Windows 11 Minimum Requirements
1GHz with 2 cores 64bit 4GB RAM 64GB or larger storage UEFI, Secure Boot capable Trusted Platform Module TPM v2.0 DirectX12 graphic card
Windows Editions
Edition
Audience
Availability
Features
Individual home use
Everyone
Lacks domain join, Group Policy, BitLocker management, Hyper‑V, and Remote Desktop host; consumer‑focused features only.
Small/mid‑sized businesses, advanced users
Everyone
Adds BitLocker, Remote Desktop host, Hyper‑V virtualization, Group Policy, Windows Update for Business, domain join.
High‑performance and storage‑intensive workloads
Everyone
Supports up to 4 CPUs / 256 cores, ReFS filesystem, RDMA, NVDIMM‑N, up to 6 TB RAM.
Large enterprise organizations
Volume Licensing, Enterprise Agreement, CSP
Includes all Pro features plus advanced security (AppLocker, Credential Guard), advanced device management, LTSC option (Windows 11 Enterprise LTSC 2024).
Enterprises with restrictive change requirements
Volume Licensing, Enterprise Agreement, CSP
Long‑term servicing (10‑year support), minimal feature updates, stable environment for regulated/mission‑critical systems.
Enterprise‑level features for academic institutions
Academic Volume Licensing
Based on Enterprise; includes enterprise‑grade security and management with academic licensing.
School staff, administrators, teachers, students
Academic Volume Licensing
Based on Pro but removes Cortana, Store suggestions, Windows Spotlight; adds “Set Up School PCs” provisioning tools.
Fixed‑purpose devices, embedded systems
IoT distributors
Locked‑down OS, long‑term servicing, device‑specific licensing, used for kiosks, ATMs, POS, medical devices.
Shortcuts
Ctrl+A # Select All Ctrl+C # Copy Ctrl+D # Delete Item Ctrl+V # Paste Ctrl+X # Cut Ctrl+Y # Redo Ctrl+Z # Undo Shift+Delete # Delete Item Permanently Ctrl+Shift+Esc # Open Task Manager Alt+F4 # Close Current Windows Alt+Tab # Switch Apps F2 # Rename File F5 # Refresh Window PrtScn. # Take Screenshot Win+I # Settings App Win+D # Display and Hide Desktop Win+E # Open File Explorer Win+L # Lock Device (Screen) Win+R # Open Run Dialog Win+. # Emojies Win+PrtScn # Screenshot in the “screenshots” folder Win+LeftArrowKey # Snap app or window left Win+RightArrowKey # Snap app or window right Win+Ctrl+V # Audio output settings (blocked apps)
Command Prompt CMD
## Basic Commands ## > <command> /? # <command> Information (CMD and PowerShell) > help # Legacy Commands Information (CMD) > systeminfo # System info (CMD and PowerShell) > dir # Show directory list files > cls # Clear terminal prompt > hostname # Show PCNAME > md mkdir # Make Directory > cd chdir # Change Directory > rd rmdir # Remove Directory > copy <source.ext> <destination> # Copy normal > copy <source> <destination> /v # Verifies the integrity of copy > copy <source> <destination> /y # Supress confirmation of operation > copy <source.ext1> <dest.ext2> # Copy and change name > shutdown /s /t 0 # Shutdown the PC immediately > shutdown /r /t 0 # Restart the PC immediately > logoff # Log out the account > <command> | findstr <string> # Find string in the <command> output > <command> | clip # Copy output to clipboard > whoami # Show PCNAME\UserName > whoami /fqdn # User name in Fully Qualified Distinguished Name > whoami /user # Display the current user > whoami /all # Display the current users and groups > powercfg /energy # Power Settings and Reports > powercfg /systempowerreport # > powercfg /batteryreport # ## Networking ## > ipconfig # IP configuration > ipconfig /all # Display all the information > ipconfig /release # Release the current IP > ipconfig /renew # Renew IP address > ipconfig /displaydns # Display DNS > ipconfig /flushdns # Flush the DNS cache > ping <IP> -t # Ping <IP> continuously > netstat # Network Statistics > netstat -a # Show all connections > netstat -b # Display applications connected to the computer > netstat -f # Display the FQDN for foreign addressescls > netstat -s # Show statistics of all protocols > nslookup <domain/IP> # Name Server Look Up, <IP> address or <domain> > nslookup -type=<A/CNAME/MX/PTR/NS/ANY> <domain> # By Registry Type > tracert <IP/domain> # Trace the path taken by a packet to the destination > netsh wlan show profile # Show saved Wifi networks > netsh wlan show profile "WifiName" key=clear # Show Wifi passwd ## Active Directory, Group Policy (Enterprise) ## > net share # show