Commands (CMD, PowerShell)

Show General System Information (OS, Boot-time, Specs, NIC, Hyper-V Req)¶

systeminfo

Hostname and Serial Number¶

Hostname: Shows hostname of computer

hostname

Serial Number: Shows S/N of computer

wmic bios get serialnumber

Ping¶

• Continuous Ping

ping –t X.X.X.X

• Pull DNS info from Ping (alternatively, use nslookup)

ping –a X.X.X.X

• Ping a certain amount of packets (Example: 60 packets [good for flapping alerts])

ping X.X.X.X –n 60

Traceroute¶

• Normal trace

tracert X.X.X.X

• If unable to resolve hostname

tracert X.X.X.X -d

Shows Network Drives Connected to User¶

net use

GPO¶

• Shows all Group Policies for computer/user

gpresult /r

• Update GPO

gpupdate /force

Computer Running Slow - SFC/DISM¶

• Note: To save time (and patience), use this version of these commands

sfc /scannow & sfc /scannow & DISM /Online /Cleanup-Image /RestoreHealth & sfc /scannow

sfc /scannow; sfc /scannow; DISM /Online /Cleanup-Image /RestoreHealth; sfc /scannow

sfc /scannow

DISM /Online /Cleanup-Image /CheckHealth

DISM /Online /Cleanup-Image /ScanHealth

DISM /Online /Cleanup-Image /RestoreHealth

• Reboot

DISM to Free-Up Space in WinSxS¶

DISM /online /Cleanup-Image /StartComponentCleanup

• Note: The above command does not seem to work in Backstage (may be able to test with user-specific session)

IPConfig¶

• Wipes DNS Cache in Windows

ipconfig /flushdns

• Renews IP Address (Will boot you off if remoted in)

ipconfig /release & ipconfig /renew

-Shows IPv4, IPv6, DNS, etc.

ipconfig /all

Find/Logoff User¶

query user

logoff IDOFUSER

Find/Reset Password¶

query user

net user 'USER' 'PASS'

Check for Email Domain on Server (PS)¶

Get-Recipient emailaddress@company.com

Backstage Printers (PS)¶

Get-Printer | Format-Table

• If you only need the Name/Driver Name

Get-Printer | Format-Table Name, DriverName

Remove-Printer -Name "NAMEOFPRINTER"

Get-PrinterDriver

Remove-PrinterDriver -Name "NAMEOFDRIVER"

Check Domain Connection (PS)¶

Test-ComputerSecureChannel -Verbose

Active Directory Password Policy¶

Get-ADDefaultDomainPasswordPolicy

Re-Add Computer to Domain (PS)¶

Reset-ComputerMachinePassword -Server {DomainController} -Credential {DomainAdmin}

• Example:

Reset-ComputerMachinePassword -Server lon-dc01 -Credential corp\dsmith

Check Route Table¶

netstat -r

Clear ARP Table¶

arp -d *

• Can be used to solve connectivity issues internally

Check Current Running Connections (at current time [will not update unless ran again])¶

netstat -ano | findstr "443"

• Note: TCPLogView may be a useful tool for logging data over time

Find & Cycle Network Adapter¶

• PowerShell

Get-NetAdapter | format-table

Disable-NetAdapter -Name "<interface>" -Confirm:$false

Enable-NetAdapter -Name "<interface>" -Confirm:$false

Restart-NetAdapter

• CMD

netsh interface show interface

netsh interface set interface INTERFACE disable

netsh interface set interface INTERFACE enable

Find TXT Records of Domain (example is DMARC)¶

nslookup -type=txt _dmarc.domain.com

• Note: This should work for other text records too if you know which one you're looking for

Get Current CPU Percentage (PS)¶

Get-CimInstance -ClassName win32_processor | Measure-Object -Property LoadPercentage –Average

Install Appinstaller Package¶

Add-AppxPackage -Appinstaller <path-to-your-appinstaller-file>

Sync Changes to Azure¶

• This changes for all changed

Start ADSyncSyncCycle

• This changes for a specific policy

Start ADSyncSyncCycle –PolicyType delta

Find FQDN (Fully Qualified Domain Name) of Host (PS)¶

[System.Net.Dns]::GetHostByName($env:COMPUTERNAME).HostName

Find File (PS)¶

gci -r -fi '*.EXTENSION'

Get and Restart Service (PS)¶

• Get Service

Get-Service -Name NAME

• Restart Service

Restart-Service NAME

• Example: Restart Print Spooler

Restart-Service Spooler

Test Domain Trust Broker (PS)¶

Test-ComputerSecureChannel -Verbose

• If above is True, everything should be fine | If False, run the below command

Test-ComputerSecureChannel -Repair -Credential (Get-Credential)

Resync Time¶

net stop w32time && w32tm /unregister && w32tm /register && net start w32time && w32tm /resync && tzutil /s "Eastern Standard Time"

• For a list of Time Zones, run:

tzutil /l

Open Network Routing Tables¶

route print

Remove Folder/Files (PS)¶

Remove-Item FOLDERNAME/FILENAME

See Storage Information of a Drive (PS)¶

Get-Volume C

• Can change "C" for other drive letters

Download File Over HTTP¶

Invoke-WebRequest -Uri "http://example.com/file.zip" -OutFile "C:\\path\\to\\save\\file.zip"

List Environment Variables¶

Get-ChildItem Env: