Powershell
Basics¶
Get-Help <command> # Show help for a cmdlet
Get-Command <pattern> # Find commands
Get-Alias # List aliases
Files & Directories¶
Get-ChildItem -Recurse # List all files recursively
Get-ChildItem -File -Filter *.log # List .log files
Select-String -Path *.txt -Pattern "error" # Search for text within files
Copy-Item -Path C:\\file.txt -Destination D:\\Backup\\ # Copy file to backup
Remove-Item -Path *.tmp -Recurse -Force # Force delete all .tmp files
System & Processes¶
Get-Process | Sort WS -Descending # List processes by memory usage
Stop-Process -Id <PID> -Force # Force kill a process by ID
Restart-Computer -Force # Force reboot computer
Get-Service | Where Status -eq "Running" # List only running services
Scripting & Automation¶
for ($i=1; $i -le 5; $i++) { Write-Host $i }
foreach ($user in Get-LocalUser) { $user.Name }
if (Test-Path "C:\\file.txt") { Remove-Item "C:\\file.txt" }
$items = Get-ChildItem | Where-Object {$_.Length -gt 1MB} # Files > 1MB
Filtering, Sorting, and Exporting¶
Get-EventLog -LogName System |
Where-Object {$_.EntryType -eq "Error"} |
Sort-Object TimeGenerated -Descending |
Select-Object -First 10
Get-Process | Export-Csv -Path C:\\proc.csv -NoTypeInformation
Import-Csv -Path C:\\proc.csv | Where-Object { $_.CPU -gt 100 }
Security¶
Get-LocalUser # List local users
Set-LocalUser -Name username -PasswordNeverExpires $true
Get-LocalGroupMember "Administrators" # List admins
Add-LocalGroupMember -Group "Administrators" -Member "user1"
Get-ExecutionPolicy # Current script execution policy
Set-ExecutionPolicy RemoteSigned # Set policy
Networking¶
Test-Connection google.com -Count 4 # Ping test
Get-NetIPAddress # Show IP info
Get-NetTCPConnection # List open TCP connections
Resolve-DnsName github.com # DNS lookup
System Administration¶
Get-WmiObject Win32_BIOS # BIOS info (legacy)
Get-CimInstance Win32_OperatingSystem # OS info (modern)
Get-EventLog -LogName Security -Newest 20 # Last 20 security events
Restart-Service -Name "Spooler" # Restart a service
Start-Job -ScriptBlock { Get-Process } # Run async job
Get-Job; Receive-Job <Id> # List and retrieve jobs
Registry Editing¶
Get-ItemProperty -Path 'HKLM:\\Software\\...' # Read registry
Set-ItemProperty -Path 'HKLM:\\Software\\...' -Name "<>" -Value "..."
New-Item -Path 'HKCU:\\Software\\NewKey' # Create key
Remove-Item -Path 'HKCU:\\Software\\OldKey' -Recurse # Delete key
Remoting & Sessions¶
Enter-PSSession -ComputerName server1 # Interactively connect to remote server
Invoke-Command -ComputerName server2 -ScriptBlock { Get-Process }
New-PSSession -ComputerName server3 # Create a session
Useful References¶
| Alias | Cmdlet |
|---|---|
| ls | Get-ChildItem |
| cd | Set-Location |
| pwd | Get-Location |
| cp | Copy-Item |
| mv | Move-Item |
| rm | Remove-Item |
| cat | Get-Content |
| ps | Get-Process |
Tip:
To see all commands available: