Windows Utilities Lab

Windows Utilities Lab Overview

Windows Utilities are useful programs that allow you to examine your computer’s hardware, troubleshoot hardware and software related issues, update device drivers, and configure important system settings. In this lab you will use the following Windows Utilities to obtain information about your particular computer:

– Device Manager (devmgmt.msc),
– System Information Tool (msinfo32.exe),
– DirectX Diagnostic Tool (dxdiag.exe),
– Resource Monitor (perfmon.exe),
– System Configuration Tool (msconfig.exe)

Basic knowledge of these diagnostic tools and how to access them is important for the CompTIA A+ exams. A quick way to launch any of the tools listed above is to press the Windows Start Button and in the “Search Programs and Files” dialogue box type in the name of the utility programs above and press enter. Lets go through each tool and extract a piece of computer system information.

Device Manager

The device manager is an important tool for identifying hardware devices that are not functioning correctly or are not being properly recognized by the Windows Operating System. The Device Manager can be used to identify which software device drivers are being used for a particular hardware device like a video card or a network adapter.

1. Launch the Device Manager – press the Start menu button > right+click on Computer > press Properties > and press Device Manager in the left hand column. You can also find the Device Manager in the Control Panel by going to Start > Control Panel > choose View by: Small icons.

2. Using the Device Manager pull-down menu  choose View > Devices by Type scroll down to Processors and click the arrow icon.

Question A: What processor (CPU) name is identified in the device manager? Is the processor name listed more than once? If so, why?

     Question B: Under what arrow heading in the Device Manager list would you locate the drivers for your graphics card? Examples: Disk Drives, Keyboards, Security Devices, etc.

 

System Information Tool

The System Information Tool provides information about your computer’s resources, hardware devices, your operating system environment, and running processes.

1. Launch the System Information Tool – press the Start menu button > type in msinfo32.exe in the Search programs and files search box, highlight the program or press enter. You can also find it under Start > All Programs > Accessories > System Tools > System Information.

2. There is useful information in the first screen under the System Summary heading. See if you can locate the following information:

Question C: What is the BIOS manufacturer and version?

3. Examine the information under the other listed headings. Can you find the following information:

    Question D: What is your hard drive manufacturer and model number?

    Question E: Under what heading can you find Problem Devices? Do you have any listed? 

    Question F: Find the filename and file path to either your Gigabit Ethernet network adapter driver or wireless network adapter?

DirectX Diagnostics Tool

DirectX are the APIs and runtime libraries that allow windows to achieve advanced multimedia and 3D graphics. The DirectX Diagnostics Tool can be used to check the version of DirectX currently installed on the computer system, whether or not DirectX features like DirectX Draw, DirectX 3D, and AGP Texture are enabled, and whether or not there are any problems related to the video, graphics, sound, and input hardware device drivers and DirectX features.

1. Launch the DirectX Diagnostic Tool – press the Start menu button > type in dxdiag.exe in the Search programs and files search box, highlight the program or press enter.

2. In the DirectX Diagnostics Tool click on the Display, Sound and Input tabs and look to the notes area for any listed problems

Question G: Are there any problems listed in the Notes area of the Display, Sound and Input tabs?

3. Notice the “Run 64-bit DxDiag” button at the bottom of the window which will run the 64bit version of the program.

 

Resource Monitor

The Resource Monitor is a great tool for monitoring processes as they run as well as seeing which processes and programs are utilizing the most CPU, memory, and network resources.

1. Launch the Resource Monitor Tool – press the Start menu button > type in resource monitor perfmon.exe in the Search programs and files search box, highlight the program or press enter. You can also find it under Start > All Programs > Accessories > System Tools > Resource Monitor.

2. In the Resource Monitor Tool you can hover over the column headings like Image, PID, Description, etc. for a description of the column information. Click on the CPU tab and under Processes order the information by clicking on the various column headings.

Question H:  Which program is utilizing the most CPU resources?

