System administration isn’t about working harder, it’s about working smarter. The difference between an average admin and a high-impact one often comes down to automation. PowerShell is the backbone of Windows automation, and when used correctly, it can save hundreds of hours per year, reduce human error, and give you deep visibility into your environment.

Below are 25 battle-tested PowerShell scripts designed for real-world administration across Windows servers, users, networks, permissions, printers, and security. Each script includes a clear explanation and is formatted so you can copy and use immediately.

1. Get All Logged-In Users Across Domain Computers

Get-ADComputer -Filter * | ForEach-Object {
    $comp = $_.Name
    try {
        $users = quser /server:$comp 2>$null
        if ($users) {
            Write-Output "=== $comp ==="
            $users
        }
    } catch {}
}

What it does: Queries all domain computers and shows active logged-in sessions.

2. Restart Multiple Computers Remotely

$computers = Get-Content "C:\temp\computers.txt"
Restart-Computer -ComputerName $computers -Force -ThrottleLimit 10

What it does: Restarts multiple machines using a list.

3. Check Disk Space on Remote Servers

Get-ADComputer -Filter * | ForEach-Object {
    Get-WmiObject Win32_LogicalDisk -ComputerName $_.Name -Filter "DriveType=3" |
    Select PSComputerName, DeviceID, @{Name="FreeGB";Expression={[math]::round($_.FreeSpace/1GB,2)}}
}

What it does: Displays free disk space across all servers.

4. Bulk Create Active Directory Users

Import-Csv "C:\temp\users.csv" | ForEach-Object {
    New-ADUser -Name $_.Name -GivenName $_.First -Surname $_.Last `
    -SamAccountName $_.Username -UserPrincipalName "$($_.Username)@domain.com" `
    -Path "OU=Users,DC=domain,DC=com" -AccountPassword (ConvertTo-SecureString $_.Password -AsPlainText -Force) `
    -Enabled $true
}

What it does: Creates users in bulk from CSV.

5. Disable Inactive Users (90 Days)

$time = (Get-Date).AddDays(-90)
Search-ADAccount -AccountInactive -UsersOnly -TimeSpan 90.00:00:00 | Disable-ADAccount

What it does: Finds and disables inactive accounts.

6. Get Installed Software on Remote Computer

Get-WmiObject -Class Win32_Product -ComputerName PC01 | Select Name, Version

What it does: Lists installed programs remotely.

7. Find Locked Out Accounts

Search-ADAccount -LockedOut | Select Name, SamAccountName

What it does: Identifies locked AD accounts.

8. Unlock All Locked Accounts

Search-ADAccount -LockedOut | Unlock-ADAccount

What it does: Bulk unlocks accounts.

9. Export Group Memberships

Get-ADGroupMember "Domain Admins" | Select Name, SamAccountName | Export-Csv "C:\temp\admins.csv" -NoTypeInformation

What it does: Exports group members.

10. Check Server Uptime

Get-CimInstance Win32_OperatingSystem | Select CSName, @{Name="Uptime";Expression={(Get-Date) - $_.LastBootUpTime}}

What it does: Shows uptime.

11. Restart a Service on Multiple Servers

$servers = Get-Content "servers.txt"
Invoke-Command -ComputerName $servers -ScriptBlock {
    Restart-Service -Name "Spooler"
}

What it does: Restarts services remotely.

12. List All Printers on Network

Get-Printer | Select Name, ComputerName, DriverName

What it does: Displays printers.

13. Add Network Printer

Add-Printer -ConnectionName "\\printserver\HPPrinter01"

What it does: Adds shared printer.

14. Get Folder Permissions

Get-Acl "C:\Shared" | Format-List

What it does: Shows permissions.

15. Set Folder Permissions

$acl = Get-Acl "C:\Shared"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("DOMAIN\User","FullControl","Allow")
$acl.SetAccessRule($rule)
Set-Acl "C:\Shared" $acl

What it does: Grants permissions.

16. Ping Sweep Network

1..254 | ForEach-Object {
    Test-Connection -ComputerName "192.168.1.$_" -Count 1 -Quiet
}

What it does: Finds live hosts.

17. Get Open Ports on Server

Get-NetTCPConnection | Select LocalAddress, LocalPort, State

What it does: Shows active ports.

18. Enable Firewall Rule

Enable-NetFirewallRule -DisplayName "Remote Desktop"

What it does: Enables firewall rule.

19. Backup Event Logs

wevtutil epl System C:\backup\system.evtx

What it does: Exports logs.

20. Monitor CPU Usage

Get-Process | Sort CPU -Descending | Select -First 10

What it does: Top CPU consumers.

21. Find Large Files

Get-ChildItem C:\ -Recurse | Sort Length -Descending | Select -First 10

What it does: Finds biggest files.

22. Create Scheduled Task

$action = New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument "C:\script.ps1"
$trigger = New-ScheduledTaskTrigger -Daily -At 3am
Register-ScheduledTask -TaskName "DailyScript" -Action $action -Trigger $trigger

What it does: Automates scripts.

23. Get AD Password Expiry

Get-ADUser -Filter * -Properties PasswordLastSet | Select Name, PasswordLastSet

What it does: Shows password age.

24. Remove Old Temp Files

Get-ChildItem "C:\Temp" -Recurse | Where-Object {$_.LastWriteTime -lt (Get-Date).AddDays(-30)} | Remove-Item -Force

What it does: Cleans temp files.

25. Check Windows Updates Status

Get-WindowsUpdateLog

What it does: Retrieves update logs.

Final Thoughts

These scripts aren’t just “nice to have” they represent leverage. A sysadmin who automates effectively can manage 10x the infrastructure with fewer mistakes and better visibility.

If you’re serious about scaling your impact:

Turn these into scheduled jobs
Combine them into dashboards
Build reporting pipelines

Automation isn’t optional anymore it’s the standard.