Windows Fundamentals

Commands and programs that all Windows users need to know (but many don't!).

Sysinternals

If you don't know about Mark Russinovich's amazing tools then go and check them out. Many, many use cases for a lot of these tools, from enumeration, persistence, threat-hunting, to ordinary system administration. https://docs.microsoft.com/en-us/sysinternals/

Red-teamers and penetration testers can leverage Sysinternals tools for enumeration, privilege escalation, and lateral movement. This table includes a few of the Sysinternals tools useful for offensive security:

Tool	Description	Example Use Case	Cyber Kill Chain Phase
PsExec	Executes processes remotely on another system.	Used for lateral movement by executing commands on remote hosts.	Lateral Movement
AccessChk	Checks user permissions for files, registry keys, and objects.	Identify privilege escalation opportunities by analyzing access control settings.	Privilege Escalation
ProcMon (Process Monitor)	Captures real-time system activity, including file, registry, and network events.	Monitor security controls and detect potential weaknesses in endpoint defenses.	Exploitation
TCPView	Monitors active TCP/UDP connections in real time.	Identify open ports and active connections for reconnaissance.	Reconnaissance
Autoruns & Autorunsc	Displays all auto-start programs, services, and registry entries.	Find persistence mechanisms used by malware or adversaries.	Persistence
Handle	Lists open handles to files, registry keys, and other system objects.	Investigate (i.e. unlock) locked files that may contain sensitive data or credentials.	Credential Access
ListDLLs	Displays loaded DLLs for running processes.	Identify DLL injection opportunities for stealthy code execution (i.e. Running malware)	Defense Evasion
SigCheck	Verifies digital signatures of files.	Detect unsigned or tampered executables that may be malicious.	Execution
Strings	Extracts readable text from binary files.	Analyze malware binaries for embedded commands or indicators of compromise.	Reconnaissance
PsSuspend	Suspends processes without terminating them.	Disable security tools temporarily during red-team operations.	Defense Evasion

• A full list of the current tools can be found here.

• Sysinternals tools can be linked to directly and run in-memory from https://live.sysinternals.com/

  • This command maps the current full list of Sysinternals tools to the first available drive letter as a network share, ready for use!

  net use * //live.sysinternals.com

Windows Shells

CMD.EXE

The Windows Command Prompt (cmd.exe) is an essential interface for executing text-based commands that control the operating system, automate tasks, and troubleshoot system issues. Unlike a graphical user interface (GUI), cmd.exe provides direct access to system functionalities through typed commands, making it a powerful tool for administrators, developers, and security professionals.

Use Cases for cmd.exe

• System Administration: Modify system settings, manage processes, and configure user accounts.

• Networking: Troubleshoot connectivity, scan ports, and manage network shares.

• Security & Forensics: Analyze logs, check permissions, and identify suspicious activities.

• Scripting & Automation: Write batch scripts for repetitive tasks and scheduled jobs.

• File & Directory Management: Copy, move, delete, and modify file attributes efficiently.

Types of Commands in cmd.exe

There are two primary types of commands that can be executed in cmd.exe:

1. Built-in Commands:

   • These commands are directly processed within the cmd.exe shell, meaning they do not rely on external programs to execute.

   • Built-ins provide essential functionality such as file manipulation, directory navigation, and environment management.

   • Examples: cd (change directory), dir (list files), echo (display text), set (manage environment variables), and exit (close command prompt).

2. External Executables:

   • These commands call separate .exe files, typically stored in system directories like C:\Windows\System32\.

   • External commands extend the shell’s capabilities by invoking system utilities and tools.

   • Examples: ping.exe (network testing), ipconfig.exe (network configuration), tasklist.exe (list running processes), and robocopy.exe (advanced file copy operations).

For example:

• cd, dir, echo, set, exit are all built-ins handled directly by cmd.exe.

• Commands like ping, ipconfig, tasklist, and robocopy are external, i.e. they invoke separate .exe files located in system directories (e.g. C:\Windows\System32\).

