.Path -User $secureBackup.Credential -EncryptionAlgorithm $secureBackup.EncryptionAlgorithm
// Schedule a monthly task to delete backups older than 90 days
$Action = New-ScheduledTaskAction -Execute 'cmd.exe' -Argument '/c "Del /S /Q D:\Backup\*.*"'
$Trigger = New-ScheduledTaskTrigger -Monthly -DaysOfMonth 1 -At '4AM'
Register-ScheduledTask -Action $Action -Trigger $Trigger -TaskName "CleanupOldBackups"
1. Press Win + R, type 'sdclt.exe', and press Enter to open Backup and Restore (Windows 7).
2. Click on 'Create a system image' on the left panel.
3. Choose the backup location, select the drives to include in the backup, and start the backup process.
4. This creates a full system image that can be used to restore the entire system in case of a failure.
Security & Access Controls
Introduction to Windows Firewall Configuring Windows Firewall settings (GUI) PowerShell examples for firewall management Managing firewall profiles (GUI) Configuring firewall logging (GUI) PowerShell commands for firewall logging Automatically blocking high-risk ports Enabling logging of dropped packets Configuring firewall rules for specific applications
Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network.
1. Open Control Panel, select 'System and Security', then 'Windows Defender Firewall'.
2. Click on 'Allow an app or feature through Windows Defender Firewall' to modify settings for specific applications.
3. Use 'Advanced settings' to create inbound and outbound rules for finer control over network traffic.
// Creating a new inbound rule to allow TCP traffic on port 80
New-NetFirewallRule -DisplayName "Allow HTTP" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow
// Disabling a firewall rule
Set-NetFirewallRule -DisplayName "Allow HTTP" -Enabled False
1. Open Windows Defender Firewall settings in Control Panel.
2. Click on 'Advanced settings' to access the Windows Defender Firewall with Advanced Security console.
3. Configure settings for domain, private, and public profiles to control network traffic based on location.
1. In the Windows Defender Firewall with Advanced Security console, right-click on 'Windows Defender Firewall with Advanced Security' and select 'Properties'.
2. Go to the 'Domain Profile', 'Private Profile', or 'Public Profile' tab to enable logging and adjust log settings.
3. Choose log file location, size limits, and whether to log successful connections.
// Enabling firewall logging for dropped packets
Set-NetFirewallProfile -Profile Domain,Public,Private -LogBlocked True
// Checking firewall log settings
Get-NetFirewallProfile | Select-Object Name, LogBlocked
// Automatically blocks incoming connections on high-risk ports such as Telnet.
New-NetFirewallRule -DisplayName "Block Telnet" -Direction Inbound -Protocol TCP -LocalPort 23 -Action Block
Introduction to Windows Registry Editing the registry (GUI) PowerShell commands for registry tasks (PowerShell) Enforcing a desktop wallpaper via the registry (PowerShell) Disabling USB storage to enhance security (PowerShell)
The Windows Registry is a database that stores low-level settings for the operating system and for applications that opt to use the registry. Handle with care.
1. Press Win + R, type 'regedit', and press Enter to open Registry Editor.
2. Navigate through the hierarchy to find the key you want to modify.
3. Right-click on a key to modify it or create a new key/value pair.
4. Always back up the registry before making changes.
// Adding a new registry key
New-Item -Path "HKCU:\Software\MyNewKey"
// Setting a registry value
Set-ItemProperty -Path "HKCU:\Software\MyNewKey" -Name "SettingName" -Value "MyValue"
// Sets a specific desktop wallpaper and prevents users from changing it.
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "Wallpaper" -Value "C:\Path\To\Wallpaper.jpg"
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "WallpaperStyle" -Value 2
Introduction to Security Policies Configuring security policies (GUI) PowerShell examples for security policy management Enforcing password complexity requirements (PowerShell) Configuring audit policies (GUI) Managing user rights assignments (PowerShell) Security Policies: Enforcing password history Security Policies: Setting account lockout duration Security Policies: Configuring audit policies Security Policies: Enforcing password complexity
Security policies are crucial for defining security settings for a computer or network. Administrators use them to set password policies, account lockout policies, and audit policies.
1. Press Win + R, type 'secpol.msc', and press Enter to open Local Security Policy.
2. Navigate to Account Policies or Local Policies to adjust settings as needed.
3. Apply settings to user rights assignments and security options according to your organization's security requirements.
