Windows

Registry Keys

Commands

Boot System

Misc. I

Misc. II

100

Contains information about the local computer system, including hardware and operating system data, such as bus type, system memory, device drivers, and startup control parameters.

What is HKEY_LOCAL_MACHINE (HKLM) ?

100

Used to test the ability of one network host to communicate with another

What is ping?

100

This loads boot code

What is Master Boot record?

100

Registry data types that store values as integers

What is:

REG_BINARY
REG_DWORD
REG_QWORD

100

What are the corresponding Time-to-Live (TTL) for Windows?

What is 128?

200

Contains data that associates file types with programs, and Configuration data for COM objects, Visual Basic programs, or other automation.

What is HKEY_CLASSES_ROOT (HKCR)?

200

Displays network summary information for the device.

What is netstat?

200

Launches winlogon.exe, CSRSS

What is SMSS.exe?

200

Displays information about and performs functions to manipulate audit policies.

What is auditpol?

200

Name the four (4) main Windows accounts.

What is:

1) System --highest authority--
2) Administrator
3) User
4) Guest

300

Contains the user profile for the user who is currently logged on to the computer

What is HKEY_CURRENT_USER?

300

Deletes one or more files

What is del?

300

Searches partition table for boot sector and loads NTLDR

What is bootcode?

300

sysinternals tool to run files / programs on remote systems

What is psexec?

300

NetBios Ports

What is:

137 - Name Registration (TCP/UDP)

138 - Datagram Connectioness (UDP 138)

139 - Connection Oriented (TCP 139)

400

Stores configuration data for the current hardware profile

What is HKEY_CURRENT_CONFIG (HKCC)?

400

Displays a list of the processes that are running on either a local or remote machine

What is tasklist?

400

Starts SMSS.exe

What is NTOSKRNL.exe?

400

Shows the network statistics that use NetBIOS over TCP/IP connections. Show core services running on local or remote machines.

What is nbtstat?

400

Active Directory Structure

What is:

Forrest

Tree

Domain

OUs

Sites

500

Contains user-specific configuration information for all currently active users on the computer.

What is HKEY_USER (HKU)?

500

Used for examining the path to a remote host

What is tracert?

500

1. Starts LSASS

2. Loads. MSGINA

3. Starts SCM

4. Starts LOGONUI.exe

What is Winlogon?

500

This file contains the settings and preferences for each user, so you shouldn’t delete it and probably shouldn’t edit it. Windows automatically loads, changes, and saves the file for you.

What is NTUSER.dat?

500

Allows local commands to be run on a remote machine

What is Remote Procedure Call (RPC)?