PowerShell Reference Guide

Master the
Shell.
Command
Everything.

A comprehensive reference for PowerShell commands, syntax, and scripting patterns. From daily sysadmin tasks to complex automation pipelines.

PowerShell terminal showing sample commands
60+
Commands
6
Categories
PS 7.4
Version
100+
Examples
Basics

Essential Commands

Get-Help
Core · Documentation
Display help information for any cmdlet, function, or script. The foundation of self-service learning in PowerShell.
Get-Help <CmdletName> -Full
Get-Command
Core · Discovery
Discover all available commands, functions, aliases, and scripts. Filter by name, module, or command type.
Get-Command -Name *process* -Type Cmdlet
Get-Member
Core · Introspection
Reveal the properties and methods of any object. Essential for understanding what you can do with pipeline output.
Get-Process | Get-Member
Select-Object
Core · Filtering
Select specific properties from objects or limit the number of returned items. Shapes pipeline output precisely.
Get-Process | Select-Object Name, CPU, Id
Where-Object
Core · Filtering
Filter objects from the pipeline based on property values using comparison operators and script blocks.
Get-Service | Where-Object {$_.Status -eq 'Running'}
ForEach-Object
Core · Iteration
Perform operations on each object in the pipeline. The workhorse of inline processing and transformation.
1..10 | ForEach-Object { $_ * 2 }
Files

File System Commands

Get-ChildItem
Files · Directory
List files and directories. Supports recursive search, wildcard filtering, and attribute-based selection.
Get-ChildItem -Path C:\ -Recurse -Filter *.log
Copy-Item
Files · Management
Copy files and directories. Supports recursive copy, pipeline input, and credential-based remote operations.
Copy-Item -Path .\src -Destination .\dst -Recurse
Get-Content
Files · I/O
Read file contents line by line. Supports -Tail for log monitoring and -Raw for full-file read as a single string.
Get-Content .\app.log -Tail 50 -Wait
Processes

Process & Service Control

Get-Process
Processes · Monitoring
Retrieve running processes with CPU, memory, and handle information. Filter by name or PID.
Get-Process -Name chrome | Sort-Object CPU -Desc
Get-Service
Services · Status
Retrieve Windows service status. Filter by status, name, or dependent services. Supports Start/Stop pipeline.
Get-Service | Where-Object {$_.Status -eq 'Stopped'}
Stop-Process
Processes · Control
Terminate running processes by name or PID. Supports -Force for unresponsive processes and -Confirm for safety.
Get-Process notepad | Stop-Process -Force
PS>_ / Basics

Core Commands

The fundamental cmdlets that every PowerShell user must know. These commands form the backbone of exploration, discovery, and pipeline processing.

Get-Help
Get-Help [[-Name] <String>] [-Full] [-Online]
Display help information for cmdlets, scripts, and concepts. Supports -Online to open browser docs.
Core
Get-Command
Get-Command [[-Name] <String[]>] [-Module <String[]>]
Discover all available commands, aliases, and functions in the current session.
Core
Get-Member
InputObject | Get-Member [-MemberType <Type>]
Inspect the properties and methods of any .NET object passed through the pipeline.
Core
Select-Object
Select-Object [-Property <String[]>] [-First <Int>] [-Last <Int>]
Choose specific properties from objects or limit result counts. Supports computed properties.
Core
Where-Object
Where-Object [-FilterScript <ScriptBlock>]
Filter pipeline objects by evaluating a script block against each object's properties.
Core
ForEach-Object
ForEach-Object [-Process <ScriptBlock>] [-Parallel]
Execute a script block against each pipeline object. Supports parallel execution in PS 7+.
Core
Sort-Object
Sort-Object [-Property <String[]>] [-Descending] [-Unique]
Sort objects by one or more properties. Supports ascending, descending, and unique sorting.
Utility
Format-Table
Format-Table [-Property <Object[]>] [-AutoSize] [-Wrap]
Format output as a table. Use -AutoSize for better column width and -Wrap for long values.
Utility
Measure-Object
Measure-Object [-Property <String>] [-Sum] [-Average] [-Min] [-Max]
Calculate numeric statistics on a collection of objects from the pipeline.
Utility
ConvertTo-Json
ConvertTo-Json [-Depth <Int>] [-Compress]
Serialize objects to JSON format. Essential for REST API workflows and config file generation.
Advanced
PS>_ / Files & File System

File System

Navigate, read, write, copy, and manage files and directories. PowerShell's provider model means these commands work on the registry and other stores too.

