Commands For Administrators
๐ File & Directory Management (20)
dirโ List filescd pathโ Change directorytreeโ Display directory structurecopy file1 file2โ Copy filexcopy source destination /E /Iโ Copy folder with subfoldersrobocopy source destination /MIRโ Mirror directoriesmove file destโ Move filedel filenameโ Delete filermdir /S /Q folderโ Remove folderattrib +R fileโ Add read-only attributeattrib -R fileโ Remove read-only attributecompact /C fileโ Compress file/folder (NTFS)fsutil file createnew file.txt 1000โ Create test filemore file.txtโ Display file contentstype file.txtโ Print file contentsfind "text" file.txtโ Search text in filewhere app.exeโ Find path of programclsโ Clear screenexplorer .โ Open current folder in Explorerstart filename.txtโ Open file with default app
๐ฅ User & Group Management (20)
net userโ List usersnet user usernameโ Show detailsnet user username *โ Reset passwordnet user username /active:yesโ Enable accountnet user username /active:noโ Disable accountnet localgroupโ List groupsnet localgroup administratorsโ Show adminsnet localgroup administrators user /addโ Add adminnet localgroup administrators user /deleteโ Remove adminlusrmgr.mscโ Local Users and Groups GUIwhoamiโ Current userwhoami /groupsโ Show group membershipswhoami /privโ Show privilegesget-localuser(PS) โ List local usersget-localgroup(PS) โ List groupsget-localgroupmember administrators(PS) โ Show admin membersAdd-LocalGroupMember -Group "Administrators" -Member userRemove-LocalGroupMember -Group "Administrators" -Member usernet accountsโ Show password policynet accounts /minpwlen:10โ Set min password length
๐ป System Information (20)
systeminfoโ System detailshostnameโ Show computer nameverโ Windows versionwinverโ Build/version infoecho %username%โ Show userecho %computername%โ Show PC namesetโ Show environment variableswmic os get caption,version,osarchitectureโ OS infowmic cpu get name,numberofcoresโ CPU infowmic memorychip get capacityโ RAM infowmic bios get serialnumberโ BIOS serialdriverqueryโ List driverstasklistโ List processestaskkill /PID 1234 /Fโ Kill processget-process(PS) โ Show processesstop-process -id 1234 -force(PS) โ Kill processget-service(PS) โ Show servicesrestart-service spoolerโ Restart print serviceget-hotfix(PS) โ Installed updatesmsinfo32โ System information tool
๐ Security & Policy (20)
gpresult /Rโ Show applied GPOsgpupdate /forceโ Refresh Group Policysecedit /analyzeโ Analyze securitycipher /E fileโ Encrypt filecipher /D fileโ Decrypt filecipher /W:C:\โ Wipe free spaceauditpol /get /category:*โ Show audit settingsnet accounts /maxpwage:30โ Set max password agenet accounts /lockoutthreshold:3โ Lockout after 3 triesnet accounts /uniquepw:5โ Require unique passwordswhoami /privโ Show privilegesicacls file.txtโ Show permissionsicacls file.txt /grant user:Fโ Grant full accessicacls file.txt /remove userโ Remove accesssecpol.mscโ Local Security Policy GUIfido2(PS) โ Manage security keys (if available)certmgr.mscโ Certificate Managercertutil -store myโ List certscipher /Kโ Generate EFS keyrunas /user:domain\user cmdโ Run as another user
๐ก Networking (30)
ipconfigโ IP infoipconfig /allโ Detailed IP configipconfig /releaseโ Release IPipconfig /renewโ Renew IPping hostโ Test connectivitytracert hostโ Trace routepathping hostโ Trace + packet lossnslookup domain.comโ DNS lookupnetstat -anoโ Show connectionsnetstat -rnโ Show routesarp -aโ ARP tableroute printโ Routing tableroute add 10.0.0.0 mask 255.255.255.0 192.168.1.1โ Add routetelnet host portโ Test TCP portcurl -I https://example.comโ HTTP headerswget https://example.comโ Download file (PS)Test-NetConnection host -Port 443(PS) โ Test portResolve-DnsName domain.com(PS) โ DNS lookupnetsh interface ip show configโ Show NIC confignetsh advfirewall show allprofilesโ Show firewall profilesnetsh advfirewall resetโ Reset firewallnet useโ Show mapped drivesnet use Z: \\server\shareโ Map drivenet use Z: /deleteโ Unmap drivemstscโ Remote Desktoprasdialโ Manage VPN connectionsGet-NetIPAddress(PS) โ Show IP addressesGet-NetRoute(PS) โ Show routesGet-NetTCPConnection(PS) โ Active connectionsInvoke-WebRequest https://site.com(PS) โ Fetch web data
