System Configuration

System Configuration Utility (MSConfig)

The System Configuration utility (MSConfig) is for advanced troubleshooting, and its main purpose is to help diagnose startup issues.
The utility has five tabs across the top. Below are the names for each tab. We will briefly cover each tab in this task.
1. General: Can select what devices and services for Windows to load upon boot. The options are: Normal, Diagnostic, or Selective.
2. Boot: Can define various boot options for the Operating System.
3. Services: Lists all services configured for the system regardless of their state (running or stopped). A service is a special type of application that runs in the background.
4. Startup: Manages startup program.
5. Tools: List of various utilities (tools) that we can run to configure the operating system further. There is a brief description of each tool to provide some insight into what the tool is for.

Computer Management (`compmgmt`) utility

The Computer Management (compmgmt) utility has three primary sections: System Tools, Storage, and Services and Applications.

System Tools

Task Scheduler:
- Can create and manage common tasks that our computer will carry out automatically at the times we specify.
- A task can run an application, a script, etc., and tasks can be configured to run at any point.
- A task can run at log in or at log off.
- Tasks can also be configured to run on a specific schedule, for example, every five mins.
Event Viewer:
- Event Viewer allows us to view events that have occurred on the computer.
- These records of events can be seen as an audit trail that can be used to understand the activity of the computer system.
- This information is often used to diagnose problems and investigate actions executed on the system.
- The event viewer has 3 panes:
  1. The pane on the left provides a hierarchical tree listing of the event log providers.
  2. The pane in the middle will display a general overview and summary of the events specific to a selected provider.
  3. The pane on the right is the actions pane.
- There are five types of events that can be logged:
Type
Description
Error
An event that indicates a significant problem such as loss of data or loss of functionality. For example, if a service fails to load during startup, an Error event is logged.
Warning
An event that is not necessarily significant, but may indicate a possible future problem. For example, when disk space is low, a Warning event is logged. If an application can recover from an event without loss of functionality or data, it can generally classify the event as a Warning event.
Information
An event that describes the successful operation of an application, driver, or service. For example, when a network driver loads successfully, it may be appropriate to log an Information event. Note that it is generally inappropriate for a desktop application to log an event each time it starts.
Success Audit
An event that records an audited security access attempt that is successful. For example, a user's successful attempt to log on to the system is logged as a Success Audit event.
Failure Audit
An event that records an audited security access attempt that fails. For example, if a user tries to access a network drive and fails, the attempt is logged as a Failure Audit event.
- There are five types of events that can be logged:
Type
Description
Application
Contains events logged by applications. For example, a database application might record a file error. The application developer decides which events to record.
Security
Contains events such as valid and invalid logon attempts, as well as events related to resource use such as creating, opening, or deleting files or other objects. An administrator can start auditing to record events in the security log.
System
Contains events logged by system components, such as the failure of a driver or other system component to load during startup.
Customlog
Contains events logged by applications that create a custom log. Using a custom log enables an application to control the size of the log or attach ACLs for security purposes without affecting other applications.
Shared Folders:
- It is where you will see a complete list of shares and folders shared that others can connect to.
- Shares shows the list of shares, there are a default share of Windows, C$ and a default remote administration shares created by Windows, such as ADMIN$.
- Under Sessions, there is a list of users who are currently connected to the shares.
- All the folders and/or files that the connected users access will list under Open Files.
Performance
- Utility called Performance Monitor (perfmon).
- Perfmon is used to view performance data either in real-time or from a log file.
- This utility is useful for troubleshooting performance issues on a computer system, whether local or remote.
Device Manager
- allows us to view and configure the hardware, such as disabling any hardware attached to the computer.

Storage

Under Storage is Windows Server Backup and Disk Management.
Disk Management is a system utility in Windows that enables you to perform advanced storage tasks. Some tasks are:
- Set up a new drive
- Extend a partition
- Shrink a partition
- Assign or change a drive letter (ex. E:)

Services and Applications

A service is a special type of application that runs in the background.
Here you can do more than enable and disable a service, such as view the Properties for the service.

System Information (`msinfo32`)

This tool gathers information about your computer and displays a comprehensive view of your hardware, system components, and software environment, which you can use to diagnose computer issues.
The information is divided into 3 types:
- Hardware Resources
  - Hardware resources are the assignable, addressable bus paths that allow peripheral devices and system processors to communicate with each other.
- Components
  - Specific information about the hardware devices installed on the computer. Some sections don't show any information, but some sections do, such as Display and Input.
- Software Environment
  - Information about software baked into the operating system and software you have installed. Other details are visible in this section as well, such as the Environment Variables and Network Connections.
  - Environment variables store information about the operating system environment. This information includes details such as the operating system path, the number of processors used by the operating system, and the location of temporary folders.

PreviousSettings & Control Panel & Task Manager NextActive Directory (TryHackMe)

Last updated 3 months ago

System Configuration Utility (MSConfig)

The System Configuration utility (MSConfig) is for advanced troubleshooting, and its main purpose is to help diagnose startup issues.

The utility has five tabs across the top. Below are the names for each tab. We will briefly cover each tab in this task.

General: Can select what devices and services for Windows to load upon boot. The options are: Normal, Diagnostic, or Selective.
Boot: Can define various boot options for the Operating System.
Services: Lists all services configured for the system regardless of their state (running or stopped). A service is a special type of application that runs in the background.
Startup: Manages startup program.
Tools: List of various utilities (tools) that we can run to configure the operating system further. There is a brief description of each tool to provide some insight into what the tool is for.

Computer Management (compmgmt) utility

The Computer Management (compmgmt) utility has three primary sections: System Tools, Storage, and Services and Applications.

System Tools

Task Scheduler:

Can create and manage common tasks that our computer will carry out automatically at the times we specify.
A task can run an application, a script, etc., and tasks can be configured to run at any point.
A task can run at log in or at log off.
Tasks can also be configured to run on a specific schedule, for example, every five mins.

Event Viewer:

Event Viewer allows us to view events that have occurred on the computer.
These records of events can be seen as an audit trail that can be used to understand the activity of the computer system.
This information is often used to diagnose problems and investigate actions executed on the system.
The event viewer has 3 panes:
1. The pane on the left provides a hierarchical tree listing of the event log providers.
2. The pane in the middle will display a general overview and summary of the events specific to a selected provider.
3. The pane on the right is the actions pane.
There are five types of events that can be logged:

Type

Description

Error

An event that indicates a significant problem such as loss of data or loss of functionality. For example, if a service fails to load during startup, an Error event is logged.

Warning

An event that is not necessarily significant, but may indicate a possible future problem. For example, when disk space is low, a Warning event is logged. If an application can recover from an event without loss of functionality or data, it can generally classify the event as a Warning event.

Information

An event that describes the successful operation of an application, driver, or service. For example, when a network driver loads successfully, it may be appropriate to log an Information event. Note that it is generally inappropriate for a desktop application to log an event each time it starts.

Success Audit

An event that records an audited security access attempt that is successful. For example, a user's successful attempt to log on to the system is logged as a Success Audit event.

Failure Audit

An event that records an audited security access attempt that fails. For example, if a user tries to access a network drive and fails, the attempt is logged as a Failure Audit event.

There are five types of events that can be logged:

Type

Description

Application

Contains events logged by applications. For example, a database application might record a file error. The application developer decides which events to record.

Security

Contains events such as valid and invalid logon attempts, as well as events related to resource use such as creating, opening, or deleting files or other objects. An administrator can start auditing to record events in the security log.

System

Contains events logged by system components, such as the failure of a driver or other system component to load during startup.

Customlog

Contains events logged by applications that create a custom log. Using a custom log enables an application to control the size of the log or attach ACLs for security purposes without affecting other applications.

Shared Folders:

It is where you will see a complete list of shares and folders shared that others can connect to.
Shares shows the list of shares, there are a default share of Windows, C$ and a default remote administration shares created by Windows, such as ADMIN$.
Under Sessions, there is a list of users who are currently connected to the shares.
All the folders and/or files that the connected users access will list under Open Files.

Performance

Utility called Performance Monitor (perfmon).
Perfmon is used to view performance data either in real-time or from a log file.
This utility is useful for troubleshooting performance issues on a computer system, whether local or remote.

Device Manager

allows us to view and configure the hardware, such as disabling any hardware attached to the computer.

Storage

Under Storage is Windows Server Backup and Disk Management.

Disk Management is a system utility in Windows that enables you to perform advanced storage tasks. Some tasks are:

Set up a new drive
Extend a partition
Shrink a partition
Assign or change a drive letter (ex. E:)

Services and Applications

A service is a special type of application that runs in the background.

Here you can do more than enable and disable a service, such as view the Properties for the service.

System Information (msinfo32)

This tool gathers information about your computer and displays a comprehensive view of your hardware, system components, and software environment, which you can use to diagnose computer issues.

The information is divided into 3 types:

Hardware Resources
- Hardware resources are the assignable, addressable bus paths that allow peripheral devices and system processors to communicate with each other.
Components
- Specific information about the hardware devices installed on the computer. Some sections don't show any information, but some sections do, such as Display and Input.
Software Environment
- Information about software baked into the operating system and software you have installed. Other details are visible in this section as well, such as the Environment Variables and Network Connections.
- Environment variables store information about the operating system environment. This information includes details such as the operating system path, the number of processors used by the operating system, and the location of temporary folders.