Operating system and you:

Becoming a power user

Coursera
Introduction
In this course, we’re going to learn how to use operating systems, how to
set privacy measures and many more like this. For windows, we’re going
to learn how to navigate the OS using GUI and command line interpreter
or CLI. And for Linux we’ll focus on the command line interpreter or shell
in terms of Linux and the language we’re going to use to interact with the
shell is bash. For more information on windows PowerShell click here
(
https://docs.microsoft.com/en-us/powershell/scripting/overview?view=
powershell-7
)
and more information for bash click here (
https://www.gnu.org/software/bash/manual/bash.html)
Windows: List directories in a GUI
In operating systems, files and folders or directories are organized in a hierarchical
directory tree. We have a main directory that branches off and holds other
directories and files. And one can call the location of the directories and files as
paths. In windows, file systems are assigned to drive letters which look like C:, D:
and X:. Each drive letter is a file system. Each file system has a root directory which
is the parent for all other directories in that file system. The root directory of C:
would be written C:\, and the root directory of X: would be written
X:\. Subdirectories are separated by backslashes, unlike Linux, which uses forward
slashes. A path starts at the root directory of a drive and continues to the end of
the path. Hereafter, I included some operations which can be done using GUI, to
get that follow the path: C:\Users\user\OneDrive\Documents\Operating system
and you- Becoming a power user
Size Vs Size on disk
Everything on the disk is stored as allocation unit, every single file is
stored in the disk as a multiple of allocation unit, and I found my
allocation unit using the command fsutil fsinfo ntfsinfo C:, and a folder
size represents the actual size of the file.
In NTFS, a file can consume zero clusters for its data by stashing itself
into slack space in the master file table (MFT).
Windows: List directories in CLI
It is important to know that we have a couple of CLIs available in windows,
Windows PowerShell and Command Prompt. Many PowerShell commands
that we use are aliases for common commands in other shells. An alias is sort
of like a nickname for a command. The first command that we'll use is for
listing files and directories. We're going to use the ls or list directory command
and give it the path of where we want to look. The path is not actually part of
the command but it is a command parameter. Command to list the directories
in parent drive is ls C:\. If we open a PowerShell and run Get-Help ls, we'll see
the text describing the parameters of the ls command. This will give us a brief
summary of the commands parameters. But if you want to see more detailed
help, try Get-Help ls -Full. The -Force parameter will show hidden and system
files that aren't normally listed with just ls.
Linux: List directories
In Linux, the main directory that all other stem from is called the root directory. The
path to the root directory is denoted by slash or a forward slash. We use the same the
command as we used for the windows OS for the details in any directory, i.e., ls. The
command ls / this will give the details of the list in the root directory. We’ll learn about
some of the directories listed here, slash bin stores the essential binaries or programs
(it is very similar to program files directory in the windows OS), slash etc stores some
important system configuration files, slash home is the personal directory for users,
slash stores the information about the currently running processes, slash user is the
user directory usually doesn’t contain our user files like our home directory (it is
meant for user installed software), slash var stores system logs and basically any file
that constantly changes in here. The -l flag is used with ls command to get detailed
info of all the directories. The -a flag is all flag and used to get all the directories no
matter if it is hidden. The command –help is used for any help.
Paths
There are two types of paths:
Absolute paths and relative paths, absolute path is one that starts from
the main directory and a relative path is one that starts from the
current directory.
Changing directories in the CLI
The command pwd or print-working-directory is used to print the directory we’re
currently in. The command cd or change directory is used to change the directory
we want to get to. Some commands are given below to change the directory:
cd C:\Users\user\Documents
To get up one level we use the command cd ..
If one want to go to a directory which is in the same parent directory then one way
is to use the above one, but there is a simple way to get this done using the
command cd ..\ then any directory one want to get in. The tilde shortcut is the path
to the home directory.
Tab completion lets us use the tab key to auto-complete file names and directories.