๐ Disk, Storage, DSM, and Backup (30)
diskpartโ Disk managementlist diskโ Show diskslist volumeโ Show volumesselect disk 0โ Select diskcleanโ Wipe diskcreate partition primaryโ New partitionformat fs=ntfs quickโ Format partitionassign letter=Eโ Assign drive lettermountvolโ Show mounted volumeschkdsk C: /F /Rโ Scan and repair diskdefrag C:โ Defragment diskvssadmin list shadowsโ Show shadow copiesvssadmin delete shadows /allโ Delete shadow copiesfsutil fsinfo drivesโ List drivesfsutil dirty query C:โ Check dirty bitfsutil behavior query disabledeletenotifyโ TRIM statuswbadmin start backup -backupTarget:D: -include:C:โ Start backupwbadmin get versionsโ List backupswbadmin start recoveryโ Start recoveryDISM /Online /Cleanup-Image /CheckHealthโ Check image healthDISM /Online /Cleanup-Image /ScanHealthโ Scan imageDISM /Online /Cleanup-Image /RestoreHealthโ Repair imageDISM /Online /Cleanup-Image /StartComponentCleanupโ Clean componentssfc /scannowโ Repair system filessfc /verifyonlyโ Verify system filesCHKNTFS C:โ Check autochk statusCHKNTFS /X C:โ Exclude drive from autochkGet-Volume(PS) โ List volumesGet-Partition(PS) โ List partitionsResize-Partition(PS) โ Resize partition
โก Performance & Monitoring (30)
taskmgrโ Task Managerperfmonโ Performance Monitorresmonโ Resource Monitoreventvwrโ Event Viewerlogman create counter PerfLog -c "\Processor(_Total)\% Processor Time" -f csv -o C:\Perf.csvโ Perf logwevtutil qe System /c:10 /f:textโ Show last 10 system logsGet-EventLog -LogName system -Newest 10(PS) โ Event logsGet-WinEvent -LogName Application -MaxEvents 20(PS) โ New event log toolGet-Counter "\Processor(_Total)\% Processor Time"(PS) โ CPU usageGet-Counter "\Memory\Available MBytes"(PS) โ Memory usageGet-Counter "\LogicalDisk(C:)\% Free Space"(PS) โ Disk usageGet-Process | Sort-Object CPU -Descending | Select -First 5โ Top processesGet-Service | Where-Object {$_.Status -eq "Running"}โ Running servicesquery userโ Show logged-in usersqwinstaโ Remote desktop sessionsrwinsta <ID>โ Kill RDP sessiontasklist /Vโ Verbose processestypeperf "\Processor(_Total)\% Processor Time"โ Live CPU statstypeperf "\Memory\Available MBytes"โ Memory statsGet-WmiObject win32_operatingsystemโ System statsGet-WmiObject win32_logicaldiskโ Disk statsGet-WmiObject win32_processorโ CPU infopowercfg /batteryreportโ Battery healthpowercfg /energyโ Energy diagnosticspowercfg /sleepstudyโ Sleep diagnosticspsinfo(Sysinternals) โ Quick system summarypslist(Sysinternals) โ Process listpsexecโ Remote executionpsshutdownโ Remote shutdownbginfoโ Display system info on desktop
๐ง Troubleshooting & Admin Tools (30)
shutdown /iโ Remote shutdown GUIshutdown /r /t 0โ Restart nowshutdown /s /f /t 0โ Shutdown nowtaskkill /IM notepad.exe /Fโ Kill app by namesc queryโ Query servicessc stop spoolerโ Stop servicesc start spoolerโ Start servicenet startโ Show running servicesnet stop serviceโ Stop servicenet start serviceโ Start serviceservices.mscโ Services GUIcompmgmt.mscโ Computer Managementdevmgmt.mscโ Device Managerdiskmgmt.mscโ Disk Managementdcomcnfgโ Component Servicesmsconfigโ System Configurationregeditโ Registry Editorreg query HKLM\Software\Microsoft\Windows\CurrentVersion\Runโ Startup appsreg add HKCU\Software\Test /v MyValue /t REG_SZ /d Dataโ Add reg valuereg delete HKCU\Software\Test /v MyValue /fโ Delete reg valuecleanmgrโ Disk Cleanupdxdiagโ DirectX diagnosticmrtโ Malicious Software Removal Tooltaskschd.mscโ Task Schedulerschtasks /queryโ Show scheduled tasksschtasks /create /sc daily /tn MyTask /tr "notepad.exe"โ Create tasksysdm.cplโ System Propertiescontrolโ Control Panelappwiz.cplโ Programs & Featuresoptionalfeaturesโ Windows Features