Essentials

Main commands

Executable / Command	Description
lusrmgr.msc	Local Users and Groups management
taskmgr.exe	Task Manager (processes, performance, startup)
compmgmt.msc	Computer Management (Event Viewer, Disk Mgmt, Services)
msinfo32.exe	System Information
resmon.exe	Resource Monitor
regedit.exe	Windows Registry Editor
cmd.exe	Command Prompt
powershell.exe	Windows PowerShell
pwsh.exe	PowerShell Core (if installed)
msconfig.exe	System Configuration (boot, startup, services)
services.msc	Windows Services manager
eventvwr.msc	Event Viewer
devmgmt.msc	Device Manager
diskmgmt.msc	Disk Management
control	Control Panel
control printers	Devices and Printers
control userpasswords2	Advanced user accounts
winver	Show Windows version
hostname	Show computer name
whoami	Show current user
shutdown	Shutdown / restart system
systeminfo	Detailed system configuration
tasklist	List running processes
taskkill	Kill a running process
cls	Clear command prompt screen
wf.msc	Windows Defender Firewall
secpol.msc	Local Security Policy
gpedit.msc	Local Group Policy Editor (Pro/Enterprise)
control /name Microsoft.WindowsUpdate	Windows Update

Network information

Command	Description
ipconfig	Display IP configuration
ipconfig /all	Detailed network configuration
ping	Test network connectivity
tracert	Trace network route
nslookup	DNS query tool
arp -a	Display ARP cache
route print	Display routing table
netstat -ano	Active connections and listening ports
netstat -ano | findstr :<port>	Check which process uses <port>
netsh interface ip show config	Show IP interface configuration
netsh int ipv4 show excludedportrange protocol=tcp	Show OS-reserved TCP ports
getmac	Show MAC addresses
net use	Map or view network drives
net share	List shared folders
net view	List network computers

• Find the process using a specific <port>

File system & disk utilities

Command	Description
explorer.exe	Open File Explorer
dir	List directory contents
tree	Display directory tree
copy / xcopy	Copy files
robocopy	Advanced file copy / mirroring
del	Delete files
mkdir / rmdir	Create / remove directories
attrib	View or change file attributes
chkdsk	Check disk for errors
diskpart	Disk partitioning utility
fsutil fsinfo drives	List drives

User & security management

Command	Description
net user	Manage local users
net localgroup	Manage local groups
runas	Run program as another user
whoami /groups	Show user group memberships
whoami /priv	Show user privileges
logoff	Log off current user
lock (Win+L)	Lock workstation
certmgr.msc	Certificate Manager (current user)
certlm.msc	Certificate Manager (local machine)

Environment variables

Variable	Description
%windir%	Windows directory (usually C:\Windows)
%systemroot%	Same as %windir%
%userprofile%	Current user profile path
%username%	Current username
%computername%	Computer name
%temp% / %tmp%	Temporary files directory
%appdata%	Roaming AppData directory
%localappdata%	Local AppData directory
%programfiles%	Program Files directory
%programfiles(x86)%	32-bit Program Files directory

Useful shortcuts (bonus)

Shortcut	Action
Win + R	Open Run dialog
Win + X	Power user menu
Win + E	File Explorer
Win + I	Settings
Win + L	Lock screen
Ctrl + Shift + Esc	Task Manager
Alt + F4	Close active window

User Management

Create a Local User

• Using GUI

  1. Press Win + R, type lusrmgr.msc, press Enter.

  2. Navigate: Users → Right-click → New User.

  3. Fill in username, password, set options (password never expires, cannot change password, etc.).

  4. Click Create.

• Using Command Prompt (CMD)

  net user username password /add [options]

Option	Action
/active:yes	Make account active
/expires:never	Never expire

Delete User

net user username /delete

Change Password

net user username newpassword

Enable or Disable User

net user username /active:yes    # enable
net user username /active:no     # disable

