Table Of Contents
- Windows OS Details
- Windows 10 & 11 Versions
- Windows Server Versions
- Windows “NT” Versions
- Windows Administrative Binaries
- Environment Variables
- Windows Key Files & Locations
- Registry Run Keys
WINDOWS OS DETAILS
- Note: This section details important Windows operating system information across many different versions such as: Windows XP, 7, 10, 11, and Windows Server. Details in this section include version number and dates released, administrative binary information, environmental variables, important registry locations and more.
WINDOWS 10 & 11 VERSIONS
- Note: Windows 10 versions include Home, Pro, Education, Enterprise, Pro for Workstations, Pro Education, Windows 10 S, and Windows 10 Enterprise LTSC
| ID | VERSION | DATE RELEASED |
|---|---|---|
| 1511 | Windows 10 – Threshold 2 | 2015-11-12 |
| 1607 | Windows 10 – Redstone 1 | 2016-08-02 |
| 1703 | Windows 10 – Redstone 2 | 2017-04-05 |
| 1709 | Windows 10 – Redstone 3 | 2017-10-17 |
| 1803 | Windows 10 – Redstone 4 | 2018-04-30 |
| 1809 | Windows 10 – Redstone 5 | 2018-11-13 |
| 1903 | Windows 10 – 19H1 | 2019-05-21 |
| 1909 | Windows 10 – Vanadium | 2019-11-12 |
| 2004 | Windows 10 - Vibranium | 2020-05-27 |
| 20H2 | Windows 10 - Vibranium | 2020-10-20 |
| 21H1 | Windows 10 - Vibranium | 2021-05-18 |
| 21H2 | Windows 10 - Vibranium | 2021-11-16 |
| 21H2 | Windows 11 - Sun Valley | 2021-10-05 |
WINDOWS SERVER VERSIONS
- Note: Windows servers include Windows Server Essentials, Windows Server Standard, Windows and Server Datacenter.
| ID | OS | DATE RELEASED |
|---|---|---|
| 1607 | Windows Server 2016 | 2016-10-12 |
| 1709 | Windows Server | 2017-10-17 |
| 1803 | Windows Server | 2018-04-10 |
| 1809 | Windows Server | 2018-11-13 |
| 1809 | Windows Server 2019 | 2018-11-13 |
| 1903 | Windows Server | 2019-11-12 |
| 1909 | Windows Server | 2019-11-12 |
| 2004 | Windows Server | 2020-06-26 |
| 20H2 | Windows Server | 2020-10-20 |
| 21H2 | Windows Server 2022 | 2021-08-18 |
WINDOWS 'NT' VERSIONS
| ID | VERSION |
|---|---|
| NT 3.1 | Windows NT 3.1 (All) |
| NT 3.5 | Windows NT 3.5 (All) |
| NT 3.51 | Windows NT 3.51 (All) |
| NT 4.0 | Windows NT 4.0 (All) |
| NT 5.0 | Windows 2000 (All) |
| NT 5.1 | Windows XP (Home, Pro, MC, Tablet PC, Starter, Embedded) |
| NT 5.2 | Windows XP (64-bit, Pro 64-bit) |
| NT 5.2 | Windows Server 2003 & R2 (Standard, Enterprise) |
| NT 5.2 | Windows Home Server |
| NT 6.0 | Windows Vista (Starter, Home, Basic, Home Premium, Business, Enterprise, Ultimate) |
| NT 6.0 | Windows Server 2008 (Foundation, Standard, Enterprise) |
| NT 6.1 | Windows 7 (Starter, Home, Pro, Enterprise, Ultimate) |
| NT 6.1 | Windows Server 2008 R2 (Foundation, Standard, Enterprise) |
| NT 6.2 | Windows 8 (x86/64, Pro, Enterprise, Windows RT (ARM)) |
| NT 6.2 | Windows Phone 8 |
| NT 6.2 | Windows Server 2012 (Foundation, Essentials, Standard) |
| NT 6.3 | Windows 8.1 (Pro, Enterprise) |
| NT 10 | Windows 10 version 1507 |
WINDOWS ADMINISTRATIVE BINARIES
| EXECUTABLE | NAME |
|---|---|
| lusrmgr.msc | Local user and group manager |
| services.msc | Services control panel |
| taskmgr.exe | Task manager |
| secpol.msc | Local security policy editor |
| eventvwr.msc | Event viewer |
| regedit.exe | Registry editor |
| gpedit.msc | Group policy editor |
| control.exe | Control panel |
| ncpa.cpl | Network connections manager |
| devmgmt.msc | Device manager editor |
| diskmgmt.msc | Disk manager editor |
ENVIRONMENT VARIABLES
| ENVIRONMENT VARIABLE | DESCRIPTION AND LOCATION |
|---|---|
| %SYSTEMROOT% | Points to Windows folder (Commonly: C:\Windows) |
| %APPDATA% | Points to user roaming directory Commonly (C:\Users<USERNAME>\AppData\Roaming) |
| %COMPUTERNAME% | The computer hostname |
