(Get-CimInstance -ClassName Win32_ComputerSystem).Domain
Get-CimInstance -ClassName Win32_ComputerSystem | Select-Object Domain, DomainRole, PartOfDomain
(Get-ADDomainController -Discover).Name
systeminfo to check domain:systeminfo | Select-String "Domain"
Get-MpComputerStatus | Select-Object EngineVersion, AMRunning, AMServiceVersion
Here’s a PowerShell command that recursively lists all files whose names case-insensitively contain common sensitive words often associated with credentials, configuration, or access control in Windows systems:
gci -Recurse -File | Where-Object { $_.Name -match '(?i)password|pass|conf|config|secret|token|auth|authentication|credential|creds|key|connection|access|admin|login|vault|env|certificate|cert|api|user|account|identity' } | Select-Object FullName
Single PowerShell one-liner that recursively searches both filenames and file contents for all those security related keywords:
Get-ChildItem -Path "C:\\Path\\To\\Folder" -Recurse -File | Where-Object { $_.Name -match "authentication|autenticazione|password|credential|credenziale|credentials|credenziali|server|access|accesso|login|user|utente|admin|administrator|amministratore|privilege|privilegio|permission|permesso|token|key|chiave|secret|segreto|security|sicurezza|policy|account|session|sessione|login attempt|tentativo accesso|role|ruolo|identity|identità|group|gruppo|connection|connessione|authorization|autorizzazione" -or (Select-String -Path $_.FullName -Pattern "authentication|autenticazione|password|credential|credenziale|credentials|credenziali|server|access|accesso|login|user|utente|admin|administrator|amministratore|privilege|privilegio|permission|permesso|token|key|chiave|secret|segreto|security|sicurezza|policy|account|session|sessione|login attempt|tentativo accesso|role|ruolo|identity|identità|group|gruppo|connection|connessione|authorization|autorizzazione" -Quiet) } | Select-Object FullName
List all SMB active connections:
Powershell: