Home > IT-Pro Speaker Training > Sami Laiho > Blackbelt - Advanced Troubleshooting the Windows OS

Course information

Blackbelt - Advanced Troubleshooting the Windows OS

Culemborg (NL) or RemoteMonday 9 September 20194€ 2.799,00Register now

Duration: 4 days

Material: Student Lab Manual, Slide deck, and lab files

Language: English

Your Trainer: Sami Laiho

 Sami LaihoIT Pro Speaker Training

Exclusive instructor & unique training content 

Sami's sessions have been awarded "Best in Show" in multiple worldwide conferences so he not only "knows his stuff" but can actually teach it in an effective and entertaining way. Get trained by the authority from the field. In the Benelux region: you can't get this knowledge from anyone else better than this... 

  • Have you ever wondered if Windows Pagefile settings should be changed or how they actually work?

  • Have you ever wondered what the values in Task Manager actually mean – like Paged Pool, Working Set, Free memory etc?

  • Do you know how a file actually gets cached and finally written to the disk or how threads communicate with each other?

  • Have you ever wondered what Mutexes or Semaphores in Process Explorer really mean?

If you don’t know the answers, come and join this course as it will provide you with the answers and a lot more!

Level: 400(+)

This Windows Internals training is meant for all administrators who want to deepen their knowledge about Windows. It is also suitable for people who think (with all respect!) they know everything about the Windows OS…  
It’s a very deep dive course and surely in no way suitable for beginners but seasoned administrators. 

This 4-day course teaches you how the operating system actually works under the hood. Windows Internals was previously taught globally by two of the best known teachers David Solomon and Mark Russinovich.

David is now retired from training and Mark is working for Microsoft as the CTO AZURE. This training is based on their Windows Internals book which is considered mandatory knowledge for all top Microsoft professionals including Microsoft’s own PFE’s (Premier Field Engineer).

Course prerequisites: 
you should be comfortable with the following:

  • Experience with Windows Administration
  • Experience with Active Directory
  • Experience with networking infrastructure

Unsure if this or the other Sami Troublshooting course fits your requirements? Get a coffee and check the 6 minutes difference video explanation here: 

Advanced Troubleshooting the Windows OS class content:

Day 1

Concepts and Tools

  • Windows Operating System Versions
  • Foundation Concepts and Terms
  • Digging into Windows Internals
  • Sysinternals Tools


System Architecture

  • Requirements and Design Goals
  • Operating System Model
  • Architecture Overview
  • Key System Components


System Mechanisms

  • Trap dispatching
  • Object Manager
  • Synchronization
  • System Worker Threads
  • Global Flags
  • ALPC
  • Kernel Event Tracing
  • Wow64
  • User Mode Debugging
  • Image Loader
  • Kernel patching
  • Code integrity

 Day 2

Management Mechanisms

  • The Registry
  • Services
  • UBPM
  • WMI
  • Windows Diagnostics Service


Processes, Threads and Jobs

  • Process Internals
  • Protected Processes
  • CreateProcess function
  • Thread Internals
  • Thread scheduling
  • Jobs



  • Security Ratings
  • Security System Components
  • Protecting Objects
  • AuthZ API
  • Account rights and privileges
  • Access tokens
  • Auditing
  • Logon
  • UAC
  • AppID Service
  • AppLocker

 Day 3


  • Windows Networking Architecture
  • Networking API’s
  • Multiple Redirector Support
  • DFS and DFS-R
  • Offline Files
  • BranchCache
  • Name Resolution
  • Location and topology
  • NDIS

I/O System

  • I/O System Components
  • Device Drivers
  • I/O Processing
  • Kernel-Mode Driver Framework (KMDF)
  • User-Mode Driver Framework (UMDF)
  • The Plug and Play (PnP) Manager
  • The Power Manager 

Storage Management

  • Storage Terminology
  • Disk Drivers
  • Volume Management
  • BitLocker Drive Encryption
  • Volume Shadow Copy Service


Memory Management

  • Introduction to the Memory Manager
  • Services the Memory Manager Provides
  • Kernel-Mode Heaps (System Memory Pools)
  • Heap Manager
  • Virtual Address Space Layouts
  • Address Translation
  • Page Fault Handling
  • Stacks
  • Virtual Address Descriptors
  • NUMA
  • Section Objects
  • Driver Verifier
  • Page Frame Number Database
  • Physical Memory Limits
  • Working Sets
  • Proactive Memory Management (SuperFetch)

Day 4

Cache Manager

  • Key Features of the Cache Manager
  • Cache Virtual Memory Management
  • Cache Size
  • Cache Data Structures
  • File System Interfaces
  • Fast I/O
  • Read Ahead and Write Behind


File Systems

  • Windows File System Formats
  • File System Driver Architecture
  • Troubleshooting File System Problems
  • Common Log File System
  • NTFS Design Goals and Features
  • NTFS File System Driver
  • NTFS On-Disk Structure
  • NTFS Recovery Support
  • EFS


Startup and Shutdown

  • Boot Process
  • Troubleshooting Boot and Startup Problems
  • Shutdown


Crash Dump Analysis

  • Why Does Windows Crash?
  • The Blue Screen
  • Troubleshooting Crashes
  • Crash Dump Files
  • Windows Error Reporting
  • Online Crash Analysis
  • Basic Crash Dump Analysis
  • Using Crash Troubleshooting Tools
  • Advanced Crash Dump Analysis

About the trainer: Sami Laiho

Sami Laiho - Senior Technical Fellow


    Born in late 1979
    IT Admin since 1996
    MCT since 2001 (MCT / IAMCT Regional Lead – Finland)
    MVP in Windows OS since 2011

Specializes in and trains:

    Centralized Management
    Active Directory
    Penetration testing
    Social Engineering


    Ignite 2017 - Best External Speaker & Best Session by an External Speaker at      Microsoft 

    TechTalks 2017 - Best Sessions (#1 and #2) 

    TechEd North America 2014 - Best session, Best Speaker

    TechEd Australia 2013 – Best session, Best speaker

    TechEd Europe 2013 – Best Session by an external speaker

    Best session by Microsoft STEP in 2012

Publications & Recordings:

Avecto article

Videos on Ch9 


AppManagEvent2014 keynote session

AppManagEvent2017_Let’s keep everyone Admin when deploying Win10:not

AppManagEvent2017_How to install application packages for the modern secure Windows


BlackBelt Troubleshooting Windows Performance Issues

Black Belt Security with Windows 10

Zero Admins – Zero Problems

Technet Article - Three things you have to learn to stay in the IT Pro business

My Youtube channel 




Culemborg (NL) or RemoteMonday 9 September 20194€ 2.799,00Register now