| %HOMEDRIVE% | Points to default OS drive (Commonly: C:\ ) |
| %HOMEPATH% | Points to user directory (Commonly: C:\Users<USERNAME> ) |
| %PATH% | When a command is run without a full path (for example: ipconfig) the OS searches all file paths contained in the PATH environmental variable for this file |
| %PATHEXT% | When a command is run without an extension (for example: ipconfig) the OS searches for file matches that INCLUDE extensions from this PATHEXT list |
| %SYSTEMDRIVE% | Points to default OS drive (Commonly: C:\ ) |
| %TMP% && %TEMP% | Points to user temp folders (Commonly: C:\Users<USERNAME>\AppData\Local\Temp) |
| %USERPROFILE% | Points to user directories (Commonly: C:\Users<USERNAME> ) |
| %WINDIR% | Points to Windows directory (Commonly: C:\Windows) |
| %ALLUSERSPROFILE% | Points to Windows directory (Commonly: C:\ProgramData Windows 10+) |
WINDOWS KEY FILES AND LOCATIONS
- Note: All file paths marked “(WinXP)” are Windows XP only. All others are tested and working with Windows 10+.
| LOCATION | FILE CATEGORY |
|---|---|
| %SYSTEMROOT%\System32\drivers\etc\hosts | DNS entries |
| %SYSTEMROOT%\System32\drivers\etc\networks | Network settings |
| %SYSTEMROOT%\System32\config\SAM | User & password hashes |
| %SYSTEMROOT%\repair\SAM | Backup copy of SAM (WinXP) |
| %SYSTEMROOT%\System32\config\RegBack\SAM | Backup copy of SAM |
| %WINDIR%\System32\config\AppEvent.Evt | Application Log (WinXP) |
| %WINDIR%\System32\config\SecEvent.Evt | Security Log (WinXP) |
| %WINDIR%\System32\config\SECURITY | Security Log |
| %WINDIR%\System32\config\APPLICATION | Application Log |
| %ALLUSERSPROFILE%\Start Menu\Programs\Startup\ | Startup Location (WinXP) |
| %USERPROFILE%\Appdata\Roaming\Microsoft\Windows\Start Menu\Programs\Startup | Startup Folder |
| %WINDIR%\Panther\ | Commonly used unattend install files |
| %WINDIR%\System32\Sysprep | Commonly used unattend install files |
| %WINDIR%\kb* | Installed patches (WinXP) |
REGISTRY RUN KEYS
- Note: Some of these keys are also reflected under HKLM\Software\WOW6432Node on systems running a 64-bit version of Windows.
- Note: Windows Sysinternals Autoruns is an excellent utility to inspect and monitor auto-starting locations on Windows.
- Available at https://technet.microsoft.com/en-us/sysinternals/
| List of registry keys accessed during system boot (in load order): |
|---|
| (WinXP) HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute |
| HKLM\System\CurrentControlSet\Services \ Start value of 0 = Kernel Drivers (Load before Kernel initiation) \ Start value of 2 = Auto-Start \ Start value of 3 = Manual-Start |
| (WinXP) HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce |
| (WinXP) HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce |
| HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices |
| HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices |
| (WinXP) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify |
| HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon /v Userinit |
| HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon /v Shell |
| HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon /v Shell |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad |
| HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce |
| HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce |
| (WinXP) HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx |
| HKLM\Software\Microsoft\Windows\CurrentVersion\Run |
| HKCU\Software\Microsoft\Windows\CurrentVersion\Run |
| HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run |
| (WinXP) HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run |
| (WinXP) HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler (XP, NT, W2k only) |