A server administrator does not always work through a graphical interface. Sometimes the GUI is unavailable, the connection is made in Server Core mode, or you simply need to quickly run a dozen operations by script without extra clicks. In such situations, knowing the command line saves hours of work — and often helps avoid serious problems.
This cheat sheet brings together the most useful Windows Server 2025 commands in one place: networking, files, processes, services, users, disks, and diagnostics. It works both as a handy reference for experienced administrators and for those who are just starting to explore Windows Server and want to understand where to begin.
CMD and PowerShell: which one to choose
Windows Server 2025 supports two main command-line tools. CMD (Command Prompt) is the classic console, familiar since the Windows NT days. It works without additional components, launches instantly, and covers most basic administration tasks.
PowerShell appeared as a more powerful alternative. It works not with text strings, but with objects, supports pipelines, modules, and remote management through WinRM. In Windows Server 2025, PowerShell 5.1 is installed by default; PowerShell 7.x can be installed separately and used side by side — these versions do not conflict.
A simple rule of thumb: if the task is one-off and simple, CMD is enough. For automation, working with Active Directory, bulk operations across multiple servers, and remote management, PowerShell offers far more possibilities.
System information and basic diagnostics
Before changing anything, you need to understand what you are working with. The following commands help quickly gather system information and make sure you are operating in the correct context.
CMD commands
systeminfo — displays detailed information about the OS: version, installation date, amount of RAM, installed updates (hotfixes), and network interfaces. Useful when connecting to an unfamiliar server for the first time.
hostname — shows the computer name. Useful when working in multiple RDP sessions at once and you need to make sure you are on the right machine.
ver — Windows version. Outputs a string like Microsoft Windows [Version 10.0.26100], which can be used to identify the exact build.
whoami — current user name and domain. Helps confirm that you are working under the correct account, especially when rights are delegated or when using runas.
The second variant shows the list of privileges for the current user. Handy when troubleshooting access issues — you can immediately see whether the account has the required privileges.
PowerShell
Outputs the full set of system data in structured form. You can filter only the fields you need:
This is convenient in scripts — there is no need to parse text output.
Network commands
Networking is the first diagnostic point on any server. Most access, DNS, and routing problems are identified here within just a few minutes.
ipconfig
Shows current network settings: IP addresses, subnet masks, gateways, and MAC addresses.
Reset and renew the IP address when using DHCP:
ipconfig /renew
Clear the DNS cache — useful when the client is “seeing” outdated records and cannot connect to a resource that has already changed its IP:
ping
Checks whether a host is reachable by IP address or hostname. Keep in mind: by default, Windows Server 2025 may block incoming ICMP through the firewall, so no reply does not always mean the host is unreachable.
The -t flag starts continuous pinging until manually stopped (Ctrl+C) — convenient for monitoring an unstable connection.
The -n 10 flag limits the number of requests to ten.
tracert
Shows the route a packet takes from the current server to the target host and the response time at each intermediate hop. Helps pinpoint where the connection breaks.
nslookup
A DNS troubleshooting tool. Lets you check which IP address the DNS server returns for a name, and which DNS server is being used at all.
The second variant explicitly specifies the DNS server for the query — useful when checking different resolvers or comparing responses from internal and public DNS.
netstat
Shows active network connections, open ports, and the status of TCP sessions. This is one of the first commands to use when you suspect unauthorized connections.
Flags: -a — all connections and listening ports, -n — numeric addresses without name resolution, -o — the process PID for each connection.
netsh
A powerful tool for managing network settings from the command line. Covers interface configuration, routes, firewall settings, and much more.
The second example sets a static IP on the “Ethernet” interface — useful during initial server setup without DHCP.
PowerShell: Test-NetConnection
A modern equivalent of ping with extended capabilities — it checks not only whether the host is reachable, but also a specific port.
The output shows whether the host is reachable, whether the port is open, and which IP is being used. Much more informative than ping.
Managing files and directories
Basic file system operations in CMD are fast and straightforward — especially when you are working on Server Core without File Explorer.
