Welcome back!

If you haven't gone through Part 1 yet, start there first — TryHackMe Walkthrough: Windows Fundamentals Part 1. It covers Windows editions, the desktop, the file system, user accounts, UAC, and Task Manager. This blog picks up right where that one left off.

Part 2 digs deeper into the built-in tools and utilities that Windows provides for managing and monitoring your system. These are the tools that cybersecurity professionals — analysts, administrators, and incident responders — use every single day.

Let's get into it.

None

The Room: Windows Fundamentals Part 2

Path: Windows Fundamentals Room: Windows Fundamentals Part 2 Difficulty: Easy Free to access: Yes

Task 1: Introduction

Part 2 builds directly on Part 1. If you haven't completed that room yet, go back and finish it first.

In this room we explore more built-in Windows utilities — tools that help you manage, monitor, and secure a Windows system. These aren't just theory — they're the same tools used by IT administrators and cybersecurity professionals in real environments every day.

To follow along, start the virtual machine in TryHackMe. You can also connect to it via Remote Desktop using the credentials provided in the room.

Task 2: System Configuration and Advanced System Settings

System Configuration (MSConfig) The System Configuration utility (MSConfig) is a built-in Windows tool mainly used for troubleshooting startup issues. You need local administrator rights to open it. You can launch it from the Start Menu or by typing msconfig in the Run dialog.

It has five tabs:

  • General — choose what Windows loads on boot: Normal, Diagnostic, or Selective
None
  • Boot — configure boot options for the OS
None
  • Services — view all services on the system, whether running or stopped
None
  • Startup — Microsoft recommends using Task Manager to manage startup items instead of this tab
None
  • Tools — a list of useful system utilities you can launch directly from here
None

📝 Note: On Windows Server machines (like the VM in this room), the Startup tab won't show startup programs. Instead, press Win + R and type shell:startup to view programs configured to run at login.

Advanced System Settings Search for View advanced system settings in the Start Menu to open the System Properties panel. From here you can configure:

None

Page File (Virtual Memory) When your physical RAM runs full, Windows uses a page file — a space on the hard drive that acts as extra memory. You can view or change its size under Advanced → Performance → Settings → Advanced.

None

Startup and Recovery (Crash Dumps) When Windows crashes (Blue Screen of Death), it can save a crash dump file to help administrators understand what went wrong. You can configure this under Advanced → Startup and Recovery → Settings.

None

The types of crash dumps available are:

  • Automatic memory dump
  • Kernel memory dump
  • Small memory dump (256 KB)
  • Complete memory dump
  • None

Each type captures a different amount of information about the crash — the more detailed the dump, the larger the file.

What is the name of the service that lists Systems Internals as the manufacturer?

None
PsShutdown

Whom is the Windows license registered to?

Select About Windows → Click Launch

None
None
Windows User

What is the command for Windows Troubleshooting?

None
C:\Windows\System32\control.exe /name Microsoft.Troubleshooting

What command will open the Control Panel? (The answer is the name of .exe, not the full path)

control.exe

Task 3: Change UAC Settings

We covered UAC in detail in Part 1 — but did you know you can actually adjust how it behaves?

The UAC settings can be changed using a slider with four levels. You can find it by searching for User Account Control settings in the Start Menu.

Here are the four levels from most to least secure:

None
None

⚠️ Turning UAC off completely is not recommended. It removes an important layer of protection and makes it much easier for malware to make system-level changes without your knowledge.

What is the command to open User Account Control Settings? (The answer is the name of the .eipconfig /allxe file, not the full path)

UserAccountControlSettings.exe

Task 4: Computer Management

The Computer Management utility (compmgmt) is one of the most powerful built-in tools in Windows. You can open it by searching for it in the Start Menu. It has three main sections: System Tools, Storage, and Services and Applications.

None

System Tools

Task Scheduler Task Scheduler lets you automate tasks — running a program, a script, or a command at a set time or trigger. Tasks can be set to run at login, logoff, on a schedule, or just once at a specific time. To see all scheduled tasks, click Task Scheduler Library. To create a new one, click Create Basic Task in the right pane.

None

Event Viewer Event Viewer is where Windows stores logs of everything that has happened on the system. It's an audit trail — useful for diagnosing problems and investigating suspicious activity.

It has three panes:

  • Left — a tree of all event log providers
  • Middle — a summary of events for the selected provider
  • Right — available actions

There are five types of events that can be logged: Information, Warning, Error, Success Audit, and Failure Audit. The standard logs (Application, Security, System, etc.) are found under Windows Logs.

None

Shared Folders This shows all folders currently shared on the system — including default Windows shares like C$ and ADMIN$. You can right-click any share to view its permissions. The Sessions tab shows who is currently connected, and Open Files shows what they're accessing.

None

Local Users and Groups This is the same lusrmgr.msc tool covered in Part 1 — for managing user accounts and groups.

Performance Monitor (perfmon) Performance Monitor lets you view real-time or historical performance data — CPU, memory, disk, and network. Useful for diagnosing performance issues on local or remote systems.

None

Device Manager Device Manager shows all hardware connected to the system. You can view, configure, update, or disable any hardware device from here.

None

Storage — Disk Management Disk Management lets you manage drives and partitions. Common tasks include:

  • Setting up a new drive
  • Extending or shrinking a partition
  • Assigning or changing a drive letter
None

Services and Applications

Services This lists every service on the system along with its status. Right-click any service and select Properties to see its full name, executable path, and startup type. Services can be set to:

  • Automatic — starts every time Windows boots
  • Manual — only starts when triggered
  • Disabled — won't run at all

WMI Control WMI (Windows Management Instrumentation) allows scripting languages like PowerShell to manage Windows systems locally or remotely. It's widely used by both administrators and attackers — understanding WMI is valuable in cybersecurity.

