
Command Prompt, System32, Windows Server
1GHz with 2 cores 64bit
4GB RAM
64GB or larger storage
UEFI, Secure Boot capable
Trusted Platform Module TPM v2.0
DirectX12 graphic card
Windows Editions
Individual home use
Everyone
Lacks domain join, Group Policy, BitLocker management, Hyper‑V, and Remote Desktop host; consumer‑focused features only.
Small/mid‑sized businesses, advanced users
Everyone
Adds BitLocker, Remote Desktop host, Hyper‑V virtualization, Group Policy, Windows Update for Business, domain join.
High‑performance and storage‑intensive workloads
Everyone
Supports up to 4 CPUs / 256 cores, ReFS filesystem, RDMA, NVDIMM‑N, up to 6 TB RAM.
Large enterprise organizations
Volume Licensing, Enterprise Agreement, CSP
Includes all Pro features plus advanced security (AppLocker, Credential Guard), advanced device management, LTSC option (Windows 11 Enterprise LTSC 2024).
Enterprises with restrictive change requirements
Volume Licensing, Enterprise Agreement, CSP
Long‑term servicing (10‑year support), minimal feature updates, stable environment for regulated/mission‑critical systems.
Enterprise‑level features for academic institutions
Academic Volume Licensing
Based on Enterprise; includes enterprise‑grade security and management with academic licensing.
School staff, administrators, teachers, students
Academic Volume Licensing
Based on Pro but removes Cortana, Store suggestions, Windows Spotlight; adds “Set Up School PCs” provisioning tools.
Fixed‑purpose devices, embedded systems
IoT distributors
Locked‑down OS, long‑term servicing, device‑specific licensing, used for kiosks, ATMs, POS, medical devices.
Ctrl+A # Select All
Ctrl+C # Copy
Ctrl+D # Delete Item
Ctrl+V # Paste
Ctrl+X # Cut
Ctrl+Y # Redo
Ctrl+Z # Undo
Shift+Delete # Delete Item Permanently
Ctrl+Shift+Esc # Open Task Manager
Alt+F4 # Close Current Windows
Alt+Tab # Switch Apps
F2 # Rename File
F5 # Refresh Window
PrtScn. # Take Screenshot
Win+I # Settings App
Win+D # Display and Hide Desktop
Win+E # Open File Explorer
Win+L # Lock Device (Screen)
Win+R # Open Run Dialog
Win+. # Emojies
Win+PrtScn # Screenshot in the “screenshots” folder
Win+LeftArrowKey # Snap app or window left
Win+RightArrowKey # Snap app or window right
Win+Ctrl+V # Audio output settings (blocked apps)
Command Prompt CMD
## Basic Commands ##
> <command> /? # <command> Information (CMD and PowerShell)
> help # Legacy Commands Information (CMD)
> systeminfo # System info (CMD and PowerShell)
> dir # Show directory list files
> cls # Clear terminal prompt
> hostname # Show PCNAME
> md mkdir # Make Directory
> cd chdir # Change Directory
> rd rmdir # Remove Directory
> copy <source.ext> <destination> # Copy normal
> copy <source> <destination> /v # Verifies the integrity of copy
> copy <source> <destination> /y # Supress confirmation of operation
> copy <source.ext1> <dest.ext2> # Copy and change name
> shutdown /s /t 0 # Shutdown the PC immediately
> shutdown /r /t 0 # Restart the PC immediately
> logoff # Log out the account
> <command> | findstr <string> # Find string in the <command> output
> <command> | clip # Copy output to clipboard
> whoami # Show PCNAME\UserName
> whoami /fqdn # User name in Fully Qualified Distinguished Name
> whoami /user # Display the current user
> whoami /all # Display the current users and groups
> powercfg /energy # Power Settings and Reports
> powercfg /systempowerreport #
> powercfg /batteryreport #
## Networking ##
> ipconfig # IP configuration
> ipconfig /all # Display all the information
> ipconfig /release # Release the current IP
> ipconfig /renew # Renew IP address
> ipconfig /displaydns # Display DNS
> ipconfig /flushdns # Flush the DNS cache
> ping <IP> -t # Ping <IP> continuously
> netstat # Network Statistics
> netstat -a # Show all connections
> netstat -b # Display applications connected to the computer
> netstat -f # Display the FQDN for foreign addressescls
> netstat -s # Show statistics of all protocols
> nslookup <domain/IP> # Name Server Look Up, <IP> address or <domain>
> nslookup -type=<A/CNAME/MX/PTR/NS/ANY> <domain> # By Registry Type
> tracert <IP/domain> # Trace the path taken by a packet to the destination
> netsh wlan show profile # Show saved Wifi networks
> netsh wlan show profile "WifiName" key=clear # Show Wifi passwd
## Active Directory, Group Policy (Enterprise) ##
> net share # show shared resources
> net use # show computer’s connections
