Windows 8 explorer guide

Could your workplace do with developing its digital skills? With funded membership opportunities currently available, now is the perfect time for organisations to join our Digital Champions Network. Copyright Digital Unite. Our clients News and views Guides Get in touch. How to use File Explorer in Windows 8. Files and Folders Anything that you save on a computer is called a 'File'.

Some common ones are: Document — this icon shows that the file will open in Microsoft Word. Pdf — this file will open in Adobe Reader. MP3 sound file — this will open in iTunes if you have set this as your default music player. Video — this will open in Windows Media Player.

Libraries From the Windows 8 Start screen, click the Desktop tile and you should see the yellow File Explorer icon in the taskbar. Follow these step-by-step instructions to create a new folder Step 1: Double click a Library to open it.

Step 2: Click New Folder in the Ribbon. Follow these step-by-step instructions to rename a file or folder Step 1: Click the file or folder that you wish to rename. Step 2: Click Rename in the Ribbon. Step 3: Type a new name and press the Enter key when you have finished Follow these step-by-step instructions to delete a file or folder Step 1: Click the file or folder that you wish to delete.

Best Phone Chargers. Best Wi-Fi Range Extenders. Best Oculus Quest 2 Accessories. Best iPad Air Cases. Awesome PC Accessories. Best Linux Laptops. Best Wireless iPhone Earbuds. Best Bluetooth Trackers. Best eReaders. Best VPN. Browse All News Articles. Windows 11 Uninstall Clock.

Teams Walkie-Talkie. PCI Express 6. Wordle Scams. T-Mobile iCloud Private Relay. The built-in guest account is a well known user account on all Windows systems and, as initially installed, does not require a password. This can allow access to system resources by unauthorized V Medium The built-in administrator account must be renamed. Renaming this account to an unidentified name improves the protection of this account and the system. V Medium The built-in guest account must be disabled.

A system faces an increased vulnerability threat if the built-in guest account is not disabled. This account is a known account that exists on all Windows systems and cannot be deleted. Services using Local System that use Negotiate when reverting to NTLM authentication may gain unauthorized access if allowed to authenticate anonymously vs. V Medium The service principal name SPN target name validation level must be configured to Accept if provided by client.

If a service principle name SPN is provided by the client, it is validated against the server's list of SPNs, aiding in the prevention of spoofing. PKU2U is a peer-to-peer authentication protocol.

This setting prevents online identities from authenticating to domain-joined systems. Authentication will be centrally managed with Windows user NTLM sessions that are allowed to fall back to Null unauthenticated sessions may gain unauthorized access. V Medium Kerberos encryption types must be configured to prevent the use of DES encryption suites. Certain encryption types are no longer considered secure. This setting configures a minimum encryption type for Kerberos, preventing the use of the DES encryption suites.

V Medium Unauthorized users must not have the Log on as a service user right. Accounts with the "Log on as a service" user right are able to launch network services V Medium Unauthorized accounts must not have the Create symbolic links user right.

Accounts with the "Create symbolic links" user right can create pointers to other V Medium The Deny log on as a batch job user right on workstations must be configured to prevent access from highly privileged domain accounts on domain systems and unauthenticated access on all systems. The "Deny log on as a batch job" right defines accounts that are prevented from V Medium Unauthorized accounts must not have the Create global objects user right.

Accounts with the "Create global objects" user right can create objects that are V Medium Unauthorized accounts must not have the Create permanent shared objects user right. Accounts with the "Create permanent shared objects" user right could expose sensitive V Medium The Deny log on through Remote Desktop Services user right on workstations must at a minimum be configured to prevent access from highly privileged domain accounts and local accounts on domain systems and unauthenticated access on all systems.

The "Deny log on through Remote Desktop Services" right defines the accounts that are V Medium Unauthorized accounts must not have the Enable computer and user accounts to be trusted for delegation user right. The "Enable computer and user accounts to be trusted for delegation" user right allows V Medium The Deny log on as a service user right on workstations must be configured to prevent access from highly privileged domain accounts on domain systems and unauthenticated access on all systems.

The "Deny log on as a service" right defines accounts that are denied log on as a V Medium The Deny log on locally user right on workstations must be configured to prevent access from highly privileged domain accounts on domain systems and unauthenticated access on all systems.

The "Deny log on locally" right defines accounts that are prevented from logging on V Medium Unauthorized accounts must not have the Force shutdown from a remote system user right. Accounts with the "Force shutdown from a remote system" user right can remotely shut V Medium Unauthorized accounts must not have the Generate security audits user right. The "Generate security audits" user right specifies users and processes that can V Medium Indexing of encrypted files must be turned off.

Indexing of encrypted files may expose sensitive data. This setting prevents encrypted files from being indexed. V Medium The Windows 8 default Weather app must be updated with the latest security patches or removed from the system. V Medium A host-based firewall must be installed and enabled on the system.

