| Command
| Action
|
| Get-ItemProperty -Path "HKLM:\\SOFTWARE\\Microsoft\\Virtual Machine\\Guest\\Parameters" | Select-Object HostName
| Used to get host name from a VM in powershell
|
| CHKDSK C: /R
| Checks disk for errors and automatically repairs if it finds any
|
| Compmgmt.msc
| Opens computer management
|
| Control.exe
| Opens control panel.
|
| DISM /Online /Cleanup-Image /AnalyzeComponentStore
|
|
| DISM /Online /Cleanup-Image /RestoreHealth /Source:D:\\Sources\\install.wim
|
|
| DISM /Online /Cleanup-Image /StartComponentCleanup
|
|
| DISM.exe /Online /Cleanup-image /Restorehealth
| Uses windows update to update corrupted files.
|
| DISM.exe /Online /Cleanup-Image /RestoreHealth /Source:C:\\RepairSource\\Windows /LimitAccess
| use a running Windows installation as the repair source instead
|
| DISM /Online /Cleanup-Image /RestoreHealth /source:WMI:D:\\Sources\\Install.WMI:1 /LimitAccess
| Repair using ISO.
Prerequisite. You must upload an iso of the same build to the server and mount as network drive Change the letter "D" to whatever drive the ISO is mounted as.
|
| Get-ADGroupMember –Identity “administrators” | Export-CSV C:\\Accent\\administrators.CSV
| command to pipe list of users in a group to a .csv file.
|
| gpresult /h C:/Accent/gpresult.html
| Saves gpresult to C:/Accnet to assist with troubleshooting group policy issues
|
| Gpupdate /force
| Updates group policy
|
| ipconfig /flushdns
| Flush dns
|
| klist -lh 0 -li 0x3e7 purge
| Purge kerberos tickets - use before gpudate to pull new computer groups
|
| c
| Adds user "hayden.kirchner" to local admin group.
|
| net localgroup administrators hayden.kirchner /delete
| Removes user "hayden.kirchner" from local admin group
|
| Net share
| Shows network shares location
|
| Net use
| Shows mapped network drives
|
| net use V: \\\\rhsc-48-vsrv02\\HR /persistent:yes
| Maps \\\\RHSC-48-VSRV02\\HR to the V: drive and stays after reboot
|
| net user administrator /active:yes
| Enable local account
|
| net user ScanService PASSWORD /add
| Adds a user to the local computer
|
| net user USERNAME /active:yes
| Enables/disables an account
|
| netsh wlan show networks
| Used to show the networks
|
| netsh wlan show wlanreport
| Wireless troubleshooting
|
| powercfg.exe /setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
| Set power profile to high performance.
|
| powercfg.exe /setactive
|
|
| Query session
| Checks to see who all is logged into a computer.
|
| Query session
| Shows who is logged into the computer.
|
| RSOP.msc
| Resultant set of policies/ used to determine what policy a machine is getting
|
| Sfc /scannow
| Scans system for errors
|
| shutdown /r /t 0
| Restart computer immediately
|
| Systeminfo |more
| Shows the installation date of os and patches applied.
|
| VSSadmin list writers
| Shadow copy processes and their status
|
| Wmic bios get serialnumber
| gets serial number/service tag from pc.
|
| wmic NIC where NetEnabled=true get Name, Speed
| Used to determine what speed a network interface is operating at in bits
|
| Powercfg.exe -h off
| Disables hibernation and clears up used space.
|
| net user administrator Accent1234
net user administrator /active:yes
Remove-Computer -UnjoinDomaincredential %domain%\\%admin% -PassThru -Verbose -Restart
| Quick Decom
Replace %domain% with actual domain
Replace %admin% with domain admin account
|
| wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("192.168.10.11", "192.168.202.31")
| Sets the DNS servers within IPCONFIG
|
| cipher: used to encrypt and decrypt files, and general data security
cipher /<e for encrpty, d for decrypt> /s:C:/<file path>
ciphe /u /h /n - to show all encrytped files
| used to encrypt and decrypt files, and general data security
|
| tasklist: show list of running procces
taskkill: taskkill /f /t /im <name of procces> or, the name of the pid
| tasklist: show list of running procces
|
| Create Restore Point: wmic.exe /Namespace:\\\\root\\default Path SystemRestore Call CreateRestorePoint "<RestorePointName>", 100, 7
powershell: powershell.exe -ExecutionPolicy Bypass -NoExit -Command "Checkpoint-Computer -Description '<%date%>' -RestorePointType 'MODIFY\_SETTINGS'"
| Create Restore Point
|