Top Most 50 CMD Commands for Security of Windows:
Securing a system involves implementing various measures to protect it from unauthorized access, malware, and other potential threats. Here are some command prompt (CMD) commands that can be used for security-related tasks on a Windows system:
1. Check Network Connections:
netstat -ano
This command displays active network connections, along with the process ID (PID) of each connection. You can use this information to identify suspicious connections.
2. Firewall Configuration:
View firewall settings:
netsh advfirewall show all
Enable or disable the firewall:
netsh advfirewall set allprofiles state on/off
3. Windows Defender (Security Essentials) Commands:
Update Windows Defender definitions:
MpCmdRun.exe -SignatureUpdate
Run a quick scan:
MpCmdRun.exe -Scan -ScanType 1
4. User Account Management:
Add a new user:
net user username password /add
Change user password:
net user username newpassword
5. Event Viewer:
Open Event Viewer:
eventvwr
Check security events for potential issues or unauthorized access.
6. System File Checker (SFC):
sfc /scannow
This command checks and repairs system files for integrity issues.
7. BitLocker Commands:
Check BitLocker status:
manage-bde -status
Encrypt a drive:
manage-bde -on C: -RecoveryPassword
8. Windows Update:
wuauclt /detectnow
This command forces Windows to check for updates immediately.
9. Remote Desktop:
Enable Remote Desktop:
reg add “HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server” /v fDenyTSConnections /t REG_DWORD /d 0 /f
Disable Remote Desktop:
reg add “HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server” /v fDenyTSConnections /t REG_DWORD /d 1 /f
10. Check Running Processes:
tasklist
This command provides a list of all running processes on the system. You can identify unfamiliar or suspicious processes.
11. Windows Firewall Advanced Security:
wf.msc
Opens the Windows Firewall with Advanced Security interface for more detailed configuration.
12. Check Disk for Errors:
chkdsk /f
This command checks the disk for errors and attempts to fix them. It may prompt you to schedule a disk check on the next system restart.
13. System Information:
systeminfo
Displays detailed information about the system, including the OS version, installed hotfixes, and system uptime.
14. User Account Rights:
whoami /priv
Shows the privileges associated with the current user account. Check for unnecessary or elevated privileges.
15. Group Policy Update:
gpupdate /force
Forces an immediate update of Group Policy settings.
16. Network Configuration:
Display network configuration:
ipconfig /all
Release and renew IP address:
ipconfig /release
ipconfig /renew
17. Windows Defender Scan (Full):
MpCmdRun.exe -Scan -ScanType 2
Initiates a full scan using Windows Defender.
18. Check Windows Security Center Status:
wscui.cpl
Opens the Windows Security Center interface to check the status of antivirus, firewall, and other security-related components.
19. Local Security Policy:
secpol.msc
Opens the Local Security Policy editor, allowing you to configure various security settings.
20. USB Device Control:
reg add “HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR” /v Start /t REG_DWORD /d 4 /f
Disables USB storage devices. Change the value to 3 to enable them.
21. Check System Logs:
eventvwr.msc
Opens the Event Viewer, where you can review system, application, and security logs for potential issues.
22. Windows Defender Update (Manually):
MpCmdRun.exe -SignatureUpdate
Forces an immediate update of Windows Defender signatures.
23. Check and Repair Windows Image:
DISM /Online /Cleanup-Image /CheckHealth
DISM /Online /Cleanup-Image /RestoreHealth
These commands check and repair the Windows image for component store corruption.
24. PowerShell Execution Policy:
View execution policy:
Get-ExecutionPolicy
Set execution policy:
Set-ExecutionPolicy Restricted
Adjust the execution policy to restrict the running of scripts.
25. Check Active Directory Replication:
repadmin /showrepl
Displays the status of Active Directory replication.
26. Windows Defender Exclusions:
Add folder exclusion:
Set-MpPreference -ExclusionPath “C:\ExampleFolder”
List current exclusions:
Get-MpPreference | Select-Object -ExpandProperty ExclusionPath
Manage exclusions for Windows Defender to avoid false positives.
27. Windows Defender Configuration:
Disable Windows Defender Real-Time Protection:
Set-MpPreference -DisableRealtimeMonitoring $true
Enable Windows Defender Real-Time Protection:
Set-MpPreference -DisableRealtimeMonitoring $false
28. Check Connected USB Devices:
wmic logicaldisk get caption,description
Displays information about connected USB devices.
29. Check Windows Update Status:
wuauclt /showsummary
Provides a summary of Windows Update status.
30. System File Checker (SFC) with Log File:
sfc /scannow /log=C:\sfclog.txt
Performs a system file check and saves the results to a log file.
31. Revoke Remote Desktop Session:
qwinsta /server:hostname_or_IP
rwinsta SessionID /server:hostname_or_IP
Lists and disconnects remote desktop sessions.
32. Check BitLocker Encryption Status:
manage-bde -status
Displays information about BitLocker-protected drives.
33. Check DNS Cache:
ipconfig /displaydns
Shows the contents of the DNS resolver cache, helping to identify potentially malicious entries.
34. Audit User Account Logon Events:
auditpol /set /subcategory:”Logon” /success:enable /failure:enable
Enables auditing for successful and failed user account logon events.
35. Check Running Services:
net start
Lists all currently running services on the system.
36. Task Scheduler Security Settings:
schtasks /query /fo LIST /v
Displays detailed information about scheduled tasks, including security settings.
37. Check Active Directory Group Membership:
net user username
Shows information about a user account, including group memberships.
38. Windows Security Baselines:
secedit /export /cfg “C:\security.cfg”
Exports the security configuration of the system to a file.
39. Windows Update Troubleshooter:
msdt.exe /id WindowsUpdateDiagnostic
Launches the Windows Update Troubleshooter to identify and resolve update-related issues.
40. Network Configuration (Advanced):
netsh interface show interface
Displays detailed information about network interfaces.
41. Security Accounts Manager (SAM) Database Backup:
reg save HKLM\SYSTEM C:\sam_backup.hive
Creates a backup of the SAM registry hive, which contains user account information.
42. Check USB Device History:
wevtutil qe Microsoft-Windows-DriverFrameworks-UserMode/Operational /q:”*[System[Provider[@Name=’Microsoft-Windows-DriverFrameworks-UserMode’] and (EventID=2101)]]” /f:text
Retrieves information about connected USB devices.
43. Windows Defender Exploit Guard Configuration:
Set-MpPreference -EnableExploitProtection $true
Enables Windows Defender Exploit Guard for advanced threat protection.
44. Windows Defender PowerShell Module:
Install Defender module (requires Windows Defender feature):
Install-Module -Name Defender
Import Defender module:
Import-Module Defender
Use Defender-specific cmdlets for advanced security tasks.
45. Windows Security Center Status (PowerShell):
Get-WmiObject -Namespace root/SecurityCenter2 -Class AntiVirusProduct
Retrieves information about installed antivirus products.
Always exercise caution when using command prompt commands, especially those that modify system settings or involve sensitive information. Understanding the purpose and potential impact of each command is essential for effective and secure system management.