Home > IT-Pro Speaker Training > Sami Laiho > Blackbelt - Advanced Troubleshooting the Windows OS

Course information

Blackbelt - Advanced Troubleshooting the Windows OS

Duration: 4 days
Material: Student Lab Manual, Slide deck, and lab files
Language: English

Your Trainer: Sami Laiho

 Sami Laiho

Exclusive instructor & unique training content 

Sami's sessions have been awarded "Best in Show" in multiple worldwide conferences so he not only "knows his stuff" but can actually teach it in an effective and entertaining way.  Get trained by the authority from the field. In the Benelux region: you can't get this knowledge from anyone else better than this... 

  • Have you ever wondered if Windows Pagefile settings should be changed or how they actually work?
  • Have you ever wondered what the values in Task Manager actually mean – like Paged Pool, Working Set, Free memory etc?
  • Do you know how a file actually gets cached and finally written to the disk or how threads communicate with each other?
  • Have you ever wondered what Mutexes or Semaphores in Process Explorer really mean?

If you don’t know the answers, come and join this course as it will provide you with the answers and a lot more!

Level: 400(+)

This Windows Internals training is meant for all administrators who want to deepen their knowledge about Windows. It is also suitable for people who think (with all respect!) they know everything about the Windows OS…  
It’s a very deep dive course and surely in no way suitable for beginners but seasoned administrators. If someone has gone through the BlackBelt OS Troubleshooting course then this course will deepen that knowledge even further. 

Coursegoals: 
This 4-day course teaches you how the operating system actually works under the hood. Windows Internals was previously taught globally by two of the best known teachers David Solomon and Mark Russinovich. David is now retired from training and Mark is working for Microsoft. This training is based on their Windows Internals book which is considered mandatory knowledge for all top Microsoft professionals including Microsoft’a own PFE’s (Premier Field Engineer).

Course prerequisites: you should be comfortable with the following:

  • Experience with Windows Administration Experience with Active Directory Experience with networking infrastructure

Material:
Labmanual and slides.

*****

Unsure if this or the other Sami Troublshooting course fits your requirements ?  Get a coffee and check the 6 minute difference video explanation here: 

*****

About the trainer: Sami Laiho

Sami Laiho - Senior Technical Fellow
adminize.com

Facts:

    Born in late 1979
    IT Admin since 1996
    MCT since 2001 (MCT / IAMCT Regional Lead – Finland)
    MVP in Windows OS since 2011

Specializes in and trains:

    Troubleshooting
    Security
    Centralized Management
    Active Directory
    Hacking
    Penetration testing
    Social Engineering

Trophies:

    TechEd Europe 2014 – Best Session
    TechEd North America 2014 - Best session, Best Speaker
    TechEd Australia 2013 – Best session, Best speaker
    TechEd Europe 2013 – Best Session by an external speaker
    Best session by Microsoft STEP in 2012

Publications:

Avecto article
Videos on Ch9:
http://channel9.msdn.com/Events/Speakers/sami-laiho

AppManagEvent2014 keynote session 

Technet Article - Three things you have to learn to stay in the IT Pro business

Ignite 2015:
BlackBelt Troubleshooting Windows Performance Issues

Black Belt Security with Windows 10

Zero Admins – Zero Problems

My Youtube channel: http://www.youtube.com/user/windashfu

 

 

 

Detailed class content:  

Day 1

Concepts and Tools

  • Windows Operating System Versions
  • Foundation Concepts and Terms
  • Digging into Windows Internals
  • Sysinternals Tools

 

System Architecture

  • Requirements and Design Goals
  • Operating System Model
  • Architecture Overview
  • Key System Components

 

System Mechanisms

  • Trap dispatching
  • Object Manager
  • Synchronization
  • System Worker Threads
  • Global Flags
  • ALPC
  • Kernel Event Tracing
  • Wow64
  • User Mode Debugging
  • Image Loader
  • Kernel patching
  • Code integrity

 Day 2

Management Mechanisms

  • The Registry
  • Services
  • UBPM
  • WMI
  • Windows Diagnostics Service

 

Processes, Threads and Jobs

  • Process Internals
  • Protected Processes
  • CreateProcess function
  • Thread Internals
  • Thread scheduling
  • Jobs

 

Security

  • Security Ratings
  • Security System Components
  • Protecting Objects
  • AuthZ API
  • Account rights and privileges
  • Access tokens
  • Auditing
  • Logon
  • UAC
  • AppID Service
  • AppLocker

 Day 3

Networking

  • Windows Networking Architecture
  • Networking API’s
  • Multiple Redirector Support
  • DFS and DFS-R
  • Offline Files
  • BranchCache
  • Name Resolution
  • Location and topology
  • NDIS


I/O System

  • I/O System Components
  • Device Drivers
  • I/O Processing
  • Kernel-Mode Driver Framework (KMDF)
  • User-Mode Driver Framework (UMDF)
  • The Plug and Play (PnP) Manager
  • The Power Manager 


Storage Management

  • Storage Terminology
  • Disk Drivers
  • Volume Management
  • BitLocker Drive Encryption
  • Volume Shadow Copy Service

 

Memory Management

  • Introduction to the Memory Manager
  • Services the Memory Manager Provides
  • Kernel-Mode Heaps (System Memory Pools)
  • Heap Manager
  • Virtual Address Space Layouts
  • Address Translation
  • Page Fault Handling
  • Stacks
  • Virtual Address Descriptors
  • NUMA
  • Section Objects
  • Driver Verifier
  • Page Frame Number Database
  • Physical Memory Limits
  • Working Sets
  • Proactive Memory Management (SuperFetch)

Day 4

Cache Manager

  • Key Features of the Cache Manager
  • Cache Virtual Memory Management
  • Cache Size
  • Cache Data Structures
  • File System Interfaces
  • Fast I/O
  • Read Ahead and Write Behind

 

File Systems

  • Windows File System Formats
  • File System Driver Architecture
  • Troubleshooting File System Problems
  • Common Log File System
  • NTFS Design Goals and Features
  • NTFS File System Driver
  • NTFS On-Disk Structure
  • NTFS Recovery Support
  • EFS

 

Startup and Shutdown

  • Boot Process
  • Troubleshooting Boot and Startup Problems
  • Shutdown

 

Crash Dump Analysis

  • Why Does Windows Crash?
  • The Blue Screen
  • Troubleshooting Crashes
  • Crash Dump Files
  • Windows Error Reporting
  • Online Crash Analysis
  • Basic Crash Dump Analysis
  • Using Crash Troubleshooting Tools
  • Advanced Crash Dump Analysis

Download the 2017 schedule and content !

 

Facilities, catering and proof of participation: 


The training classrooms are equiped with state-of-the-art systems which are fully preconfigured for the concerning training.

During the trainingcourse coffee, tea and softdrinks will be arranged for free. At the lunchbreak there will be fresh sandwiches of your own choice. This lunch is included in the trainingscourse price.

After attending the training course, you will receive a certificate from PDS signed by the trainer as proof of your participation.

 

LocationDateDaysPrice
Culemborg (NL)Monday 2 July 20184€ 2.799,00Register now