Windows CMD built-in commands

Windows cmd.exe built-in commands provide essential functionality for managing files, processes, networking, and system settings directly from the command line. Built-in commands are internal functions of cmd.exe, meaning they run within the shell itself rather than calling external binaries.

Command	Description	Example Use Case
cd	Changes the current directory.	cd C:\Users\tester\Documents – Navigate to the Documents folder for user tester.
dir	Lists files and directories in the current folder.	dir /s /b – List all files in the current directory and subdirectories.
echo	Displays text or variables in the command prompt.	echo Hello, World! – Print "Hello, World!" to the screen.
set	Sets or displays environment variables.	set PATH – Show the current PATH variable.
exit	Closes the command prompt.	exit – Close the terminal session.
cls	Clears the command prompt screen.	cls – Wipe the screen clean.
ver	Displays the Windows version.	ver – Show the OS version number.
help	Displays help information for CMD commands.	help dir – Show details on how to use the dir command.
copy	Copies files from one location to another.	copy file.txt D:\Backup\ – Copy file.txt to the Backup folder.
move	Moves files from one location to another.	move file.txt D:\Backup\ – Move file.txt to the Backup folder.
del	Deletes files.	del /F /Q file.txt – Force delete file.txt without confirmation.
ren	Renames a file or folder.	ren oldname.txt newname.txt – Rename oldname.txt to newname.txt.
mkdir	Creates a new directory.	mkdir C:\NewFolder – Create a folder named NewFolder.
rmdir	Deletes a directory.	rmdir /s /q C:\OldFolder – Remove OldFolder and its contents.
attrib	Changes file attributes (hidden, read-only, etc.).	attrib +H file.txt – Hide file.txt.
title	Changes the title of the command prompt window.	title Custom CMD Window – Set the window title to "Custom CMD Window".
prompt	Changes the command prompt display style.	prompt $P$G – Set prompt to display the current path followed by >.

The 'Net' Commands

The Windows net commands are a set of command-line tools that allow administrators and users to perform essential tasks related to system configurations, network services, and security. Here’s a brief overview of some key net commands:

Command	Description	Example Use Case	Common Options
net user	Manages user accounts on a computer. You can add, remove, and modify users.	net user tester /add – Adds a new user named tester.	/delete – Remove a user, /domain – Execute on a domain controller.
net localgroup	Manages local groups on the computer. You can add, remove, and list members.	net localgroup Administrators tester /add – Adds tester to the Administrators group.	/delete – Remove a group, /add – Create a new group.
net share	Creates, deletes, and manages shared resources on the network.	net share myshare=C:\MyFolder /grant:tester,full – Creates a share named myshare with full access for user tester.	/delete – Stop sharing a resource, /grant – Assign access permissions.
net start / stop	Starts or stops network services.	net start "Web Client" – Starts the Web Client service.	Specify service names to start or stop.
net session	Displays all current sessions or disconnects them.	net session \\RemotePC /delete – Disconnects the session with RemotePC.	/delete – End a session.
net use	Connects, disconnects, and displays shared network resources.	net use Z: \\Server\Share – Maps the network share at \\Server\Share to the Z: drive.	/delete – Disconnect a network drive, /persistent – Make the connection persistent across reboots.
net view	Displays a list of computers or network resources.	net view \\Server – Shows shared resources on the server named Server.	/domain – List domains or computers in a domain.
net accounts	Displays or modifies password and logon policies for user accounts.	net accounts /maxpwage:90 – Set maximum password age to 90 days.	/forcelogoff – Force logoff after inactivity, /minpwlen – Set minimum password length.
net statistics	Displays statistics for network services like Workstation or Server.	net statistics workstation – View workstation statistics.	Specify workstation or server for different stats.
net print	Displays or manages print jobs on a network printer.	net print \\Server\Printer – View print jobs on a shared printer.	/delete – Remove a print job.
net file	Displays open files on a network and allows closing them.	net file – View open files.	/close – Close an open file.
net group	Manages global groups on a domain.	net group "IT Admins" /add – Creates a new global group named "IT Admins".	/delete – Remove a group, /add – Create a new group.
net time	Synchronizes the system clock with a network time server.	net time \\Server /set /yes – Sync time with Server.	/querysntp – Query the SNTP time server.

