Skip to main content

System Administration

Windows system management for Linux administrators - users, services, registry, and PowerShell fundamentals.

User Account Management

User Account Types

Windows Account TypeLinux EquivalentPermissions
Administratorroot userFull system access
Standard UserRegular userLimited system access
Guestguest accountVery limited access

Managing Users (GUI)

Settings → Accounts → Family & other users

Linux Equivalent: User management in system settings or useradd/usermod commands.

Managing Users (Command Line)

TaskWindows CommandLinux Equivalent
List usersnet usercat /etc/passwd or getent passwd
Add usernet user username password /adduseradd username
Delete usernet user username /deleteuserdel username
Change passwordnet user username newpasswordpasswd username
Add to admin groupnet localgroup administrators username /addusermod -aG sudo username

User Account Control (UAC)

Windows equivalent of sudo - prompts for elevation when administrative tasks are needed.

Key Differences from Linux:

  • No sudo command: Right-click → "Run as administrator"
  • Elevation prompt: UAC dialog appears for admin tasks
  • Admin approval mode: Even admin accounts get prompted
  • Bypass UAC: Hold Ctrl+Shift when launching (like sudo prefix)

Service Management

Services Overview

Windows Services are equivalent to Linux systemd services/daemons.

Managing Services (GUI)

Windows + R → services.msc

Service States:

  • Running = Active (systemd)
  • Stopped = Inactive (systemd)
  • Paused = Not available in systemd
  • Disabled = Disabled (systemd)

Managing Services (Command Line)

TaskWindows CommandLinux (systemd) Equivalent
List servicessc query or Get-Servicesystemctl list-units --type=service
Start servicesc start servicenamesystemctl start servicename
Stop servicesc stop servicenamesystemctl stop servicename
Restart servicesc stop servicename && sc start servicenamesystemctl restart servicename
Enable at bootsc config servicename start= autosystemctl enable servicename
Disable at bootsc config servicename start= disabledsystemctl disable servicename
Service statussc query servicenamesystemctl status servicename

PowerShell Service Commands

PowerShell CommandPurposeLinux Equivalent
Get-ServiceList all servicessystemctl list-units --type=service
Start-Service servicenameStart servicesystemctl start servicename
Stop-Service servicenameStop servicesystemctl stop servicename
Restart-Service servicenameRestart servicesystemctl restart servicename
Set-Service servicename -StartupType AutomaticEnable at bootsystemctl enable servicename

Common Services for Linux Admins

Windows ServiceLinux EquivalentPurpose
Windows Updateunattended-upgradesAutomatic updates
DHCP Clientdhclient/NetworkManagerNetwork configuration
DNS Clientsystemd-resolvedDNS resolution
Windows Firewalliptables/firewalldFirewall service
Task Schedulercron/systemd timersScheduled tasks
Windows Timentp/chronyTime synchronization
Event Logjournald/rsyslogSystem logging

Registry Management

Registry Overview

The Windows Registry is a central database for system and application configuration, replacing the scattered config files approach used in Linux.

Linux Equivalent Concept:

  • Registry ≈ /etc/ + /home/user/.config/ + /usr/share/ combined
  • Registry keys ≈ Directory structure
  • Registry values ≈ Configuration parameters

Registry Structure

Registry HiveAbbreviationLinux EquivalentPurpose
HKEY_CLASSES_ROOTHKCR/usr/share/applications/File associations
HKEY_CURRENT_USERHKCU~/.config/Current user settings
HKEY_LOCAL_MACHINEHKLM/etc/System-wide settings
HKEY_USERSHKU/home/All user profiles
HKEY_CURRENT_CONFIGHKCC/sys/Current hardware config

Registry Editor (regedit)

Windows + R → regedit

Basic Operations:

  • Navigate: Like file browser with folders (keys)
  • Edit values: Double-click to modify (like editing config files)
  • Export/Import: Backup/restore registry sections
  • Search: Find keys/values by name

Registry via Command Line

TaskCommandLinux Equivalent
Query valuereg query "HKLM\Path\To\Key" /v ValueNamecat /etc/config/file
Set valuereg add "HKLM\Path\To\Key" /v ValueName /d Dataecho "value" > /etc/config/file
Delete valuereg delete "HKLM\Path\To\Key" /v ValueNamerm /etc/config/file
Export keyreg export "HKLM\Path\To\Key" backup.regcp -r /etc/config/ backup/
Import keyreg import backup.regcp -r backup/ /etc/config/

PowerShell Registry Commands

PowerShell CommandPurposeLinux Equivalent
Get-ItemPropertyRead registry valuescat /etc/config/file
Set-ItemPropertyWrite registry valuesecho "value" > /etc/config/file
New-ItemCreate registry keymkdir /etc/config/newdir
Remove-ItemDelete registry keyrm -rf /etc/config/dir

Common Registry Locations

Registry PathPurposeLinux Equivalent
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunSystem startup programs/etc/init.d/ or systemd
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunUser startup programs~/.config/autostart/
HKLM\SYSTEM\CurrentControlSet\ServicesSystem services/etc/systemd/system/
HKCU\Control Panel\DesktopDesktop settings~/.config/desktop/

Group Policy Management

Group Policy Overview

Centralized configuration management for Windows environments.

Linux Equivalent: Configuration management tools like Ansible, Puppet, or Salt.

