PowerShell Cheat Sheet – Part One

This part of cheat sheet I’ve putting together for myself.

Before I start the listing cmdlets, It worth metioning agian how to use alias.  Essential you can create new names for commands like this.

$SomeAlias = “cmdlet”

Commands you’re familiar with in command prompt are more than likely included into PowerShell, if that makes you feel at home.

*Note: This very much a quick and dirty copy paste from my notes. I’ll try to clean it up later.

Configuring Execution Policy
PowerShell has scripting disabled by default. Here are the ways you can configure the execution policy for your scripts

  • Restricted – Default config for PS. Scripts are unable to execute and commands are only able to run through the shell.
  • All Signed – Only scripts signed by a trusted publisher are allowed to run
  • Remote Signed – Local scripts are allowed to run and remote scripts signed by a trusted installer can be executed.
  • Unrestricted – Any local or remote script is allowed to be executed

Here is how to find your current execution policy.
Get-ExecutionPolicy

Also, here is how to change it.
Set-ExecutionPolicy Remote Signed

 

Some Useful Getters

Finding installed services
Get-Service

Finding a process
Get-Process

Finding an Event Log
Get-EventLog -Log “Name”

 

Controlling Processes

You can stop a process by typing it’s name or PID number.
Stop-Process -Name “name”
Stop-Process -ID “ID”

If you didn’t figure out the cmdlet to start a serive, here it is.

Start-Process -Name “name”

Start-Process -ID “ID”

 

System File Checker
sfc /scannow

 

File Signatuer Verification
sigverif

 

Finding Installed Drivers
driverquery

 

Verifying DNS 
nslookup “DNS”

 

Pinging Commands
ping “IP”
pathping “IP”
Tracert “IP”

 

Displaying active TCP contections and ports
Netstat

 

Reviewing or Modifying an IP address

This command will display a windows full IP configuration
ipconfig /all

This command will remove an IP address
ipconfig /release

This command will renew an IP address
ipconfig /renew

This command will flush the DNS resolver cache
ipconfig /flushdns

 

TaskList and TaskKill

This command will display running tasks
tasklist
Also you can display associated dll of a task by adding a -m, and you can display a task services with -svc
tasklist -m
tasklist -v

You can kill a task by typing it’s name or pid number.
taskkill -pid “ID”
taskkill -im “Name”

 

Running the network services shell
Netsh

Netsh can do a few other usefull things. Here is how to check firewall rules
netsh advfirewall firewall show rule name=all

 

Viewing process connections
netstat

 

Reporting Utilities

You can build a html document from a PowerShell cmdlet.

Get-EventLog -Log “Name” | ConvertTo-HTML -Property Name, Status > “file path”

Here is how to create a CSV file from a cmdlet
Get-EventLog -Log “Name” | Export-CSV “file path”
You can specfiy which object to build your reporting document with a double pipe

Get-Service | Select-Object Name, Status | Export-CSV “file path”

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s