TryHackMe – Windows Fundamentals 1 – Complete Walkthrough
The Windows Fundamentals 1 room at TryHackMe is the first in a three-part series on Windows and covers a lot of basics about the Windows OS. Topics include an introduction to the Windows OS, the Windows GUI, file systems, system folders, user accounts and permissions, Settings, Control Panel, and the Task Manager.
A lot of this content might be review if you have experience with Windows systems, but the room does a good job of keeping it high-level enough that you can cover it as quickly as you want.
About This Walkthrough
In this walkthrough, I try to provide helpful information about the topics covered by the room. I don’t just give you the answers or copy what is already on TryHackMe. Sometimes I will also review a topic that isn’t covered in the TryHackMe room because I feel that it may be a useful supplement.
I try to prevent spoilers by making finding the solutions a manual action, similar to how you might watch a video of a walkthrough; they can be found in the walkthrough but require an intentional action to obtain. Always try to work as hard as you can through every problem and only use the solutions as a last resort.
This room can be found at: https://tryhackme.com/room/windowsfundamentals1xbx
- TryHackMe – Windows Fundamentals 1 – Complete Walkthrough
Walkthrough
Task 1 – Introduction to Windows
Chances are you’ve worked with a Windows machine before; about 76% of desktop and laptop machines use the Windows OS. Windows is popular because it’s intuitive and easy to work with and has wide support for most desktop/laptop software and games.
On TryHackMe, the Windows virtual machine (VM) is launched using the green ‘Start Machine’ button at the top of the Task. This is a different machine than the Linux AttackBox that can be launched at the top of the page using the blue ‘Start AttackBox button’.
Despite this, I did still get the familiar “Use the AttackBox to attack machines you start on tasks” message while the Windows VM loaded.
Question 1
Read above and start the virtual machine.
Answer:
No answer needed
Task 2 – Windows Editions
This Task covers a brief history of the Windows OS beginning with the first version in 1985. I highly recommend this article by the Guardian for an in-depth and entertaining review of Windows systems through Windows 10.
One of the biggest issues with Windows has been managing the process of releasing new versions. Some versions, like Vista or Windows 8, have had short lifecycles, while others lasted much longer.
Currently (in Sep 2021), Windows 10 is the most popular system for desktop computers and comes in two flavors; Home and Pro. Windows 11 is set to be released in October 2021, and Microsoft will continue to support Windows 10 until October 2025.
Question 1
What encryption can you enable on Pro that you can’t enable in Home?
Walkthrough:
You can see a comparison of Windows versions on Microsoft’s website. Here’s a table that should tell you what you need to know:
This type of encryption will protect your device and data if your computer is lost or stolen.
Answer:
(Highlight below to see the answer):
BitLocker
Task 3 – The Desktop
Unlike Linux, Windows has always been closely associated with a graphical user interface (GUI).
Having a GUI makes an operating system more accessible, and helps enable widespread adoption of an OS or software.
In Windows, the primary GUI is the Desktop, which is an aggregated view of two folders; a public desktop folder at C:\Users\Public\Desktop and a user-specific desktop at %userprofile%\Desktop.
The desktop can be customized, personalized, and organized in different ways by right clicking and selecting either the ‘Display Settings’ or ‘Personalize’ options.
The bottom of the desktop has a number of helpful features:
Start Menu: Provides menu-based access to common software and utilities.
Search Box: Allows you to search for applications and utilities. Useful for quickly opening an application.
Task View: Toggles a view showing all open applications in a ‘birds-eye view’ display. Can be enabled or disabled by right-clicking in the taskbar and selecting/deselecting ‘Show Task View’ option.
Taskbar: Allows you to quickly move between open applications. There are lots of customization options that are accessible by right clicking in the taskbar.
Toolbars: Shows additional options for quick navigation, divided into individual ‘toolbars’. For example, the ‘Desktop’ toolbar will allow you to navigate anything in the Desktop while working with a different app.
Notification Area: Shows the date, time, volume, battery, and other icons to control important system settings.