shared resources > net use # show computer’s connections > net use h: “\\SERVER\FOLDER” # config shared resource > net session # Lists users connected to shared resources > net user # Show local users > net user <user> # Show <user> details > net user <user> * /add # Create Local <user> > net user <user> /delete # Delete <user> > net accounts > net view > gpupdate /force > logoff # rsop.msc # To check the Resultant Set of Policy > gpresult > gpresult > C:\Users\%USERNAME%\Desktop\gpresult.txt # Find Group Policy results CMD and save them in desktop in .txt # Access CMD when Installing Shift + (fn)F10 # Create Local Account > oobe\bypassnro # Bypass Login with Microsoft account (Should be disconnected of internet) # Startup Boot options Lenovo ThinkPad: Enter (Startup Menu) F1 (BIOS) F10 (Diagnose Hardware) F11 (Windows Recovery) F12 (Boot order) Novo Button # Enter Windows Recovery Shift Key + Power > (Restart) Settings > Update & Security > Recovery > Advanced startup (Restart) # Recovery Mode Troubleshoot > Advanced options > Startup Settings (Safe mode) Troubleshoot > Advanced options > Startup Repair (Automatic repair) Troubleshoot > Advanced options > System Restore Troubleshoot > Reset this PC (Factory Reset, last resort) Troubleshoot > Advanced options > Command Prompt ## Recover Windows Installation (In order) X:\windows\system32> dir C: # Confirm Windows is located in C: before do any changes X:\windows\system32> chkdsk C: /f # Check Disk Hardware/Filesystem check X:\windows\system32> bcdedit /enum all # Boot Configuration Data information ## Simple Boot repair X:\windows\system32> bootrec /scanos # Scan OS X:\windows\system32> bootrec /rebuildbcd # Repair boot.ini Windows Boot Configuration Database (BCD) Turnoff PC - restart ## Rebuild Boot Loader X:\windows\system32> diskpart DISKPART> list disk DISKPART> select disk 0 # The main drive DISKPART> list vol DISKPART> select vol X # The EFI FAT32 volume - no drive letter DISKPART> assign letter=Z DISKPART> exit X:\windows\system32> bcdboot C:\windows /s Z: /f UEFI X:\windows\system32> diskpart DISKPART> list vol DISKPART> select vol Z DISKPART> remove letter=Z DISKPART> exit Turnoff PC - restart ## Repair Windows System Files X:\windows\system32> dism /image:C:\ /Cleanup-Image /RestoreHealth # Deployment Image Servicing and Management tool X:\windows\system32> sfc /scannow /offbootdir=C:\ /offwindir=C:\Windows # System File Checker verify the integrity of the OS Turnoff PC - restart # Disk Partitions > diskpart diskpart> list disk diskpart> select disk x diskpart> clean diskpart> create partition primary diskpart> format fs=fat32 quick diskpart> assign letter=X diskpart> list partition diskpart> select partition 1 diskpart> delete partition diskpart> clean diskpart> exit # Disable BitLocker manage-bde -status manage-bde -unlock C: -RecoveryPassword <RECOVERY-KEY> manage-bde -off C:
Administrative Tools (System32)
## Win + R (.exe), MMC (.msc), Windows Tools (C:\Windows\System32) appwiz.cpl # Programs (Control Panel) certmgr.msc # Certificates - Current User cleanmgr.exe # Disk Clean-up cmd.exe # Command Prompt compmgmt.msc # Computer Management control.exe # Control Panel devmgmt.msc # Device Manager diskmgmt.msc # Disk Management eventvwr.msc # Event Viewer gpedit.msc # Local Group Policy Editor gpmc.msc # Group Policy (Enterprise) inetcpl.cpl # Internet Options (General, Security, Privacy, Content, Connections, Programs, Advanced) lusrmgr.msc # Local Users and Groups (Local) mmc.exe # Microsoft Management Console msconfig.exe # System Configuration (General, Boot, Services, Startup, Tools) msinfo32.exe # System Information (Hardware Resources, Components, Software Environment) mstsc.exe # Remote Desktop Connection perfmon.msc(& .exe) # Performance Monitor perfmon /rel # Open Reliability Monitor quickassist.exe # Quick Assist regedit.exe(regedt32) # Registry Editor resmon.exe # Resource Monitor rstrui.exe # System Restore services.msc # Services slmgr.vbs /dli # Check type of Windows licence details (Retail, OEM, Volume) systempropertiesadvanced.exe # System Properties (Computer Name, Hardware, Advanced, System Protection, Remote) taskmgr.exe # Task Manager (Processes, Performance, App history, Startup apps, Users, Details, Services) taskschd.msc # Task Scheduler useraccountcontrolsettings.exe # Change UAC Settings winver.exe # About Windows
Windows Server