Get-ChildItem
Get-ChildItem [-Path <String>] [-Filter <String>] [-Recurse]
List directory contents with powerful filtering, recursion, and attribute selection.
Core
Copy-Item
Copy-Item [-Path <String>] [-Destination <String>] [-Recurse]
Copy files and directories locally or to remote systems with -ToSession.
Core
Get-Content
Get-Content [-Path <String>] [-Tail <Int>] [-Wait] [-Raw]
Read file contents. -Tail + -Wait enables real-time log monitoring similar to Unix tail -f.
Core
Set-Content
Set-Content [-Path <String>] [-Value <Object[]>] [-Encoding <Encoding>]
Write or overwrite file content. Prefer Add-Content to append without overwriting.
Core
Remove-Item
Remove-Item [-Path <String>] [-Recurse] [-Force] [-Confirm]
Delete files and directories. Use -Confirm for safety and -WhatIf to preview without deleting.
Utility
Rename-Item
Rename-Item [-Path <String>] [-NewName <String>]
Rename a file or directory. Can be piped with Get-ChildItem for batch renames.
Utility
Test-Path
Test-Path [-Path <String>] [-PathType <Container|Leaf>]
Check if a path exists. Returns $true or $false — essential for script validation.
Utility
Resolve-Path
Resolve-Path [-Path <String>] [-Relative]
Resolve wildcards and relative paths to absolute paths. Validates existence in the process.
Advanced
PS>_ / Processes & Services

Processes & Services

Monitor, start, stop, and manage Windows processes and services. From real-time CPU monitoring to service dependency management.

Get-Process
Get-Process [[-Name] <String[]>] [-Id <Int32[]>] [-ComputerName]
Retrieve running processes with CPU, memory, handle and thread information.
Core
Stop-Process
Stop-Process [-Name <String[]>] [-Id <Int32[]>] [-Force]
Terminate processes by name or PID. Use -Force to close unresponsive processes.
Core
Start-Process
Start-Process [-FilePath <String>] [-ArgumentList] [-Verb RunAs]
Launch a new process. Use -Verb RunAs for elevated privileges. Supports -Wait for synchronous execution.
Core
Get-Service
Get-Service [[-Name] <String[]>] [-Status <ServiceControllerStatus>]
Retrieve Windows service status, startup type, and dependency information.
Core
Start-Service
Start-Service [-Name <String[]>] [-InputObject <ServiceController[]>]
Start one or more stopped services. Can accept pipeline input from Get-Service.
Utility
Restart-Service
Restart-Service [-Name <String[]>] [-Force] [-PassThru]
Stop and restart a service in a single command. -Force handles dependent services automatically.
Utility
Get-EventLog
Get-EventLog [-LogName <String>] [-Newest <Int>] [-EntryType <Type>]
Query Windows Event Logs. Filter by severity, source, and time range. Use Get-WinEvent for modern logs.
Advanced
PS>_ / Network

Network Commands

Test connectivity, manage adapters, query DNS, make HTTP requests, and configure firewall rules — all from the command line.

Test-Connection
Test-Connection [-TargetName <String[]>] [-Count <Int>] [-Quiet]
Send ICMP ping requests. -Quiet returns $true/$false for scripting. Supports parallel targets.
Core
Test-NetConnection
Test-NetConnection [-ComputerName <String>] [-Port <Int>]
Test TCP port connectivity and route tracing. More powerful than ping for port-level diagnostics.
Core
Invoke-WebRequest
Invoke-WebRequest [-Uri <Uri>] [-Method <String>] [-Body <Object>]
Make HTTP/HTTPS requests. Returns response headers, status code, and parsed content.
Utility
Invoke-RestMethod
Invoke-RestMethod [-Uri <Uri>] [-Method <String>] [-Headers <Hashtable>]
Call REST APIs and automatically parse JSON/XML responses into native objects.
Utility
Resolve-DnsName
Resolve-DnsName [-Name <String>] [-Type <DnsRecordType>] [-Server]
Perform DNS lookups for A, AAAA, MX, TXT, and other record types with custom server support.
Utility
Get-NetAdapter
Get-NetAdapter [[-Name] <String[]>] [-Physical] [-IncludeHidden]
List network adapters with speed, status, and MAC address information.
Advanced
Get-NetIPAddress
Get-NetIPAddress [-AddressFamily <IPv4|IPv6>] [-InterfaceAlias]
Retrieve assigned IP addresses for all or specific network interfaces.
Advanced
PS>_ / Security

Security & Audit

Manage execution policies, query Windows Defender, audit user accounts, manage certificates, and enforce security baselines.