File Manipulation

File Attributes

Windows file attributes are metadata properties assigned to files and folders that define their visibility, accessibility, and behavior. These attributes help control read/write access, security settings, and system file classifications.

File attributes can be modified using built-in commands like attrib in cmd.exe or PowerShell. Some attributes, such as Read-Only and Hidden, are commonly used for file protection and organizational purposes, while system attributes ensure that essential files are safeguarded from accidental modifications.

Here is a list of the most common Windows file attributes:

Attribute	Description	Example Use Case
Read-Only (R)	Prevents modifications to the file.	Used on important documents to avoid accidental changes.
Hidden (H)	Hides the file from standard directory views.	Hiding configuration files from casual users.
System (S)	Marks a file as a system file, restricting user modifications.	Applied to critical Windows system files.
Archive (A)	Flags the file for backup or archiving purposes.	Automatically marked when a file is edited, useful for backup software.
Compressed (C)	Indicates the file is compressed via NTFS compression.	Reduces file size on NTFS partitions.
Encrypted (E)	Encrypts the file using NTFS encryption.	Protects sensitive data by restricting unauthorized access.
Temporary (T)	Indicates the file is for temporary use.	Used by applications for cache storage.
Sparse (P)	Allocates disk space efficiently by storing only non-zero data.	Used for database and virtualization scenarios.
Offline (O)	Marks the file as offline, meaning it's stored remotely.	Useful for files managed by cloud storage systems.

Managing File Attributes

You can view and change file attributes using the following commands:

• CMD: attrib +H secret.txt → Hide secret.txt attrib -R report.docx → Remove Read-Only from report.docx

• PowerShell: $file = Get-Item "C:\example.txt"; $file.Attributes += 'Hidden' → Hide the file

cmd.exe

Example: Set a file as Hidden (-h) using attrib.

• This can also be used to change other file property flags such as (a) Archive and (r) ReadOnly.

• Flags must be added separately (-h -a -r not -har).

# Show the file attributes
attrib <C:\path\filename>

# Add the 'hidden' attribute
attrib +h <C:\path\filename>

# Remove the 'hidden' property
attrib -h <C:\path\filename>

PowerShell

Example: Set a file as Hidden. (This can also be used to change other file property flags such as Archive and ReadOnly)

# Get File attributes
$file = (Get-ChildItem <file>) # Need the file as an object to get attributes directly
$file.attributes # Show the file's attributes
#Normal

# Flip the bit of the Hidden attribute using xor
$file.attributes = $file.Attributes -bxor ([System.IO.FileAttributes]::Hidden)
$file.attributes
#Hidden

# Change attribute with direct assignment (beware, using = will set ONLY that attribute)
$file.Attributes += 'Hidden'

# To remove the 'Hidden' attribute, flip the bit back using xor (or direct assignement)
$file.attributes = $file.Attributes -bxor ([System.IO.FileAttributes]::Hidden)
$file.attributes
#Normal

NTFS Permissions

NTFS (New Technology File System) permissions are a security feature in Windows that controls who can access files and folders on NTFS-formatted drives. These permissions allow administrators to restrict or grant access to users and groups, ensuring data security and integrity.

NTFS permissions are more granular than share permissions and apply at the file system level, meaning they remain in effect regardless of how the file or folder is accessed (locally or over a network). Permissions can be explicitly assigned or inherited from parent folders.