// Setting password policy
Set-LocalUserPasswordPolicy -PasswordHistoryCount 10 -MaximumPasswordAge 90 -MinimumPasswordLength 8
// Configuring account lockout policy
Set-LocalAccountLockoutPolicy -LockoutDuration 30 -LockoutThreshold 5 -ResetLockoutCounterAfter 30
// Enforces password complexity requirements for user accounts
Set-LocalSecurityPolicy -UserRights "SeDenyNetworkLogonRight" -Add "Authenticated Users"
1. Open Local Security Policy by running 'secpol.msc'.
2. Navigate to 'Advanced Audit Policy Configuration' under 'Security Settings'.
3. Configure audit policies for account logon events, account management, object access, and more.
// Granting a user the right to log on locally
Add-LocalGroupMember -Group "Administrators" -Member "Domain\User"
// Revoking the right to log on locally
Remove-LocalGroupMember -Group "Administrators" -Member "Domain\User"
// Uses Local Security Policy to enforce a password history to prevent users from reusing recent passwords.
secedit /export /cfg "C:\secconfig.cfg"
((Get-Content -Path "C:\secconfig.cfg" -Raw) -replace "PasswordHistorySize = 0", "PasswordHistorySize = 24") | Set-Content -Path "C:\secconfig.cfg"
secedit /configure /db "C:\Windows\security\local.sdb" /cfg "C:\secconfig.cfg" /areas SECURITYPOLICY
// Configures the account lockout duration to 30 minutes after a specified number of failed login attempts.
secedit /export /cfg "C:\secconfig.cfg"
((Get-Content -Path "C:\secconfig.cfg" -Raw) -replace "LockoutDuration = 0", "LockoutDuration = 30") | Set-Content -Path "C:\secconfig.cfg"
secedit /configure /db "C:\Windows\security\local.sdb" /cfg "C:\secconfig.cfg" /areas SECURITYPOLICY
// Modifies audit policies to track successful and failed logon attempts.
Auditpol /set /subcategory:"Logon" /success:enable /failure:enable
// Enforces password complexity requirements to enhance security.
secedit /export /cfg "C:\secconfig.cfg"
((Get-Content -Path "C:\secconfig.cfg" -Raw) -replace "PasswordComplexity = 0", "PasswordComplexity = 1") | Set-Content -Path "C:\secconfig.cfg"
secedit /configure /db "C:\Windows\security\local.sdb" /cfg "C:\secconfig.cfg" /areas SECURITYPOLICY
Introduction to User Access Control Configuring UAC settings (GUI) Automating UAC configuration via PowerShell Disabling UAC prompts for specific applications (PowerShell) Logging UAC prompts to audit unauthorized access attempts (PowerShell) Automatically adjusting UAC settings based on network location (PowerShell) Enhancing security by enforcing UAC for standard users Configuring UAC to prevent bypass using secure desktop
User Access Control (UAC) helps prevent unauthorized changes to your operating system by requiring administrative privileges for certain actions.
1. Open Control Panel, go to 'User Accounts', then 'Change User Account Control settings'.
2. Move the slider to choose when to be notified about changes to your computer.
3. Click 'OK' to save your settings. You may need to provide administrative credentials.
// Sets the UAC level to always notify
Set-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System -Name EnableLUA -Value 1
Set-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -Value 2
// Using Task Scheduler to bypass UAC prompts for specific applications
$action = New-ScheduledTaskAction -Execute 'Path\to\Application.exe'
$principal = New-ScheduledTaskPrincipal -UserId 'DOMAIN\User' -LogonType S4U -RunLevel Highest
$trigger = New-ScheduledTaskTrigger -AtLogon
Register-ScheduledTask -Action $action -Principal $principal -Trigger $trigger -TaskName "RunAppWithoutUAC" -Description "Runs an app without UAC prompts"
// Configuring Group Policy to log all UAC prompts
Set-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit -Name EnableUIADesktopToggle -Value 1
// Increases UAC security level when connected to public networks
$networkProfile = Get-NetConnectionProfile | Select-Object -ExpandProperty NetworkCategory
if ($networkProfile -eq 'Public') {
Set-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -Value 2
} else {
Set-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -Value 0
}