A firewall provides a line of defense against attack, allowing or blocking inbound and outbound connections based on a set of rules.

V Medium Group Policies must be refreshed in the background if the user is logged on. If this setting is enabled, then Group Policy settings are not refreshed while a user is currently logged on. This could lead to instances when a user does not have the latest changes to a policy V Medium Software certificate installation files must be removed from a system.

Use of software certificates and their accompanying installation files for end users to access resources is less secure than the use of hardware-based certificates. Compromised boot drivers can introduce malware prior to some protection mechanisms that load after initialization. The Early Launch Antimalware driver can limit allowed drivers based on V Medium Automatic logons must be disabled. Allowing a system to automatically log on when the machine is booted could give access to any unauthorized individual who restarts the computer.

Automatic logon with administrator privileges V Medium Windows must be prevented from using Windows Update to search for drivers. V Medium Mechanisms for removing zone information from file attachments must be hidden.

Preserving zone of origin internet, intranet, local, restricted information on file attachments allows Windows to determine risk. This setting prevents users from manually removing zone V Medium Zone information must be preserved when saving attachments.

V Medium The Windows 8 Music app must be removed from the system. V Medium The Windows 8 Games app must be removed from the system. V Medium Users must be notified if a web-based program attempts to install software. Users must be aware of attempted program installations. This setting ensures users are notified if a web-based program attempts to install software. V Medium Telnet Server must not be installed on the system. V Medium The Telnet Client must not be installed on the system. V Medium User-level information must be backed up per organization defined frequency consistent with recovery time and recovery point objectives.

Operating system backup is a critical step in maintaining data assurance and availability. V Medium The system must support automated patch management tools to facilitate flaw remediation to organization defined information system components. The organization including any contractor to the organization must promptly install security-relevant software updates e. Flaws discovered during security V Medium The system must employ automated mechanisms or must have an application installed that, on an organization defined frequency determines the state of information system components with regard to flaw remediation.

Organizations are required to identify information systems containing software affected by recently announced software flaws and potential vulnerabilities resulting from those flaws and report V Medium The system must query the certification authority to determine whether a public key certificate has been revoked before accepting the certificate for authentication purposes.

Failure to verify a certificate's revocation status can result in the system accepting a revoked and therefore unauthorized, certificate. This could result in the installation of unauthorized Inadequate log size will cause the log to fill up quickly. This may prevent audit events from being recorded properly and require frequent attention by administrative personnel. Attachments from RSS feeds may not be secure.

This setting will prevent attachments from being downloaded from RSS feeds. V Medium File Explorer shell protocol must run in protected mode. The shell protocol will limit the set of folders applications can open when run in protected mode.

Restricting files an application can open, to a limited set of folders, increases the security Some non-Microsoft SMB servers only support unencrypted plain text password authentication. Sending plain text passwords across the network, when authenticating to an SMB server, reduces the V Medium Users must be prevented from changing installation options. Installation options for applications are typically controlled by administrators.

This setting prevents users from changing installation options that may bypass security features. Allowing unsecure RPC communication exposes the system to man in the middle attacks and data disclosure attacks.

A man in the middle attack occurs when an intruder captures packets between a V Medium Media Player must be configured to prevent automatic checking for updates. Uncontrolled system updates can introduce issues to a system. The automatic check for updates performed by Windows Media Player must be disabled to ensure a constant platform and to prevent the V Medium Media Player must be configured to prevent automatic Codec downloads.

The Windows Media Player uses software components, referred to as Codecs, to play back media files. By default, when an unknown file type is opened with the Media Player, it will search the V Medium WDigest Authentication must be disabled. This setting will prevent To ensure users do not experience denial of service when performing certificate-based authentication to DoD websites due to the system chaining to a root other than DoD Root CAs, the DoD The DoD root certificates will ensure that the trust The ECA root certificates will V Medium The Windows 8 default Alarms app must be updated with the latest security patches or removed from the system.

V Medium The Windows 8 default Calculator app must be updated with the latest security patches or removed from the system. V Medium The Windows 8 default Food and Drink app must be updated with the latest security patches or removed from the system. V Medium The Windows 8 default Health and Fitness app must be updated with the latest security patches or removed from the system. V Medium The Windows 8 default Skype app must be removed from the system. V Medium Use of Microsoft accounts to log on must be blocked.

Control of logon credentials and the system must be maintained within the enterprise. Linking an account to an outside vendor could provide an opening if the account is compromised. V Medium Local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain systems. A compromised local administrator account can provide means for an attacker to move laterally between domain systems.

With User Account Control enabled, filtering the privileged token for V Medium Administrator passwords must be changed as required. The longer a password is in use, the greater the opportunity for someone to gain unauthorized knowledge of the passwords. Passwords for the default and emergency administrator accounts must be V Medium The site must have a contingency for emergency administration of the system.

