Useful PowerShell Commands and Scripts For Windows Server

August 22, 2024

Useful PowerShell Commands and Scripts For Windows Server

Find some of the most useful PowerShell commands and scripts for Windows Server 2016 and 2019

Sometimes using Windows PowerShell versus the GUI interface saves time and headaches. Below is a preferred list of PowerShell commands we use on Microsoft Windows Server 2019 and 2016 operating systems.

As a Managed IT Services Provider (MSP) we can save hours using PowerShell commands, especially when provisioning tens of servers for our data center or customer infrastructure. As we find more commands that are practical for the more common scenarios we will add them to the list below. Please note that many of our PowerShell commands listed below will also work for Windows 10 operating systems.

Obtain your Active Direcotry Globally Unique Identifier (GUID) for your Office 365 domain

Get-ADDomain

# Look for your ObjectGUID in the results. You can also run Get-ADDomain on a locally joined workstation.

Default Execution Policy - set to unrestricted

Set-ExecutionPolicy Unrestricted  

Disable Windows Error Reporting

Disable-WindowsErrorReporting

Disable Automatic Windows Updates

Set-ItemProperty -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -Name AUOptions -Value 1

Disable Windows Reboot Schedule (Active hours)

1) Open Windows Powershell by right click > run as administrator
2) Type: SCONFIG and hit enter
3) Press 5 (Windows Update Settings)
4) Press D (Download Only mode)
5) Close Powershell

Useful and Secure PowerShell Commands (CMDs) For Windows 2016 & 2019 Server
Disabling Windows Server Active Hours for Automatic Reboot Schedule

Enabling Remote Desktop with PowerShell Remotely

Invoke-Command -ComputerName client01 {Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'` -Name "fDenyTSConnections" -Value 0; `Enable-NetFirewallRule -DisplayGroup "Remote Desktop"}

Restart Windows Service with PowerShell

Restart-Service <service-name>

EXAMPLES

Restart the spooler (printing) service:

restart-service spooler -force

Find all the network services on the computer (starting with "net...") and restart any that are stopped:

get-service net* | where {$_.Status -eq "Stopped"} | restart-service

Enable and Disable Windows Defender Firewall with PowerShell

To enable Windows Defender Firewall for all network profiles:

Set-NetFirewallProfile -Enabled True

To disable it for all, use:

Set-NetFirewallProfile -Enabled False

Enable and Disable Windows Defender Antivirus with PowerShell

Enable Windows Defender Antivirus:

Set-MpPreference -DisableRealtimeMonitoring $false

Disable Windows Defender Antivirus:

Set-MpPreference -DisableRealtimeMonitoring $true

Uninstall Windows Defender Antivirus:

Uninstall-WindowsFeature -Name Windows-Defender

Disable Windows Display, Monitor Timeout to Never

powercfg -change -monitor-timeout-ac 0


PowerShell Command to Check TLS Version in Windows

Copy the code below and save it into a text file with the extension .PS1 (PowerShell script). Execute the script in an elevated PowerShell window.

---------

$ServerName = Read-Host -Prompt 'Input your server  name'$Port = Read-Host -Prompt 'Input your server TCP port number (443 is most common)'nmap --script ssl-enum-ciphers -p $Port $ServerName

Script to disable old TLS versions

Copy the code below and save it into a text file with the extension .PS1 (PowerShell script). Execute the script in an elevated PowerShell window.

---------

function disable-ssl-2.0
{
   New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' -Force
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' -name 'Enabled' -value '0' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client' -name 'Enabled' -value '0' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client' -name 'DisabledByDefault' -value '1' –PropertyType 'DWORD'
   Write-Host 'Disabling SSLv2'
}
function disable-ssl-3.0
{
   New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -Force
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -name 'Enabled' -value '0' –PropertyType 'DWORD'
   Write-Host 'Disabling SSLv3'
}
function disable-tls-1.0
{
   New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -Force
   New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' -Force
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -name 'Enabled' -value '0' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -name 'DisabledByDefault' -value '1' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' -name 'Enabled' -value '0' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' -name 'DisabledByDefault' -value '1' –PropertyType 'DWORD'
   Write-Host 'Disabling TLSv1.0'
}
function enable-tls-1.1
{
   New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -Force
   New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -Force
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -name 'Enabled' -value '1' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -name 'DisabledByDefault' -value '0' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -name 'Enabled' -value '1' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -name 'DisabledByDefault' -value '0' –PropertyType 'DWORD'
   Write-Host 'Enabling TLSv1.1'
}
function enable-tls-1.2
{
   New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force
   New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'Enabled' -value '1' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'DisabledByDefault' -value '0' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'Enabled' -value '1' –PropertyType 'DWORD'
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'DisabledByDefault' -value '0' –PropertyType 'DWORD'
   Write-Host 'Enabling TLSv1.2'
}
function enforce-tls-versions
{
   New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\13' -Name 'TlsVersion'  -value 'F00' –PropertyType 'DWORD'
}

disable-ssl-2.0
disable-ssl-3.0
disable-tls-1.0
enable-tls-1.1
enable-tls-1.2
enforce-tls-versions

Latest posts

How to Install Claude Code on Ubuntu Linux: Complete Guide 2025
May 19, 2025

How to Install Claude Code on Ubuntu Linux: Complete Guide 2025

This comprehensive guide walks you through installing Anthropic's Claude Code AI assistant on Ubuntu Linux. You'll learn how to properly configure Node.js and npm, authenticate with the Anthropic API, and start using this powerful AI coding tool in your development workflow. The article covers common troubleshooting techniques, security best practices, and practical examples of how Claude Code can accelerate development by editing files, answering code architecture questions, and managing git workflows. Perfect for developers looking to enhance productivity with AI-assisted coding or IT administrators planning enterprise-wide implementation of cutting-edge development tools.
LockBit Ransomware Group Hacked: 5 Critical Security Lessons for Dallas Businesses
May 12, 2025

LockBit Ransomware Group Hacked: 5 Critical Security Lessons for Dallas Businesses

The recent hack of the infamous LockBit ransomware group offers Dallas businesses rare insights into cybercriminal operations and reinforces critical security principles. This article explores five key takeaways from this event, including the importance of zero trust architecture, regular security assessments, and incident response planning, while providing actionable recommendations to strengthen your organization's security posture.
How the 2025 Tariffs Are Reshaping IT Investment Strategies
May 9, 2025

How the 2025 Tariffs Are Reshaping IT Investment Strategies

April 2025 tariffs have increased IT hardware costs 10-20%, pushing businesses toward cloud solutions rather than absorbing higher capital expenses. ITECS's managed cloud services offer predictable monthly costs, eliminate procurement delays, and enhance security. One client achieved 22% cost reduction with 99.99% uptime, demonstrating how businesses can mitigate tariff impacts while gaining scalability and expert support.