NTFS Permission Types & Applicability

Below is a table describing the different NTFS permissions:

Permission	Description	Applicable To	Example Use Case
Full Control	Grants complete access, including modifying permissions and taking ownership.	Files & Folders	Administrators managing system files.
Modify	Allows reading, writing, and deleting files/folders.	Files & Folders	Users editing documents but restricted from changing permissions.
Read & Execute	Allows viewing and executing files but prevents modifications.	Files & Folders	Running applications without modifying them.
List Folder Contents	Allows viewing folder contents but prevents file modifications.	Folders Only	Browsing directories without altering files.
Read	Grants permission to view files and folder contents.	Files & Folders	Users needing access to reference documents.
Write	Allows creating and modifying files but prevents deletion.	Files & Folders	Users adding new files to a shared directory.
Traverse Folder / Execute File	Allows navigating through folders or executing files.	Files & Folders	Running scripts or accessing nested directories.
Delete	Grants permission to remove files or folders.	Files & Folders	Users managing temporary files.
Change Permissions	Allows modifying NTFS permissions for files and folders.	Files & Folders	Administrators adjusting access control settings.
Take Ownership	Allows users to take ownership of files or folders.	Files & Folders	Recovering access to locked files.

Key Features of NTFS Permissions

• Inheritance: Permissions assigned to a parent folder automatically apply to its subfolders and files unless explicitly overridden.

• Explicit vs. Inherited Permissions: Explicit permissions are manually set, while inherited permissions come from parent directories.

• Deny Overrides Allow: If a user has both "Allow" and "Deny" permissions, "Deny" takes precedence.

• Combining Permissions: If a user belongs to multiple groups, their permissions are combined.

Windows Share Permissions

Windows uses two types of permissions to control access to files and folders: Share Permissions and NTFS Permissions. While they serve similar purposes, they function differently and apply in different scenarios.

Share Permissions

• Apply only to shared folders accessed over a network (not local access).

• Three levels of access:

  • Read - Users can view files and folders but cannot modify them.

  • Change - Users can read, modify, and delete files.

  • Full Control - Users can read, modify, delete, and change permissions.

• Set at the folder level (not individual files).

• Cannot be inherited - each shared folder has its own permissions.

NTFS Permissions

• Apply to both local and network access.

• More granular control: permissions can be set for individual files and folders.

• Can be inherited: permissions assigned to a parent folder apply to subfolders and files.

• Includes advanced permissions like Modify, Read & Execute, Write, and Full Control.

Precedence of Share vs. NTFS Permissions

When a user accesses a shared folder over the network, both Share and NTFS permissions apply. The most restrictive permission takes precedence.

Permission Type	Explicit vs. Inherited	Allow vs. Deny	Precedence Level
Explicit Deny (NTFS)	Directly assigned to a file or folder	Deny	Highest Precedence
Explicit Deny (Share)	Directly assigned to a shared folder	Deny	High Precedence
Explicit Allow (NTFS)	Directly assigned to a file or folder	Allow	Medium Precedence
Explicit Allow (Share)	Directly assigned to a shared folder	Allow	Medium Precedence
Inherited Deny (NTFS)	Inherited from a parent folder	Deny	Lower Precedence
Inherited Allow (NTFS)	Inherited from a parent folder	Allow	Lowest Precedence

Key Takeaways

• Deny always overrides Allow: if a user is explicitly denied access via NTFS or Share permissions, they cannot access the resource.

• NTFS permissions apply to both local and network access, while Share permissions apply only to network access.

• File permissions override folder permissions, unless Full Control is granted at the folder level.

• The most restrictive permission applies: if NTFS allows access but Share denies it, the user is denied.

Access Control Lists (ACLs)

In Windows, Access Control Lists (ACLs) are security structures that define who can access files and folders and what actions they can perform. ACLs consist of Access Control Entries (ACEs), which specify users, groups, or processes and their corresponding permissions.

Every file and folder has an ACL that determines its accessibility:

• ACLs contain a list of permissions assigned to different users or groups.

• Permissions can be explicitly assigned or inherited from a parent directory.

• ACLs help enforce security policies and protect sensitive data.

To view an ACL for a file or folder: right-click on the item in Explorer and select 'Properties'. Click on the 'Security' tab, the view the section marked 'Permissions for '.

Windows ACL Components

• Discretionary Access Control List (DACL) - Defines who has allow or deny permissions.