3. Click on the Memory tab.

Question I: Under Processes which heading will tell you the program that is utilizing the most physical memory? Which program is it?

4. Click on the Network tab.

Question J: Under Processes with Network Activity which program is sending and receiving the most information over the network?

System Configuration Tool

The System Configuration Tool can be used to configure how Windows behave on startup. If there are multiple operating systems installed on the hard disk drive you can define which one will boot by default. You can also define which services and programs will launch on startup. This can be useful if you find that Windows is running a lot of programs on startup that you do not need or want. You can also use the System Configuration Tool to boot to a Diagnostic startup or boot to safe mode.

1. Launch the System Configuration Tool – press the Start menu button > type in msconfig.exe in the Search programs and files search box, highlight the program or press enter.

2. In the System Configuration Tool click on the Startup tab and examine the programs that are launching on startup.

Question K: Do you notice any programs that are unnecessarily running all the time by launching on startup? Which ones?

Build a Computer – Time Lapse

Overview – Build a Computer – GoPro Time Lapse

The video below shows the process of building a computer from parts. The computer is a midsized tower that will serve as a firewall router using a freely downloaded, community edition operating system. By using a GoPro time-lapse picture capture I was able to produce a condensed 4 minute video depicting the process of building a computer which normally takes anywhere from 40 to 90 minutes.

Recovering from a Lost Windows Password with Hiren’s BootCD

Overview

This classroom lab started as a way to teach students about the BIOS and its usefulness. For example, what if you forgot your Windows 7 or Windows 8 password and you could not login to your computer? Is there a way to bypass user authentication and access your system? Yes, there is. In this lab exercise, you will bypass a login failure, caused by a forgotten Windows password, by using Hiren’s BootCD. To accomplish this, you will need to be able to access your computer’s BIOS and set the boot order. What about the opposite situation? What if you wanted to protect your system from someone booting to the CDROM, or a USB thumb drive and bypassing your password with special software? Is there a way to protect your system from someone trying to bypass your password by accessing the optical drive or USB port? Yes there is, and in that particular situation setting the BIOS boot order and password protecting the BIOS is very useful.

Here are the different topics that this lab covers:

BIOS – a program or firmware stored on a ROM chip that runs the power on self test, locates and runs the boot loader, and is an interface to the computer hardware.

CMOS – integrated circuit used to store configuration settings in BIOS. One of those settings is the Boot Order. When the computer is powered off CMOS configuration settings are retained because of a small battery plugged into the motherboard.

boot order – a setting configured in BIOS that determines the priority device order from which to boot the system. Devices will be checked in order, for the presence of boot code and boot files from which to boot the system. For example, if the CDROM drive is listed first in the boot order, the system will check the CDROM drive for the presence of a bootable disk, if one is found like a Windows installation CD/DVD then the system will boot to the install disk, but if none is found, the system will check the next device in the boot order. If the hard disk drive is listed first in the boot order, and has an operating system installed, then the system will boot from the hard disk drive and the CDROM will always be bypassed when the system boots.  Bootable CD/DVDs – to create a bootable CD or DVD you will need a burning program like ImgBurn, capable of burning a bootable disc from a .iso bootable image file. Note, AVG antivirus will by default flag and block ImgBurn as having a virus. After doing some research on ImgBurn I decided that this is not warranted and I have personally clicked to allow it. You can always find an alternative program with which to burn bootable CDs from .ISO image files.

Bootable USB thumb drive
– to create a bootable USB thumb drive you will use a program like Universal USB Installer, designed to format thumb drives, install boot code and boot files, and you will also need a .iso bootable image file to copy to the thumb drive.

Hiren’s BootCD – a custom built operating system and live CD that can be run from memory through a CD or removable device like a USB thumb drive. Hiren’s BootCD contains programs that can be used to recover from a lost password, lost files and data, registry tools, antivirus tools and more.

Kaspersky Rescue Disk 10 – custom built operating system and live CD that can be run from memory through a CD or removable device like a USB thumb drive. Kaspersky Rescue Disk 10 is an antivirus, rootkit and malware scanning tool designed to disinfect computer systems.