Get-ExecutionPolicy
Get-ExecutionPolicy [-Scope <ExecutionPolicyScope>] [-List]
Query the current script execution policy at machine, user, and process scope levels.
Core
Set-ExecutionPolicy
Set-ExecutionPolicy [-ExecutionPolicy <Policy>] [-Scope <Scope>]
Set the PowerShell script execution policy. Requires admin for Machine scope changes.
Core
Get-MpComputerStatus
Get-MpComputerStatus
Query Windows Defender status including real-time protection, signature versions, and scan results.
Utility
Get-LocalUser
Get-LocalUser [[-Name] <String[]>] [-SID <SecurityIdentifier[]>]
List local user accounts with enabled status, last logon, and password expiry information.
Utility
Get-Acl
Get-Acl [-Path <String>] [-Audit] [-AllCentralAccessPolicies]
Retrieve access control lists (ACLs) for files, directories, and registry keys.
Advanced
Get-ChildItem Cert:\
Get-ChildItem -Path Cert:\LocalMachine -Recurse
Browse the certificate store. Filter by thumbprint, expiry, or subject to audit installed certs.
Advanced
PS>_ / Scripting

Scripting & Automation

Functions, error handling, jobs, remoting, and modules. Everything needed to write production-grade PowerShell automation.

Invoke-Command
Invoke-Command [-ComputerName <String[]>] [-ScriptBlock] [-AsJob]
Run commands on remote computers. Supports parallel execution across multiple hosts.
Core
Start-Job
Start-Job [-ScriptBlock <ScriptBlock>] [-ArgumentList <Object[]>]
Run a command in a background job. Use Receive-Job to collect output when complete.
Utility
Try / Catch / Finally
try { } catch [ExceptionType] { } finally { }
Structured exception handling. Use -ErrorAction Stop to convert non-terminating errors to catchable ones.
Core
Import-Module
Import-Module [-Name <String[]>] [-Force] [-PassThru]
Load a PowerShell module into the current session. Auto-loading handles most cases in PS 3+.
Utility
New-PSSession
New-PSSession [-ComputerName <String[]>] [-Credential <PSCredential>]
Create a persistent remote session. Reuse sessions for multiple commands to reduce connection overhead.
Advanced
Write-Output / Write-Host
Write-Output [-InputObject <PSObject[]>] [-NoEnumerate]
Write-Output sends objects to the pipeline. Write-Host writes directly to console (not pipeable).
Utility
Measure-Command
Measure-Command [-Expression <ScriptBlock>]
Measure script block execution time. Essential for performance profiling and optimization.
Advanced
CoreMicrosoft.PowerShell.Core·All Versions

Get-Help

Display help information for any PowerShell cmdlet, function, script, or conceptual topic. The foundation of self-service learning in PowerShell.

Syntax

PowerShell
PS> Get-Help [[-Name] <String>] [-Full] [-Online] [-Examples] [-Detailed]

Examples

Common patterns
# Basic help
PS> Get-Help Get-Process

# Show only examples
PS> Get-Help Get-Process -Examples

# Full parameter reference
PS> Get-Help Get-Process -Full

# Open online docs in browser
PS> Get-Help Get-Process -Online

# Search for commands related to "network"
PS> Get-Help "*network*"

# Browse conceptual topics
PS> Get-Help about_Pipelines
PS> Get-Help about_Functions

# Update help content from Microsoft
PS> Update-Help -Force
💡 TipRun Get-Help about_* to see all conceptual documentation topics available — about_Pipelines, about_Functions, about_Scopes, about_Regular_Expressions, and many more.

Parameters

ParameterTypeDescription
-NameStringName of the cmdlet or topic. Supports wildcards.
-FullSwitchShow the complete help article including all technical details.
-ExamplesSwitchShow only the examples section — great for quick syntax lookups.
-OnlineSwitchOpen the online version of the help topic in your default browser.
-DetailedSwitchShow parameter descriptions and examples. Middle ground between default and -Full.
Related Commands
Aliases
help, man
Version
PS 1.0+
CoreMicrosoft.PowerShell.Core

Get-Command

Discover all available commands, functions, aliases, and scripts in the current session and installed modules.