Active Directory Domain Services AD DS

1.
Set name and static IP
2.
Promote to role (e. Domain Controller - Active Directory Domain Services)
3.
Configure Domain ad.company.com and NetBIOS "COMPANY"
nslookup ad.company.com # Should return the IP of the server nslookup -type=srv _ldap._tcp.dc._msdcs.ad.company.com # Should return svr hostname and IP dcdiag # Domain Controller Diagnostics netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" rulegroup="File and Printer Sharing" new enable=Yes # Open ICMP protocol to answer ping requests gpupdate /force # Enforced Group Policy Objects (Client Computers) gpresult /h c:\gpresult.html # Audit applied GP
4. Create Organizational Units OUs
ad.company.com 📂 Company (The Top-Level Parent OU) 📂 Administrators (For high-privilege domain/local admin accounts) 📂 Groups (For security and distribution groups) 📂 Workstations (For corporate laptops and desktops) 📂 Servers (For any member servers you add later) 📂 Users (For standard Domain Users) 📂 IT 📂 HQ (Optional: split by department or location) 📂 Remote
5. Create Domain Admins and Domain Users
6. Create Group Policy Objects GPOs
Tools > Group Policy Management > company.com > Group Policy Objects (Create and Edit)
OU target > Link an Existing GPO…
## Common GPOs - Password Policy: Defines minimum password length (e.g., 14 characters), complexity requirements, and history. - Account Lockout Policy: Protects against brute-force attacks (e.g., lock the account for 30 minutes after 5 failed attempts). - Screen Lock / Inactivity Timeout: Forces automatic workstation lock after 10–15 minutes of inactivity to protect unattended machines. - Windows Defender Firewall: Enforces that the firewall is enabled across Domain, Private, and Public profiles, and opens specific ports cleanly - Drive Mapping: Automatically maps network shares (e.g., mapping \\Server\Shared to the S: drive) based on department or group membership. - Folder Redirection / OneDrive Deployment: Silently redirects user profile folders like Documents, Desktop, and Downloads to a centralized file server or forces a silent sign-in to OneDrive. - Removable Media Restrictions: Blocks or limits USB drives and other removable storage to reduce malware risk. - Browser Standardization: Pushes corporate bookmarks, configures a default homepage, or enforces extensions for Microsoft Edge or Google Chrome (using downloaded ADMX templates). - Restrict Command Prompt & PowerShell: Prevents non‑admin users from running cmd.exe or PowerShell to reduce lateral‑movement risk. - Software Installation Restrictions: Blocks unauthorized software installation to reduce malware and shadow IT. - Control Panel Restrictions: Prevents users from accessing Control Panel/Settings to avoid misconfiguration. - Windows Update: Configures when machines check for updates, whether they automatically install them, and prevents unexpected forced reboots while a user is working.

File Server

User > Profile > Home folder (Connect U: to \\WINSERVER\SharedFolder\%username% )
net use G: \\SERVER\folder # Map network drive on User's computer

Microsoft Configuration Manager SCCM/ConfigMgr

On‑premises systems management platform for managing large fleets of Windows devices
SCCM Agent — Software Center on client computers

Microsoft Hyper-V

Activate Hyper-V Windows
Search: Turn Windows features on or off
Failover Cluster ?
Windows PE
(Preinstallation Environment)