The built-in administrator account, as a well known account subject to attack, is disabled by default and per STIG requirements. Domain administrative accounts on domain-joined systems should When split tunneling is enabled, device peripherals and other computers communicating with the mobile device may be able to connect to a DoD network and obtain sensitive information or otherwise V Medium The password history must be configured to 24 passwords remembered.

A system is more vulnerable to unauthorized access when system users recycle the same password several times without being required to change a password to a unique password on a regularly V Medium The minimum password age must meet requirements.

Permitting passwords to be changed in immediate succession within the same day allows users to cycle passwords through their history database. This enables users to effectively negate the purpose V Medium The maximum password age must meet requirements. Scheduled changing of passwords hinders the ability of unauthorized V Medium Camera access from the lock screen must be disabled. Enabling camera access from the lock screen could allow for unauthorized use. Requiring logon will ensure the device is only used by authorized personnel.

V Medium The display of slide shows on the lock screen must be disabled. Slide shows that are displayed on the lock screen could display sensitive information to unauthorized personnel.

Turning off this feature will limit access to the information to a logged on user. V Medium Command line data must be included in process creation events. Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, and analyze compromises that have occurred, as well as detect attacks V Medium Shared user accounts must not be permitted on the system.

Shared accounts accounts where two or more people log on with the same user identification do not provide adequate identification and authentication. There is no way to provide for V Medium Systems must be physically secured. Inadequate physical protection can undermine all other security precautions utilized to protect the system.

This can jeopardize the confidentiality, availability, and integrity of the system. IPv6 transition technologies, which tunnel packets through other protocols, do not provide visibility.

V Medium The 6to4 IPv6 transition technology must be disabled. Removable hard drives can be formatted and ejected by others who are not members of the Administrators Group, if they are not properly configured. Formatting and ejecting removable NTFS media V Medium Unauthorized accounts must not have the Create a pagefile user right. Accounts with the "Create a pagefile" user right can change the size of a pagefile, V Medium Unauthorized accounts must not have the Change the system time user right.

Accounts with the "Change the system time" user right can change the system time, V Medium Unauthorized accounts must not have the Back up files and directories user right. Accounts with the "Back up files and directories" user right can circumvent file and Accounts with the "Allow log on through Remote Desktop Services" user right can access V Medium Unauthorized accounts must not have the Allow log on locally user right.

Accounts with the "Allow log on locally" user right can log on interactively to a system. V Medium Unauthorized accounts must not have the Access this computer from the network user right. Accounts with the "Access this computer from the network" user right may access V Medium Users with Administrative privilege must be documented. Administrative accounts may perform any action on a system. Users with administrative accounts must be documented to ensure those with this level of access are clearly identified.

V Medium A screen saver must be enabled on the system. Unattended systems are susceptible to unauthorized use and must be locked when unattended. Enabling a password-protected screen saver to engage after a specified period of time helps protects V Medium The screen saver must be password protected. Enabling a password protected screen saver to engage after a specified period of time helps protects V Medium Users must be prevented from sharing files in their profiles.

Allowing users to share files in their profiles may provide unauthorized access or result in the exposure of sensitive data. V Medium The required legal notice must be configured to display before console logon. Failure to display the logon banner prior to a logon attempt will negate legal proceedings resulting from unauthorized access to system resources.

V Medium The system must be configured to prevent unsolicited remote assistance offers. Unsolicited remote assistance is help that is offered by the remote user. VPNs are vulnerable to attack if they are not supported by strong authentication. An adversary may be able gain access to network resources and sensitive information if they can compromise the The default search behavior, when an application calls a function in a Dynamic Link Library DLL , is to search the current directory, followed by the directories contained in the system's path V Medium The use of biometrics must be disabled.

Allowing biometrics may bypass required authentication methods. Biometrics may only be used as an additional authentication factor where an enhanced strength of identity credential is necessary V Medium The Windows 8 default Communications apps Mail, People, Messaging, and Calendar must be updated with the latest security patches or removed from the system.

Preventing users from sharing the local drives on their client computers to Remote Session Hosts that they access helps reduce possible exposure of sensitive data. V Medium The system must be configured to prevent the storage of passwords and credentials. This setting controls the storage of passwords and credentials for network authentication on the local system.

Such credentials must not be stored on the local machine as that may lead to account V Medium The system must be configured to prevent anonymous users from having the same rights as the Everyone group. Access by anonymous users must be restricted. If this setting is enabled, then anonymous users have the same rights and permissions as the built-in Everyone group. Anonymous users must not have V Medium The system must be configured to require a strong session key.

A computer connecting to a domain controller will establish a secure channel. Requiring strong session keys enforces bit encryption between systems. V Medium The system must be configured to use the Classic security model.

