25 basic PowerShell commands for Windows administrators

Common entries (just to get started)

1. CD HKCU:

PowerShell lets you navigate the Windows Registry like a file system.

The CD command is a leftover from the days of disk operating systems (DOS) and stood for Change Directory. Although the CD command works in PowerShell, it's not truly a PowerShell command. It's an alias or shortcut for the Set-Location cmdlet. HKCU is an abbreviation for HKEY_CURRENT_USER.

2. Dir –r | Select-String "searchforthis"

This command lets you search recursively for text within the file structure because it searches the file names, not the file contents. The -r is what makes the search recursive, which means PowerShell will search both the current directory and subdirectories.

Like the CD command, the Dir command is a DOS leftover. In the days of DOS, the Dir command displayed the contents of the current folder. In PowerShell, Dir is an alias for the Get-ChildItem cmdlet.

3. Get-Process | Sort-Object –p ws | Select-Object –last 5

This command finds the five processes using the most memory. The Get-Process cmdlet retrieves a list of processes, while the Sort-Object portion of the command instructs PowerShell to sort the results by working set memory (ws). The Select-Object portion of the command displays the top five results.

4. Restart-Service DHCP

The Restart-Service command cycles a service by stopping and then restarting it. In this case, the Restart-Service command is used to restart the Dynamic Host Configuration Protocol (DHCP) service.

5. Get-ChildItem

When used by itself, the Get-ChildItem cmdlet list all items within a folder.

6. Get-ChildItem c:\directory -Recurse

You can append a path to the Get-ChildItem cmdlet so PowerShell displays the contents of the specified folder. Appending the -Recurse parameter causes PowerShell to also display the contents of all subfolders.

7. Remove-Item C:\ToBeDeleted

The Remove-Item cmdlet is used to delete a file or folder. When deleting a folder, you can append the -Recurse parameter to delete the files within the folder.

8. Restart-Computer

The Restart-Computer cmdlet reboots the system. You can also append the -ComputerName parameter to reboot a remote system.

Collecting information

9. Get-WmiObject -Class Win32_ComputerSystem

This command retrieves the make and model of a computer.

10. Get-WmiObject -Class Win32_BIOS

This command displays information about the BIOS of the current computer, such as the serial number and version.

11. Get-Hotfix

The Get-Hotfix command displays a list of installed hotfixes or quick fix engineering updates.

12. Get-WmiObject -Class Win32_ComputerSystem -Property UserName | Select-Object Username

This command displays the username of the person logged on to a computer.

13. Get-WmiObject -Class Win32_Product | Select-Object Name, Vendor

This command displays the names of all the applications installed on the computer, along with the vendor who published each application.

14. Get-NetIPAddress | Select-Object IPAddress

The Get-NetIPAddress cmdlet can be used to display a list of all the IP addresses assigned to the computer.

15. Get-NetIPAddress

Using the Get-NetIPAddress cmdlet by itself displays a more detailed summary of the computer's IP address usage. You can also use the IPConfig command for this purpose.

16. Get-NetIPAddress | Where-Object {$_.PrefixOrigin -eq 'DHCP'}

By filtering the Get-NetIPAddress cmdlet's output by PrefixOrigin, you can display only those network adapters that acquire an IP address from a DHCP server.

17. Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=true -ComputerName . | ForEach-Object -Process {$_.EnableDHCP()}

You can enable DHCP on all network adapters on the current computer by using this command.

Software management

18. Start-Process Setup.msi

The Start-Process cmdlet can be used to launch an MSI file, which is used to install a software application. In this case, the filename Setup.msi is used, but you can substitute the required path and filename.

19. (Get-WmiObject -Class Win32_Product -ComputerName . -Filter "Name='name_of_app_to_be_upgraded'").Upgrade(\\MACHINEWHEREMSIRESIDES\path\upgrade_package.msi)

You can use this command to upgrade an installed application with an MSI-based application upgrade package.

20. (Get-WmiObject -Class Win32_Product -Filter "Name='product_to_remove'" -ComputerName . ).Uninstall()

This command can be used to remove an MSI package from the current computer.

Machine management

21. Start-Sleep 60; Restart-Computer –Force –ComputerName TARGETMACHINE

By combining the Start-Sleep cmdlet with the Restart-Computer cmdlet, you can remotely shut down another machine after one minute.

22. Add-Printer -ConnectionName \\PrintServer\Printer

This command lets you install a printer by specifying the shared printer's Universal Naming Convention path using the -ConnectionName parameter.

23. Remove-Printer -Name "printer name"

This command removes a printer. You must substitute the actual name of the printer for the phrase "printer name."

24. Enter-PSSession TARGETMACHINE

You can use the Enter-PSSession command to establish a PowerShell session with a remote machine. You must have remote management enabled on the remote machine and a valid set of credentials.

25. Invoke-Command -ComputerName Machine1 -FilePath C:\Script\script.ps1

You can use the Invoke-Command cmdlet to run a PowerShell script or any PowerShell cmdlet against a remote machine.

Bonus command

26. Stop-Process -ProcessName calc*

You can use the Stop-Process cmdlet to terminate a process running on your computer by appending the name of the process you want stopped. If you don't know -- or don't want to type -- the full process name, you can use wildcards.