We use the same commands in bash too.
Make directories in the CLI
In windows GUI, it is very easy to make a new folder. But, in case of
PowerShell we use mkdir or make directory, after this command name
should be given, we can’t add name with spaces unless we have quotes
or back dir. after each word.
In bash too, we have the same command mkdir, but we have to use \ in
place of back dir.
Copying files and directories
In windows GUI, it is very easy to copy or cut a file, just right click and one will get
the options… what to do. And there’s another way to do this, the hotkey method,
any hotkey in a keyboard is a shortcut to do a specific job… like for copying the
hotkey is ctrl-c and for pasting it is ctrl-v, for cutting it is ctrl-x. In PowerShell we
use the command cp for copying and along with that we have folder name (and
we have to use quotes if the folder name have spaces) and thereafter we have to
include the location to. This will copy the folder only but if we want to include
the contents we should use the command -recurse right after the path. Copy
doesn't output anything to the CLI by default unless there are errors. When we
use copy -Verbose, it will output one line for each file the directory being copied. 
And the same command is used in Linux bash, but to copy the contents in any
folder we use the command -r prior to the name of the folder.
Moving and renaming files
In windows GUI, we just right click on any folder to get the job done. In
PowerShell and bash we use the command mv to move or rename files.
Windows: Display contents in a file
In windows GUI, we just have to double click on the document we want
to open, and it opens in the default application, if one wants to change
the default application, make a right click on the document then click
on properties from their one can change the opens with option to
change the default application. In PowerShell, we use the command cat
which stands for concatenate to display the contents of a document.
The command more will show only one page of the contents of the
document, the enter key will give one more line and the space key will
give one more page. The flags -head and -tail, are used with cat
command to view the glimpse and the tail content of the doc
respectively.
Linux: Display contents in a file
The same command cat is used in bash the view the contents in a file,
but in place more command we use less to view the one page content
from a doc. The command less provides another functionality which is
basically not available in the more command, i.e., searching for any
word or phrase. And the command used in searching is
/<word_search>. And the commands -head and -tail are used as they
are in windows PowerShell.
Searching
In windows GUI, one can search for a word in any document, using the
search box in the interface, but it’s by-default that it doesn’t check the
words in the document, for this we have to change the configurations.
In notepad++ clicking ctrl+shift+f, makes searching in our home
directory. In windows PowerShell, we use the command select-string to
search for a word, followed by this command is the word and
thereafter the file or files using the wildcard notation, which is done
using the asterisk (*) symbol. Searching within directories is done using
the flag –filter then in the braces type any pattern and it will result the
matching results. In Linux bash, we use the command grep to search
for any word, syntax is same as that of select-string.
Input, output and the pipeline
In windows PowerShell, we use the command echo to print any word,
basically, it stands for write-output. Each process in windows includes
three different streams: stdin, stdout and stdder. The symbol > is used
to stream the output in any doc, the content being in left and the file in
right, if file do not exist it creates a new one and streams the output in
the file. The pipe operator is used to send the output of one command
to the input of another command. The command $null is used when
one don’t need that thing, and the command is like a blackhole to store
these unusable stuffs. All the functions in linux bash are same as
windows PowerShell but in case of $null we use /dev/null
Reading
Supplemental reading for PowerShell is given in:
https://channel9.msdn.com/Series/Getting-Started-with-Microsoft-Pow
erShell
And also this:
https://github.com/PowerShell/PowerShell/blob/master/docs/learning
-powershell/README.md
Users, groups and administrators
There are two type of users: standard user and administrator. A
standard user is given restricted access in a system, and administrator
or admin have the full access in the system. These restricted access is
essential to maintain the privacy of the admin and installing software.
Users are combined to a group according to levels of access and
information, to carry out certain tasks, and these tasks depend on what
the admin considers appropriate.