> net use h: “\\SERVER\FOLDER” # config shared resource
> net session # Lists users connected to shared resources
> net user # Show local users
> net user <user> # Show <user> details
> net user <user> * /add # Create Local <user>
> net user <user> /delete # Delete <user>
> net accounts
> net view
> gpupdate /force
> logoff
# rsop.msc # To check the Resultant Set of Policy
> gpresult
> gpresult > C:\Users\%USERNAME%\Desktop\gpresult.txt # Find Group Policy results CMD and save them in desktop in .txt
# Access CMD when Installing
Shift + (fn)F10
# Create Local Account
> oobe\bypassnro # Bypass Login with Microsoft account (Should be disconnected of internet)
# Startup Boot options
Lenovo ThinkPad:
Enter (Startup Menu)
F1 (BIOS)
F10 (Diagnose Hardware)
F11 (Windows Recovery)
F12 (Boot order)
Novo Button
# Enter Windows Recovery
Shift Key + Power > (Restart)
Settings > Update & Security > Recovery > Advanced startup (Restart)
# Recovery Mode
Troubleshoot > Advanced options > Startup Settings (Safe mode)
Troubleshoot > Advanced options > Startup Repair (Automatic repair)
Troubleshoot > Advanced options > System Restore
Troubleshoot > Reset this PC (Factory Reset, last resort)
Troubleshoot > Advanced options > Command Prompt
## Recover Windows Installation (In order)
X:\windows\system32> dir C: # Confirm Windows is located in C: before do any changes
X:\windows\system32> chkdsk C: /f # Check Disk Hardware/Filesystem check
X:\windows\system32> bcdedit /enum all # Boot Configuration Data information
## Simple Boot repair
X:\windows\system32> bootrec /scanos # Scan OS
X:\windows\system32> bootrec /rebuildbcd # Repair boot.ini Windows Boot Configuration Database (BCD)
Turnoff PC - restart
## Rebuild Boot Loader
X:\windows\system32> diskpart
DISKPART> list disk
DISKPART> select disk 0 # The main drive
DISKPART> list vol
DISKPART> select vol X # The EFI FAT32 volume - no drive letter
DISKPART> assign letter=Z
DISKPART> exit
X:\windows\system32> bcdboot C:\windows /s Z: /f UEFI
X:\windows\system32> diskpart
DISKPART> list vol
DISKPART> select vol Z
DISKPART> remove letter=Z
DISKPART> exit
Turnoff PC - restart
## Repair Windows System Files
X:\windows\system32> dism /image:C:\ /Cleanup-Image /RestoreHealth # Deployment Image Servicing and Management tool
X:\windows\system32> sfc /scannow /offbootdir=C:\ /offwindir=C:\Windows # System File Checker verify the integrity of the OS
Turnoff PC - restart
# Disk Partitions
> diskpart
diskpart> list disk
diskpart> select disk x
diskpart> clean
diskpart> create partition primary
diskpart> format fs=fat32 quick
diskpart> assign letter=X
diskpart> list partition
diskpart> select partition 1
diskpart> delete partition
diskpart> clean
diskpart> exit
# Disable BitLocker
manage-bde -status
manage-bde -unlock C: -RecoveryPassword <RECOVERY-KEY>
manage-bde -off C:
Administrative Tools (System32)
## Win + R (.exe), MMC (.msc), Windows Tools (C:\Windows\System32)
appwiz.cpl # Programs (Control Panel)
certmgr.msc # Certificates - Current User
cleanmgr.exe # Disk Clean-up
cmd.exe # Command Prompt
compmgmt.msc # Computer Management
control.exe # Control Panel
devmgmt.msc # Device Manager
diskmgmt.msc # Disk Management
eventvwr.msc # Event Viewer
gpedit.msc # Local Group Policy Editor
gpmc.msc # Group Policy (Enterprise)
inetcpl.cpl # Internet Options (General, Security, Privacy, Content, Connections, Programs, Advanced)
lusrmgr.msc # Local Users and Groups (Local)
mmc.exe # Microsoft Management Console
msconfig.exe # System Configuration (General, Boot, Services, Startup, Tools)
msinfo32.exe # System Information (Hardware Resources, Components, Software Environment)
mstsc.exe # Remote Desktop Connection
perfmon.msc(& .exe) # Performance Monitor
perfmon /rel # Open Reliability Monitor
quickassist.exe # Quick Assist
regedit.exe(regedt32) # Registry Editor
resmon.exe # Resource Monitor
rstrui.exe # System Restore
services.msc # Services
slmgr.vbs /dli # Check type of Windows licence details (Retail, OEM, Volume)
systempropertiesadvanced.exe # System Properties (Computer Name, Hardware, Advanced, System Protection, Remote)
taskmgr.exe # Task Manager (Processes, Performance, App history, Startup apps, Users, Details, Services)
taskschd.msc # Task Scheduler
useraccountcontrolsettings.exe # Change UAC Settings
winver.exe # About Windows
Windows Server
Active Directory Domain Services AD DS
1.