Windows includes two network-sharing security models - Classic and Guest only. With the Classic model, local accounts must be password protected; otherwise, anyone can use guest user accounts to V Medium Hyper-V must not be installed on a workstation. Allowing other operating systems to run on a secure system may allow users to circumvent security. V Medium Permissions for the System event log must prevent access by non-privileged accounts.

Strong sign-on must be used to protect a system. The PIN feature is limited to 4 numbers and caches the domain password in the system vault. V Medium Permissions for the Security event log must prevent access by non-privileged accounts. Storage of administrative credentials could allow unauthorized access. Disallowing the storage of RunAs credentials for Windows Remote Management will prevent them from being used with plug-ins.

V Medium Local users on domain-joined computers must not be enumerated. The username is one part of logon credentials that could be used to gain access to a system. Preventing the enumeration of users limits this information to authorized personnel. V Medium App notifications on the lock screen must be turned off. App notifications that are displayed on the lock screen could display sensitive information to unauthorized personnel.

V Medium Copying of user input methods to the system account for sign-in must be prevented. Allowing different input methods for sign-in could open different avenues of attack. User input methods must be restricted to those enabled for the system account at sign-in. V Medium Access to the Windows Store must be turned off. Uncontrolled installation of applications can introduce various issues, including system instability and allow access to sensitive information.

Installation of applications must be controlled by V Medium Connected users on domain-joined computers must not be enumerated. Preventing the enumeration of users limits this information to unauthorized personnel. V Medium Permissions for system files and directories must conform to minimum requirements. Changing the system's file and directory permissions allows the possibility of unauthorized and anonymous modification to the operating system and installed applications.

V Medium The system must notify the user when a Bluetooth device attempts to connect. V Medium Built-in cameras must be disabled unless allowed by physical security policies. Cameras can capture still pictures and video of sensitive information. There is also a potential for remote access, and cameras must be turned off unless approved by local policy.

V Medium User Account Control must, at minimum, prompt administrators for consent on the secure desktop. This setting configures the elevation V Medium The network selection user interface UI must not be displayed on the logon screen. Enabling interaction with the network selection UI allows users to change connections to available networks without signing into Windows.

V Medium The use of OneDrive for storage must be disabled. OneDrive provides access to external services for data storage which must not be used. Enabling this setting will prevent such access from the OneDrive app, as well as from File Explorer. V Medium Information shared with Bing in Search must be configured to the most restrictive setting.

Various levels of information can be shared with Bing in Search, to include user information and location. Configuring this setting prevents users from selecting the level of information shared V Medium Automatically signing in the last interactive user after a system-initiated restart must be disabled. Windows can be configured to automatically sign the user back in after a Windows Update restart. Some protections are in place to help ensure this is done in a secure fashion; however, disabling V Medium The option to update to the latest version of Windows from the Store must be turned off.

Uncontrolled system updates can introduce issues into the environment. Updates to the latest version of Windows must be done through proper change management. This setting will prevent the V Medium The system must be prevented from joining a homegroup.

Homegroups are a method of sharing data and printers on a home network. This setting will prevent a system from being joined to a homegroup.

V Medium Policy must require that system administrators SAs be trained for the operating systems used by systems under their control. If system administrators SAs are assigned to systems running operating systems for which they have no training, these systems are at additional risk of unintentional misconfiguration that may V Medium Application account passwords must be changed at least annually or when a system administrator with knowledge of the password leaves the organization.

Setting application accounts to expire may cause applications to stop functioning. The site will have a policy that application account passwords are changed at least annually or when a system V Medium Application account passwords must be at least 15 characters in length. V Medium Group Policy objects must be reprocessed even if they have not changed. Enabling this setting and then selecting the "Process even if the Group Policy objects have not changed" option ensures that the policies will be reprocessed even if none have been changed.

You can pin a folder to Quick access by right-clicking a folder icon in File Explorer. That will open the context menu in the snapshot below. There select the Pin to Quick access option on the context menu to pin it to the sidebar.

You can remove folders from Quick access by right-clicking their icons on the sidebar. Then select the Unpin from Quick access option to the remove the folder from sidebar. Click the Home, View or Share tabs to open their options on the Ribbon toolbar.

Click the Home tab to open the toolbar below. That toolbar includes the most essential File Explorer options for files and folders.

There you can select Copy to , Move to , Delete and Rename options for copying, moving, deleting and editing file and folder titles with. You can also select those options from the context menu by right-clicking a folder or file.

Selecting a folder or file and pressing the Delete button on Home tab deletes to Recycle Bin. You can right-click the Recycle Bin icon on the desktop and select Empty Recycle Bin from the context menu to empty it. The Share tab is not so essential, and it includes options you can select to share documents and folders. This tab now has a Share button on it so you can select an app to share the selected document with straight from the file manager.

Select a document, press the Share button and then choose an app from the list that opens.