Windows: View user and group information
To view user and group information we’re going to use the tool, computer management. At the top of the
sidebar, one’ll get to see computer management local, this means we’re using a single machine locally. A
windows domain is network of computers, files, users, etc., that are added to a central database.
Underneath this menu, we have system tools:
Task Scheduler: This lets you schedule programs and tasks to run at certain times, like automatically shutting
off the computer at 11:00 pm every night.
Event Viewer: This is where our system stores its system logs.
Shared folders: This shows the folders that different users on the machine share with each other.
Local users and groups: This is where we’ll be doing our user and group management.
Performance: This shows monitoring for the resources of our machine like CPU and RAM.
Device manager: This is where we go to manage devices to our computer like our network cards, sound
cards, monitors and more.
UAC or user access control is a feature in windows, which prevents unauthorized changes to a system.
We use the commands get-localuser and get-localgroup to view the users and groups in CLI.
Linux: Users, superusers and beyond
In Linux, user management access works just like it does in
Windows. Different user types have different privileges and they can be
grouped together with various access levels. There are standard users
and there are also administrators in Linux. There's also a special user
called the root user. The root user is the first user that
gets automatically created when we install a Linux OS. This user has all
the privileges on the OS. They are the super user. There's technically
only one superuser or root account. To login as a superuser, we use the
command sudo or superuser do to get the admin works done.
Passwords
To change a local password in a PowerShell, we’re going to use DOS
style net command. We should use asterisk for more security
measures, even though we keep it off from outside world, but we know
the password now, so we should enforce the localuser to change their
local password on their next logon, since this can be done quiet easily
in GUI and get this done in PowerShell we use the command
/logonpasswordchg:yes.
For more information,
https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc8758
39(v=technet.10)?redirectedfrom=MSDN
Linux passwords
To change passwords in bash, we use the command passwd followed
by the username. When you set a password it's securely scrambled
then stored in a special privileged file called /etc/shadow. This file can
only be read by Root, to keep away prying eyes. 
Adding and removing users
In windows PowerShell, we simply use the command /add with the net
command, for ex, net user <name> * /add this command will add a
new user with the specified name.
And in Linux we use the command sudo useradd <name> to add a new
user.
Windows: File permissions
File permissions are very important concept in an IT security field. In
Windows the file permissions are assigned by ACL or access control lists.
Specifically, we're going to work with Discretionary Access Control Lists
or DACLs. Windows files and folders can also have System Access Control
Lists or SACLs assigned to them. SACLs are used to tell windows that it
should use an event log to make a note of every time someone accesses
a file or folder. If we want to see which ACLs are assigned to a file, we can
use a utility designed to view and change ACLs called ICACLs or Improved
Change ACLs.
For more info,
https://docs.microsoft.com/en-gb/windows/win32/secauthz/access-cont
rol-lists?redirectedfrom=MSDN
Linux: File permissions
There are only three permissions in a Linux system, Read, this allows someone
to read the contents of a file or folder. Write, this allows someone to write
information to a file or folder. And execute, this allows someone to execute a
program. Usually in a Linux system, file permission looks like  -rwxrw-r--, these
are 10 bits, with first bit representing the file type, in this it remains blank which
means it’s a regular file, in some we might get to see d which represents a
directory. The next nine bits are our actual permissions, they're grouped in trios
or sets of three. The first trio refers to the permission of the owner of the
file. The second trio refers to the permission of the group that this file belongs
to. The last trio refers to the permission of all other users. The R stands for
readable, W stands for writeable and X stands for executable.
Windows packages
The software we use is packaged by the developers and organization, and all we
need to do is to click on the install button and everything gets installed. Generally,
the packages are available in .exe format which is executable files, executable files
contain instructions for a computer to execute when they run, they’re created using
Microsoft’s portable executable (PE). These files don’t only contain instructions, but
also text, images and potentially something called MSI files. A MSI or Microsoft
software installer is used to guide a program called the windows installer in
maintenance, installation and removal of a program in the Windows OS. Besides
using the GUI setup wizard to guide the user in installing the program, the Windows
installer also uses the MSI file to create instructions on how to remove the
program, if the user wants to uninstall it. Windows executable files are usually used
as starting points to bootstrap the Windows installer. In this case, they might just
contain an MSI file and some instructions to start the Windows installer and read it.