Question 1
Which selection will hide/disable the Search box?
Walkthrough:
The search box can be hidden, accessed via an icon, or fully shown via the ‘search’ menu when you right-click the taskbar:
Answer:
Hidden
Question 2
Which selection will hide/disable the Task View button?
Walkthrough:
This option can also be accessed by right-clicking the taskbar:
Answer:
Show Task View button
Question 3
Besides Clock, Volume, and Network, what other icon is visible in the Notification Area?
Walkthrough:
This icon corresponds to new notifications, but the name is not immediately transparent. You can find the answer here.
Answer:
Action Center
Task 4 – The File System
In order for data to be stored and retrieved, there must be a standardized way of doing so. File systems represent different standardized ways of storing and retrieving data, and different file systems have evolved over time.
Originally, Windows systems used the File Allocation Table (FAT) system. The original FAT system was called FAT8 and used 8-bit table elements. This limited file size, which tended to grow over time, so new versions of FAT like FAT16 and FAT32 were developed.
However the FAT system still had many limitations and was eventually overtaken by the New Technology File System (NTFS), which was standard on the Windows New Technology (Windows NT) OS flavors. Most significantly, NTFS is a journaling file system, which means that damaged folders or files can be repaired using information from a log file.
Most Windows computers today use NTFS, which has other benefits compared with FAT systems. File sizes can be greater than 4GB, permissions for individual files and folders can be specified, and files and folders can be compressed to save space.
We saw that Linux systems allow permission settings of read, write, and execute for specific users, groups, and all users.
In contrast, permissions allowed by NTFS include full control, modify, read and execute, list contents, read, and write.
NTFS also features Alternate Data Streams (ADS). ADS allows files to contain more than one data stream. This basically means that the file can contain more than just the ‘contents’ of the file itself; other data can also be associated with the file. This can be used for file metadata but can also be exploited by hackers.
Question 1
What is the meaning of NTFS?
Walkthrough:
The answer can be found in the task write-up above (or you can Google it).
Answer:
New Technology File System
Task 5 – The Windows\System32 Folders
We can navigate to the folders and files that comprise the operating system itself. The primary folder that holds the operating system is called the Windows folder, and is usually located at C:\Windows.
However, the Windows OS doesn’t have to be stored at that location. Environment variables are used to store information about the OS environment. The system environment variable for the Windows directory is %windir%. This can be typed in to the file explorer and you will be taken to the Windows directory.
Inside the Windows directory there is a folder called System32, which holds files that are critical to the operating system. Always take care not to accidentally perform an unwanted action in this folder, as this could disable the OS.
Question 1
What is the system variable for the Windows folder?
Walkthrough:
See the writeup above.
Answer:
%windir%
Task 6 – User Accounts, Profiles, and Permissions
There are two types of accounts on Windows systems: Administrator and Standard User.
Administrators can make changes to the system, add/delete users, and modify groups.
Standard users can only make changes to the part of the filesystem that they have been allocated, and can’t make system changes, add/remove users, etc.
As an administrator, you can add, edit, or delete other users using the ‘Other Users’ window in Settings. Start typing ‘other users’ into the search box next to the Start Menu, and select ‘Other Users’.
When logged in, as an Administrator, we see an option to add a new user at the top, using the ‘Add someone else to this PC’. If we’ll left-click a listed user, we will also see options to change that user’s account type (i.e. from Standard to Administrator) as well as to delete the account.
New users get a profile, which includes folders for their desktop, documents, downloads, music, and pictures.
We can manage users using Local User and Group Management, which can be accessed by right-clicking the Start Menu, selecting ‘Run’, and typing ‘lusrmgr.msc’
Inside lusmgr there are two folders; one for users and the other for groups. A user assigned to a group inherits permissions from that group.
Question 1
What is the name of the other user account?
Walkthrough:
Access lusrmgr and double click on the users folder. You will see a list of user accounts:
There is one user account that sticks out. What is its name?
Answer:
tryhackmebilly
Question 2
What groups is this user a member of?