Examples

PowerShell
# Find cmdlets with "network" in the name
PS> Get-Command "*network*"

# List all cmdlets in a specific module
PS> Get-Command -Module ActiveDirectory

# Find by verb and noun
PS> Get-Command -Verb Get -Noun "*Service*"

# List all aliases
PS> Get-Command -CommandType Alias

# Find where an executable lives
PS> Get-Command notepad.exe

# Count all available cmdlets
PS> (Get-Command -CommandType Cmdlet).Count
💡 Discovery TipAfter finding a command with Get-Command, immediately run Get-Help <name> -Examples for ready-to-use code samples.
Aliases
gcm
Core

Get-Member

Inspect the properties and methods of any .NET object in the pipeline — the essential tool for understanding what you can do with cmdlet output.

Examples

PowerShell
# Inspect all members of a process object
PS> Get-Process | Get-Member

# Show only properties
PS> Get-Process | Get-Member -MemberType Property

# Show only methods
PS> Get-Process | Get-Member -MemberType Method

# Inspect a string object
PS> "Hello World" | Get-Member

# Find all note properties (custom properties)
PS> Get-Process | Get-Member -MemberType NoteProperty
TypeName: System.Diagnostics.Process Name MemberType Definition ---- ---------- ---------- Handles AliasProperty Handles = Handlecount Name AliasProperty Name = ProcessName Kill Method void Kill() Refresh Method void Refresh() Start Method bool Start() CPU ScriptProperty System.Object CPU {get=...} WorkingSet ScriptProperty System.Object WorkingSet {...}
Aliases
gm
Core

Select-Object

Select specific properties, create computed properties, or limit the number of objects returned. Shapes pipeline output precisely.

Examples

PowerShell
# Select specific properties
PS> Get-Process | Select-Object Name, CPU, Id

# Get the top 5 by CPU
PS> Get-Process | Sort-Object CPU -Desc | Select-Object -First 5

# Computed / calculated property
PS> Get-Process | Select-Object Name, @{
    Name = 'MemMB'
    Expression = { [math]::Round($_.WorkingSet64 / 1MB, 1) }
}

# Expand a nested property
PS> Get-Process | Select-Object -ExpandProperty Threads

# Select unique values
PS> Get-Process | Select-Object -Unique -Property Name
Aliases
select
Core

Where-Object

Filter pipeline objects using a script block or simplified syntax. The PowerShell equivalent of SQL's WHERE clause.

Examples

PowerShell
# Classic script block syntax
PS> Get-Service | Where-Object { $_.Status -eq 'Running' }

# Simplified comparison syntax (PS 3+)
PS> Get-Service | Where-Object Status -eq 'Running'

# Multiple conditions with -and
PS> Get-Process | Where-Object {
    $_.CPU -gt 10 -and $_.WorkingSet64 -gt 100MB
}

# String pattern matching
PS> Get-Process | Where-Object Name -like "*chrome*"

# Null check
PS> Get-Process | Where-Object { $_.MainWindowTitle -ne '' }
Aliases
where, ?
Core

ForEach-Object

Execute a script block for each pipeline object. Supports parallel processing in PowerShell 7+ via -Parallel.

Examples

PowerShell
# Basic iteration
PS> 1..5 | ForEach-Object { $_ * 2 }

# Call a method on each object
PS> Get-ChildItem "*.txt" | ForEach-Object { $_.Name.ToUpper() }

# Parallel execution (PS 7+)
PS> 1..20 | ForEach-Object -Parallel {
    Start-Sleep 1; $_
} -ThrottleLimit 5

# Begin / Process / End blocks
PS> 1..3 | ForEach-Object -Begin { "Start" } -Process { $_ } -End { "Done" }
Aliases
foreach, %
CoreMicrosoft.PowerShell.Management

Get-Process

Retrieve information about running processes — CPU, memory, handles, threads, and more. Works locally or against remote computers.

Get-Process output visualization

Examples

Common patterns
# List all running processes
PS> Get-Process

# Find a specific process
PS> Get-Process -Name chrome

# Top 10 by CPU
PS> Get-Process | Sort-Object CPU -Descending | Select-Object -First 10

# Processes using more than 500MB RAM
PS> Get-Process | Where-Object { $_.WorkingSet64 -gt 500MB }

# Include username (requires admin)
PS> Get-Process -IncludeUserName | Select-Object Name, UserName, CPU

# Remote process list
PS> Get-Process -ComputerName "server01"
💡 Performance TipUse -Name to filter directly instead of piping to Where-Object — the filter runs at the provider level and is significantly faster for large process lists.

Key Properties

PropertyTypeDescription
CPUDoubleTotal processor time used in seconds
WorkingSet64Int64Physical memory used in bytes
IdInt32Process ID (PID)
StartTimeDateTimeWhen the process was launched
RespondingBooleanWhether the process is responding to input
Related Commands
Aliases
gps, ps
CoreMicrosoft.PowerShell.Management

Get-Service

Retrieve Windows service status — Running, Stopped, or Paused. Pipe directly to Start-Service, Stop-Service, or Restart-Service.