Navigation and viewing
dir — lists files and folders. The /a flag shows hidden and system files, while /s recursively walks through all subfolders.
cd — change directory. cd .. — go up one level, cd — go to the root of the current drive.
Creating and deleting
The /s /q flags delete the folder and all its contents without asking for confirmation. The operation is irreversible — before running it, make sure the path is correct.
Copying and moving
xcopy copies entire directories. Flags: /e — including empty subdirectories, /h — hidden files, /i — if the destination folder does not exist, create it.
For serious backup and synchronization tasks, robocopy is a better fit:
The /mir flag mirrors directories — it deletes from the target everything that does not exist in the source. The /log flag writes a detailed operation log.
Searching and viewing contents
Searches for the string “error” in a file without case sensitivity. Works like grep in Linux — indispensable when analyzing logs.
type outputs the contents of a text file to the console. Useful for quickly viewing configuration files.
Process management
tasklist and taskkill
Shows a list of all running processes with PID, name, and memory usage.
Filters the list by executable name — a quick way to check whether the required application is running.
Forcefully terminates a process by PID. The /f flag means force, without asking for confirmation.
Terminates all processes with the specified name — useful if an application has hung and multiple copies are running.
PowerShell
Shows the ten processes with the highest CPU usage. In practice, this is the first thing to run when users complain that the server is slow.
Managing Windows services
Windows Server 2025 runs as a collection of services. Knowing how to start, stop, restart, and configure them is a core skill for any administrator.
CMD: sc and net
List all services with their current status.
Status of a specific service — here, Windows Update.
Changes the startup type of a service. Notably, the space after the equals sign in sc config is mandatory — this is a syntax quirk that often trips people up.
PowerShell
Lists only running services — useful when inventorying a server.
Managing users and groups
The commands below work with local accounts. When working with Active Directory, you need the ActiveDirectory PowerShell module, which is part of RSAT.
CMD: net user and net localgroup
List of local users.
Adds a user to the local Administrators group.
List of all local groups on the server.
PowerShell
Working with disks
diskpart
An interactive disk management tool. Launched with the command diskpart, after which it waits for commands.
list disk
select disk 1
list volume
select volume 2
assign letter=E
The example sequentially selects a disk, a volume, and assigns it the letter E.
chkdsk
Checks drive D: for file system errors and bad sectors. The /f flag fixes found errors, while /r searches for and attempts to recover bad sectors. For the system drive C:, a reboot will be required — the check will run before Windows loads.
PowerShell
The last command shows all drives in the current session with information about used and free space — faster than opening File Explorer.
Windows Firewall
Managing the firewall from the command line is especially important when setting up servers without a GUI or when automating deployments.
PowerShell
PowerShell firewall cmdlets are more convenient when writing deployment scripts — the parameters read like plain text, and you do not have to memorize netsh syntax.
Windows Registry
Direct registry edits require caution. Before making any changes, it is worth backing up the required key.
The /f flag overwrites the value without asking for confirmation. The REG_DWORD type is a 32-bit integer and is used for most numeric and boolean parameters.
Event logs
Event Log is the first place to look when troubleshooting server issues. Most application, service, and system errors end up there.
Opens the graphical Event Viewer if the GUI is available.
Outputs the last 50 events from the System log in text format. The /rd:true flag means reverse chronological order, from newest to oldest.
PowerShell
Get-EventLog -LogName System -Newest 50 -EntryType Error
Event 4625 means a failed sign-in attempt. Notably, Get-WinEvent works significantly faster than Get-EventLog on large logs, so it is the better choice for production scripts.
Remote management
WinRM and PowerShell Remoting
Quickly configures WinRM — Windows Remote Management service. It must be run on the target server before the first remote connection.
Opens an interactive PowerShell session on a remote server — like SSH, but for Windows.
Runs a command on multiple servers at once. Most of Windows infrastructure automation is built on this.
mstsc
Opens an RDP connection to the specified IP. The /f flag enables full-screen mode.
Scheduled tasks
Shows all scheduled tasks with detailed parameters.
