Last edit: May 26, 2019 04:34:45 PM CDT
List of all cheatsheets
Shortcuts
compmgmt.msc
devmgmt.msc
diskmgmt.msc
gpedit.msc
lusrmgr.msc
Active Directory
Get list of users who have not changed their passwords
Get-ADUser –filter * -Properties PasswordLastSet | Where { $_.passwordLastSet –eq $null }
Files, Filesystems & Partitions
Get list of drives
gdr -psProvider FileSystem
Get list of mapped drives
gwmi -Class Win32_MappedLogicalDisk | select Name, ProviderName
Get list of mapped drives for a user
net use
Get list of installed apps
Get-AppxPackage -AllUsers | Select Name, PackageFullName
robocopy syntax
robocopy source destination [options]
e.b. robocopy C:\Directory_A C:\Directory_B
/E = recursive, including attributes
/W:[Value] = Wait time in seconds, e.g. /W:20
/R:[Value] = Retry time in seconds, e.g. /R:20
/LOG:[path] = Log file
Repair filesystem
sfc /scannow
Hardware & Kernel
Get machine's serial number
wmic bios get serialnumber
Get installed memory size in bytes
wmic memorychip get Capacity
Get MAC address
getmac
Get MAC addresses for all adapters
getmac /v /fo list
Get make and model
Get-WmiObject -Class Win32_ComputerSystem | select manufacturer, model
Display basic hardware information on a remote machine
winrm enumerate wmicimv2/Win32_ComputerSystem
Installs & Updates
Get list of installed updates
wmic qfe list
See if a particular update is installed
systeminfo | find ": KB[update number]"
Export list of installed updates
wmic qfe get /format:csv >C:\updates.csv
Activate Windows 8+ with a MAK or change product key
As administrator, sluix.exe 3
Enter new key
Reset Automatic Update
wuauclt.exe /resetauthorization /detectnow
Which server is a machine getting updates from?
reg query HKLM\SOFTWARE\policies\Microsoft\Windows\WindowsUpdat
Monitoring
See also Notable Utilities
Get process listing
tasklist
Network
Flush DNS
ipconfig /flushdns
PowerShell
Allow local PowerShell scripts to run (aka chmod +x)
Set-ExecutionPolicy remotesigned
Equivalent of X
apropos: get-help [query]
date: get-date
echo: write-output
find: dir [query] -recursive
head: select-object -first [number of lines]
kill: stop-process
ls: get-childitem / gci / dir
ls -a: ls -force
man: get-help [command]
ps: get-process
ps | grep: get-process [query]
rm: remove-item
sleep: start-sleep
sort: sort-object
uniq: get-unique
tail: gc [file to watch] | select-object -last [number of lines]
tail -f: gc -tail [number of lines] -wait [file to watch]
touch: set-content -Path /path/to/file -Value $null
whomai: [Security.Principal.WindowsIdentity]::GetCurrent() | select name
Variables
%: for each e.g. Get-Child-Item -name boom | %{Remove-Item}
$_: container for current pipeline object
Array: $[name] = @(“name”, “name1”, “name2”)
Remote Management
Enable Windows Remote Management (WinRM) on a machine
winrm quickconfig
Get WinRM configuration information
winrm get winrm/config
Display OS properties on a remote machine
winrm get wmicimv2/Win32_OperatingSystem
Display free memory on a remote machine
winrm g wmicimv2/Win32_OperatingSystem -fragment:FreePhysicalMemory -r:[machinename]
Run a command on a remote machine
winrs -r:[machine name] [insert command here]
Start a service on a remote machine
winrm invoke startservice wmicimv2/Win32_Service?name=[servicename] -r:[machinename]
Stop a service on a remote machine
winrm invoke startservice wmicimv2/Win32_Service?name=[servicename] -r:[machinename]
Reboot a remote machine
winrm invoke reboot wmicimv2/Win32_OperatingSystem -r:[machinename]
Security
Check for Service Principals in a Domain
setspn -T [domain/forest] -F -Q */[name or IP]
View Service Principal listing for a particular host
setspn -L [hostname]
Services
Find a service's short name
Get-Service | Sort-Object -Property DisplayName | Format-Table DisplayName, Name -AutoSize
System
Get full licensing status
slmgr.vbs /dlv
Get uptime
systeminfo | find "System Boot Time:"
Get uptime v2
net statistics workstation
Users, Groups and Policy
Get AD user account information
net user /DOMAIN [user]
Output list of user accounts and settings
wmic /output:C:\logs\useraccounts.txt useraccount list full
Get domain user account details
Get-ADuser username -properties *
_Must be on a server or have have RSAT installed_
See what policies are in place for a user
Most: rsop.msc
Full: gpresult /Scope User /v
See what policies are in place for a computer
As admin: gpresult /Scope Computer /v
Force a computer to update policy from the domain
gpupdate /force
Windows Server
Get a list of shares on server
gwmi -computer $remotecomputername -Class win32_share | select -ExpandProperty Name
Get list of printers from Windows 2k8+ print server
WMIObject -class Win32_printer | Select Name,DriverName,PortName,Location > \Output\Path
Syntax for Firewall rule
netsh advfirewall firewall add rule name=[nickname] dir=[in/out] action=[allow/block/bypass] protocol=[TCP/UDP] localport=[port #]
Config Files
Tk
Misc
Make the Toolbar balloon alert present a dialog
wlrmdr.exe -s 60000 -f 1 -t "[Balloon header]" -m "[ballon body text]" -a o
cmd shell equivalents
mv: move
rm: del
rm -r: deltree
ls: dir
grep: find