---
title: "Administration PowerShell"
domain: sysadmin
subdomain: windows-server
type: snippet
tags: [windows, powershell, administration, server, cmdlet]
difficulty: beginner
status: stable
updated: "2025-05-10"
---
## Navigation et fichiers

```powershell
# Navigation
Set-Location C:\Windows
Get-Location                    # pwd
Get-ChildItem                   # ls / dir
Get-ChildItem -Recurse -Filter "*.log"

# Fichiers
New-Item -ItemType File fichier.txt
New-Item -ItemType Directory dossier
Copy-Item source.txt dest.txt
Move-Item ancien.txt nouveau.txt
Remove-Item fichier.txt
Remove-Item dossier -Recurse -Force

# Contenu
Get-Content fichier.txt
Get-Content fichier.txt -Tail 50   # dernières 50 lignes
Set-Content fichier.txt "contenu"
Add-Content fichier.txt "nouvelle ligne"
```

## Processus et services

```powershell
# Processus
Get-Process
Get-Process -Name {{SERVICE}}
Stop-Process -Name {{SERVICE}} -Force
Stop-Process -Id {{PID}} -Force
Start-Process notepad.exe

# Services
Get-Service
Get-Service -Name {{SERVICE}}
Start-Service {{SERVICE}}
Stop-Service {{SERVICE}}
Restart-Service {{SERVICE}}
Set-Service {{SERVICE}} -StartupType Automatic
Set-Service {{SERVICE}} -StartupType Disabled

# Services en cours
Get-Service | Where-Object {$_.Status -eq "Running"}
Get-Service | Where-Object {$_.StartType -eq "Automatic" -and $_.Status -eq "Stopped"}
```

## Utilisateurs et groupes locaux

```powershell
# Utilisateurs locaux
Get-LocalUser
New-LocalUser -Name "{{USER}}" -Password (ConvertTo-SecureString "{{PASSWORD}}" -AsPlainText -Force)
Remove-LocalUser -Name "{{USER}}"
Enable-LocalUser -Name "{{USER}}"
Disable-LocalUser -Name "{{USER}}"

# Groupes locaux
Get-LocalGroup
Get-LocalGroupMember -Group "Administrators"
Add-LocalGroupMember -Group "Administrators" -Member "{{USER}}"
Remove-LocalGroupMember -Group "Administrators" -Member "{{USER}}"
```

## Réseau

```powershell
# Configuration réseau
Get-NetIPAddress
Get-NetIPConfiguration
Get-NetAdapter

# Configurer une IP statique
New-NetIPAddress -InterfaceAlias "Ethernet" -IPAddress "{{SERVER_IP}}" -PrefixLength 24 -DefaultGateway "192.168.1.1"
Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses "8.8.8.8","8.8.4.4"

# Connexions actives
Get-NetTCPConnection -State Listen
Get-NetTCPConnection | Where-Object {$_.State -eq "Established"}

# Tests réseau
Test-NetConnection -ComputerName {{TARGET}} -Port {{PORT}}
Test-NetConnection google.com -TraceRoute
Resolve-DnsName {{TARGET_DOMAIN}}
```

## Registre Windows

```powershell
# Lire une clé
Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion"
Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\{{SERVICE}}"

# Créer / modifier une valeur
Set-ItemProperty -Path "HKLM:\SOFTWARE\MyApp" -Name "Debug" -Value 1
New-Item -Path "HKLM:\SOFTWARE\MyApp"
New-ItemProperty -Path "HKLM:\SOFTWARE\MyApp" -Name "Version" -Value "1.0" -PropertyType String

# Supprimer
Remove-ItemProperty -Path "HKLM:\SOFTWARE\MyApp" -Name "Debug"
Remove-Item -Path "HKLM:\SOFTWARE\MyApp" -Recurse
```

## Gestion des logs

```powershell
# Journaux d'événements
Get-EventLog -LogName Application -Newest 50
Get-EventLog -LogName Security -EntryType Error,Warning -Newest 20
Get-EventLog -LogName System -Source "Service Control Manager"

# Avec Get-WinEvent (plus puissant)
Get-WinEvent -LogName Application -MaxEvents 100
Get-WinEvent -FilterHashtable @{LogName='Security'; Id=4625}   # Échecs de connexion
Get-WinEvent -FilterHashtable @{LogName='Security'; Id=4624}   # Connexions réussies
Get-WinEvent -FilterHashtable @{
    LogName='System'
    StartTime=(Get-Date).AddHours(-1)
    Level=2  # Error
}
```

## WMI / CIM — Informations système

```powershell
# Infos système
Get-CimInstance -ClassName Win32_ComputerSystem
Get-CimInstance -ClassName Win32_OperatingSystem
Get-CimInstance -ClassName Win32_Processor
Get-CimInstance -ClassName Win32_PhysicalMemory

# Disques
Get-CimInstance -ClassName Win32_LogicalDisk | Select-Object DeviceID, Size, FreeSpace
Get-PSDrive -PSProvider FileSystem

# Résumé mémoire
$mem = Get-CimInstance -ClassName Win32_OperatingSystem
[Math]::Round(($mem.TotalVisibleMemorySize - $mem.FreePhysicalMemory) / $mem.TotalVisibleMemorySize * 100, 1)
```

## Exécution à distance

```powershell
# Activer WinRM
Enable-PSRemoting -Force

# Session distante interactive
Enter-PSSession -ComputerName {{SERVER_IP}} -Credential (Get-Credential)

# Commande distante one-shot
Invoke-Command -ComputerName {{SERVER_IP}} -ScriptBlock { Get-Service } -Credential (Get-Credential)

# Sur plusieurs serveurs
$servers = @("srv01", "srv02", "srv03")
Invoke-Command -ComputerName $servers -ScriptBlock { hostname; Get-Service | Where Status -eq "Stopped" }
```

<Tip>
Toujours utiliser `ConvertTo-SecureString` pour les mots de passe dans les scripts, jamais en clair. Pour les scripts automatisés, utiliser des credentials stockés dans le Windows Credential Manager ou un secret manager.
</Tip>