Windows Administration Cheat Sheet

Legend
System Information & Diagnostics

View full system info

systeminfo

View hostname

hostname

Check OS version

ver

Show current user

whoami

List all users

net user

Display environment variables

set

Check uptime

net statistics workstation

Show BIOS info

wmic bios get serialnumber,version

Check hardware summary

wmic cpu get name , wmic memorychip get capacity

Check disk usage

wmic logicaldisk get size,freespace,caption

Get detailed system info (PowerShell)

Get-ComputerInfo

Check PowerShell version

$PSVersionTable.PSVersion
Network Troubleshooting

View IP configuration

ipconfig /all

Renew DHCP lease

ipconfig /release
ipconfig /renew

Flush DNS cache

ipconfig /flushdns

Display routing table

route print

Show ARP cache

arp -a

Test connectivity

ping <hostname>

Test name resolution

nslookup <hostname>

Trace network path

tracert <hostname>

Check open ports

netstat -an

Show connections with process

netstat -ab

List interfaces

netsh interface show interface

Reset network stack

netsh int ip reset 
netsh winsock reset

Get MAC address

getmac

Quick test (PowerShell)

Test-NetConnection <host> -Port <port>
Process & Service Management

List running tasks

tasklist

Kill a process

taskkill /PID <id> /F

View services

net start

Start/stop service

net start <svc>
 net stop <svc>

Manage services (PowerShell)

Get-Service
Start-Service
Stop-Service

Process details

Get-Process

Kill process (PowerShell)

Stop-Process -Name notepad
File System & Disk

List directory

dir

Change directory

cd <path>

Create folder

mkdir <name>

Delete folder/file

rmdir <name>
 del <file>

Copy/move files

copy <src> <dst>
move <src> <dst>

Compare files

fc <file1> <file2>

Check disk errors

chkdsk <drive>: /f

Show disk layout

diskpart 
list disk
list volume

Map network drive

net use Z: \\server\share /user:domain\user
User, Group & Permission Management

List local users

net user

View user details

net user <username>

Create/delete user

net user <user> <pw> /add
net user <user> <pw> /delete

Add user to group

net localgroup <group> <user> /add

List groups

net localgroup

Change password

net user <username> *

View sessions

query user

Lock workstation

rundll32.exe user32.dll,LockWorkStation
Firewall & Security Management

Check firewall state

netsh advfirewall show allprofiles

Disable/enable firewall

netsh advfirewall set allprofiles state off
netsh advfirewall set allprofiles state on

Allow app through firewall

netsh advfirewall firewall add rule name="App" dir=in action=allow program="C:\path\app.exe"

Enable firewall logging

netsh advfirewall set allprofiles logging filename %systemroot%\system32\LogFiles\Firewall\pfirewall.log

Windows Defender status

sc query Windefend or Get-MpComputerStatus

Check RDP status

query session / qwinsta

Enable RDP (PowerShell)

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name
"fDenyTSConnections" -Value 0
Group Policy Management

Display effective Group Policy

gpresult /r

Generate detailed HTML report

gpresult /h C:\gpresult.html

Force Group Policy update

gpupdate /force

Update only user policy

gpupdate /target:user /force

Update only computer policy

gpupdate /target:computer /force

Force synchronous update (next logon/reboot)

gpupdate /sync

Force update remotely (PowerShell)

Invoke-GPUpdate -Computer <name> -Force

Check last applied GPO time

Get-GPResultantSetOfPolicy -ReportType Html -Path "C:\GPO_Report.html"

Export GPO settings (PowerShell)

Backup-GPO -Name "<GPOName>" -Path "C:\GPOBackup"

List all GPOs (PowerShell)

Get-GPO -All
System Maintenance

Check/repair system files

sfc /scannow

Check component store

DISM /Online /Cleanup-Image /ScanHealth

Repair component store

DISM /Online /Cleanup-Image /RestoreHealth

Reboot/shutdown

shutdown /r /t 0 / shutdown /s /t 0

Schedule reboot

shutdown /r /t 3600

List installed updates

wmic qfe list brief

Uninstall update

wusa /uninstall /kb:XXXXXXX

List installed software

wmic product get name,version

Check startup programs

wmic startup get caption,command

Clear temp files

del /q/f/s %TEMP%\*
PowerShell Essentials

List cmdlets

Get-Command

Find cmdlet

Get-Command *service*

Get help

Get-Help Get-Service -Full

Get event logs

Get-EventLog -LogName System -Newest 20

Remote session

Enter-PSSession -ComputerName <host>

Run remote command

Invoke-Command -ComputerName <host> -ScriptBlock { Get-Service }
Quick Administrative Shortcuts

Services

services.msc

Event Viewer

eventvwr.msc

Group Policy Editor

gpedit.msc

Task Scheduler

taskschd.msc

Performance Monitor

perfmon

System Configuration

msconfig

Registry Editor

regedit

Resource Monitor

resmon

Control Panel

control
Like this

In

,

Leave a Reply

Your email address will not be published. Required fields are marked *