Group Policy Editor

Windows + R → gpedit.msc

Note: Only available in Windows Pro/Enterprise editions.

Common Group Policy Settings

Policy AreaPurposeLinux Equivalent
Computer ConfigurationSystem-wide policies/etc/ configurations
User ConfigurationUser-specific policiesUser profile configurations
Security SettingsPassword, audit policies/etc/security/, PAM
Software InstallationAutomatic software deploymentPackage management

Event Viewer & Logging

Event Viewer

Windows + R → eventvwr.msc

Linux Equivalent: journalctl, /var/log/ files, or log viewers like gnome-logs.

Event Log Categories

Windows LogPurposeLinux Equivalent
ApplicationApplication events/var/log/application.log
SecuritySecurity/audit events/var/log/auth.log
SystemSystem events/var/log/syslog
SetupInstallation eventsPackage manager logs

PowerShell Log Commands

PowerShell CommandPurposeLinux Equivalent
Get-EventLog -LogName SystemRead system logjournalctl -u systemd
Get-EventLog -LogName ApplicationRead application logtail /var/log/application.log
Get-WinEvent -FilterHashtable @{LogName='Security'}Read security logjournalctl -t audit

Task Scheduler

Task Scheduler Overview

Windows equivalent of cron jobs and systemd timers.

Task Scheduler GUI

Windows + R → taskschd.msc

Managing Tasks (Command Line)

TaskWindows CommandLinux Equivalent
List tasksschtasks /querycrontab -l
Create taskschtasks /create /tn "TaskName" /tr "command" /sc dailycrontab -e
Delete taskschtasks /delete /tn "TaskName"Remove from crontab
Run taskschtasks /run /tn "TaskName"Manual execution

Schedule Types

Windows ScheduleCron EquivalentExample
MINUTE*/5 * * * *Every 5 minutes
HOURLY0 * * * *Every hour
DAILY0 0 * * *Daily at midnight
WEEKLY0 0 * * 0Weekly on Sunday
MONTHLY0 0 1 * *Monthly on 1st

PowerShell Scheduled Tasks

PowerShell CommandPurposeLinux Equivalent
Get-ScheduledTaskList scheduled taskscrontab -l
Register-ScheduledTaskCreate new taskcrontab -e
Unregister-ScheduledTaskRemove taskRemove from crontab
Start-ScheduledTaskRun task immediatelyManual execution

PowerShell Basics for Linux Admins

PowerShell vs Bash Comparison

TaskPowerShellBashNotes
List filesGet-ChildItem or lslsAlias available
Change directorySet-Location or cdcdAlias available
Copy filesCopy-Item or cpcpAlias available
Move filesMove-Item or mvmvAlias available
Delete filesRemove-Item or rmrmAlias available
Show contentGet-Content or catcatAlias available
Find textSelect-StringgrepDifferent syntax
Process listGet-Process or pspsObject-oriented

PowerShell Object-Oriented Approach

Unlike bash text processing, PowerShell works with objects:

# Get services and filter by status
Get-Service | Where-Object {$_.Status -eq "Running"}

# Linux equivalent
systemctl list-units --type=service --state=running

PowerShell Execution Policy

# Check current policy
Get-ExecutionPolicy

# Set policy (as administrator)
Set-ExecutionPolicy RemoteSigned

Linux Equivalent: File permissions and PATH considerations for script execution.

Performance Monitoring

Performance Monitor (perfmon)

Windows + R → perfmon

Linux Equivalent: htop, iotop, nethogs, sar

Task Manager Performance Tab

Ctrl + Shift + Esc → Performance tab

Key Metrics:

  • CPU: Like top or htop
  • Memory: Like free -h
  • Disk: Like iotop
  • Network: Like nethogs

PowerShell Performance Commands

| PowerShell Command | Purpose | Linux Equivalent | | --------------------------------------------------------- | ---------------------------- | ----------------- | ----- | | Get-Counter "\Processor(_Total)\% Processor Time" | CPU usage | top, vmstat | | Get-Counter "\Memory\Available MBytes" | Available memory | free -m | | Get-Counter "\PhysicalDisk(_Total)\Disk Read Bytes/sec" | Disk I/O | iostat | | Get-Process | Sort-Object CPU -Descending | Top CPU processes | top |

Windows vs Linux Admin Workflow

Daily Admin Tasks Comparison

TaskWindows MethodLinux Method
Check system statusTask Manager, Event Viewerhtop, journalctl
Manage servicesservices.msc, PowerShellsystemctl
View logsEvent Viewerjournalctl, /var/log/
Install softwareSettings, PowerShell, MSIPackage manager
Network configNetwork settings, netshnmcli, config files
FirewallWindows Defender Firewalliptables, firewalld
Scheduled tasksTask Schedulercrontab
User managementUser settings, net useruseradd, usermod

Best Practices for Linux Admins

  1. Learn PowerShell: More powerful than Command Prompt
  2. Use Windows Terminal: Modern terminal experience
  3. Enable WSL: Access familiar Linux tools
  4. Group Policy: Centralized configuration management
  5. Remote management: WinRM (like SSH for Windows)
  6. Package managers: Chocolatey or winget for software management
  7. Registry backup: Before making changes (like config backups)
  8. Event Viewer: Primary troubleshooting tool (like journalctl)