Windows Server Administration: Essential PowerShell & Tasks

Posted on Apr 20, 2026 in Computers

Remote PowerShell

Enter-PSSession -ComputerName AcmeDC
Exit-PSSession

Create Security Group

New-ADGroup -Name "NAME" -GroupScope Global -Path "OU=Hamilton,DC=acme,DC=com"

Create Folder and Share

  • Folder: New-Item -Path "C:\Corporate\NAME" -ItemType Directory
  • Share: New-SmbShare -Name "NAME" -Path "C:\Corporate\NAME" -FullAccess "Everyone"

NTFS Permissions (icacls)

  • Full Control: icacls "PATH" /grant "ACME\GROUP:(OI)(CI)F"
  • Modify: icacls "PATH" /grant "ACME\GROUP:(OI)(CI)M"
  • Read & Exec: icacls "PATH" /grant "ACME\GROUP:(OI)(CI)RX"
  • Deny Write: icacls "PATH" /deny "ACME\GROUP:(OI)(CI)W"

File and Disk Management

View Open Files

  • GUI: Computer Management / Connect to AcmeDC / Shared Folders / Open Files
  • PowerShell: Get-SmbOpenFile

Disk Quota

Computer Management / Storage / Disk Management / right-click C: / Properties / Quota tab / Enable quota management / Limit disk space to (e.g., 100 MB) / Set warning level to (e.g., 50 MB) / Check both “Log event” boxes / Quota Entries / New Quota Entry / Add group

Compress Folder (Remote)

Remote Desktop to target computer / right-click folder / Properties / Advanced / Compress contents to save disk space / OK / Apply / Apply changes to this folder, subfolders and files

Printer Permissions

  • Add Everyone: Printers & Scanners / click printer / Manage / Printer Properties / Security tab / Add / Everyone / OK / Allow Print
  • Add Group: Same as above but type group name instead of Everyone

Task Manager

  • Disk Performance: Performance tab / Disk
  • Base Priority: Details tab / right-click process / Set Priority
  • End Task: Details tab / right-click non-responding process / End Task
  • Launch Explorer: File / Run new task / explorer.exe
  • View Process Owner: Details tab / User Name column
  • CPU/Memory Usage: Processes tab / CPU or Memory column

Services

  • Automatic Startup: Services console / right-click service / Properties / Startup type / Automatic
  • Disable Service: Services console / right-click service / Properties / Startup type / Disabled

Effective Permissions

Right-click folder / Properties / Security / Advanced / Effective Access / Select a user / Type group name (e.g., ACME\Sales) / View effective access

PowerShell Bonus Cmdlets

  • Get-SmbShare (list all shares)
  • Get-SmbOpenFile (view open files)
  • Get-ADUser -Filter * (list all users)
  • Get-ADGroup -Filter * (list all groups)
  • Get-WindowsFeature (list installed roles)
  • Get-Service (list services and status)
  • New-ADUser (create a user)
  • Set-ADUser (modify a user)
  • Remove-ADUser (delete a user)

Quick Notes

  • Deny overrides Allow
  • CREATOR OWNER gets Full Control over files they create
  • Administrators can always take ownership
  • NTFS permissions work locally AND over network
  • Share permissions work ONLY over network
  • Disabled service cannot be started by anything
  • Quotas apply to NEW users first
  • Compression does NOT bypass disk quotas