• System Access Control List (SACL) - Used for auditing access attempts.

• Owner - The user who controls the resource and can change permissions.

• Inheritance - Determines if child files/folders receive permissions from a parent directory.

Common ACL Permissions

Permission	Description	Example Use Case
Full Control	Grants complete access, including modifying ACLs and taking ownership.	Used by administrators to manage security settings.
Modify	Allows reading, writing, and deleting files/folders.	Editors and contributors modifying shared project files.
Read & Execute	Allows viewing and running files but prevents modifications.	Running applications without altering them.
List Folder Contents	Allows browsing directories without modifying files.	Users needing access to a directory’s structure without altering data.
Read	Grants permission to view files and folder contents.	Viewing reference documents without editing.
Write	Allows creating and modifying files but prevents deletion.	Users adding new content to shared folders without deletion rights.
Change Permissions	Allows modifying ACL settings for files and folders.	Administrators adjusting access control settings.
Take Ownership	Allows users to take ownership of files or folders.	Recovering access to locked files.

Key Takeaways

• ACLs control file/folder access by assigning permissions to users and groups.

• Explicit Deny overrides Allow when conflicting permissions exist.

• Inheritance determines whether child objects receive parent permissions.

Managing ACLs in Windows

Using File Explorer

1. Right-click a file or folder → Properties → Security tab.

2. Click Edit to modify permissions.

3. Add, remove, or adjust permissions for users and groups.

Using the shell

cmd.exe

Using icacls

View ACLs:

icacls C:\SensitiveData

Grant Full Control:

icacls C:\SensitiveData /grant tester:F

Remove Permissions:

icacls C:\SensitiveData /remove tester

PowerShell

Copy permissions from one file or directory to another

Get-ACL C:\File1 | Set-Acl C:\File2

Remove permissions from a folder or file

$path = "C:\temp" #Replace with whatever file you want to do this to.
$acl = Get-Acl $path
$rules = $acl.Access | where IsInherited -eq $false #Gets all non inherited rules.
#Filter your $rules however you want to remove permissions.

#For example, to target a specific user or group:
$targetrule = $rules | where IdentityReference -eq "$Domain\$User" #Leave domain off for local accounts.

$acl.RemoveAccessRule($targetrule)
$acl | Set-Acl -Path $path

Advanced: Add a specific list of permissions to a Folder (or file)

function Edit-Perms {
Param
(   
    $Path = "C:\temp", #Replace with whatever file you want to do this to.
    $User = "$env:username", #Format: "$domain\$useraccount" User account to grant permisions too.
    $Rights = "Read, ReadAndExecute, ListDirectory", #Comma seperated list.
    $InheritSettings = "Containerinherit, ObjectInherit", #Controls how permissions are inherited by children
    $PropogationSettings = "None", #Usually set to none but can setup rules that only apply to children.
    $RuleType = "Allow" #Allow or Deny.
)
$acl = Get-Acl $path
$perm = $user, $Rights, $InheritSettings, $PropogationSettings, $RuleType
$rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $perm
$acl.SetAccessRule($rule)
$acl | Set-Acl -Path $path
}

Windows Rights (TODO: finish this)

Valid settings for Rights are as follows:

