25 Essential PowerShell Commands for Windows System Administrators

---

🖥️ System Monitoring and Diagnostics

1. Get-ComputerInfo
   Retrieves a complete snapshot of the system — OS version, BIOS info, processor details, and hotfixes. Get-ComputerInfo | Select-Object CsName, WindowsVersion, OsBuildNumber, BiosVersion
2. Get-EventLog
   Displays event logs from the Windows Event Viewer for system troubleshooting. Get-EventLog -LogName System -Newest 20
3. Get-WinEvent
   A more modern version of Get-EventLog, supports filtering by event IDs and sources. Get-WinEvent -LogName Application | Where-Object {$_.LevelDisplayName -eq "Error"}
4. Get-Process
   Shows all active processes with resource consumption details. Get-Process | Sort-Object CPU -Descending | Select-Object -First 10
5. Get-Service
   Lists all system services and their statuses (Running, Stopped, etc.). Get-Service | Where-Object {$_.Status -eq "Stopped"}
6. Get-EventViewer (Alias for PowerShell 7+)
   Use for live log monitoring and filtering system errors or warnings.
7. Test-Connection
   Performs a ping test to check network connectivity — similar to ping but more powerful. Test-Connection -ComputerName SERVER01 -Count 4
8. Get-PerformanceCounter
   Pulls performance metrics like CPU, memory, or disk usage. Get-PerformanceCounter -Counter "\Processor(_Total)\% Processor Time"

---

👤 User and Account Management

9. Get-LocalUser
   Displays all local users on a Windows machine. Get-LocalUser
10. New-LocalUser
    Creates a new local user account. New-LocalUser -Name "TechieUser" -Password (Read-Host -AsSecureString "Enter Password") -FullName "Tech Admin" -Description "Local Admin Account"
11. Set-LocalUser
    Modifies properties of an existing user account (e.g., enabling or disabling it). Set-LocalUser -Name "TechieUser" -Description "Updated account info"
12. Add-LocalGroupMember
    Adds a user to a local security group such as Administrators or Remote Desktop Users. Add-LocalGroupMember -Group "Administrators" -Member "TechieUser"
13. Get-ADUser (Requires RSAT)
    Queries Active Directory for users and attributes — ideal for domain environments. Get-ADUser -Filter * -Property * | Select-Object Name, SamAccountName, Enabled
14. Set-ADUser
    Updates AD user attributes like passwords, group membership, or department. Set-ADUser -Identity jdoe -Title "System Administrator" -Department "IT"

---

📂 File and Directory Management

15. Get-ChildItem (gci)
    Lists files and directories; supports recursion and filtering. Get-ChildItem -Path C:\Logs -Recurse | Where-Object {$_.Extension -eq ".log"}
16. Copy-Item
    Copies files or folders between directories or remote locations. Copy-Item -Path C:\Source\file.txt -Destination \\Server\Share -Force
17. Move-Item
    Moves or renames files and folders. Move-Item -Path C:\Temp\Report.txt -Destination C:\Archive\Report.txt
18. Remove-Item
    Deletes files or folders (use -Recurse with caution). Remove-Item -Path C:\Temp\OldLogs -Recurse -Force
19. Get-Content
    Reads the contents of a text file directly in PowerShell. Get-Content -Path C:\Logs\error.txt -Tail 20
20. Set-Content / Add-Content
    Writes or appends text data into files. "System Maintenance Completed" | Add-Content -Path C:\Reports\summary.txt

---

⚙️ Process and Service Management

21. Start-Service / Stop-Service
    Starts or stops a Windows service immediately. Stop-Service -Name "Spooler" -Force Start-Service -Name "Spooler"
22. Stop-Process
    Terminates a process by name or PID. Stop-Process -Name "notepad" -Force
23. Restart-Computer
    Reboots a computer locally or remotely with optional delay. Restart-Computer -ComputerName SERVER01 -Force
24. Get-ScheduledTask
    Lists scheduled tasks on a system for monitoring automation jobs. Get-ScheduledTask | Where-Object {$_.State -eq "Running"}
25. Start-Job / Get-Job / Receive-Job
    Runs background tasks and retrieves their results asynchronously. Start-Job -ScriptBlock { Get-Process } Get-Job Receive-Job -Id 1

---

🌐 Remote Administration Essentials

Bonus Tools for Enterprise Environments:

• Enter-PSSession / Exit-PSSession – For interactive remote administration of servers. Enter-PSSession -ComputerName SERVER01 -Credential (Get-Credential)
• Invoke-Command – Run scripts or commands across multiple remote computers simultaneously. Invoke-Command -ComputerName (Get-Content .\servers.txt) -ScriptBlock { Get-Service -Name WinRM }
• Get-WmiObject / Get-CimInstance – Collect system metrics and configuration remotely. Get-CimInstance -ClassName Win32_OperatingSystem | Select-Object CSName, Caption, OSArchitecture
• Enable-PSRemoting – Configures WinRM for PowerShell Remoting. Enable-PSRemoting -Force

---

🧩 Summary Table

Category	Common Cmdlets	Use Case
System Monitoring	Get-ComputerInfo, Get-EventLog, Get-Process	Diagnose performance and logs
User Management	Get-LocalUser, Get-ADUser, Set-LocalUser	Manage accounts and permissions
File Handling	Get-ChildItem, Copy-Item, Remove-Item	File operations and cleanup
Process Management	Get-Service, Stop-Process, Start-Service	Manage apps and services
Remote Administration	Invoke-Command, Enter-PSSession	Remote script execution and management

---

These PowerShell commands form the backbone of Windows system administration. Whether you’re managing local servers, Intune-enrolled endpoints, or hybrid AD environments, mastering these cmdlets allows faster troubleshooting, consistent automation, and secure remote operations.