Walkthrough:
Access this user account’s properties by double-clicking or right-clicking and selecting ‘Properties’.
Navigate to the ‘Member Of’ tab:
Inside the main box is a list of all groups that the user belongs to.
Answer:
Remote Desktop Users,Users
Question 3
What built-in account is for guest access to the computer?
Walkthrough:
Take a look at the user accounts again (you can use the screenshot above). One of the accounts has the description: “Built-in account for guest access to the computer/domain”. Which user account is this?
Answer:
Guest
Question 4
What is the account status?
Walkthrough:
Access the ‘Properties’ of the guest account. On the ‘General’ tab, there are accounts for disabling and locking the account out:
Answer:
Account is disabled
Task 7 – User Account Control
While most Windows home users tend to work while being logged in as an administrator, this degree of privilege is risky and seldom used in enterprise settings. Consider the use of the ‘sudo’ command in Linux, where we can stay logged in as a non-administrator and then use the command in order to perform tasks requiring higher privileges.
Windows has a similar baked in functionality called User Account Control (UAC). When a user with admin privileges logs in to the system, by default these privileges are disabled and accessed only when the user tells the system to do so. Instead, the user is prompted and, depending on the setup, required to enter an admin password in order to proceed.
Question 1
What does UAC mean?
Answer:
User Account Control
Task 8 – Settings and The Control Panel
There are two primary places to make changes on a Windows system: the Settings menu and the Control Panel.
In general, most changes now take place in the Settings menu, while the Control Panel is reserved for more complex changes. While navigating the system, you may find yourself working in both, or going from the Settings menu into the Control Panel when trying to make a change by accessing a window.
Most of the time, the easiest way to navigate all of the different menus and windows is just to use the search bar next to the start menu. If you know the name of the menu you want to access, great. But even if you don’t, typing in a keyword will often get you close to where you need to be.
Question 1
In the Control Panel, change the view to Small icons. What is the last setting in the Control Panel view?
Walkthrough:
In the search bar (next to the Start menu), type in ‘Control Panel’ and access it.
On the top-right side (to the right of the ‘Adjust your computer’s settings’), you will see a ‘View by’ drop-down menu:
Click on the menu and select ‘Small icons’.
The Control Panel will change to reflect the new setting. To answer the question, find the last setting:
Note that this is using the deployed machine and may not be same for your own home computer. My home computer has the Windows Mobility Center enabled, so that’s what shows up as the last setting.
Answer:
Windows Defender Firewall
Task 9 – Task Manager
The Task Manager is one of the most frequently used utilities on Windows. It allows you to see all running processes and perform actions on those processes, including ending them.
You can also see what processes are using up CPU or memory and thus optimize a system or diagnose a problem.
There are different ways to access the Task Manager. My favorite is by pressing ‘ctrl+shift+esc’, which will give you direct access. You can also access it via the ‘ctrl+alt+del’ menu or by right-clicking on the Taskbar and selecting the ‘Task Manager’ option.
Question 1
What is the keyboard shortcut to open Task Manager?
Walkthrough:
There are three options that I mentioned above, but only one provides direct access.
Answer:
Ctrl+Shift+Esc
Task 10 – Conclusion
This room provided an overview of the Windows OS. THM has many rooms dedicated to Windows systems, so let’s continue our journey in ‘Windows Fundamentals 2’. If you’re on the Pre-Security Learning Path, there’s only two more rooms left!
Question 1
Read above and terminate the Windows machine you deployed in this room.
Walkthrough:
The machine can be terminated by selecting the ‘Power’ button.
Answer:
No answer needed
Conclusion
This room covers a lot of Windows OS basics. There’s a good chance that much of the content is review, especially if you’ve had any IT or computer experience. One of the things to take away from this room is the basic functionality of Windows as an OS, compared with Linux which was already covered. You can see that at a fundamental level, both OS’s are trying to manage similar things; functionality, security, customizability, permissions, etc.
Overall, I enjoyed this room and found it to be a great review. A huge thanks to tryhackme, and heavenraiza for putting this room together!
