Skip to content

PowerShell

PowerShell syntax, commands, and scripting reference.

Basics

Get-Help <command>           # Show help for a cmdlet
Get-Command <pattern>        # Find commands
Get-Alias                    # List aliases

Files & Directories

Get-ChildItem -Recurse                              # List all files recursively
Get-ChildItem -File -Filter *.log                   # List .log files
Select-String -Path *.txt -Pattern "error"          # Search for text within files
Copy-Item -Path C:\\file.txt -Destination D:\\Backup\\ # Copy file to backup
Remove-Item -Path *.tmp -Recurse -Force             # Force delete all .tmp files

System & Processes

Get-Process | Sort WS -Descending                   # List processes by memory usage
Stop-Process -Id <PID> -Force                       # Force kill a process by ID
Restart-Computer -Force                             # Force reboot computer
Get-Service | Where Status -eq "Running"            # List only running services

Scripting & Automation

for ($i=1; $i -le 5; $i++) { Write-Host $i }
foreach ($user in Get-LocalUser) { $user.Name }
if (Test-Path "C:\\file.txt") { Remove-Item "C:\\file.txt" }
$items = Get-ChildItem | Where-Object {$_.Length -gt 1MB} # Files > 1MB

Filtering, Sorting, and Exporting

Get-EventLog -LogName System |
    Where-Object {$_.EntryType -eq "Error"} |
    Sort-Object TimeGenerated -Descending |
    Select-Object -First 10

Get-Process | Export-Csv -Path C:\\proc.csv -NoTypeInformation
Import-Csv -Path C:\\proc.csv | Where-Object { $_.CPU -gt 100 }

Security

Get-LocalUser                                   # List local users
Set-LocalUser -Name username -PasswordNeverExpires $true
Get-LocalGroupMember "Administrators"           # List admins
Add-LocalGroupMember -Group "Administrators" -Member "user1"
Get-ExecutionPolicy                             # Current script execution policy
Set-ExecutionPolicy RemoteSigned                # Set policy

Networking

Test-Connection google.com -Count 4             # Ping test
Get-NetIPAddress                               # Show IP info
Get-NetTCPConnection                           # List open TCP connections
Resolve-DnsName github.com                     # DNS lookup

System Administration

Get-WmiObject Win32_BIOS                       # BIOS info (legacy)
Get-CimInstance Win32_OperatingSystem          # OS info (modern)
Get-EventLog -LogName Security -Newest 20      # Last 20 security events
Restart-Service -Name "Spooler"                # Restart a service
Start-Job -ScriptBlock { Get-Process }         # Run async job
Get-Job; Receive-Job <Id>                      # List and retrieve jobs

Registry Editing

Get-ItemProperty -Path 'HKLM:\\Software\\...'               # Read registry
Set-ItemProperty -Path 'HKLM:\\Software\\...' -Name "<>" -Value "..."
New-Item -Path 'HKCU:\\Software\\NewKey'                    # Create key
Remove-Item -Path 'HKCU:\\Software\\OldKey' -Recurse        # Delete key

Remoting & Sessions

Enter-PSSession -ComputerName server1                     # Interactively connect to remote server
Invoke-Command -ComputerName server2 -ScriptBlock { Get-Process }
New-PSSession -ComputerName server3                       # Create a session

Useful References

Alias	Cmdlet
ls	Get-ChildItem
cd	Set-Location
pwd	Get-Location
cp	Copy-Item
mv	Move-Item
rm	Remove-Item
cat	Get-Content
ps	Get-Process

Tip:

To see all commands available:

Get-Command

Cheatsheet Reference

Cheatsheets

Alembic AWS CLI C C++ Docker Git Linux Diagnostics Make Network Nginx PowerShell Redis SQLAlchemy

Reference

Example Reference Software Licenses