This part of cheat sheet I’ve putting together for myself.
Before I start the listing cmdlets, It worth metioning agian how to use alias. Essential you can create new names for commands like this.
$SomeAlias = “cmdlet”
Commands you’re familiar with in command prompt are more than likely included into PowerShell, if that makes you feel at home.
*Note: This very much a quick and dirty copy paste from my notes. I’ll try to clean it up later.
Configuring Execution Policy
PowerShell has scripting disabled by default. Here are the ways you can configure the execution policy for your scripts
- Restricted – Default config for PS. Scripts are unable to execute and commands are only able to run through the shell.
- All Signed – Only scripts signed by a trusted publisher are allowed to run
- Remote Signed – Local scripts are allowed to run and remote scripts signed by a trusted installer can be executed.
- Unrestricted – Any local or remote script is allowed to be executed
Here is how to find your current execution policy.
Also, here is how to change it.
Set-ExecutionPolicy Remote Signed
Some Useful Getters
Finding installed services
Finding a process
Finding an Event Log
Get-EventLog -Log “Name”
You can stop a process by typing it’s name or PID number.
Stop-Process -Name “name”
Stop-Process -ID “ID”
If you didn’t figure out the cmdlet to start a serive, here it is.
Start-Process -Name “name”
Start-Process -ID “ID”
System File Checker
File Signatuer Verification
Finding Installed Drivers
Displaying active TCP contections and ports
Reviewing or Modifying an IP address
This command will display a windows full IP configuration
This command will remove an IP address
This command will renew an IP address
This command will flush the DNS resolver cache
TaskList and TaskKill
This command will display running tasks
Also you can display associated dll of a task by adding a -m, and you can display a task services with -svc
You can kill a task by typing it’s name or pid number.
taskkill -pid “ID”
taskkill -im “Name”
Running the network services shell
Netsh can do a few other usefull things. Here is how to check firewall rules
netsh advfirewall firewall show rule name=all
Viewing process connections
You can build a html document from a PowerShell cmdlet.
Get-EventLog -Log “Name” | ConvertTo-HTML -Property Name, Status > “file path”
Here is how to create a CSV file from a cmdlet
Get-EventLog -Log “Name” | Export-CSV “file path”
You can specfiy which object to build your reporting document with a double pipe
Get-Service | Select-Object Name, Status | Export-CSV “file path”