Get-Service output showing service list

Examples

Common patterns
# List all services
PS> Get-Service

# Only running services
PS> Get-Service | Where-Object Status -eq 'Running'

# Start all stopped SQL services
PS> Get-Service "sql*" |
    Where-Object {$_.Status -eq 'Stopped'} |
    Start-Service

# Show dependent services
PS> Get-Service lanmanserver -DependentServices

# Export to CSV
PS> Get-Service | Select-Object Name, DisplayName, Status, StartType |
    Export-Csv "services.csv" -NoTypeInformation
⚠ Windows OnlyGet-Service targets the Windows Service Control Manager and is not available on Linux/macOS PowerShell installs.
Related Commands
Aliases
gsv
CoreMicrosoft.PowerShell.Management

Get-ChildItem

List files and directories. Works across the filesystem, registry, certificate store, and any PowerShell provider.

Directory tree visualization

Examples

Common patterns
# List current directory
PS> Get-ChildItem

# Recursive search for .log files
PS> Get-ChildItem -Path C:\ -Recurse -Filter "*.log"

# Files modified in last 24 hours
PS> Get-ChildItem D:\Logs |
    Where-Object {$_.LastWriteTime -gt (Get-Date).AddDays(-1)}

# Files over 100MB, sorted by size
PS> Get-ChildItem -Recurse |
    Where-Object {$_.Length -gt 100MB} |
    Sort-Object Length -Descending

# Only directories
PS> Get-ChildItem -Directory

# Browse the registry
PS> Get-ChildItem "HKLM:\SOFTWARE\Microsoft"
💡 Speed TipUse -File and -Directory switches instead of Where-Object — they filter at the provider level and are much faster for large trees.
Related Commands
Aliases
gci, ls, dir
UtilityNetTCPIP Module · Windows Only

Test-NetConnection

Diagnose TCP port reachability, ICMP ping, and route tracing — all in one cmdlet.

Network topology diagram

Examples

Common patterns
# Basic ping test
PS> Test-NetConnection "8.8.8.8"

# Test specific TCP port
PS> Test-NetConnection "server01" -Port 443

# Trace route
PS> Test-NetConnection "google.com" -TraceRoute

# Check port 443 across multiple servers
PS> $servers = "web01", "web02", "web03"
PS> $servers | ForEach-Object {
    $r = Test-NetConnection $_ -Port 443
    [PSCustomObject]@{ Server = $_; Port443 = $r.TcpTestSucceeded }
}
ComputerName : server01 RemoteAddress : 192.168.1.50 RemotePort : 443 TcpTestSucceeded : True
Related Commands
SecurityMicrosoft.PowerShell.Security

Get-ExecutionPolicy

Query the current PowerShell script execution policy at machine, user, and process scope levels.

Security audit dashboard

Policy Levels

PolicyBehavior
RestrictedNo scripts run. Interactive commands only. Default on Windows clients.
AllSignedAll scripts must be signed by a trusted publisher.
RemoteSignedRemote scripts require signature; local scripts run unsigned.
UnrestrictedAll scripts run. Remote scripts prompt before running.
BypassNothing blocked. No warnings or prompts. Use in automation.
PowerShell
# Check current policy
PS> Get-ExecutionPolicy

# Show all scope levels
PS> Get-ExecutionPolicy -List

# Set policy for current user
PS> Set-ExecutionPolicy RemoteSigned -Scope CurrentUser

# One-time bypass for a single script
PS> powershell.exe -ExecutionPolicy Bypass -File .\script.ps1
⚠ Security NoteNever use Bypass on production machines. Use RemoteSigned or AllSigned with proper code signing certificates.
Related Commands
AdvancedMicrosoft.PowerShell.Core

Invoke-Command

Execute commands on one or many remote computers via WinRM. The backbone of large-scale Windows automation.

Examples

Remoting patterns
# Run on a single remote machine
PS> Invoke-Command -ComputerName server01 -ScriptBlock {
    Get-Service wuauserv
}

# Run across multiple servers in parallel
PS> $servers = "web01", "web02", "db01"
PS> Invoke-Command -ComputerName $servers -ScriptBlock {
    [PSCustomObject]@{
        Server = $env:COMPUTERNAME
        FreeGB = [math]::Round((Get-PSDrive C).Free / 1GB, 1)
    }
}

# Pass local variable with $using: scope
PS> $svc = "bits"
PS> Invoke-Command -ComputerName server01 -ScriptBlock {
    Restart-Service $using:svc
}

# As a background job
PS> $job = Invoke-Command -ComputerName server01 -ScriptBlock { Get-Process } -AsJob
PS> Receive-Job $job -Wait
💡 $using: ScopeUse the $using: modifier to pass local variables into remote script blocks. Without it, local variables are inaccessible inside the remote session.
Related Commands
Aliases
icm
Core

Stop-Process

Terminate one or more running processes by name or ID. Use -Force for unresponsive apps and -WhatIf to preview.