VMware Player – desktop virtualization software used to create virtual computers (virtual machines) that run an entire operating system within a window on your desktop. Virtual machines running alongside the host computer system are visible on the network just like any other computer on the network.

Recovering from a Lost Windows Password – Lab Steps

In this lab you, you start with a hypothetical situation that you have forgotten your Windows password and you need to clear the Windows password to access your computer. To do this you will need to use the BIOS, the boot order, and Hiren’s BootCD burned to a bootable CD or installed on a bootable thumb drive.

Step 1 – If you are testing this lab on your main computer system, I recommend that you start by creating an additional user account with password that you will pretend to lose. You will use this test account as the account that you are attempting to clear the password on. Go to Start > Control Panel > User Accounts and create a new user with administrative privileges and password.

Step 2 – Next, go to hirensbootcd.org, click the Download link, scroll down the page and download the compressed file Hirens.BootCD.15.2.zip. The file extracts into a folder and within that folder you will find the bootable .iso image file: Hiren’s.BootCD.15.2.iso. To boot your computer to this file you will need to burn the Hiren’s.BootCD.15.2.iso file to a bootable image disc (CD) with a program like ImgBurn, or you can create a bootable USB thumb drive with a program like Universal USB Installer, which is optimized to create bootable thumb drives for Hiren’s Boot CD.

Virtualization Option: Another choice is to do this entire lab on a Windows 7 virtual machine running on your desktop. To do that you will need a Windows 7 or 8 virtual machine running in either VMware Player or VirtualBox. For that option you only need the .iso image file, no bootable CD or thumb drive is necessary. Go to edit virtual machine settings, select the CD/DVD (IDE), and under connection select use ISO image file and browse for the Hiren’s.BootCD.15.2.iso file. Make sure Connect at power on is selected. You will also need to boot to the virtual machines BIOS and set the boot order as well (see below).

Burning a Bootable CD with ImgBurn

Run the program ImgBurn and select “Write image file to disc”

Then click the browse file location button to find the Hiren’s.BootCD.15.2.iso file ,
Place your CD in the CD Drive and press Write

Creating a Bootable USB thumb drive with Universal USB Installer

Select Hiren’s Boot CD from the pull down menu

Browse for the Hiren’s.BootCD.15.2.iso file,

Put in a blank USB thumb drive and select the corresponding drive letter,
Checkmark format the drive as Fat32, and click Create

 

Step 3 – Start your computer and go into Setup Mode (BIOS) – To do this, as you start your computer, look to the corners of your monitor screen for information on how to enter Setup Mode. It usually involves pressing a key like the F2 or Delete key. The instructions will only flash momentarily so you need to be ready to press the key quickly.

Computer monitor screen with instructions on entering setup mode at the bottom

BIOS Setup screen

 

Step 4 – Using your keyboard arrow keys find the Boot Menu where you can change the boot order. To boot to a CD or thumb drive you will need to have the CD-ROM drive and Removable Devices placed above the Hard Disk Drive in the order. This is usually done with the + and – keys on your keyboard.

 

Step 5 – Place your newly created Hiren’s BootCD in the CD/DVD drive or your Hirens thumb drive in a USB port and restart your computer. If the BIOS was configured to boot to the CD/DVD drive and Removable Devices prior to the Hard Disk Drive then your computer should boot to the Hiren’s BootCD and you should see a welcome screen.

 

Step 6 – Now that you are running the Hiren’s BootCD environment from memory, use your keyboard arrow down to Offline NT/2000/XP/Vista/7 Password Changer and press enter.

Step 7 – Press Enter and then Enter again at the boot: prompt on the next screen:

Step 8 – On the following screen you need to select the partition where Windows is located. In my screenshot you can see that 1) is the small 100Mb boot partition and 2) is the larger Windows partition. So, in my case I typed in the number 2 and then pressed enter. Your situation may be different if you have multiple partitions or hard disk drives

Step 9 – The following screen shows that the Windows installation was found and that the path to the registry directory at Windows/System32/config was also found. The prompt displas the path as the default choice between brackets. Press enter to accept.