Windows packages
Alternatively, executables can be used as stand-alone, custom installers, with no
MSI file or usage of the Windows installer. If they're packaged this way, the exe
file will need to contain all the instructions that operating system needs to install
the program. Besides using the GUI setup wizard to guide the user in installing
the program, the Windows installer also uses the MSI file to create instructions
on how to remove the program, if the user wants to uninstall it. Windows
executable files are usually used as starting points to bootstrap the Windows
installer. In this case, they might just contain an MSI file and some instructions to
start the Windows installer and read it. To install a package in windows GUI, it’s
very straight forward, just double click on the file and follow the guidelines, but
what if in command line, this is also a simple task, just type in the path, where
the file is and then the package will get automatically installed.
Linux packages
For different distributions of Linux we have different file extensions for
installation, for example we have .deb for Debian distribution. To install
a Debian package we use D package or Debian package command.
Mobile app packages
Software for mobile OS’s is distributed as mobile applications or Apps. Apps have to come from
a source that the mobile device has been configured to trust. On most OS's, you can't just
download an app from a random website and install it. Instead, mobile operating systems use
app stores. App stores are a central managed marketplace for app developers to publish and
sell mobile apps. The App Store app acts like a Package Manager, and the App Store Service
acts like a package repository. People use App Stores to access free and paid applications
from a central source through a single interface. Apps published through an App Store have
usually been through a security review and have been approved by the store owner. Apps
published through an App Store are signed by the developer of the app. Though OS is
configured to only trust code that's been signed by publishers that it recognizes. Enterprise app
management allows an organization to distribute custom mobile apps. Enterprise apps are
assigned with an enterprise certificate that has to be trusted by the devices that are installing
the applications. Another way to install apps is through Side-loading, when apps are installed
other than app stores. Mobiles are standalone packages, they have their own dependencies.
Windows: Archives
An archive is comprised of one or more files compressed into a single
file. Package archives are basically the core or source software files that
are compressed into one file. When we install software from a source
archive, it's referred to as, installing from source. Popular archive types
you'll see are .tar, .zip, and .rar. To install software found in an archive,
you first have to extract the contents of the archive so you can see the
files inside. We have built-in tools to make archive files, but an open
source tool 7-zip is preferred as it is easy to use. This is how we do in
the GUI, and the command used to make archives in the command line
is Compress-Archive followed by the flag -path (source path and
destiny path).
Linux: Archives
The command for 7-zip in Linux is 7z, and the flag e is used to extract
files, then it is followed by the file name to perform the task. One tool
that lots of people use, that's already installed on most Linux distros is
the tar command. 
For more information click the link: http://www.linfo.org/tar.html
Package manager
A package manager makes sure that the process of software installation, removal,
update, and dependency management is as easy and automatic as possible. Chocolatey
is one of the package repository for windows to automate many things in anyone’s
system. For more info on package managers check, https://en.wikipedia.org/wiki/NuGet
and https://chocolatey.org/packages. A package repository is a server that act like a
central location for many packages. One don’t have to search for each and everything in
the browser for installing a package they just have to run the command and then this
package takes the responsibility to install every other important tools to run that
package, but for this we have to register the repository using it’s link, for this we use the
command Register-PackageSource, for windows and for Linux we use the command
/etc/apt/source.list to list the repository sources. To install any package in Linux we use
the command sudo apt install followed by the package name and for removing a
package we use the command sudo apt remove.