PowerShell
PS> Stop-Process -Name notepad
PS> Stop-Process -Id 1234 -Force
PS> Get-Process chrome | Stop-Process -WhatIf
# Kill all hung processes
PS> Get-Process | Where-Object {$_.Responding -eq $false} | Stop-Process -Force
Core

Start-Process

Launch executables, scripts, or documents. Supports elevated privileges (-Verb RunAs), custom working directories, and synchronous execution (-Wait).

PowerShell
PS> Start-Process notepad.exe
PS> Start-Process powershell -Verb RunAs # Elevated
PS> Start-Process ".\install.exe" -ArgumentList "/silent" -Wait
PS> Start-Process "https://docs.microsoft.com"
Core

Copy-Item

Copy files, directories, or registry keys locally or to remote PSSession targets.

PowerShell
PS> Copy-Item ".\file.txt" "C:\Backup\"
PS> Copy-Item -Path ".\src" -Destination ".\dst" -Recurse
# Copy to remote session
PS> $s = New-PSSession server01
PS> Copy-Item ".\app.zip" -Destination "C:\Deploy\" -ToSession $s
Core

Get-Content

Read file contents line by line. Use -Tail + -Wait for live log monitoring. Use -Raw to read as a single string.

PowerShell
PS> Get-Content ".\readme.txt"
PS> Get-Content ".\app.log" -Tail 100 -Wait  # Live tail
PS> Get-Content ".\data.json" -Raw | ConvertFrom-Json
# Count lines
PS> (Get-Content ".\large.log").Count
Utility

Sort-Object

Sort pipeline objects by one or more properties. Supports ascending, descending, case-sensitive, and unique deduplication.

PowerShell
PS> Get-Process | Sort-Object CPU -Descending
PS> Get-ChildItem | Sort-Object LastWriteTime
# Multi-property sort
PS> Get-Process | Sort-Object -Property @{E='CPU';Desc=$true}, Name
Utility

Format-Table

Display objects as a formatted table. Always use as the final command in a pipeline — output cannot be piped further.

PowerShell
PS> Get-Process | Format-Table Name, CPU, Id -AutoSize
PS> Get-Service | Format-Table -GroupBy Status -AutoSize
Utility

Measure-Object

Calculate Count, Sum, Average, Min, and Max on numeric properties. Also supports -Line, -Word, -Character for text.

PowerShell
PS> Get-Process | Measure-Object CPU -Sum -Average -Max
PS> Get-ChildItem -Recurse | Measure-Object Length -Sum
# Count lines in a file
PS> Get-Content file.txt | Measure-Object -Line
Advanced

ConvertTo-Json

Serialize PowerShell objects to JSON. Essential for REST APIs, config generation, and data export workflows.

PowerShell
PS> Get-Process | Select-Object Name, CPU | ConvertTo-Json
PS> @{name="test"; value=42} | ConvertTo-Json -Compress
PS> ConvertTo-Json $data -Depth 5 | Set-Content "output.json"
Core

Set-Content

Write or replace file content. Use Add-Content to append without overwriting.

PowerShell
PS> Set-Content ".\out.txt" "Hello, World"
PS> Add-Content ".\log.txt" ((Get-Date).ToString())
PS> Get-Process | ConvertTo-Csv | Set-Content "processes.csv"
Utility

Remove-Item

Delete files, directories, or registry keys. Always test with -WhatIf before running recursively.

PowerShell
PS> Remove-Item ".\temp.txt"
PS> Remove-Item ".\cache" -Recurse -Force
PS> Remove-Item "C:\Logs\*.log" -WhatIf
# Delete files older than 30 days
PS> Get-ChildItem "C:\Logs" | Where-Object {$_.LastWriteTime -lt (Get-Date).AddDays(-30)} | Remove-Item
Utility

Start-Service

Start one or more stopped Windows services. Accepts pipeline input from Get-Service for batch operations.