None

What is the command to open Computer Management?

compmgmt.msc

When is the npcapwatchdog scheduled task set to run at?

None
At system startup

What is the name of the hidden folder that is shared?

None
sh4r3dF0Ld3r

Task 5: System Information (msinfo32)

The System Information tool (msinfo32) gives you a complete overview of your system — hardware, components, and software — all in one place. You can open it by typing msinfo32 in the Run dialog or searching for it in the Start Menu.

None

The information is split into three sections:

Hardware Resources Low-level technical details about how hardware components communicate with the system. This is mainly useful for advanced troubleshooting and driver development — not something most users need to dig into.

Components Details about specific hardware installed on the system — display adapters, input devices, storage, and more. Some sections may be empty depending on the system configuration.

Software Environment Information about the software running on the system, including:

  • Installed programs and drivers
  • Running tasks and services
  • Environment Variables — system-wide settings that store important information like the Windows installation path, number of processors, and temp folder locations
  • Network Connections — active network interfaces and their configurations

Environment Variables We briefly touched on environment variables in Part 1. They store key information the OS and programs rely on — for example, %windir% points to wherever Windows is installed. You can view them inside msinfo32 under Software Environment → Environment Variables, or through:

Control Panel → System and Security → System → Advanced system settings → Environment Variables

Pro Tip: At the bottom of the msinfo32 window, there's a search bar. Try selecting Components and searching for IP address — it'll pull up the relevant network information instantly without having to click through multiple menus.

What is the command to open System Information? (The answer is the name of the .exe file, not the full path)

msinfo32.exe

What is listed under System Name?

None
THM-WINFUN2

Under Environment Variables, what is the value for ComSpec?

None
%SystemRoot%\system32\cmd.exe

Task 6: Resource Monitor (resmon)

Resource Monitor (resmon) is a more detailed, real-time version of Task Manager. You can open it by typing resmon in the Run dialog or through the System Configuration panel.

It shows per-process and overall usage data for four key areas:

None

The Overview tab gives you a combined snapshot of all four at once. On the far right, there's a real-time graphical view for each section so you can visually track spikes and trends.

Resource Monitor is particularly useful when you need to:

  • Identify which process is eating up resources
  • See exactly which files a process is accessing
  • Spot unusual network connections made by a specific application
  • Investigate deadlocked processes or file locking conflicts

From a cybersecurity perspective, Resource Monitor is a powerful tool for spotting suspicious behaviour — like a process making unexpected network connections or writing files to unusual locations.

What is the command to open Resource Monitor? (The answer is the name of the .exe file, not the full path)

resmon.exe

Task 7: Command Prompt (cmd)

The Command Prompt (cmd) is a text-based way to interact with Windows. Before GUIs existed, it was the only way to use a computer. Today it's still a powerful tool — especially for troubleshooting and cybersecurity work.

Here are the key commands covered in this task:

Basic Commands

None

Network Commands

None

Net Command

The net command is used to manage network resources. It supports several sub-commands:

net user        — manage user accounts
net localgroup  — manage local groups
net share       — manage shared resources
net session     — view active sessions

📝 Note: For the net command, /? doesn't work for help. Use net help instead. For example: net help user

Getting Help For most commands, you can add /? at the end to see the full list of available options and syntax. For example:

ipconfig /?
netstat /?

In System Configuration, what is the full command for Internet Protocol Configuration?

Scroll up to Task 2 System Configuration -> Tools

None
C:\Windows\System32\cmd.exe /k %windir%\system32\ipconfig.exe

For the ipconfig command, how do you show detailed information?

ipconfig /all

Task 8: Registry Editor (regedit)

The Windows Registry is a central database that stores configuration information for the entire system — users, applications, hardware, and more. Windows constantly reads from and writes to the registry while it's running.

The registry stores things like:

  • User profiles and preferences
  • Installed applications and the file types they handle
  • Hardware configurations
  • Port settings
  • Folder and icon properties

You can view and edit the registry using the Registry Editor (regedit), which you can open by typing regedit in the Run dialog.

⚠️ Warning: The registry is for advanced users only. Making incorrect changes can break Windows or cause serious system issues. Always back up the registry before making any changes.

From a cybersecurity perspective, the registry is extremely important. Attackers commonly use it to:

  • Persist on a system — adding entries to run malicious programs automatically at startup
  • Hide data — storing configuration for malware
  • Disable security tools — modifying registry keys to turn off antivirus or firewall settings

Knowing how the registry works and where to look is a valuable skill for any security analyst.

What is the command to open the Registry Editor? (The answer is the name of the .exe file, not the full path)

regedt32.exe

Final Thoughts

That's Windows Fundamentals Part 2 done!

In this room we went through some of the most important built-in tools that Windows has to offer. From MSConfig and UAC settings to Computer Management, Resource Monitor, the Command Prompt, and the Registry Editor — each of these tools plays a real role in how Windows systems are managed, monitored, and secured.

Here's why each one matters in cybersecurity:

  • MSConfig — helps identify what's running at startup, a common hiding spot for malware
  • UAC settings — understanding these helps you recognise when a system has been weakened
  • Computer Management — Event Viewer and Task Scheduler are key tools for investigating suspicious activity
  • Resource Monitor — great for spotting unusual process behaviour in real time
  • Command Prompt — essential for quick system investigation and network troubleshooting
  • Registry Editor — one of the most important places to look when hunting for persistence mechanisms left behind by attackers

Windows Fundamentals Part 3 goes even deeper — covering security tools built directly into Windows. Follow me on Medium so you don't miss it.

Found this useful? Drop a comment below — I'd love to hear how your Windows journey is going. 🚀