1 (925) 218-4000

Here are 100 advanced tips and tricks for Windows 10 and 11.

Advanced Windows Tips & Tricks (IT / MSP Level)

🧠 System Administration & Control

  1. Use gpedit.msc to enforce local group policies.

  2. Use rsop.msc to view Resultant Set of Policy.

  3. Use secpol.msc for local security policies.

  4. Use lusrmgr.msc to manage local users/groups (Pro+).

  5. Use whoami /groups to verify permissions.

  6. Use net user username /active:no to disable accounts.

  7. Use net localgroup administrators to audit admin users.

  8. Use wmic useraccount get name,sid for SID mapping.

  9. Use control userpasswords2 for advanced user control.

  10. Use runas /user:domain\admin cmd to elevate without logout.

⚡ PowerShell & Automation

  1. Use PowerShell profiles to load scripts automatically.

  2. Run Get-ExecutionPolicy and set to RemoteSigned if needed.

  3. Use Get-Process | Sort CPU -Descending to find heavy apps.

  4. Use Get-Service | Where-Object {$_.Status -eq "Running"}

  5. Use Invoke-Command for remote execution.

  6. Use Enter-PSSession for remote shell access.

  7. Use Get-WmiObject / Get-CimInstance for system queries.

  8. Automate installs using PowerShell + winget.

  9. Use Scheduled Tasks with PowerShell scripts.

  10. Use Export-Csv for reporting.

🛡️ Security Hardening

  1. Enable LSA Protection via registry.

  2. Disable SMBv1 (security risk).

  3. Use auditpol /get /category:* for auditing.

  4. Enable Advanced Audit Policies.

  5. Use AppLocker or WDAC for application control.

  6. Disable NTLM where possible.

  7. Enforce password complexity via GPO.

  8. Enable Credential Guard.

  9. Enable Exploit Protection settings.

  10. Use Microsoft Defender Advanced Hunting queries.

🌐 Networking & Troubleshooting

  1. Use netsh wlan show profiles to view saved WiFi.

  2. Use netsh wlan export profile to backup WiFi configs.

  3. Use route print to view routing table.

  4. Use tracert for path analysis.

  5. Use pathping for packet loss detection.

  6. Use arp -a to view ARP table.

  7. Use nslookup for DNS debugging.

  8. Use Wireshark for deep packet inspection.

  9. Reset TCP stack: netsh int ip reset

  10. Reset Winsock: netsh winsock reset

💾 Disk & Storage Management

  1. Use diskpart for advanced disk control.

  2. Use list disk / select disk / clean carefully.

  3. Convert MBR to GPT with mbr2gpt.exe.

  4. Use Storage Spaces for redundancy.

  5. Use chkdsk /f /r for disk repair.

  6. Use fsutil for file system control.

  7. Check disk usage with du (Sysinternals).

  8. Use VHD mounting for backups.

  9. Use ReFS for data integrity (servers).

  10. Enable BitLocker with TPM + PIN.

🖥️ Performance Optimization

  1. Use Resource Monitor (resmon) for deep analysis.

  2. Use Performance Monitor (perfmon) counters.

  3. Disable SysMain (Superfetch) on SSD-heavy systems.

  4. Analyze boot time with Event Viewer → Diagnostics-Performance.

  5. Use Autoruns (Sysinternals) to disable hidden startup apps.

  6. Use Process Explorer instead of Task Manager.

  7. Use Process Monitor for real-time file/registry tracking.

  8. Adjust virtual memory manually for heavy workloads.

  9. Disable unnecessary services via GPO.

  10. Use GPU scheduling (Hardware-accelerated GPU scheduling).

🧰 Sysinternals Suite (Must Know)

  1. Use Autoruns for startup control.

  2. Use PsExec for remote command execution.

  3. Use PsKill to terminate stubborn processes.

  4. Use PsList for process info.

  5. Use TCPView for live connections.

  6. Use Handle.exe to find file locks.

  7. Use AccessChk for permission auditing.

  8. Use Sigcheck to verify file signatures.

  9. Use RAMMap to analyze memory usage.

  10. Use BgInfo for system info on desktop.

🧩 Windows Deployment & Imaging

  1. Use DISM to service Windows images.

  2. Use dism /online /cleanup-image /restorehealth regularly.

  3. Capture images with dism /capture-image.

  4. Use Windows Autopilot for device provisioning.

  5. Use Sysprep before imaging systems.

  6. Use Unattend.xml for automated installs.

  7. Use WDS or MDT for deployments.

  8. Use winget import/export for app setups.

  9. Use Provisioning Packages (.ppkg).

  10. Use Azure AD Join + Intune policies.

🔐 Identity & Access (Modern IT)

  1. Use Azure AD / Entra ID conditional access.

  2. Enforce MFA for all users.

  3. Use Privileged Identity Management (PIM).

  4. Audit sign-ins via Entra logs.

  5. Use device compliance policies (Intune).

  6. Use SSO integrations for SaaS apps.

  7. Use passwordless authentication.

  8. Monitor risky sign-ins.

  9. Use Defender for Identity.

  10. Use Just-in-Time (JIT) admin access.

🧯 Troubleshooting & Recovery

  1. Use sfc /scannow + DISM combo for OS repair.

  2. Use Safe Mode with Networking for malware cleanup.

  3. Use System Restore via rstrui.exe.

  4. Use Startup Repair (WinRE).

  5. Analyze crashes with BlueScreenView or WinDbg.

  6. Use Reliability Monitor (perfmon /rel).

  7. Check logs in Event Viewer.

  8. Use Reset this PC (keep files) when needed.

  9. Use offline Defender scan for rootkits.

  10. Keep a bootable USB toolkit (WinPE, tools, drivers).

Ryan C. Smith
Author: Ryan C. Smith

Ryan C. Smith
bmsp-logo

Enterprise IT management for Bay Area businesses. San Ramon headquartered. Serving Fremont, Oakland, Hayward, San Jose, and beyond since 1996.

Services

Fully Managed IT
Co-Managed IT
Cybersecurity Compliance
Cloud Migration (Azure)
IT Helpdesk Support
Business Continuity

Industries

Healthcare / HIPAA
Legal Firms
Defense Contractors
Manufacturing
Professional Services

Company

About Blackhawk MSP
Our Team
Case Studies
Contact Us
Free Security Audit

© 2025 Blackhawk MSP · San Ramon, CA · Managed IT Services for the Bay Area

Privacy Policy · Terms of Service