To find all PS Commands in your computer
Get-Command
Understanding the Results of the Get-Command Cmdlet
There are four columns in the results of the Get-Command Output
- CommandType: This tells you whether command is an Alias, a Cmdlet, or a Function.
- Name: The name is the actual command you execute.
- Version: This is the PowerShell version
- Source: The module of the PS command.
With this information, you can filter the results from Get-Command. Say you want to see PowerShell commands containing the word “EventLog”, running the command below will get the job done:
Get-Command -Name *EventLog
Get WAN IP
(Invoke-WebRequest ifconfig.me/ip).Content.Trim()
Fix Trust Relationship between computer and domain.
Reset-ComputerMachinePassword -Server DomainServer -Credential DomainName\Administrator
Connect PS to Remote Computer
Enter-PSSession -ComputerName COMPUTER -Credential USER
Install Windows Updates
Install and check the module:
Install-Module -Name PSWindowsUpdate
Get-Package -Name PSWindowsUpdate
List all available updates:
Get-WindowsUpdate
Install all available updates:
Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -AutoReboot
Get-WindowsUpdate -AcceptAll -Install -AutoReboot
Install a specific update:
Get-WindowsUpdate -Install -KBArticleID KB#######
List All User Password Ages
get-aduser -filter * -properties passwordlastset, passwordneverexpires |ft Name, passwordlastset, Passwordneverexpires
List All User Password Expiration Dates
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" | Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}
Find All Locked Account
Search-ADAccount -LockedOut
List all RDP connections made to computer
$RDPAuths = Get-WinEvent -LogName 'Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational' -FilterXPath '<QueryList><Query Id="0"><Select>*[System[EventID=1149]]</Select></Query></QueryList>'
[xml[]]$xml=$RDPAuths|Foreach{$_.ToXml()}
$EventData = Foreach ($event in $xml.Event)
{ New-Object PSObject -Property @{
TimeCreated = (Get-Date ($event.System.TimeCreated.SystemTime) -Format 'yyyy-MM-dd hh:mm:ss K')
User = $event.UserData.EventXML.Param1
Domain = $event.UserData.EventXML.Param2
Client = $event.UserData.EventXML.Param3
}
} $EventData | FT
Remove Inactive RDS User Profiles
Take ownership of ‘folder.V2’ path
takeown /r /d Y /f .\folder.V2
Grant open permissions to the folder (for easy deletion)
icacls .\folder.V2 /grant Everyone:F /T
Delete the ‘folder.V2’ path
remove-item -path .\folder.V2 -force -recurse
Migrate DHCP server configuration
Export the existing configuration:
Export-DHCPServer -ComputerName <old server> c:\dhcp.xml -ver -leases
Import to the new server:
Import-DHCPServer -ComputerName <new server> c:\dhcp.xml -backuppath c:\dhcpbackup -leases
Fix Common BPA Scan Results on new Windows Servers
- Set-smbserverconfiguration -AsynchronousCredits 64
- Set-smbserverconfiguration -MaxThreadsPerQueue 20
- Set-smbserverconfiguration -Smb2CreditsMax 2048
- Set-smbserverconfiguration -Smb2CreditsMin 128
- Set-smbserverconfiguration -DurableHandleV2TimeoutInSeconds 30
- Set-smbserverconfiguration -AutoDisconnectTimeout 0
- Set-smbserverconfiguration -CachedOpenLimit 5
Using command prompt as administrator
- sc config srv start=demand