PowerShell — Quick Reference¶
Essentials¶
| Command | Action |
|---|---|
[Environment]::Is64BitOperatingSystem |
Check OS architecture (64‑bit or not) |
[Environment]::Is64BitProcess |
Check current PowerShell session architecture |
"$($PSVersionTable.PSEdition) $($PSVersionTable.PSVersion)" |
Show PowerShell edition and version |
$ExecutionContext.SessionState.LanguageMode |
Check language mode (e.g., ConstrainedLanguage) |
$PSHOME |
Show PowerShell installation directory |
Get-ChildItem Env: |
List environment variables |
Get-Date |
Display local date/time |
Get-Command |
List available commands/cmdlets |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Path to 64‑bit PowerShell (from 64‑bit context) |
C:\Windows\SysNative\WindowsPowerShell\v1.0\powershell.exe |
Launch 64‑bit PowerShell from a 32‑bit process |
Script Execution¶
| Command | Action |
|---|---|
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy RemoteSigned |
Allows local scripts for your user; requires signature for internet-downloaded scripts unless unblocked. |
Set-ExecutionPolicy -Scope LocalMachine -ExecutionPolicy RemoteSigned |
Same as above but machine-wide; requires admin PowerShell. |
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted |
Least restrictive for your user; runs all scripts but warns for internet zone. |
powershell.exe -NoProfile -ExecutionPolicy Bypass -File .\script.ps1 |
One-time run ignoring policy; no permanent change. |
Unblock-File -Path .\script.ps1 |
Removes "downloaded from internet" block on the script file. |
Get-ExecutionPolicy -List |
Shows effective and scoped execution policies. |
Host Quick‑Triage¶
| Command | Action |
|---|---|
Get-Item "$env:APPDATA\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt" |
Locate PSReadLine history (Windows PowerShell 5.1) |
Get-Item "$env:APPDATA\Microsoft\PowerShell\PSReadLine\ConsoleHost_history.txt" |
Locate PSReadLine history (PowerShell 7+) |
Files & ACLs¶
| Command | Action |
|---|---|
Get-Content <path> |
Read file content (text) |
Get-Content <path> -Wait -Tail <N> |
Tail file and follow new lines |
Select-String -Path <path> -Pattern "<pattern>" |
Search for text in a file |
Get-ChildItem -Path <root> -Filter <name> -Recurse -Force -ErrorAction SilentlyContinue |
Search for a file by name |
Networking¶
| Command | Action |
|---|---|
Test-NetConnection <host> -Port <port> |
Test TCP connectivity to a host:port |
Credentials & Permissions (Admin tasks)¶
| Command | Action |
|---|---|
$pass = ConvertTo-SecureString '<password>' -AsPlainText -Force |
Create SecureString from plaintext |
$cred = New-Object System.Management.Automation.PSCredential('<domain>\<username>', $pass) |
Create PSCredential object |
(Import-CliXml -Path <file>).GetNetworkCredential().Password |
Recover password from exported credential (same user/machine) |
[System.Net.NetworkCredential]::new("", $SecurePassword).Password |
Convert a SecureString to plaintext |
RDP¶
| Command | Action |
|---|---|
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name 'fDenyTSConnections' -Value 0 |
Enable RDP connections |
Enable-NetFirewallRule -DisplayGroup "Remote Desktop" |
Allow RDP in Windows Firewall |
New-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Lsa' -Name 'DisableRestrictedAdmin' -Value 0 -PropertyType DWORD |
Enable RDP Restricted Admin mode |