Set name and static IP
2.
Promote to role (e. Domain Controller - Active Directory Domain Services)
3.
Configure Domain ad.company.com and NetBIOS "COMPANY"
nslookup ad.company.com # Should return the IP of the server
nslookup -type=srv _ldap._tcp.dc._msdcs.ad.company.com # Should return svr hostname and IP
dcdiag # Domain Controller Diagnostics
netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" rulegroup="File and Printer Sharing" new enable=Yes # Open ICMP protocol to answer ping requests
gpupdate /force # Enforced Group Policy Objects (Client Computers)
gpresult /h c:\gpresult.html # Audit applied GP
4. Create Organizational Units OUs
ad.company.com
📂 Company (The Top-Level Parent OU)
📂 Administrators (For high-privilege domain/local admin accounts)
📂 Groups (For security and distribution groups)
📂 Workstations (For corporate laptops and desktops)
📂 Servers (For any member servers you add later)
📂 Users (For standard Domain Users)
📂 IT
📂 HQ (Optional: split by department or location)
📂 Remote
5. Create Domain Admins and Domain Users
6. Create Group Policy Objects GPOs
Tools > Group Policy Management > company.com > Group Policy Objects (Create and Edit)
OU target > Link an Existing GPO…
## Common GPOs
- Password Policy: Defines minimum password length (e.g., 14 characters), complexity requirements, and history.
- Account Lockout Policy: Protects against brute-force attacks (e.g., lock the account for 30 minutes after 5 failed attempts).
- Screen Lock / Inactivity Timeout: Forces automatic workstation lock after 10–15 minutes of inactivity to protect unattended machines.
- Windows Defender Firewall: Enforces that the firewall is enabled across Domain, Private, and Public profiles, and opens specific ports cleanly
- Drive Mapping: Automatically maps network shares (e.g., mapping \\Server\Shared to the S: drive) based on department or group membership.
- Folder Redirection / OneDrive Deployment: Silently redirects user profile folders like Documents, Desktop, and Downloads to a centralized file server or forces a silent sign-in to OneDrive.
- Removable Media Restrictions: Blocks or limits USB drives and other removable storage to reduce malware risk.
- Browser Standardization: Pushes corporate bookmarks, configures a default homepage, or enforces extensions for Microsoft Edge or Google Chrome (using downloaded ADMX templates).
- Restrict Command Prompt & PowerShell: Prevents non‑admin users from running cmd.exe or PowerShell to reduce lateral‑movement risk.
- Software Installation Restrictions: Blocks unauthorized software installation to reduce malware and shadow IT.
- Control Panel Restrictions: Prevents users from accessing Control Panel/Settings to avoid misconfiguration.
- Windows Update: Configures when machines check for updates, whether they automatically install them, and prevents unexpected forced reboots while a user is working.
File Server
User > Profile > Home folder (Connect U: to \\WINSERVER\SharedFolder\%username% )
net use G: \\SERVER\folder # Map network drive on User's computer
Microsoft Configuration Manager SCCM/ConfigMgr
On‑premises systems management platform for managing large fleets of Windows devices
SCCM Agent — Software Center on client computers
Microsoft Hyper-V
Search: Turn Windows features on or off
Windows PE
(Preinstallation Environment)