Setting	Description
AppendData	Specifies the right to append data to the end of a file.
ChangePermissions	Specifies the right to change the security and audit rules associated with a file or folder.
CreateDirectories	Specifies the right to create a folder.
CreateFiles	Specifies the right to create a file.
Delete	Specifies the right to delete a folder or file.
DeleteSubdirectoriesAndFiles	Specifies the right to delete a folder and any files contained within that folder.
ExecuteFile	Specifies the right to run an application file.
FullControl	Specifies the right to exert full control over a folder or file, and to modify access control and audit rules. This value represents the right to do anything with a file and is the combination of all rights in this enumeration.
ListDirectory	Specifies the right to read the contents of a directory.
Modify	Specifies the right to read, write, list folder contents, delete folders and files, and run application files. This right includes the ReadAndExecute right, the Write right, and the Delete right.
Read	Specifies the right to open and copy folders or files as read-only. This right includes the ReadData right, ReadExtendedAttributes right, ReadAttributes right, and ReadPermissions right.
ReadAndExecute	Specifies the right to open and copy folders or files as read-only, and to run application files. This right includes the Read right and the ExecuteFile right.
ReadAttributes	Specifies the right to open and copy file system attributes from a folder or file. For example, this value specifies the right to view the file creation or modified date. This does not include the right to read data, extended file system attributes, or access and audit rules.
ReadData	Specifies the right to open and copy a file or folder. This does not include the right to read file system attributes, extended file system attributes, or access and audit rules.
ReadExtendedAttributes	Specifies the right to open and copy extended file system attributes from a folder or file. For example, this value specifies the right to view author and content information. This does not include the right to read data, file system attributes, or access and audit rules.
ReadPermissions	Specifies the right to open and copy access and audit rules from a folder or file. This does not include the right to read data, file system attributes, and extended file system attributes.
Synchronize	Specifies whether the application can wait for a file handle to synchronize with the completion of an I/O operation.
TakeOwnership	Specifies the right to change the owner of a folder or file. Note that owners of a resource have full access to that resource.
Traverse	Specifies the right to list the contents of a folder and to run applications contained within that folder.
Write	Specifies the right to create folders and files, and to add or remove data from files. This right includes the WriteData right, AppendData right, WriteExtendedAttributes right, and WriteAttributes right.
WriteAttributes	Specifies the right to open and write file system attributes to a folder or file. This does not include the ability to write data, extended attributes, or access and audit rules.
WriteData	Specifies the right to open and write to a file or folder. This does not include the right to open and write file system attributes, extended file system attributes, or access and audit rules.
WriteExtendedAttributes	Specifies the right to open and write extended file system attributes to a folder or file. This does not include the ability to write data, attributes, or access and audit rules.

Valid Inherit settings:

Setting	Description
ContainerInherit	The ACE is inherited by child container objects.
None	The ACE is not inherited by child objects.
ObjectInherit	The ACE is inherited by child leaf objects.

Set the $InheritSettings to None if targeting a file instead of a folder.

Valid Propagation Settings:

Setting	Description
InheritOnly	Specifies that the ACE is propagated only to child objects. This includes both container and leaf child objects.
None	Specifies that no inheritance flags are set.
NoPropagateInherit	Specifies that the ACE is not propagated to child objects.

Shared Folders/SMB

Mount a remote CIFS/SMB share

net use z: \\$ip\$sharename
#Adding /persistent:yes will make this survive reboots.

A great example is to mount the Sysinternals Live drive to use the tools directly from Microsoft:

net use z: \live.sysinternals.com\tools\ /persistent:yes

You can thank me later.

To remove a previously mounted share:

net use z: /delete

Environment Variables

The command set will display all current environment variables and their values in cmd.exe. In PowerShell use Get-ChildItem env: (or one of its aliases!) to list environment variables.

Many of the environment variables in the cmd.exe column can be used in other places inside Windows as well, such as the Address Bar of a browser or Explorer window.

You can find more about Windows environment variables on the PowerShell page.

Below is a comparison between the environment variables used in PowerShell versus those used in the classic cmd.exe environment (which are also used in many other places throughout Windows, such as Task Scheduler, Event logs, and more).

