Learn Windows Operating System — Complete Guide

Windows Operating System — Complete Guide

DodaTech Updated Jun 15, 2026 12 min read

Microsoft Windows is the world’s most widely used desktop operating system, built on the NT kernel architecture that powers everything from home laptops to enterprise servers, with a deep focus on compatibility, security, and graphical user experience.

What You’ll Learn & Why It Matters

In this tutorial, you’ll learn how Windows is architected, how its kernel differs from Linux, how NTFS handles files, how process management works through Task Manager and services, and how to secure Windows with Group Policy and modern security features — skills essential for any IT professional or developer targeting the Windows platform.

Real-world use: When a Windows Server hosting a critical SQL Server database experiences a memory leak, you need to identify the offending process using Task Manager or PowerShell, analyze the dump, and either restart the service or apply a hotfix — all skills rooted in understanding Windows internals.

Windows Editions: Which One Do You Need?

Windows comes in multiple editions, each optimized for different scenarios. Choosing the wrong one wastes money or misses critical features.

Edition	Best For	Key Features	Max RAM	Max CPUs
Windows 11 Home	General consumers	Consumer UI, gaming, Microsoft Store	128 GB	1
Windows 11 Pro	Power users, small business	BitLocker, Remote Desktop, Hyper-V, Group Policy	2 TB	2
Windows 11 Enterprise	Large organizations	AppLocker, DirectAccess, Windows To Go, Credential Guard	6 TB	4
Windows Server 2025 Standard	Small/medium servers	GUI + Core, 2 VMs, Storage Replica	48 TB	64
Windows Server 2025 Datacenter	Large-scale virtualization	Unlimited VMs, Shielded VMs, Storage Spaces Direct	48 TB	64

Wait — why does Home Edition limit RAM to 128GB? Because Microsoft segments the market. The kernel itself can handle far more, but licensing restrictions enforce the limits. If you’re a developer, Pro edition is usually the sweet spot — you get Group Policy for configuration management and Hyper-V for running virtual machines.

The NT Kernel Architecture

Windows NT (New Technology) has been the core of Windows since Windows NT 3.1 (1993). Today’s Windows 11 and Windows Server 2025 are direct descendants of that original design.


graph TB
    subgraph "User Mode"
        APPS["Applications (Win32, UWP, WSL)"]
        SUBSYSTEMS["Environment Subsystems"]
        DLLS["DLLs (kernel32, user32, ntdll)"]
    end
    
    subgraph "Kernel Mode"
        EXEC["NT Executive
I/O Manager, Memory Manager,
Process Manager, Security Monitor"]
        KERNEL["NT Kernel
Scheduling, Interrupts"]
        HAL["Hardware Abstraction Layer (HAL)"]
        DRIVERS["Device Drivers"]
    end
    
    subgraph "Hardware"
        CPU --> RAM --> DISK --> NET
    end
    
    APPS --> DLLS --> SUBSYSTEMS
    SUBSYSTEMS --> EXEC
    EXEC --> KERNEL --> HAL
    DRIVERS --> HAL
    HAL --> CPU
    
    style APPS fill:#4CAF50,color:#fff
    style KERNEL fill:#1565C0,color:#fff
    style HAL fill:#FF9800,color:#fff
    style DRIVERS fill:#7b1fa2,color:#fff

Key NT Design Decisions

Hardware Abstraction Layer (HAL): The HAL sits between the kernel and the actual hardware. It translates generic kernel commands into hardware-specific instructions. This means Windows can run on x86, x64, ARM (Surface Pro X), and even historical architectures like MIPS and Alpha without rewriting the kernel.

Executive vs Kernel: The NT Kernel handles the lowest-level tasks — thread scheduling, interrupt handling, and synchronization. The NT Executive is a collection of higher-level managers (I/O, Memory, Process, Security, etc.) that call into the kernel.

Win32 Subsystem: Applications don’t talk to the kernel directly. They go through the Win32 subsystem (implemented in csrss.exe), which translates API calls into kernel system calls. This is why kernel32.dll is loaded into every Windows process.