Filesystems
Filesystem is used to keep track of files and file storage on a disk. A
filesystem is important in organizing files. Filesystems have different
compatibilities with different OSes. Most of the time, cross operating
system support is minimal at best. Let's say you have a USB drive that's
using an NTFS filesystem. Both Windows and Linux's Ubuntu can read
and write to the USB drive. But if you have an ext4 USB drive, it'll only
work on Ubuntu and not on Windows, at least without the help of third
party tools. Luckily we have a filesystem called FAT32, which is used read
any data on any OS.
For more information FAT32,
https://support.microsoft.com/en-us/help/154997/description-of-the-fat
32-file-system
Disk anatomy
A disk is divided into something called partitions. A Partition is just a
piece of the disk that you can manage. When you create multiple
partitions, it gives you the illusion that you're physically dividing a disk
into separate disks. Partitions essentially act as their own sub-disks, but
they all use the same physical disk. On formatting a filesystem on a
partition, it becomes a volume. Other important component in a disk is
a partition table, which tells how the disk is partitioned. The table will
tell you which partitions you can boot from, how much space is
allocated to partition, etc. There are two main partition table schemes
that are used, MBR, or Master Boot Record, and GPT, or GUID Partition
Table.
Disk anatomy
MBR only lets you have volume sizes of 2 terabytes or less. It also uses
something called primary partitions. You can only have four primary
partitions on a disk. If you want to add more, you have to take a
primary partition and make it into something known as an extended
partition. Inside the extended partition, you can then make something
called a logical partition. It's a little odd to get at first, but that's just
how the partition table was created. GPT is becoming the new standard
for disks. You can have a volume size greater than 2 terabytes, and it
only has one type of partition.
Windows: Disk partitioning and formatting a
filesystem
Although we have a lot of third party tools to partition and format a filesystem, but there is a built-in
tool in windows GUI, Disk management not a tool like thing, in other words it is a feature in windows.
the allocation unit size is the block size that will be used when you format the partition in NTFS. In
other words, this is the size of the chunks that the partition will be chopped into. Data that needs to
be saved will spread out across those chunks. This means that if you store lots of small files, you'll
waste less space with small block sizes. If you store large files, larger block sizes will mean you'll need
to read less blocks to assemble the file. The difference between a quick format and a full format is
that in a full format, Windows will do a little extra work to scan the disk or USB drive in our case, for
errors or bad sectors. The last option on the format screen is whether or not to enable file or folder
compression. The decision to enable or disable compression comes with a trade-off. 
For more information on data allocation units,
https://support.microsoft.com/en-us/help/140365/default-cluster-size-for-ntfs-fat-and-exfat
For more information DiskPart command line options,
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-vista/cc766465(v=ws.
10)?redirectedfrom=MSDN
Linux: Disk partitioning and formatting a
filesystem
In Linux, there are a few different partitioning command line tools we can
use. One that supports both MBR and GPT partitioning is the parted
tool. Parted can be used in two modes. The first is interactive, meaning we're
launched into a separate program, like when we use the less command. The
second is command line, meaning you just run commands while still in your
shell. Parted-l command is used to view what disks are connected to the
computer. In a command line, the command mklabel sets the label for any
disk, The mkpart command needs to have the following information, what
type partition we want to make, what file system we want to format, and the
start of the disk and the end of the disk like this. The partition type is
meaningful to MBR partition table. The command mkfs is used to format a
partition with the file system.
Mounting and unmounting a filesystem in
Linux
Check this link for info on fstab which is used modify some access rights
like making directory permanently mounted or vice versa,
https://en.wikipedia.org/wiki/Fstab
Swap space
First of all, we need to understand the concept of virtual memory, it is how our OS
provides the physical memory to the applications that run on the computer, this is
done by mapping virtual to physical addresses. Virtual memory also gives us the
ability for our computer to use more memory than we physically have installed. To
do this, it dedicates an area of the hard drive to use a storage base for blocks of
data called pages. When a particular page of data isn't being used by an
application, it gets evicted. Which means it gets copied out of memory onto the
hard drive. This is because accessing data on RAM is fast, much faster than the hard
drive where space is at a premium.
