Applications

Name	Command
Services	services.msc
HyperV manager	virtmgmt.msc
Disk Management	diskmgmt.msc
Device Manager	devmgmt.msc
Windows Features	optionalfeatures
Registry Editor	regedit
Event Viewer	eventvwr
Local Group Policy Editor	gpedit
SQL Server Configuration Manager	SQLServerManager14.msc
Component Services	dcomcnfg.exe

Control Panel tools

Name	Command
Network Connections	ncpa.cpl
Add/Remove Programs	appwiz.cpl

Users and groups

whoami          # current user
whoami /groups  # current user groups

# list local users
net user

# display account information (groups of which he is a member)
net user [username]

# create an account
net user /add [username] *
# it prompts the password

# delete user
net user [username] /delete

# list local groups
net localgroup

# list the users of a group
net localgroup "group name"

# add a user to a group
net localgroup administrators [username] /add
# /delete to remove a user from a group
# username ex: IDENTITY\firstname.lastname

Access Control Lists

# save the DACLs of c:\folder\file.ext to c:\folder\acl.txt
icacls c:\folder\file.ext /save c:\folder\acl.txt

# restore the DACLs of c:\folder\file.ext from c:\folder\acl.txt
icacls c:\folder\file.ext /restore c:\folder\acl.txt

# grant to User1 the full access permission to c:\folder\file.ext
icacls c:\folder\file.ext /grant User1:F

Basic permissions
Code	Description
F	Full access
M	Modify access
RX	Read and execute access
R	Read-only access
W	Write-only access

Service Controller

# display the current permissions for MyService as an SDDL string
sc sdshow MyService

# set the permissions for MyService
sc sdset MyService "D:(A;;...)(A;;RPWPCR;;;S-1-5-21-2133228432-2794320136-1823075350-1000)S:(...)"

# get the SID of the current user
whoami /user

Code	Description
S:	System Access Control List (SACL)
D:	Discretionary ACL (DACL)
A	Allow
D	Deny
CC	SERVICE_QUERY_CONFIG : Query the SCM for the service configuration
LC	SERVICE_QUERY_STATUS : Query the SCM the current status of the service
SW	SERVICE_ENUMERATE_DEPENDENTS : List dependent services
LO	SERVICE_INTERROGATE : Query the service its current status
CR	SERVICE_USER_DEFINED_CONTROL
RC	READ_CONTROL : Query the security descriptor of the service
RP	SERVICE_START : Start the service
WP	SERVICE_STOP
DT	SERVICE_PAUSE_CONTINUE : Pause/Resume the service
DC	SERVICE_CHANGE_CONFIG (Change service configuration)
WD	WRITE_DAC : Change the permissions of the service
WO	WRITE_OWNER : Change the ownership of the service
SD	DELETE : The right to delete the service

Security Principal
Code	Description
AU	Authenticated Users
BA	Built-in administrators
BU	Built-in users
IU	Interactively logged-on user
SU	Service logon user
SY	Local System
WD	Everyone

Boot menu

# lists entries
bcdedit /v

# add a new entry
bcdedit /copy {current} /d "Description"

# run in Safe mode
bcdedit /set "{guid}" safeboot minimal

# run in Safe Mode with networking support
bcdedit /set {guid} safeboot network

# in addition to safe mode, make it use the command prompt instead of the Explorer shell
bcdedit /set "{guid}" safebootalternateshell yes

Windows defender

# display settings
Get-MpPreference

# add exclusion path
Add-MpPreference -ExclusionPath "C:\Folder1","C:\Folder2"

# remove exclusion path
Remove-MpPreference -ExclusionPath "C:\Folder"

Change IP address and DNS servers

# network information
netsh interface ipv4 show config

# set the IP address, subnet mask, and default gateway
netsh interface ipv4 set address name="Ethernet 1" static 192.168.0.1 255.255.255.0 192.168.0.254

# set the DNS servers
netsh interface ipv4 set dns name="Ethernet 1" static 8.8.8.8
netsh interface ipv4 set dns name="Ethernet 1" static 8.8.4.4 index=2

# set the network interface to use an IP address provided by a DHCP server
netsh interface ipv4 set address name=”Ethernet 1” source=dhcp

# set the network interface to use DNS servers provided by a DHCP server
netsh interface ipv4 set dnsservers name="Ethernet 1" source=dhcp