Windows is Microsoft’s flagship operating system, developed since 1985 and dominating the desktop market worldwide. The latest version, Windows 11, updated the design while Windows 10 remains widely used.
System Structure
In Windows, the root directory is typically C:\ (the C drive), where the operating system is installed, also known as the boot partition. Other physical and virtual drives are assigned different letters like D:, E:, etc.
The directory structure of the boot partition is as follows:
Directory
Function
Root (C:\\)
Primary drive where Windows is installed (boot partition). Other drives use different letters (D:\\,E:\\).
Program Files
Contains 64-bit programs (32-bit systems store all programs here).
Program Files (x86)
Houses 32-bit and 16-bit programs on 64-bit Windows.
ProgramData
Hidden folder with essential program data accessible to all users.
Users
Contains all user profiles plus Public and Default folders.
Users\Default
Template for new user profiles.
Users\Public
Shared folder accessible to all users.
Users\[username]\AppData
User-specific settings (in Roaming, Local, and LocalLow subfolders).
Windows
Core operating system files.
Windows\System32
Essential DLLs for Windows functionality.
Windows\SysWOW64
32-bit DLLs on 64-bit systems.
Windows\WinSxS
Windows Component Store with system updates and components.
Perflogs
Reserved for performance logs (empty by default).
File System
Windows primarily uses two file systems: FAT32 (File Allocation Table) and NTFS (New Technology File System). NTFS has been the default format since Windows NT 3.1.
The NTFS file system includes various permission types:
Permission Type
Description
Full Control
Allows reading, writing, changing, and deleting files/folders.
Modify
Allows reading, writing, and deleting files/folders.
List Folder Contents
Allows viewing and listing folders/subfolders and executing files. (Folders only)
Read and Execute
Allows viewing/listing files and subfolders and executing files. (Files and folders)
Write
Allows adding files to folders/subfolders and writing to files.
Read
Allows viewing and listing folders/subfolders and viewing file contents.
Traverse Folder
Allows moving through folders to reach other files/folders, even without permissions to view the intermediate directories.
Files/Folders Permission
icacls is a Windows command-line utility used to display or modify access control lists (ACLs) for files and folders.
Inheritance Settings:
(CI) - Container Inherit: Permissions apply to this folder and subfolders
(OI) - Object Inherit: Permissions apply to this folder and files within
(IO) - Inherit Only: Permissions apply only to child objects
(NP) - Do Not Propagate: Permissions stop at immediate children
(I) - Inherited: Permissions came from parent folder
Access Permissions:
F - Full Access
M - Modify Access
RX - Read and Execute
R - Read-only
W - Write-only
D - Delete Access
N - No Access
Windows Version
# Get windows version - Old powershellGet-WmiObject -Class Win32_OperatingSystem | select Version,BuildNumber# Get windows version - New powershell(Get-CimInstance Win32_OperatingSystem) | select Version,BuildNumber# Get windows version - CMDsysteminfo | findstr /B /C:"OS Name" /C:"OS Version"# Get windows version - WMICwmic os get Version,BuildNumber
The Sysinternals Tools suite is a set of portable Windows applications. The tools can be either downloaded or loaded directly from the accessible file share \\live.sysinternals.com\tools.
Non-Interactive Accounts
Non-interactive accounts require no login credentials. The three types (Local System, Local Service, and Network Service) have no passwords and typically start services at boot or run scheduled tasks.
Account
Description
Local System Account (NT AUTHORITY\SYSTEM)
Most powerful Windows account. Exceeds local administrators’ privileges. Used for OS-related tasks and services.
Local Service Account (NT AUTHORITY\LocalService)
Limited version of SYSTEM. Similar to local user privileges. Can start some services.
Network Service Account (NT AUTHORITY\NetworkService)
Similar to domain user account. Has local machine privileges like Local Service. Can authenticate for network services.
Windows Defender Antivirus (Defender) is Microsoft’s built-in security solution that comes free with Windows operating systems. Originally released as a downloadable anti-spyware tool for Windows XP, it evolved into a comprehensive antivirus solution.