File Systems: NTFS and ReFS

NTFS (New Technology File System)

NTFS has been Windows’s primary file system since Windows NT 4.0. Everything about it is designed for reliability and security:

Feature	What It Does	Your Life Saves
Journaling	Logs changes before writing them	Power failure won’t corrupt the file system
Permissions	ACLs on every file and folder	Prevent unauthorized access
Hard links	Multiple paths to the same data	File deduplication, snapshot-like backups
Compression	Transparent LZNT1 compression	Saves disk space (at CPU cost)
Encryption (EFS)	Per-file encryption	Extra layer beyond BitLocker
Quotas	Per-user disk limits	Prevent users from filling the drive

NTFS Permissions in Practice

C:\>ICACLS C:\DATA\REPORTS
C:\DATA\REPORTS DOMAIN\jdoe:(OI)(CI)(F)
                  DOMAIN\accounting:(OI)(CI)(R)
                  NT AUTHORITY\SYSTEM:(OI)(CI)(F)
                  BUILTIN\Administrators:(OI)(CI)(F)

This shows that user jdoe has full control (F), the accounting group has read-only (R), and system/administrators have full control. The (OI)(CI) flags mean these permissions apply to files (OI = Object Inherit) and subfolders (CI = Container Inherit).

ReFS (Resilient File System)

ReFS is Windows Server’s next-generation file system, introduced to address NTFS limitations for massive-scale storage:

Maximum volume size: 4.7 × 10²² TB (vs NTFS’s 256 TB)
Self-healing: Detects and repairs corruption without taking the volume offline
Data integrity streams: Checksums on everything, including metadata
No need for chkdsk — ReFS validates itself continuously

ReFS is not for your boot drive. It’s for large data volumes where availability matters more than raw performance.

Process Management

Windows manages processes through a combination of GUI tools and command-line utilities.

Task Manager: Your First Diagnostic Tool

Press Ctrl+Shift+Esc and you see Task Manager — the Swiss Army knife of Windows process management.

Tab	What It Shows	Key Action
Processes	Running apps + background processes	Right-click → End task
Performance	CPU, Memory, Disk, Network, GPU graphs	Watch for 100% usage (bottleneck)
App history	Resource usage per app	Find resource hogs
Startup	Programs that auto-start	Disable slow starters
Users	Resource usage per logged-in user	Identify user-level issues
Details	Full process list with PID, status, CPU/memory	End process tree
Services	Windows services and their status	Start/stop/restart services

PowerShell: Process Management from the Command Line

# List top 10 memory-consuming processes
Get-Process | Sort-Object WorkingSet -Descending | Select-Object -First 10 Name, Id, @{N="MB";E={[math]::Round($_.WorkingSet/1MB,1)}}

Expected output:

Name                 Id    MB
----                 --    ---
MsMpEng            1234  456.2
chrome             5678  389.1
Teams              9012  312.8
OUTLOOK            3456  245.3
Code               7890  198.7
...

Services: The Backbone of Windows

Windows services are long-running processes that start at boot and run in the background, often without a user interface. The services.msc management console lets you control them.

# List all services, showing which are running
Get-Service | Where-Object { $_.Status -eq "Running" } | Format-Table -AutoSize

Expected output (partial):

Status   Name               DisplayName
------   ----               -----------
Running  BFE                Base Filtering Engine
Running  Dhcp               DHCP Client
Running  Dnscache           DNS Client
Running  EventLog           Windows Event Log
Running  MpsSvc             Windows Firewall

Why Does Windows Need So Many Services?

Every service serves a purpose: the DHCP Client gets your IP address, the DNS Client caches domain lookups, the Windows Firewall blocks unauthorized traffic. But each running service consumes memory (typically 2–10MB each). On a server, disabling unnecessary services is a standard security hardening step — fewer services means fewer attack vectors.

PowerShell: Windows’s Modern Shell

PowerShell is far more than a command prompt replacement. It’s a task automation framework built on .NET that returns structured objects, not text.

The Object Pipeline

In Bash, you pass text between commands. In PowerShell, you pass objects:

# Get all running services, filter for ones that can be stopped, export to CSV
Get-Service |
  Where-Object { $_.CanStop -eq $true -and $_.Status -eq "Running" } |
  Select-Object Name, DisplayName, ServiceType |
  Export-Csv -Path "C:\Reports\stoppable_services.csv" -NoTypeInformation

What just happened? Get-Service returns an array of service objects. Where-Object filters them. Select-Object picks specific properties. Export-Csv writes the result to a file. Every step works with objects, so you never parse text output.

Common One-Liners for Sysadmins

# Find what's listening on port 8080
Get-NetTCPConnection -LocalPort 8080 | Select-Object OwningProcess, LocalAddress, State

# Kill all Chrome processes
Get-Process chrome | Stop-Process -Force

# Check disk space on all drives
Get-PSDrive -PSProvider FileSystem | Select-Object Root, @{N="GB Free";E={[math]::Round($_.Free/1GB,2)}}

Expected output for the disk space check:

Root GB Free
---- ------
C:   124.35
D:   452.80
E:    12.50

Group Policy: Centralized Configuration

Group Policy is Windows’s mechanism for centrally managing users and computers across a network. It’s the reason IT can enforce password complexity, block USB drives, map network drives, and deploy software — all from one place.