Creates a daily task that runs at 02:00 as the system account.
PowerShell
Cheat sheet: key commands by category
| Category | Command | What it does | Tool |
|---|---|---|---|
| System | systeminfo | OS version, RAM, updates, network adapters | CMD |
| System | Get-ComputerInfo | Extended system data in structured form | PowerShell |
| System | whoami /priv | Current user and privileges | CMD |
| Network | ipconfig /all | All network interfaces, IP, MAC, gateways | CMD |
| Network | ipconfig /flushdns | Clears the DNS resolver cache | CMD |
| Network | ping -t | Continuous host availability check | CMD |
| Network | tracert | Route to host and latency at hops | CMD |
| Network | nslookup | DNS resolution diagnostics | CMD |
| Network | netstat -ano | Active connections, open ports, PID | CMD |
| Network | Test-NetConnection | Host and specific port check | PowerShell |
| Files | dir /a /s | Recursive file list including hidden files | CMD |
| Files | robocopy /mir | Mirror directory synchronization | CMD |
| Files | findstr /i | Case-insensitive search in a file | CMD |
| Processes | tasklist | Process list with PID and memory | CMD |
| Processes | taskkill /pid /f | Forceful termination by PID | CMD |
| Processes | Get-Process | Sort CPU | Processes sorted by CPU load descending | PowerShell |
| Services | sc query / net start | Service status and control | CMD |
| Services | Get-Service / Restart-Service | Managing services through PowerShell | PowerShell |
| Users | net user / net localgroup | Managing local accounts | CMD |
| Disks | diskpart | Interactive disk and volume management | CMD |
| Disks | chkdsk /f /r | Disk error checking and repair | CMD |
| Logs | wevtutil qe | Reading event logs from the command line | CMD |
| Logs | Get-WinEvent -FilterHashtable | Fast event filtering by criteria | PowerShell |
| Firewall | netsh advfirewall | Viewing and modifying firewall rules | CMD |
| Registry | reg export / reg add | Registry backup and modification | CMD |
| Remote management | Enter-PSSession / Invoke-Command | Remote session and command execution on other servers | PowerShell |
| Tasks | schtasks | Creating, running, and deleting scheduled tasks | CMD |
Practical usage scenarios
Scenario 1: the server cannot access the internet
The diagnostic sequence looks like this: first, check whether there is an IP address and a gateway — ipconfig /all. If the settings are fine, ping the gateway. If the gateway responds, ping an external IP directly, for example 8.8.8.8. If the external IP is reachable but domain names do not resolve, the problem is DNS. Check it with nslookup ya.ru, and if DNS does not respond or returns the wrong result, clear the cache with ipconfig /flushdns — sometimes that fixes the issue immediately.
Scenario 2: a port is occupied, and the application will not start
The command will show the PID of the process occupying port 8080. Then run tasklist | findstr PID to find out the process name. After that, you can either configure the needed application to use another port or terminate the conflicting process with taskkill /pid NUMBER /f.
Scenario 3: suspicious activity, need to check sign-in attempts
Event code 4625 means failed authentication. If dozens of entries from the same IP address accumulate within the last hour, it is probably a password brute-force attempt. The next step is to block the address with a firewall rule via New-NetFirewallRule and check the account lockout policy settings.
Scenario 4: a service crashed and will not start
Check the status: sc query service_name. Look in the Application log for errors:
Try starting it manually: net start service_name. If an error is returned, check dependent services (sc qc service_name will show dependencies) and the rights of the account under which the service runs.
Scenario 5: deploy an update to multiple servers at once
PowerShell Remoting runs the code block in parallel on all servers in the list and returns a result from each one. It is important to make sure in advance that WinRM is configured on all machines and that you have the necessary permissions.
Where to use these commands: VPS on Windows Server 2025
All the commands described here work on any server running Windows Server 2025 — physical or virtual. In practice, most administration tasks are handled on cloud virtual servers. VPS based on Windows Server from Serverspace comes with the OS already deployed and RDP access enabled — you can open the command line and start working within minutes of creation. This is convenient both for test environments, where you need to quickly check scripts or commands without risking production infrastructure, and for production servers with full access to PowerShell and all Windows Server tools.
