Edit

70+ Essential Powershell Commands

File and Directory Commands

  1. Get-ChildItem (Windows: dir) Lists files/directories.

# Basic: List files with details
Get-ChildItem -Path .
# Advanced: List .txt files recursively
Get-ChildItem -Path . -Recurse -Include *.txt | Format-Table Name, Length

  1. Set-Location (Windows: cd) Changes directory.

# Basic: Navigate to a folder
Set-Location -Path C:\Users
# Advanced: Switch to path with spaces
Set-Location -Path "C:\Program Files (x86)"

  1. New-Item -ItemType Directory (Windows: mkdir/md) Creates a directory.

# Basic: Create a single folder
New-Item -Path Data -ItemType Directory
# Advanced: Create nested folders
New-Item -Path Parent\Child\Grandchild -ItemType Directory -Force

  1. Remove-Item -Directory (Windows: rmdir/rd) Deletes a directory.

# Basic: Remove empty folder
Remove-Item -Path Data -Directory
# Advanced: Remove non-empty folder
Remove-Item -Path Data -Recurse -Force

  1. Remove-Item (Windows: del) Deletes files.

  1. Copy-Item (Windows: copy) Copies files.

  1. Copy-Item -Recurse (Windows: xcopy) Copies directories recursively.

  1. Move-Item (Windows: move) Moves/renames files.

  1. Set-ItemProperty -Name Attributes (Windows: attrib) Changes file attributes.

  1. Rename-Item (Windows: ren) Renames files/directories.

System Information Commands

  1. Get-ComputerInfo (Windows: systeminfo) Shows system information.

  1. $env:COMPUTERNAME (Windows: hostname) Shows computer name.

  1. Get-CimInstance Win32_OperatingSystem (Windows: ver) Shows OS version.

  1. Get-ChildItem Env: (Windows: set) Manages environment variables.

  1. Get-CimInstance (Windows: wmic) Queries system details.

  1. $env:USERNAME (Windows: whoami) Shows current user.

  1. Get-Process (Windows: tasklist) Lists running processes.

Network Commands

  1. Get-NetIPAddress (Windows: ipconfig) Shows network configuration.

  1. Test-Connection (Windows: ping) Tests network connectivity.

  1. Test-NetConnection (Windows: tracert) Tests route to a host.

  1. Get-NetTCPConnection (Windows: netstat) Shows network connections/ports.

  1. Resolve-DnsName (Windows: nslookup) Queries DNS.

  1. Get-NetNeighbor (Windows: arp) Manages ARP cache.

  1. Get-NetRoute (Windows: route) Manages routing table.

  1. New-PSDrive (Windows: net use) Maps network drives.

  1. Get-NetTCPConnection -State Listen (Windows: netstat -an) Shows listening connections.

  1. Set-NetIPInterface (Windows: netsh) Configures network settings.

Disk and Drive Commands

  1. Repair-Volume (Windows: chkdsk) Checks/repairs disk errors.

  1. Get-Disk | New-Partition (Windows: diskpart) Manages disks/partitions.

  1. Initialize-Disk | Format-Volume (Windows: format) Formats a drive.

  1. Set-Volume (Windows: label) Sets volume label.

  1. Get-Volume (Windows: vol) Shows volume info.

  1. Optimize-Volume (Windows: fsutil) Manages filesystem properties.

Task and Process Management Commands

  1. Stop-Process (Windows: taskkill) Terminates processes.

  • Investigation Context: Monitor in Defender XDR/Sentinel. KQL query:

  1. Register-ScheduledTask (Windows: schtasks) Manages scheduled tasks.

  1. Get-Service (Windows: sc) Controls services.

  1. Stop-Computer (Windows: shutdown) Performs shutdown/restart.

  1. Start-Process (Windows: start) Starts a program.

  1. Pause (Windows: pause) Pauses script execution.

  1. Start-Sleep (Windows: timeout) Adds delay in scripts.

User and Security Commands

  1. New-LocalUser (Windows: net user) Manages user accounts.

  1. Add-LocalGroupMember (Windows: net localgroup) Manages group memberships.

  1. Start-Process -Credential (Windows: runas) Runs command as another user.

  1. Set-Acl (Windows: cacls) Modifies file permissions.

  1. Set-Acl (Windows: icacls) Advanced file permissions.

  1. Lock-Computer (Windows: lock) Locks workstation.

  1. Update-GP (Windows: gpupdate) Updates Group Policy.

  1. Set-GPRegistryValue (Windows: secedit) Applies security settings.

Power and Shutdown Commands

  1. Get-CimInstance Win32_Battery (Windows: powercfg) Manages power settings.

  1. Stop-Computer -Force (Windows: shutdown /s /t 0) Immediate shutdown.

  1. Restart-Computer -Force (Windows: shutdown /r /t 0) Immediate restart.

  1. Logoff (Windows: shutdown /l) Logs off user.

Troubleshooting Commands

  1. Repair-WindowsImage (Windows: sfc /scannow) Repairs system files.

  1. Repair-WindowsImage (Windows: DISM) Repairs Windows images.

  1. Clear-Disk (Windows: cleanmgr) Manages disk space.

  1. Get-WinEvent (Windows: eventvwr) Views event logs.

  1. Get-ComputerInfo (Windows: msinfo32) Shows system info.

Advanced and Miscellaneous Commands

  1. Get-ChildItem -Recurse (Windows: tree) Displays folder structure.

  1. Write-Output (Windows: echo) Displays messages or writes to files.

  1. Clear-Host (Windows: cls) Clears console screen.

  1. $host.UI.RawUI.WindowTitle (Windows: title) Sets console title.

  1. $PSStyle (Windows: colour) Changes console colours (PowerShell 7+).

  1. Exit (Windows: exit) Closes PowerShell session.

  1. $PSCommandPath (Windows: prompt) Customises PowerShell prompt.

  1. Get-Help (Windows: help) Shows command help.

Scripting and Shell Commands

  1. If (Windows: if) Conditional logic in scripts.

  1. ForEach-Object (Windows: for) Loops through values.

  1. Function (Windows: goto) Defines functions for script flow.

  1. . (dot sourcing) (Windows: call) Calls another script/function.

  1. $script: / $local: (Windows: setlocal/endlocal) Manages variable scope.

Bonus Useful Commands

  1. Set-Clipboard (Windows: clip) Copies to clipboard.

  1. Select-String (Windows: find) Searches text in files.

  1. Get-ItemProperty (Windows: assoc) Manages file associations.

  1. Get-CimInstance Win32_PnPSignedDriver (Windows: driverquery) Lists drivers.

  1. Show-Command explorer (Windows: taskview) Opens Task View (GUI-based).

Previous70+ Essential Linux CommandsNext70+ Essential Windows CMD Commands

Last updated