PowerShell
PS> Start-Service "wuauserv"
PS> Get-Service "sql*" | Start-Service
PS> Start-Service bits -PassThru
Utility

Restart-Service

Stop and restart a service in one operation. -Force handles dependent services automatically.

PowerShell
PS> Restart-Service "Spooler"
PS> Restart-Service "wuauserv" -Force
PS> Get-Service "iis*" | Restart-Service -PassThru
Core

Test-Connection

Send ICMP echo requests to hosts. Returns structured objects with latency; use -Quiet for $true/$false scripting.

PowerShell
PS> Test-Connection "8.8.8.8"
PS> Test-Connection "google.com" -Count 4 -Quiet
# Parallel ping multiple hosts
PS> "web01","web02","db01" | Test-Connection -Count 1
Utility

Resolve-DnsName

DNS lookups for A, MX, TXT, CNAME, and other record types — with custom server support.

PowerShell
PS> Resolve-DnsName "microsoft.com"
PS> Resolve-DnsName "microsoft.com" -Type MX
PS> Resolve-DnsName "google.com" -Server "1.1.1.1"
Advanced

Get-NetAdapter

List network adapters with link speed, MAC address, and driver details.

PowerShell
PS> Get-NetAdapter
PS> Get-NetAdapter | Where-Object Status -eq Up
PS> Get-NetAdapter -Physical | Select-Object Name, LinkSpeed, MacAddress
Advanced

Get-NetIPAddress

Retrieve IP addresses assigned to all network interfaces, including IPv4/IPv6 and subnet prefix lengths.

PowerShell
PS> Get-NetIPAddress
PS> Get-NetIPAddress -AddressFamily IPv4
PS> Get-NetIPAddress -InterfaceAlias "Ethernet"
Utility

Invoke-WebRequest

Make HTTP/HTTPS requests and return response headers, status codes, and parsed content.

PowerShell
PS> Invoke-WebRequest "https://example.com"
# Download a file
PS> Invoke-WebRequest -Uri "https://example.com/file.zip" -OutFile ".\file.zip"
# POST JSON body
PS> $body = @{name="test"} | ConvertTo-Json
PS> Invoke-WebRequest -Uri "https://api.example.com/items" -Method POST -Body $body -ContentType "application/json"
Utility

Invoke-RestMethod

Call REST APIs and automatically deserialize JSON/XML responses into native PS objects.

PowerShell
PS> Invoke-RestMethod "https://api.github.com/repos/PowerShell/PowerShell"
# POST with auth header
PS> $headers = @{Authorization = "Bearer $token"}
PS> Invoke-RestMethod -Uri "https://api.example.com/data" -Method POST -Headers $headers -Body ($body | ConvertTo-Json) -ContentType "application/json"
Security

Set-ExecutionPolicy

Configure the PS script execution policy at machine, user, or process scope. Requires elevation for machine-wide changes.

PowerShell
PS> Set-ExecutionPolicy RemoteSigned -Scope CurrentUser
PS> Set-ExecutionPolicy AllSigned -Scope LocalMachine -Force
PS> Set-ExecutionPolicy Bypass -Scope Process
Security

Get-MpComputerStatus

Query Windows Defender status including real-time protection, signature versions, and last scan results.

PowerShell
PS> Get-MpComputerStatus
PS> (Get-MpComputerStatus).RealTimeProtectionEnabled
PS> Get-MpComputerStatus | Select-Object AntivirusEnabled, AntispywareSignatureLastUpdated, LastFullScanEndTime
Security

Get-LocalUser

List local user accounts with enabled state, last logon, and SID — essential for security audits.

PowerShell
PS> Get-LocalUser
PS> Get-LocalUser | Where-Object Enabled -eq $true
# Disable Guest account
PS> Get-LocalUser "Guest" | Disable-LocalUser
Advanced

Get-Acl

Retrieve the security descriptor (ACL) for files, folders, or registry keys. Pair with Set-Acl to apply changes.

PowerShell
PS> Get-Acl "C:\Sensitive"
PS> (Get-Acl "C:\Data").Access
# Copy ACL from one folder to another
PS> $acl = Get-Acl "C:\Source"
PS> Set-Acl "C:\Dest" $acl
Advanced

Get-ChildItem Cert:\

Browse the Windows Certificate Store via the Cert: PSDrive. Audit installed certs and find expiring certificates.

PowerShell
PS> Get-ChildItem Cert:\LocalMachine -Recurse
# Find certs expiring within 30 days
PS> Get-ChildItem Cert:\LocalMachine\My |
    Where-Object {$_.NotAfter -lt (Get-Date).AddDays(30)}
# Find by thumbprint
PS> Get-ChildItem Cert:\LocalMachine -Recurse |
    Where-Object Thumbprint -eq "ABC123..."
Utility

Start-Job

Run a script block in the background. Use Receive-Job to collect results, Wait-Job to synchronize, Remove-Job to clean up.

PowerShell
PS> $job = Start-Job { Get-Process }
PS> Wait-Job $job
PS> Receive-Job $job
PS> Remove-Job $job
# Multiple parallel jobs
PS> $jobs = 1..5 | ForEach-Object { Start-Job { Start-Sleep 2; $using:_ } }
PS> $jobs | Wait-Job | Receive-Job
Core

Try / Catch / Finally

Structured exception handling. Use -ErrorAction Stop to convert non-terminating errors into catchable exceptions.

PowerShell
try {
    Get-Item "C:\NonExistent" -ErrorAction Stop
} catch [System.IO.FileNotFoundException] {
    Write-Warning "File not found: $($_.Exception.Message)"
} catch {
    Write-Error "Unexpected: $_"
} finally {
    Write-Output "Cleanup complete"
}
# Make ALL errors catchable globally
PS> $ErrorActionPreference = 'Stop'
Utility

Import-Module

Load a PowerShell module into the session. PS 3+ auto-loads modules on first use, but explicit import ensures availability.

PowerShell
PS> Import-Module ActiveDirectory
PS> Import-Module ".\MyModule.psm1"
PS> Import-Module Az -Force
PS> Get-Module -ListAvailable
# Install from PSGallery first
PS> Install-Module PSReadLine -Scope CurrentUser
Advanced

New-PSSession

Create a persistent remote session (PSSession) for reuse across multiple commands without reconnecting each time.

PowerShell
PS> $s = New-PSSession -ComputerName "server01"
PS> Invoke-Command -Session $s -ScriptBlock { Get-Process }
PS> Enter-PSSession $s   # Interactive remote shell
PS> Remove-PSSession $s  # Close when done
Utility

Write-Output

Send objects to the pipeline. Unlike Write-Host, output can be captured, redirected, and piped to other commands.

PowerShell
PS> Write-Output "Hello, World"
PS> Write-Host "Console only" -ForegroundColor Cyan
# Structured logging streams
PS> Write-Verbose "Debug info"   # Only with -Verbose
PS> Write-Warning "Looks wrong"
PS> Write-Error "Critical failure"
Advanced

Measure-Command

Time script block execution. Returns a TimeSpan with TotalMilliseconds, TotalSeconds, etc. Essential for profiling.

PowerShell
PS> Measure-Command { Get-ChildItem C:\ -Recurse }
# Compare two approaches
PS> Measure-Command { Get-Process | Where-Object Name -eq "chrome" }
PS> Measure-Command { Get-Process -Name "chrome" }  # Faster
Advanced

Get-EventLog

Query classic Windows Event Logs. For modern structured logs, prefer Get-WinEvent.

PowerShell
PS> Get-EventLog -LogName System -Newest 50
PS> Get-EventLog -LogName Application -EntryType Error -Newest 20
PS> Get-EventLog -LogName Security -After (Get-Date).AddDays(-1)
# Modern equivalent (preferred)
PS> Get-WinEvent -LogName 'System' -MaxEvents 50
Utility

Test-Path

Check if a path exists before operating on it. Returns $true or $false — essential for defensive scripting.

PowerShell
PS> Test-Path "C:\Windows"
PS> Test-Path "C:\Logs" -PathType Container
# Guard a script block safely
PS> if (Test-Path ".\config.json") {
    $cfg = Get-Content ".\config.json" -Raw | ConvertFrom-Json
} else { Write-Warning "Config missing" }
Utility

Rename-Item

Rename files and directories. Combine with Get-ChildItem for powerful batch rename operations.

PowerShell
PS> Rename-Item ".\old.txt" "new.txt"
# Batch: add date prefix to .log files
PS> Get-ChildItem "*.log" | Rename-Item -NewName {
    "$(Get-Date -Format 'yyyyMMdd')_$($_.Name)"
}
# Change extension for all .txt to .md
PS> Get-ChildItem "*.txt" | Rename-Item -NewName { $_.Name -replace '\.txt$','.md' }
Advanced

Resolve-Path

Resolve wildcards and relative paths to absolute paths. Validates existence in the process.

PowerShell
PS> Resolve-Path ".\scripts\*.ps1"
PS> Resolve-Path "~\Documents"
# Get relative path from current location
PS> Resolve-Path "C:\Windows\System32" -Relative