Meaning	PowerShell	cmd.exe
C:\ProgramData	$env:ALLUSERSPROFILE	%ALLUSERSPROFILE%
Current User's AppData\Roaming Folder	$env:APPDATA	%APPDATA%
C:\Program Files\Common Files	$env:CommonProgramFiles	%CommonProgramFiles%
C:\Program Files (x86)\Common Files	$env:CommonProgramFiles(x86)	%CommonProgramFiles(x86)%
C:\Program Files\Common Files	$env:CommonProgramW6432	%CommonProgramW6432%
Computer Name	$env:COMPUTERNAME	%COMPUTERNAME%
C:\WINDOWS\system32\cmd.exe	$env:ComSpec	%ComSpec%
C:\Windows\System32\Drivers\DriverData	$env:DriverData	%DriverData%
C:	$env:HOMEDRIVE	%HOMEDRIVE%
Current User's home folder	$env:HOMEPATH	%HOMEPATH%
Current User's AppData\Local folder	$env:LOCALAPPDATA	%LOCALAPPDATA%
UNC Path of Logon Server	$env:LOGONSERVER	%LOGONSERVER%
Number of Processor (cores)	$env:NUMBER_OF_PROCESSORS	%NUMBER_OF_PROCESSORS%
Current User's Onedrive folder	$env:OneDrive	%OneDrive%
Current User's Onedrive folder	$env:OneDriveConsumer	%OneDriveConsumer%
Operating System Family	$env:OS	%OS%
PATH to search when unspecified	$env:Path	%Path%
File Extensions that Windows will search PATH for	$env:PATHEXT	%PATHEXT%
Processor Architecture	$env:PROCESSOR_ARCHITECTURE	%PROCESSOR_ARCHITECTURE%
Processor ID	$env:PROCESSOR_IDENTIFIER	%PROCESSOR_IDENTIFIER%
Processor Level	$env:PROCESSOR_LEVEL	%PROCESSOR_LEVEL%
Processor Revision	$env:PROCESSOR_REVISION	%PROCESSOR_REVISION%
C:\ProgramData	$env:ProgramData	%ProgramData%
C:\Program Files	$env:ProgramFiles	%ProgramFiles%
C:\Program Files (x86)	$env:ProgramFiles(x86)	%ProgramFiles(x86)%
C:\Program Files	$env:ProgramW6432	%ProgramW6432%
PATH for PowerShell Modules	$env:PSModulePath	%PSModulePath%
C:\Users\Public	$env:PUBLIC	%PUBLIC%
Console	$env:SESSIONNAME	%SESSIONNAME%
C:	$env:SystemDrive	%SystemDrive%
C:\WINDOWS	$env:SystemRoot	%SystemRoot%
Current User's AppData\Local\Temp Folder	$env:TEMP	%TEMP%
Current User's AppData\Local\Temp Folder	$env:TMP	%TMP%
Domain Name	$env:USERDOMAIN	%USERDOMAIN%
Roaming Profile Domain	$env:USERDOMAIN_ROAMINGPROFILE	%USERDOMAIN_ROAMINGPROFILE%
User Name	$env:USERNAME	%USERNAME%
User Home Folder	$env:USERPROFILE	%USERPROFILE%
C:\WINDOWS	$env:windir	%windir%

Explorer Navigation

Shortcuts

(TODO: Make tables)

CTRL+N (open new session), CTRL+R (Execute Commands), CTRL+SHIFT+ESC (Task Manager), Windows+E (open explorer), CTRL-B, CTRL-I (Favourites), CTRL-H (History), CTRL-L, CTRL-O (File/Open Dialog), CTRL-P (Print Dialog), CTRL-S (Save As)

Hidden Administrative menu: CTRL-ALT-F8, CTRL-ESC-F9

Shell URIs

• shell:Administrative Tools

• shell:DocumentsLibrary

• shell:Libraries

• shell:UserProfiles

• shell:Personal

• shell:SearchHomeFolder

• shell:NetworkPlacesFolder

• shell:SendTo

• shell:UserProfiles

• shell:Common Administrative Tools

• shell:MyComputerFolder

• shell:InternetFolder

• Shell:Profile

• Shell:ProgramFiles

• Shell:System

• Shell:ControlPanelFolder

• Shell:Windows

• shell:::{21EC2020-3AEA-1069-A2DD-08002B30309D} --> Control Panel

• shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D} --> This PC/My Computer

• shell:::{208D2C60-3AEA-1069-A2D7-08002B30309D} --> Network Places

Powershell

PowerShell is a large and important enough topic that it has its own page.

Thanks

If you like this content and would like to see more, please consider buying me a coffee!