PowerShell Cheat Sheet – Part One

This part of cheat sheet I’ve putting together for myself.

Before I start the listing cmdlets, It worth metioning agian how to use alias.  Essential you can create new names for commands like this.

$SomeAlias = “cmdlet”

Commands you’re familiar with in command prompt are more than likely included into PowerShell, if that makes you feel at home.

*Note: This very much a quick and dirty copy paste from my notes. I’ll try to clean it up later.

Configuring Execution Policy
PowerShell has scripting disabled by default. Here are the ways you can configure the execution policy for your scripts

  • Restricted – Default config for PS. Scripts are unable to execute and commands are only able to run through the shell.
  • All Signed – Only scripts signed by a trusted publisher are allowed to run
  • Remote Signed – Local scripts are allowed to run and remote scripts signed by a trusted installer can be executed.
  • Unrestricted – Any local or remote script is allowed to be executed

Here is how to find your current execution policy.

Also, here is how to change it.
Set-ExecutionPolicy Remote Signed


Some Useful Getters

Finding installed services

Finding a process

Finding an Event Log
Get-EventLog -Log “Name”


Controlling Processes

You can stop a process by typing it’s name or PID number.
Stop-Process -Name “name”
Stop-Process -ID “ID”

If you didn’t figure out the cmdlet to start a serive, here it is.

Start-Process -Name “name”

Start-Process -ID “ID”


System File Checker
sfc /scannow


File Signatuer Verification


Finding Installed Drivers


Verifying DNS 
nslookup “DNS”


Pinging Commands
ping “IP”
pathping “IP”
Tracert “IP”


Displaying active TCP contections and ports


Reviewing or Modifying an IP address

This command will display a windows full IP configuration
ipconfig /all

This command will remove an IP address
ipconfig /release

This command will renew an IP address
ipconfig /renew

This command will flush the DNS resolver cache
ipconfig /flushdns


TaskList and TaskKill

This command will display running tasks
Also you can display associated dll of a task by adding a -m, and you can display a task services with -svc
tasklist -m
tasklist -v

You can kill a task by typing it’s name or pid number.
taskkill -pid “ID”
taskkill -im “Name”


Running the network services shell

Netsh can do a few other usefull things. Here is how to check firewall rules
netsh advfirewall firewall show rule name=all


Viewing process connections


Reporting Utilities

You can build a html document from a PowerShell cmdlet.

Get-EventLog -Log “Name” | ConvertTo-HTML -Property Name, Status > “file path”

Here is how to create a CSV file from a cmdlet
Get-EventLog -Log “Name” | Export-CSV “file path”
You can specfiy which object to build your reporting document with a double pipe

Get-Service | Select-Object Name, Status | Export-CSV “file path”


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s