How Group Policy Works

Group Policy Objects (GPOs) — settings stored in the domain controller’s SYSVOL folder
Processing order: Local → Site → Domain → Organizational Unit
Application: At boot (computer policies) and logon (user policies)

Editing Local Group Policy

C:\>GPEDIT.MSC

This opens the Local Group Policy Editor on a Pro/Enterprise machine. Common configurations:

Policy Path	Setting	Effect
Computer Config → Windows Settings → Security Settings → Account Policies → Password Policy	Minimum password length = 14	Enforces strong passwords
Computer Config → Administrative Templates → System → Removable Storage Access	All Removable Storage: Deny all access	Blocks USB drives
User Config → Administrative Templates → Start Menu and Taskbar	Remove Run menu from Start Menu	Prevents command execution
Computer Config → Windows Settings → Security Settings → Windows Firewall	Windows Firewall: Allow inbound ICMP	Enables ping (disabled by default on domain profiles)

🔑 Key insight: Group Policy is one of the main reasons enterprises choose Windows. You can configure 10,000 machines with a single GPO linked to an Organizational Unit. Linux equivalents exist (Ansible, Puppet, Salt) but none are as deeply integrated into the OS.

Windows Security Features

Modern Windows includes security features that rival dedicated security products.

Windows Defender / Microsoft Defender

Built-in antivirus and anti-malware that’s competitive with third-party solutions:

# Quick scan
Start-MpScan -ScanType QuickScan

# Full scan
Start-MpScan -ScanType FullScan

# Check protection status
Get-MpComputerStatus | Select-Object AntivirusEnabled, RealTimeProtectionEnabled, LastQuickScan*

Expected output:

AntivirusEnabled RealTimeProtectionEnabled LastQuickScanTime     LastQuickScanSource
---------------- ------------------------- ---------------     --------------------
           True                      True 6/15/2026 3:00:00 AM                0

BitLocker Drive Encryption

BitLocker encrypts the entire drive using AES-128 or AES-256 with a TPM chip storing the encryption key. This means if a laptop is stolen, the data is unreachable without the TPM + PIN or recovery key.

# Check BitLocker status on all volumes
Get-BitLockerVolume | Format-Table -AutoSize

User Account Control (UAC)

UAC is the pop-up you get when installing software or changing system settings. Many users disable it. Here’s why you shouldn’t:

UAC ensures that even when you’re logged in as an administrator, most operations run with standard user privileges. Only operations that require administrative rights trigger a prompt. This prevents malware from silently modifying system files.

Credential Guard

Windows 11 Enterprise includes Credential Guard, which isolates user credentials (password hashes, Kerberos tickets) in a virtualized container that even SYSTEM-level malware cannot access.

Windows Sandbox

Windows 11 Pro/Enterprise includes Windows Sandbox — a lightweight, isolated desktop environment for running untrusted software. Each sandbox is fresh (no persistence), disposable, and uses the host’s kernel for minimal overhead.

# Enable Windows Sandbox (requires reboot)
C:\>DISM /Online /Enable-Feature /FeatureName:Containers-DisposableClientVM

Common Errors & Mistakes

1. Disabling UAC Completely

Mistake: Setting UAC to “Never notify” because the pop-ups are annoying.

Fix: UAC is your main defense against silent malware installation. Instead of disabling it, adjust the slider to “Notify me only when apps try to make changes” (second from top) — this suppresses prompts for legitimate Windows settings changes but still blocks untrusted software.

2. Running Windows Without Updates

Mistake: Deferring or disabling Windows Update to “avoid reboots.”

Fix: Unpatched Windows is the #1 attack vector for ransomware. Schedule update windows during off-hours. Use “Active Hours” in Windows 11 to prevent automatic reboots during work time. For servers, use WSUS or Windows Update for Business to control patch deployment.

3. Using the Built-in Administrator Account for Daily Work

Mistake: Logging in as Administrator for everyday tasks.

Fix: Create a standard user account for daily use and use Run as administrator only when needed. The built-in Administrator account has no UAC prompts, so any malware you run has full system access.

4. Forgetting to Configure Windows Firewall

Mistake: Assuming the default Windows Firewall rules are sufficient for a server.

