Windows Cheat Sheet for essential Commands
Mastering a few key Windows commands can save you time, troubleshoot issues, and unlock hidden features. From speeding up tasks to fixing common problems, the Command Prompt and PowerShell are powerful tools to solve some of these issues.
In this post, I will explore interesting and useful Windows commands and update this post regularly.
- Determine if Computer is joined to an Domain (on-premise, Entra ID, Hybrid)
- Determine the Logon Server (Domain Controller) on a Windows Client
- Determine in which OU my Active Directory Domain Joined Computer is placed to
- Determine in which OU my Active Directory User Account is placed to
- Force a Restart of the Explorer.exe
- Determine local Listening Ports
- Determine local Established Ports
- Determine local open UDP Ports and Connections
- Determine Domain Account Password Expiration
- Set WinHTTP Proxy
- Determine last Restart Date and Time
- Links
Determine if Computer is joined to an Domain (on-premise, Entra ID, Hybrid)
To quickly determine if a computer is joined to a domain (on-premise, Entra ID or hybrid) we can execute the following command in the PowerShell or CMD with elevated Administrator rights.
The dsregcmd.exe /status command is a useful diagnostic tool in Windows for checking the device’s Entra ID join status and related registration details. It provides information such as domain join type, user state, SSO (Single Sign-On) status, and other relevant Entra ID connectivity details. This command is particularly helpful for troubleshooting authentication, device registration, and hybrid join issues in enterprise environments. Running it displays a summary of the device’s Entra ID and domain registration state.
> dsregcmd.exe /status
Determine the Logon Server (Domain Controller) on a Windows Client
When a Windows computer joins a domain, it authenticates against a Domain Controller (DC), known as the logon server. There are several ways to find the Logon Server against the client authenticated.
By using the legacy CMD command set, just works when using the CMD (Command Prompt).
> set | findstr "LOGONSERVER"
The PowerShell equivalent is.
PS> Get-ChildItem Env:
PS> Get-ChildItem Env: | Where-Object { $_.Name -like "*LOGON*" -or $_.Name -like "*DOMAIN*" -or $_.Name -like "*USER*" }
By using the nltest command/utility used for testing and troubleshooting Active Directory (AD) domain relationships, trust configurations, and Domain Controller (DC) communications.
PS> nltest /dsgetdc:YOURDOMAIN.COM
Below the DC: \\MatrixDC-01.matrixpost-lab.net show the logon server which was used by the client.
PS> nltest /dsgetdc:$env:USERDOMAIN
Determine in which OU my Active Directory Domain Joined Computer is placed to
To determine directly on a Active Directory domain joined computer in which OU it is placed to, we can run the following PowerShell command.
PS> Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine" | Select-Object Distinguished-Name PS> Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine"
Determine in which OU my Active Directory User Account is placed to
We can run the following command which displays the user name in Fully Qualified
Distinguished Name (FQDN) format.
> whoami -fqdn
More you will find by display the help information for the whoami command.
> whoami /?
Force a Restart of the Explorer.exe
The explorer.exe (Windows Explorer) is a critical system process in Windows that provides the graphical user interface (GUI), including:
- The desktop (icons, wallpaper, and right-click menu)
- The taskbar (Start menu, system tray, and open apps)
- File Explorer (folders, drives, and file management)
In case the we can’t restart the explorer.exe directly on the machine by using for example the task manager, we can terminate and restart it by using the CMD or PowerShell shown below.
The following command forcefully closes Windows Explorer and then restarts it. This can be useful for refreshing the its controled components mentioned above if they frozen or misbehaving.
> taskkill /f /im explorer.exe && start explorer.exe
We can also fire up this command from remote by using for example the psexec utility from Sysinternals and shown in my following post.
Determine local Listening Ports
Below for example we will list the local TCP listening ports for RDP and SMB.
By using the Get-NetTCPConnection cmdlet we will see all states of the TCP socket.
PS> Get-NetTCPConnection | Where-Object { $_.LocalPort -eq 3389 }
PS> Get-NetTCPConnection | Where-Object { $_.LocalPort -eq 445 }
Or by using the good old netstat tool.
PS> netstat.exe -nao | findstr 3389 | findstr LISTENING PS> netstat.exe -nao | findstr 445 | findstr LISTENING
-a – Displays all connections and listening ports (TCP & UDP)
-n – Show numerical addresses (no DNS resolution)
-o – Shows the Process ID (PID) associated with each connection.
Determine local Established Ports
Below we will see that the remote computer with the IP 10.0.0.149 is connected to the local server per RDP on TCP port 3389.
By using the Get-NetTCPConnection cmdlet we will see all states of the TCP socket including the established states.
PS> Get-NetTCPConnection | Where-Object { $_.LocalPort -eq 3389 }
PS> Get-NetTCPConnection | Where-Object { $_.LocalPort -eq 445 }By using the netstat tool.
PS> netstat.exe -nao | findstr 3389 | findstr ESTABLISHED
-a – Displays all connections and listening ports (TCP & UDP)
-n – Show numerical addresses (no DNS resolution)
-o – Shows the Process ID (PID) associated with each connection.
Determine local open UDP Ports and Connections
To show all open UDP ports or as specific on a system we can use the Get-NetUDPEndpoint cmdlet.
Get-NetUDPEndpoint | Where-Object { $_.LocalPort -eq 111 }
The following command will show all open UPD ports and connections.
PS> netstat -anp UDP
-a – Show all connections and listening ports
-n – Show numerical addresses (no DNS resolution)
-p UDP – Filter for UDP only
Determine Domain Account Password Expiration
To check when a domain users password expires, you can use the following command.
PS> net user <username> /domain
Set WinHTTP Proxy
WinHTTP is more suited for non-interactive usage, such as windows services or background tasks that need to communicate over HTTP where no user-interaction is required. It is a lot faster than the WinINET library. WinHTTP is also easily accessed from .NET based applications making it a popular library for .NET Applications. WinHTTP by default does not use the proxy settings from WinINET.
Typical examples for applications and services using WinHTTP are:
- Adding/Removing features and roles in Windows 8.
- Windows Update
- Certificate validation of code
- Signed binaries / .NET applications that validate the certificate during application launch.
- Exchange Server
To show WinHTTP proxy settings on the client.
> netsh winhttp show proxy
To set new WinHTTP proxy settings on the client.
> netsh winhttp set proxy proxy-server="proxyserver:port" bypass-list="localhost; 127.0.0.1; ::1"
To reset WinHTTP proxy settings on the client.
> netsh winhttp reset proxy
Import the IE proxy settings of the current user.
> netsh winhttp import proxy source=ie
Determine last Restart Date and Time
To determine the last restart date and time on a Windows system, you have several easy options.
By using PowerShell or CMD. This shows when the system last booted, which effectively tells you the last restart time.
> systeminfo | find "System Boot Time"
By using PowerShell or CMD. This returns the exact date and time when Windows was last started.
> (Get-CimInstance -ClassName Win32_OperatingSystem).LastBootUpTime
By using PowerShell. This tells you how long the system has been running (uptime).
> (get-date) - (gcim Win32_OperatingSystem).LastBootUpTime
Links
Windows Start button or the taskbar is not working – ideapad, ideacentre
https://support.lenovo.com/mn/en/solutions/ht503047-taskbarstart-button-does-not-respond-windows-10-ideapad-ideacentre
