Top 50 Useful CMD Commands for Security of Windows 7/8/10/11 Systems.

Top 50 Useful CMD Commands for Security of Windows 7/8/10/11 Systems.

Top Most 50 CMD Commands for Security of Windows:

Securing a system involves implementing various measures to protect it from unauthorized access, malware, and other potential threats. Here are some command prompt (CMD) commands that can be used for security-related tasks on a Windows system:

1. Check Network Connections:

netstat -ano

This command displays active network connections, along with the process ID (PID) of each connection. You can use this information to identify suspicious connections.

2. Firewall Configuration:

View firewall settings:

netsh advfirewall show all

Enable or disable the firewall:

netsh advfirewall set allprofiles state on/off

3. Windows Defender (Security Essentials) Commands:

Update Windows Defender definitions:

MpCmdRun.exe -SignatureUpdate

Run a quick scan:

MpCmdRun.exe -Scan -ScanType 1

4. User Account Management:

Add a new user:

net user username password /add

Change user password:

net user username newpassword

5. Event Viewer:

Open Event Viewer:


Check security events for potential issues or unauthorized access.

6. System File Checker (SFC):

sfc /scannow

This command checks and repairs system files for integrity issues.

7. BitLocker Commands:

Check BitLocker status:

manage-bde -status

Encrypt a drive:

manage-bde -on C: -RecoveryPassword

8. Windows Update:

wuauclt /detectnow

This command forces Windows to check for updates immediately.

9. Remote Desktop:

Enable Remote Desktop:

reg add “HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server” /v fDenyTSConnections /t REG_DWORD /d 0 /f

Disable Remote Desktop:

reg add “HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server” /v fDenyTSConnections /t REG_DWORD /d 1 /f

10. Check Running Processes:


This command provides a list of all running processes on the system. You can identify unfamiliar or suspicious processes.

11. Windows Firewall Advanced Security:


Opens the Windows Firewall with Advanced Security interface for more detailed configuration.

12. Check Disk for Errors:

chkdsk /f

This command checks the disk for errors and attempts to fix them. It may prompt you to schedule a disk check on the next system restart.

13. System Information:


Displays detailed information about the system, including the OS version, installed hotfixes, and system uptime.

14. User Account Rights:

whoami /priv

Shows the privileges associated with the current user account. Check for unnecessary or elevated privileges.

15. Group Policy Update:

gpupdate /force

Forces an immediate update of Group Policy settings.

16. Network Configuration:

Display network configuration:

ipconfig /all

Release and renew IP address:

ipconfig /release

ipconfig /renew

17. Windows Defender Scan (Full):

MpCmdRun.exe -Scan -ScanType 2

Initiates a full scan using Windows Defender.

18. Check Windows Security Center Status:


Opens the Windows Security Center interface to check the status of antivirus, firewall, and other security-related components.

19. Local Security Policy:


Opens the Local Security Policy editor, allowing you to configure various security settings.

20. USB Device Control:

reg add “HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR” /v Start /t REG_DWORD /d 4 /f

Disables USB storage devices. Change the value to 3 to enable them.

21. Check System Logs:


Opens the Event Viewer, where you can review system, application, and security logs for potential issues.

22. Windows Defender Update (Manually):

MpCmdRun.exe -SignatureUpdate

Forces an immediate update of Windows Defender signatures.

23. Check and Repair Windows Image:

DISM /Online /Cleanup-Image /CheckHealth

DISM /Online /Cleanup-Image /RestoreHealth

These commands check and repair the Windows image for component store corruption.

24. PowerShell Execution Policy:

View execution policy:


Set execution policy:

Set-ExecutionPolicy Restricted

Adjust the execution policy to restrict the running of scripts.

25. Check Active Directory Replication:

repadmin /showrepl

Displays the status of Active Directory replication.

26. Windows Defender Exclusions:

Add folder exclusion:

Set-MpPreference -ExclusionPath “C:\ExampleFolder”

List current exclusions:

Get-MpPreference | Select-Object -ExpandProperty ExclusionPath

Manage exclusions for Windows Defender to avoid false positives.

27. Windows Defender Configuration:

Disable Windows Defender Real-Time Protection:

Set-MpPreference -DisableRealtimeMonitoring $true

Enable Windows Defender Real-Time Protection:

Set-MpPreference -DisableRealtimeMonitoring $false

28. Check Connected USB Devices:

wmic logicaldisk get caption,description

Displays information about connected USB devices.

29. Check Windows Update Status:

wuauclt /showsummary

Provides a summary of Windows Update status.

30. System File Checker (SFC) with Log File:

sfc /scannow /log=C:\sfclog.txt

Performs a system file check and saves the results to a log file.

31. Revoke Remote Desktop Session:

qwinsta /server:hostname_or_IP

rwinsta SessionID /server:hostname_or_IP

Lists and disconnects remote desktop sessions.

32. Check BitLocker Encryption Status:

manage-bde -status

Displays information about BitLocker-protected drives.

33. Check DNS Cache:

ipconfig /displaydns

Shows the contents of the DNS resolver cache, helping to identify potentially malicious entries.

34. Audit User Account Logon Events:

auditpol /set /subcategory:”Logon” /success:enable /failure:enable

Enables auditing for successful and failed user account logon events.

35. Check Running Services:

net start

Lists all currently running services on the system.

36. Task Scheduler Security Settings:

schtasks /query /fo LIST /v

Displays detailed information about scheduled tasks, including security settings.

37. Check Active Directory Group Membership:

net user username

Shows information about a user account, including group memberships.

38. Windows Security Baselines:

secedit /export /cfg “C:\security.cfg”

Exports the security configuration of the system to a file.

39. Windows Update Troubleshooter:

msdt.exe /id WindowsUpdateDiagnostic

Launches the Windows Update Troubleshooter to identify and resolve update-related issues.

40. Network Configuration (Advanced):

netsh interface show interface

Displays detailed information about network interfaces.

41. Security Accounts Manager (SAM) Database Backup:

reg save HKLM\SYSTEM C:\sam_backup.hive

Creates a backup of the SAM registry hive, which contains user account information.

42. Check USB Device History:

wevtutil qe Microsoft-Windows-DriverFrameworks-UserMode/Operational /q:”*[System[Provider[@Name=’Microsoft-Windows-DriverFrameworks-UserMode’] and (EventID=2101)]]” /f:text

Retrieves information about connected USB devices.

43. Windows Defender Exploit Guard Configuration:

Set-MpPreference -EnableExploitProtection $true

Enables Windows Defender Exploit Guard for advanced threat protection.

44. Windows Defender PowerShell Module:

Install Defender module (requires Windows Defender feature):

Install-Module -Name Defender

Import Defender module:

Import-Module Defender

Use Defender-specific cmdlets for advanced security tasks.

45. Windows Security Center Status (PowerShell):

Get-WmiObject -Namespace root/SecurityCenter2 -Class AntiVirusProduct

Retrieves information about installed antivirus products.

Always exercise caution when using command prompt commands, especially those that modify system settings or involve sensitive information. Understanding the purpose and potential impact of each command is essential for effective and secure system management.

Scroll to Top