Fix: Default inbound rules block everything. But you need to explicitly allow only required ports (e.g., 80/443 for web, 1433 for SQL Server, 3389 for RDP restricted to specific IPs). Use wf.msc (Windows Firewall with Advanced Security) for granular rules.

5. Not Understanding the Services Snap-in

Mistake: Disabling a service in services.msc without checking dependencies.

Fix: When you disable a service, check its “Dependencies” tab first. Disabling the Print Spooler might block scanning software that depends on it. Use sc query at the command line to audit dependencies before making changes.

Practice Questions

Question 1

What is the HAL and why is it important to Windows architecture?

Show answer

The Hardware Abstraction Layer (HAL) sits between the NT kernel and the physical hardware, translating generic kernel commands into platform-specific instructions. This allows Windows to run on different CPU architectures (x86, x64, ARM) without rewriting the kernel.

Question 2

What is the difference between NTFS and ReFS?

Show answer

NTFS is Windows's general-purpose file system with journaling, permissions, compression, and encryption. ReFS is designed for large-scale server workloads with self-healing, max volume sizes up to 4.7 × 10²² TB, and continuous integrity validation — but it's not suitable for boot drives.

Question 3

Why is disabling UAC dangerous?

Show answer

UAC ensures most operations run with standard user privileges even when logged in as an administrator. Disabling it means any malware can modify system files, install software, or change security settings without prompting the user.

Question 4

What is the PowerShell pipeline and how does it differ from text-based shells like Bash?

Show answer

PowerShell passes .NET objects between commands, not text. This means you can access properties and methods of objects directly (e.g., `$_.WorkingSet`), filter with precise conditions, and export structured data (CSV, JSON, XML) without parsing text output.

Question 5

What is BitLocker and how does it protect data on a stolen laptop?

Show answer

BitLocker encrypts the entire drive using AES-128/256 with the encryption key stored in the TPM chip. If a laptop is stolen, the drive contents are inaccessible without the TPM + PIN or 48-digit recovery key, even if the attacker removes the drive and connects it to another machine.

Challenge

You have a Windows Server 2025 that runs a critical web application. Memory usage gradually increases from 4GB to 14GB over 7 days and never decreases. Write a PowerShell script that:

Captures the top 10 memory-consuming processes every hour
Logs them to a CSV with a timestamp
Triggers a warning event in the Windows Event Log when any process exceeds 2GB
Automatically restarts the service if the process is the known leaky web server process (name: w3wp.exe)

Real-World Task

You’re the IT administrator for a company of 500 employees. All Windows 11 Pro workstations need to enforce: password length ≥ 14 characters, mandatory BitLocker on C: drive, blocking USB storage devices, and Windows Update installation during 2-4 AM nightly. Use Group Policy to configure these settings. Which GPO settings would you use, where would you link them, and how would you test deployment on a pilot group?

Mini Project: Windows Health Report Generator

Create a PowerShell script that generates a comprehensive health report for any Windows machine:

param([string]$ComputerName = "localhost")

$report = @{}
$report["Computer"] = $ComputerName
$report["OS"] = (Get-CimInstance Win32_OperatingSystem).Caption
$report["Uptime"] = (Get-Date) - (Get-CimInstance Win32_OperatingSystem).LastBootUpTime

$disks = Get-PSDrive -PSProvider FileSystem |
    Select-Object Root, @{N="FreeGB";E={[math]::Round($_.Free/1GB,2)}},
                        @{N="UsedGB";E={[math]::Round(($_.Used)/1GB,2)}}
$report["Disks"] = $disks

$services = Get-Service | Where-Object { $_.Status -eq "Stopped" -and $_.StartType -eq "Automatic" }
$report["FailedServices"] = $services

$report | ConvertTo-Json | Out-File "$ComputerName-$(Get-Date -f yyyyMMdd)-health.json"
Write-Host "Report saved to $ComputerName-$(Get-Date -f yyyyMMdd)-health.json"

Run it: .\HealthReport.ps1 -ComputerName "WEBSRV01"

Built by the developers of Doda Browser, DodaZIP, and Durga Antivirus Pro.

📖 Author: DodaTech | Last updated: June 15, 2026

DodaTech tutorials are built by the developers of Doda Browser, DodaZIP, and Durga Antivirus Pro — security tools used by millions worldwide.

Previous MS-DOS & FreeDOS — Complete Command-Line Guide Next macOS — Complete Guide for Developers

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro

Home Browse Operating Systems