PowerShell Commands
PowerShell cmdlets and scripting reference.
File & Directory Operations
Get-ChildItem -Path C:\List files and directories (ls)
Get-ChildItem -RecurseList files recursively
Copy-Item -Path file.txt -Destination destCopy file
Move-Item -Path file.txt -Destination destMove file
Remove-Item -Path file.txtDelete file
New-Item -Path file.txt -ItemType FileCreate new file
New-Item -Path C:\dir -ItemType DirectoryCreate new directory
Test-Path -Path file.txtCheck if path exists
Get-Content -Path file.txtRead file contents (cat)
Set-Content -Path file.txt -Value "text"Write to file
Process Management
Get-ProcessList all running processes (ps)
Get-Process -Name notepadGet specific process by name
Stop-Process -Name notepadStop process by name
Stop-Process -Id 1234Stop process by ID
Start-Process notepad.exeStart a new process
Get-Process | Sort-Object CPU -DescendingList processes by CPU usage
Get-Process | Where-Object {$_.CPU -gt 100}Filter processes by CPU
Services
Get-ServiceList all services
Get-Service -Name wuauservGet specific service
Start-Service -Name wuauservStart a service
Stop-Service -Name wuauservStop a service
Restart-Service -Name wuauservRestart a service
Set-Service -Name wuauserv -StartupType AutomaticSet service startup type
Get-Service | Where-Object {$_.Status -eq "Running"}List running services
Network Commands
Test-Connection -ComputerName google.comPing a host
Test-NetConnection -ComputerName google.com -Port 443Test TCP connection
Get-NetIPAddressShow IP addresses
Get-NetIPConfigurationShow network configuration (ipconfig)
Get-DnsClientCacheDisplay DNS cache
Clear-DnsClientCacheClear DNS cache (ipconfig /flushdns)
Resolve-DnsName google.comDNS lookup (nslookup)
Get-NetTCPConnectionShow TCP connections (netstat)
System Information
Get-ComputerInfoGet detailed computer information
$PSVersionTableShow PowerShell version
Get-HostGet host information
Get-WmiObject Win32_OperatingSystemGet OS information
Get-WmiObject Win32_ComputerSystemGet computer system info
Get-WmiObject Win32_BIOSGet BIOS information
Get-HotfixList installed Windows updates
Get-EventLog -LogName System -Newest 10Get recent system events
User & Security
Get-LocalUserList local user accounts
Get-LocalGroupList local groups
New-LocalUser -Name "username"Create new local user
Add-LocalGroupMember -Group "Administrators" -Member "user"Add user to group
Get-ExecutionPolicyGet current execution policy
Set-ExecutionPolicy RemoteSignedSet execution policy
Get-Acl -Path C:\file.txtGet file permissions
whoami /userShow current user SID
Variables & Objects
$variable = "value"Assign variable
Get-VariableList all variables
$env:PATHAccess environment variable
[Environment]::SetEnvironmentVariable("VAR", "value", "User")Set environment variable
Get-MemberShow object properties and methods
Get-Process | Get-MemberShow process object members
Measure-ObjectCalculate numeric properties
Select-Object -Property Name, CPUSelect specific properties
Pipeline & Filtering
Get-Process | Where-Object {$_.CPU -gt 50}Filter objects (where)
Get-Service | Sort-Object StatusSort objects
Get-Process | Select-Object -First 5Select first N objects
Get-ChildItem | Measure-Object -Property Length -SumSum file sizes
Get-Process | Export-Csv processes.csvExport to CSV
Import-Csv data.csvImport from CSV
Get-Content file.txt | Select-String "pattern"Search text (grep)
Get-Process | Out-GridViewDisplay in GUI grid view
Remote Management
Enter-PSSession -ComputerName server01Start interactive remote session
Invoke-Command -ComputerName server01 -ScriptBlock {Get-Process}Run command on remote computer
New-PSSession -ComputerName server01Create persistent remote session
Get-PSSessionList active remote sessions
Remove-PSSession -Id 1Close remote session
Enable-PSRemotingEnable PowerShell remoting
Test-WSMan -ComputerName server01Test WinRM connectivity
Registry & Configuration
Get-ItemProperty -Path "HKLM:\Software"Read registry key
Set-ItemProperty -Path "HKLM:\Software" -Name "Key" -Value "Value"Set registry value
New-Item -Path "HKLM:\Software\NewKey"Create registry key
Remove-Item -Path "HKLM:\Software\Key"Delete registry key
Get-PSDriveList PowerShell drives (including registry)