Group Management

Create a Local Group

• Using GUI:

1. Open lusrmgr.msc

2. Navigate: Groups → Right-click → New Group

3. Name the group, add members, click Create.

• Using Command Prompt:

  net localgroup groupname /add

Add User to Group

net localgroup groupname username /add

Remove User from Group

net localgroup groupname username /delete

Delete Group

net localgroup groupname /delete

Permissions Management (File/Folder)

Using GUI (File Explorer)

1. Right-click folder/file → Properties → Security tab.

2. Add/Remove users or groups.

3. Set permissions: Full Control, Modify, Read & Execute, Read, Write.

4. Click Apply → OK.

Check permissions

icacls "C:\path\to\folder"

Grant permissions

icacls "C:\path\to\folder" /grant UserName:(permissions_codes)

Permissions codes	Permission
F	Full Control
M	Modify
RX	Read & Execute
R	Read
W	Write

Example:

icacls "C:\Projects" /grant john:(F)

Remove permissions

icacls "C:\Projects" /remove john

Take ownership of a file/folder

takeown /F "C:\Projects" /R /D Y

Option	Description
/R	recursive
/D Y	answer yes to all prompts

Using PowerShell (advanced)

# Create user
New-LocalUser -Name "john" -Password (Read-Host -AsSecureString "Enter Password")

# Add user to group
Add-LocalGroupMember -Group "Administrators" -Member "john"

# Grant folder full control
$acl = Get-Acl "C:\Projects"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("john","FullControl","Allow")
$acl.SetAccessRule($rule)
Set-Acl "C:\Projects" $acl

Sessions management

User Sessions

CMD	PowerShell	Task
query user	quser	List logged-in users (shows session ID, state)
query user /server:HOSTNAME	quser /server:HOSTNAME	List sessions on remote host (admin required)
logoff SESSION_ID	logoff SESSION_ID	Log off user session (ends all session processes)
logoff SESSION_ID /f	logoff SESSION_ID /f	Force logoff session (immediate termination)

Session Information & Mapping

CMD	PowerShell	Task
query session	Get-CimInstance Win32_LogonSession	List session details
tasklist /V	Get-Process | Select Name,Id,SessionId	View processes per session

Processes management

List & Find Processes

CMD	PowerShell	Task
tasklist	Get-Process	List running processes (shows PID)
tasklist /V	Get-Process | Select Name,Id,SessionId	Verbose process list (includes session mapping)
tasklist | findstr chrome	Get-Process chrome	Find process by name
tasklist | findstr 1234	Get-Process -Id 1234	Find process by PID

Kill / Stop Processes

CMD	PowerShell	Task
taskkill /PID 1234	Stop-Process -Id 1234	Kill process by PID (graceful)
taskkill /PID 1234 /F	Stop-Process -Id 1234 -Force	Force kill process by PID
taskkill /IM chrome.exe	Stop-Process -Name chrome	Kill process by name (all instances)
taskkill /IM chrome.exe /F	Stop-Process -Name chrome -Force	Force kill by process name

Session-Aware Process Control

CMD	PowerShell	Task
tasklist /V	Get-Process | Select Id,SessionId	Map processes to sessions
—	Get-Process | Where {$_.SessionId -eq 2}	List processes in a session
—	Get-Process | Where {$_.SessionId -eq 2} | Stop-Process -Force	Kill all processes in a session (use carefully)

User-Specific Processes

CMD	PowerShell	Task
—	Get-Process -IncludeUserName | Where {$_.UserName -like "*john*"}	List processes for a user
—	Get-Process -IncludeUserName | Where {$_.UserName -like "*john*"} | Stop-Process -Force	Kill all processes for a user

Remote Process Management

CMD	PowerShell	Task
tasklist /S HOSTNAME	—	List processes on remote system (admin required)
taskkill /S HOSTNAME /PID 1234 /F	—	Kill remote process by PID