Windows: Swap space
The Windows OS uses a program called The Memory manager to handle virtual
memory. Its job is to take care of that mapping of virtual to physical memory
for our programs and to manage paging. In Windows, pages saved to disk are
stored in a special hidden file on the root partition of a volume called
pagefile.sis. Windows automatically creates page files and it uses the memory
manager to copy pages of memory to be read as needed. The operating system
does a pretty good job of managing the page file automatically. Even so,
windows provides a way to modify the size, number and location of paging files
through a control panel applet called System Properties. For more info on
windows paging, check https://en.wikipedia.org/wiki/Paging#Windows_NT and
https://docs.microsoft.com/en-us/windows/client-management/determine-ap
propriate-page-file-size
Linux: Swap space
In Linux, the dedicated area of the hard drive used for virtual memory is
known as swap space. For more info,
https://access.redhat.com/documentation/en-us/red_hat_enterprise_li
nux/6/html/installation_guide/s2-diskpartrecommend-ppc#id4394007
Windows: Files
In this slide, we’re going to learn file data and file metadata, when we talk file data, we’re actually dealing with
the actual contents of the file, and file metadata includes all the other information excluding the contents, like
file size, ownership and etc. NTFS uses something called The Master File Table or MFT to keep everything
straight. Every file on a volume has at least one entry in the MFT, including the MFT itself. When you create files
on an NTFS file system, entries get added to the MFT. When files get deleted, their entries in the MFT are
marked as Free so they can get reused. One important part of a file's entry in the MFT is an identifier called the
file record number. This is the index of the files entry in the MFT. A special type of file we should mention in
Windows is called a shortcut. A shortcut is just another file and another entry in the MFT. But it has a reference
to some destination. Besides creating shortcuts as ways to access other files, NTFS provides two other ways
using hard and symbolic links. Symbolic links are kind of like shortcuts but at the file system level. When you
create a symbolic link, you create an entry in the MFT that points to the name of another entry or another
file. When you create a hard link in NTFS, an entry is added to the MFT that points to the linked file record
number, not the name of the file. This means the file name of the target can change and the hard link will still
point to it. For more info checkout,
https://docs.microsoft.com/en-gb/windows/win32/fileio/master-file-table?redirectedfrom=MSDN,
https://docs.microsoft.com/en-gb/windows/win32/fileio/creating-symbolic-links?redirectedfrom=MSDN and
https://docs.microsoft.com/en-gb/windows/win32/fileio/hard-links-and-junctions?redirectedfrom=MSDN
Linux: Files
In Linux, metadata and files are organized into a structure called an
inode. Inodes are similar to the Windows NTFS MFT records. We store
inodes in an inode table and they help us manage the files on our file
system. The inode itself doesn't actually store file date or the file name,
but it does store everything else about a file. Shortcuts in Linux are
referred to as softlinks, or symlinks. They work in a similar way symbolic
links work in Windows, in that they just point to another file. In
Linux, hardlink link to an inode which is stored in an inode table on the
file system.
Disk usage
For windows,
https://docs.microsoft.com/en-us/sysinternals/downloads/du and
https://support.microsoft.com/en-us/help/181701/how-to-start-disk-cl
eanup-by-using-the-command-line

In Linux, we use the du -h to view the disk utilization. To know free

space in a disk we use df. Linux doesn’t defragmentation because
https://www.howtogeek.com/115229/htg-explains-why-linux-doesnt-n
eed-defragmenting/
Filesystem repair
The importance of safely ejecting a USB drive is that, even though one have
successfully completed moving a file from the USB to the system but it can
happen that, the transfer isn’t complete yet. When we read or write something
to a drive, we actually put it in a buffer, or cache, first. A data buffer is a region
of RAM that’s used to temporarily store data while it’s being removed around.