Step 10 – Choose the default choice [1] – Password reset [sam system security] and press enter.

Step 11 – Again choose the default choice [1] – Edit user data and passwords and press enter

Step 12 – This screen shows that four users were discovered: Administrator, Guest, student, and testuser. The account that I am trying to clear the password on is the student account. Notice at the bottom of the screen that I have typed in student and now I just need to press enter.

Step 13 – At this screen you are given a choice to clear the user password, edit the user password, promote the user to administrative privileges, or quit. I recommend clearing the password and then resetting it later through the control panel once you are logged in.  Enter 1 – Clear (blank) user password and press enter.

Step 14 – You can see from this screen that account bits have been set to: password does not expire, normal account, and password not required. You can also see the response to the last entry: Password cleared! Enter an ! to quit and press enter.

Step 15 – Enter q to quit and press enter.

Step 16 – This screen shows that we have reached the final step: Writing back changes. Enter y for yes and press enter.

Step 17 – This screen shows Edit Complete. and prompts you if you want to run it again. Accept the default [n] for no and press enter.

Step 18 – This screen shows that you have reached the end of the scripts. Remove the boot CD or boot USB thumbdrive and press Ctrl+Alt+Delete to reboot your computer. After rebooting you will be able to test the user account to see if the password has been removed.

Step 19 – You can see from the image below that I have more than one user account. At the beginning of the lab, I recommended creating an extra user account to use to test clearing the password on. In this case, I cleared the student account password. If the password was successfully cleared then I should go directly to the desktop after clicking the student login icon.

Step 20 – Success! The system goes directly to the desktop without a user password prompt.

Video Tutorial

Build a Server Video Quiz

Overview – Build a Server Video Quiz and Answers

The video below was created with a GoPro using time-lapse video recording. It represents a first attempt at creating an online video quiz. In the video, I build a homemade server from parts. Watch the video and press pause at the prompts to answer the questions. You will have 3 seconds to press pause. Write down your answers and compare them to the answers posted below. The answers have been obfuscated, with encoding, so you want to see the answers you will need to decode them. The server in the video will serve as a department virtualization server.

Below are the answers to the computer video quiz. However the answers are encoded within the string of text. You will need to decode the string to get the answers? To do that, I recommend searching online for a website with a built in encoder and decoder web application. To correctly decode the answers, you will need to know how the answers were encoded in the first place, were they encoded in Binary, Hex, Octal, or Base64? Here is an additional tip; when copying and pasting the text make sure there are no hidden line returns.

Quiz Answers (encoded)

312E20536F636B6574732C435055730D0A322E204D656D6F727920536C6F74732C52414D20444
94D4D530D0A332E205772656E6368696E6720746865206D6F74686572626F617264207374616E6
46F6666730D0A342E205363726577696E6720696E20746865206D6F74686572626F6172640D0A3
52E20506F77657220537570706C790D0A362E2048617264204469736B2044726976652C20447269
7665204261790D0A372E20380D0A382E204350550D0A392E20726567697374726174696F6E2070
6F696E7420666F7220636F727265637420616C69676E6E6D656E7420696E2074686520736F636B6
5740D0A31302E20616E74692D7374617469632077726973742073747261700D0A31312E20636F6F
6C696E6720756E69740D0A31322E206170706C79696E6720746865726D616C2070617374650D0A
31332E206E6F0D0A31342E207965732C2045434320616E6420726567697374657265640D0A31352
E20503120706F77657220636F6E6E6563746F720D0A31362E206D6F64756C61720D0A31372E204
350552C20320D0A31382E20534154412C20686172642064726976650D0A31392E204D6F6C65780D
0A32302E20534154412064617461206361626C650D0A32312E20706F77657220627574746F6E2C2
0726573657420627574746F6E2C206864642D6C65640D0A32322E2066726F6E7420736964652055
534220706F7274730D0A32332E204E6F20706F77657220636F72640D0A32342E20706F7765722062
7574746F6E20636F6E6E6563746F72