Common mistakes and how to avoid them
Running without administrator rights
Many commands — sc config, netsh, diskpart, New-NetFirewallRule — require administrator privileges. If a command returns “Access is denied” without an obvious reason, the first thing to check is the privilege level of the current session. CMD and PowerShell should be opened using “Run as administrator.”
Missing space in sc config
sc config "Spooler" start=disabled — this is an error. Correct: sc config "Spooler" start= disabled. The space before the value is mandatory — it is a quirk of the sc command syntax that confuses even experienced administrators.
rmdir /s /q without checking the path
Deleting a folder with all its contents happens without confirmation and without a recycle bin. Before running it, always use dir path and make sure the path is correct. This is especially important when using variables in scripts — if a variable is empty, the command may delete something other than intended.
robocopy /mir without a test run
The /mir flag removes everything from the target directory that does not exist in the source. If the source is empty or the path is wrong, data in the target will be deleted. Before a real run, use the /l flag (list only): the command will show what would happen without changing anything.
Get-EventLog on large logs
On large logs, Get-EventLog runs slowly — it may take several minutes. Use Get-WinEvent with the -FilterHashtable parameter: it queries the log directly and returns results much faster.
Script execution blocked by policy
By default, the ExecutionPolicy on Windows Server may be set to Restricted. If a PowerShell script does not run, check: Get-ExecutionPolicy. To allow it for the current session without changing global settings:
This changes the policy only for the current PowerShell process — safer than changing it system-wide.
Wrong encoding in CMD
If you see gibberish instead of Cyrillic characters in command output, the console encoding is the problem. To switch to UTF-8, use chcp 65001; for Windows-1251, use chcp 1251. This is especially relevant when working with Russian-language file and folder names.
Conclusion
The Windows Server 2025 command line covers a wide range of tasks — from quick network diagnostics to large-scale infrastructure management. CMD is suitable for one-off operations and simple checks; PowerShell handles automation, complex data filtering, and remote work with multiple servers at once.
This cheat sheet is handy to keep nearby during initial server setup, incident analysis, or when writing automation scripts. Most commands become second nature through regular use — no special memorization required.
A good starting point is to pick several commands from each category and try them on a test server. Practice matters more than theory here, and a test environment based on a virtual server lets you do that without risking production infrastructure.
How is PowerShell different from CMD in Windows Server 2025?
CMD is the classic command line for basic tasks: it works with text output and is included in Windows without additional components. PowerShell works with objects, supports pipelines, modules, remote management via WinRM, and automation of complex scenarios. For most modern server administration tasks, PowerShell is more convenient.
How do I run CMD or PowerShell as administrator?
Find the app in the Start menu, right-click it, and choose “Run as administrator.” Or press Win+X — the context menu will show “Terminal (Administrator)” or “Windows PowerShell (Administrator).”
How do I find which process is using a specific port?
Run netstat -ano and find the port in the Local Address column. The PID column shows the process number. Then run tasklist | findstr PID to find the application name. In PowerShell, this is done with Get-Process -Id PID.
Can Windows Server 2025 be managed completely without a graphical interface?
Yes. Windows Server 2025 is available in a Server Core edition — without a GUI. All tasks are handled through CMD, PowerShell, and the sconfig utility for basic setup. That is why command-line knowledge is critical when working with servers in production environments.
How do I check whether WinRM is configured and PowerShell remote management works?
On the target server, run winrm quickconfig. To test from the client side: Test-WSMan -ComputerName server_name. Make sure the firewall allows traffic on port 5985 (HTTP) or 5986 (HTTPS).
What should I do if a PowerShell script will not run because of security policy?
Check the current policy with Get-ExecutionPolicy. If the value is Restricted, scripts are blocked. To allow them for the current session without changing global settings, run: Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass. For a permanent change at the user level: Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy RemoteSigned.