So when you copy something from your OS to your USB drive, it first
gets copied to a data buffer because RAM operates faster than hard
drives.
So if you don't properly unmount a file system and give your buffer
enough time to finish moving data, you run the risk of data
corruption.
Windows: Filesystem repair
The NTFS file system has some advanced features built into it that can help minimize the
danger of corruption, as well as, try to recover when the file system does get damaged. One
of these features, through a process called journaling, logs changes made to a file metadata
into a log file called the NTFS log. By logging these changes, NTFS creates a history of the
actions it's taken. This means it can look at the log to see what the current state of the
file system should be. In addition to journaling, NTFS and Windows implements something
called self-healing, the self-healing mechanism makes changes to minor problems and
corruptions on the disk automatically in the background. It does this while Windows is
running so you don't need to perform a reboot. We use the fsutil command to check self
healing mechanism’s status. What if we got some serious issues, in that case we can’t recover
all the data but we can check it beforehand, understand the cause and won’t let it happen.
For this we use the command chkdsk to fix any problem use the flag /F followed by the
directory.
For Linux, https://en.wikipedia.org/wiki/Fsck
Programs and Processes
Programs are the applications that we run and when programs are running they are called
Process. In the upcoming slides we’re going to learn the processes, how to make our system
more efficient. So let’s dive in, When you open up an application like a word
processor, you're launching a process. That processes get in something called a process ID
to uniquely identify it from other processes. Our computer sees that the process needs
hardware resources to run. So our kernel makes decisions to figure out what resources to
give it. Then, in the blink of an eye, our computer starts up a word processor and
tadah, already to start working. This happens for every process you launch yourself, and for
every process you don't even know who's running. Besides, the visible processes that we
start, like our music player or word processor, there are also not so visible processes
running. These are known as background processes, sometimes referred to as daemon
processes. Background processes are processes that run in the background. We don't really
see them, and we don't interact with them, but our system needs them to function. They
include processes like scheduling resources, logging, managing networks, and more.
Windows: Process creation and termination
The way that processes are created and stopped differs based on the operating system you use.
When Windows boots up or starts, the first non-kernel user mode that starts is the Session Manager
Subsystem or smss.exe. The smss.exe process is in charge of setting some stuff up for the OS to work. It then
kicks off the log-in process called winlogon.exe appropriately enough, along with the Client/Server Runtime
Subsystem called csrss.exe, which handles running the Windows GUI and command line council. In Windows,
each new process that's created needs a parent to tell the operating system that a new process needs to be
made. The child process inherit some things from its parent like variables and settings, which we can
collectively refer to as an environment. This gives the child process a pretty good start in life, but after the
initial creation step, the child is pretty much on its own. Unlike in Linux, Windows processes can operate
independently of their parents.
Using a command prompt command by calling on the task kill utility is one of the ways to stop a process. Task
kill can find and halt a process in a few ways. One of the more common ways is use an identification
number, known as the process id or PID to tell task kill which process you'd like stopped. This will send the
termination signal to the process identified by the PID.
For more info, https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/taskkill
Linux: Process creation and termination
In Linux, processes have a parent child relationship. This means that
every process that you launch comes from another process. when you
start up your computer, the kernel creates a process called a init, which
has a PID of one. A init starts up other processes that we need to get
our computer up and running. When your processes complete their
task, they'll generally terminate automatically. Once a process
terminates, it'll release all the resources it was using back to the kernel,
so that they can be used for another process.
Windows: Reading process information
On the Windows operating system, the task manager or task mgr.exe is
one method of obtaining process information. You can open it with the
control shift escape key combination or by locating it using the start
menu. Now how can we get a PID number, for this select any process
currently running, in the task manager, now select details option to get
the PID number. We can use the commands TaskList and Get-Process
for the same.