Network Scanning with Nmap

Overview

Nmap is a powerful network scanning tool which allows you to discover available hosts and resources. Nmap can be very useful for discovering what open doors exist on your network, including services, ports, operating systems, and other fingerprinting information. You should be aware that scanning a network with nmap, without prior permission, can be considered a form of network attack at worst, or network trespassing at best.

You can download nmap for Linux, Windows or MAC at: http://nmap.org/download.html . Though typically a Linux command line tool, you can install nmap for Windows and run it from the command line, or from a graphical user interface, by installing the Zenmap graphical front end. You can install Zenmap by running the Windows self installer and accepting the installation defaults.

NMAP for Windows

If you are running a Windows desktop operating system and you are new to nmap, I recommend using nmap by running the Zenmap graphical interface. When running nmap from the command line the user has a large array of scanning options and parameters. Zenmap simplifies the use of nmap by limiting the options to a predefined set of pull down options.

 

The image below is taken from the http://nmap.org website, download page

 

Using NMAP and Zenmap

Using nmap with Zenmap is pretty simple. After launching the program, you need to input the target IP address, the IP address range, or the domain name that you want to scan, next you choose the scanning profile, and then run the scan. The different scanning profiles use predefined choices, providing different scanning options and creating differing results. The power of nmap comes from all of the scanning parameters and options that are available. Running nmap from the command line gives you complete access to all of the command options and parameters.

In the scan below, I input the target IP addresses 172.16.11.100-105 which will scan hosts 100 to 105. For the scanning profile, I chose the Intense scan, no ping pull down option. You can see the complete scan, as if it were given from the command line by looking at the command input box.

    nmap -T4 -A -v -Pn 172.16.11.100-105

nmap is the command which launches the program,
The -T4 argument signifies faster execution,
The -A argument enables OS and version detection, script scanning, and traceroute,
The -v argument enables output verbosity
The -Pn argument bypasses the host discovery and for the pupose of the scan treats all hosts as if they were online.

Nmap Scan Types

Looking at nmap from the command line options or parameters There are four major nmap scan types:

  • TCP connect scan (-sT) – this scan performs a tcp three way handshake with the target computer. You can specify which particular ports you want to scan by also using the -p and supplying the range of numbers you want to scan, like -p1-1023 which would scan ports one to one thousand twenty four. This is a reliable scan to identify open ports on a target host, however it is also easily recognizable by intrusion preventions systems, if you are trying to scan anonymously.
  • SYN scan (-sS) – this scan is also called a stealth scan, in that it starts a three way handshake but does not complete. Though harder to detect, it is detectable by current day firewalls.
  • UDP scan (-sU) – this scan will test to see if there are open udp ports on a target computer. Since udp is a connectionless protocol, this scan will simply tell us whether a port is blocked by returning an icmp unreachable message or if it is open by receiving no message. You could receive a false positive because no response could indicate that the ICMP request or reply was blocked by a network firewall and not the target host.
  • ACK scan (-sA) – this scan will simply test to see if a port is block (filtered) or not. The scan sends out ack packets and waits to see if there is either no response (blocked) or if there is a reset packet (RST) response which would signify an open port.

 

 Scan a range of IP addresses

Examining the scan results of a single network host, from the host details tab

The scan results has identified an open port at 3389, and a probable operating system type

How to Build a Server Computer – Page 6

(cont.)