For more info,
https://docs.microsoft.com/en-us/powershell/module/microsoft.power
shell.management/get-process?view=powershell-5.1
Linux: Reading process information
We use the command ps –x to view which processes are and the
command ps –ef to view all the processes running.
For more info, https://man7.org/linux/man-pages/man1/ps.1.html
Signals
To tell a process to quit at the system level, we use something called a
signal. A signal is a way to tell a process that something's just
happened. You can generate a signal with special characters on your
keyboard and through other processes and software. One of the most
common signals you'll come across is called SIGINT, which stands for
signal interrupt. 
For Windows signals check,
https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/sign
al?view=vs-2019
Windows: Managing processes
Process Explorer is a utility Microsoft created let IT support
specialists, systems administrators, and other users look at running
processes. You can search for a process easily in Process Explorer by
either pressing Control F, or clicking on the little binocular button. MUI
stands for multilingual user interface, and it contains a package of
features to support different languages. Process Explorer can do a lot of
jobs like Kill Process, Kill Process Tree, Restart, and Suspend. 
For more info on Process Explorer, explore
https://docs.microsoft.com/en-us/sysinternals/downloads/process-expl
orer
Linux: Managing processes
We use signals in Linux to do any task some of the signals are SIGTERM,
which gets executed with command kill and what it does is terminating,
then we the signal SIGKILL which gets executed with the command kill
–KILL and what it does is, it kills the process completely, after that we
have SIGTSTP, executing command is kill –TSTP and it is used to pause a
program. These commands are followed by the PID number of the
running processes.
Resource Monitoring
In windows, resource monitoring is done using the tool resource
monitoring tool, after it gets opened we get to see five tabs of
information. To know all about these check,
https://docs.microsoft.com/en-us/powershell/module/microsoft.power
shell.management/get-process?view=powershell-5.1#outputs
In Linux, A useful command to find out what your system utilization
looks like in real time is the top command. Top shows us the top
processes that are using the most resources on our machine. We also
get a quick snapshot of total tasks running or idle, CPU usage, memory
usage, and more. Check this link to know more,
https://en.wikipedia.org/wiki/Load_(computing)
Remote connection and SSH
Remote connection makes working in an IT support role much easier since it allows us
to manage multiple machines from anywhere in the world.
SSH or secure shell is a protocol implemented by other programs to securely access one
computer from another. To use SSH, you need to have an SSH client installed on the
computer you're connecting from along with an SSH server on the computer you're
trying to connect to. An SSH server is just software. On the remote machine, the SSH
server is running as a background process. It constantly checks if a client is trying to
connect to it, then will authenticate its requests. The most popular program to use SSH
within Linux is the OpenSSH program. And for Windows we use the PuTTY configuration.
Another way that you can connect securely to remote machine is through VPN. It allows
you to access resources like shared file servers and network devices as if you are
connected to your work network.
Remote connection file transfer
SCP, or secure copy, is a command you can use in Linux to copy files
between computers on a network. It utilizes SSH to transfer the
data. So just like you would SSH into a machine you can send a file that
way.
Command used in Windows is net share to share the folders. For more
info on net share,
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/wi
ndows-server-2012-R2-and-2012/hh750728(v=ws.11)?redirectedfrom=
MSDN
Virtual machines
https://www.virtualbox.org/wiki/Downloads
https://www.virtualbox.org/manual/ch01.html
https://en.wikipedia.org/wiki/Comparison_of_platform_virtualization_s
oftware
The Windows event viewer
In Windows, the events logged by the operating system are stored in an
application called the Event Viewer. We can start this application by
running the command eventvwr.msc.
In Linux, logs are stored in /var/log directory. For more info,
http://manpages.ubuntu.com/manpages/focal/en/man8/logrotate.8.ht
ml
Imaging
https://en.wikipedia.org/wiki/Comparison_of_disk_cloning_software
https://man7.org/linux/man-pages/man1/dd.1.html