RAM

Similar to the CPU and motherboard, when purchasing memory modules for a server it is smart to buy server grade products, which offer enhanced scalability, stability, and error checking. For this reason we decided to use ECC registered memory. Error-correcting code memory (ECC) utilizes parity checking to check for and correct data errors. Registered memory allows the system to place less load on the memory controller and enables the system to handle greater amounts of RAM. Since the servers we are building will be responsible for serving multiple virtual computers we need as much RAM as possible in order to run as many virtual machines as possible. The larger computer server will support 12 x 4 gigabyte ECC registered DDR3 DIMMs for a total of 48 gigabytes of memory. The smaller server also has parity checking memory and will use 6 x 4 gigabyte ECC DDR3 DIMMs.

 


2 x Intel Xeon 5600 series quad core processors and 48 Gigabytes of ECC Registered DDR3 memory


Intel Xeon 5500 series quad core processor and 24 gigabytes of DDR3 memory

Video Demonstration

In this video we demonstrate how to properly seat memory sticks on the motherboard. You must orient the notch on the memory stick and apply firm pressure on either end of the stick until the memory latches in place. For this server, we installed a total of forty eight gigabytes of ECC registered DDR3 memory.

In this video, we connect all of the cabling. Power cables are connected to the motherboard and power and data cables are connected to the SATA hard drives and the CD/DVD drive. A power cable is connected and then daisy chained to all of the server case fans, and the power and reset switches and led light cables are properly connected to the correct motherboard pins.

How to Build a Server Computer – Page 4

(cont.)

Hard Drive Storage

For a server computer that is going to serve virtual machines it is best to have as much hard drive storage space as possible, in that way, you can store many virtual machines and have the ability to take as many snapshots of the virtual machines as needed. For our project, we ultimately will go with a separate storage area network to meet our storage needs, however that is part of another project. So in the meantime, we decided to go with what we could afford on our limited budget. We decided to purchase four 7200 rpm, SATA hard drives, one terabyte each in storage capacity. We will probably seek to put the drives in some kind of software RAID array, either a RAID 1, RAID 5 or RAID 6. Since our motherboard supports SAS we could have gone with a SAS to SATA solution. Other faster and more expensive options could have been to purchase a hardware RAID array card or even a SCSI controller card and SCSI hard drives.

  

Optical Drives

Currently, SATA CD/DVD drives are your best bet for optical drives, since IDE interfaces are disappearing from motherboards. Many motherboards including the server motherboard in our project do however still have an IDE drive that would support an older optical drive or hard drive.

Video Demonstration

In this video we secure the optical drives and the hard drives into the server case. The drives are installed prior to the CPUs and cooling units so there is less obstruction and therefore easier to install within the case.

How to Build a Server Computer – Page 5

(cont.)

CPU

Researching server grade CPUs, we wanted central processing units that offered true multiprocessing, as many cores as possible, and to stay within a budget. We decided on Intel Xeon processors. Xeon processors are server grade CPUs with true multiprocessing and large amounts of onboard cache memory. We installed two Intel 5600 series Westmere-EP CPUs for the larger server which provided a total of eight cores, four in each CPU. In the smaller server, we purchased a single Intel 5500 series Gainestown CPU which is also a quad core CPU. When installing the CPUs it is important to know your environment and ground yourself prior to touching the CPU. Even a small amount of static electricity can destroy the CPU.

 

 

 
Top and bottom pictures of an Intel 5600 Westmere-EP CPU


CPU Cooling Unit

The CPU cooling unit is a very important component. The relatively low cost of the cooling unit isn’t indicative of its importance to the system. Its main function is to keep the CPU from over heating and frying itself. For the server, we decided to get fan-less cooling units. The advantage of fan-less cooling units is that there are less mechanical parts to fail. Cooling units that rely on fans can fry the CPU in the event of a fan failure.

 


Video Demonstration

In this video, we install two Intel quad core Xeon processors into the motherboard LGA 1366 sockets. Care needs to be made to ground yourself when touching the CPUs so as to not transfer static electriciy to the chips which would destroy them.

In this video, after cleaning debris from the bottom of the CPU cooling units, we secure the CPU cooling units, so they are making contact with the CPUs. To improve the transfer of heat from the CPU to the cooling unit we apply Arctic Silver thermal compound.