IT SysAdmin Essential Guide

Legend

Unix Linux commands
PowerShell Windows automation
Network ports & protocols
Rule gold standard practices
Warning proceed with caution

01 /

Unix/Linux Mastery

Efficiency, system health, and log analysis — the commands you'll reach for every single day.

Unix Process Monitoring

Use htop for a better visual interface if installed — color-coded, scrollable, and lets you kill processes interactively. Fall back to top if htop isn't available.

top / htop
Unix Recursive Log Search

Quickly finds matching strings across all log files in a directory. Swap "error" for any pattern — combine with -i for case-insensitive matching.

grep -r "error" /var/log
Unix File Permissions

Sets rwxr-xr-x — owner can read/write/execute; group and others can read and execute. Use 644 for files that shouldn't be executed.

chmod 755 [file]
Unix Disk Usage

The -h flag outputs human-readable sizes (GB/MB) instead of raw blocks. Add --max-depth=1 to drill into a specific directory's subdirectories.

df -h
Unix Live Log View

Streams new log entries to your screen in real-time as they're written. Invaluable for watching deployments, monitoring auth attempts, or tailing application errors.

tail -f [file]
Unix Port Audit

Shows exactly which PID is listening on which port. -t TCP, -u UDP, -l listening only, -p show PID, -n skip DNS resolution for speed.

netstat -tulpn
Unix Repeat Last Command as Root

Executes the previous command with sudo privileges. The !! expands to the full previous command — a huge time-saver when you forget to prefix with sudo.

sudo !!

02 /

PowerShell Proficiency

Automation, Active Directory, and Windows internals — cmdlets you'll use daily in any Windows environment.

PowerShell List Stopped Services

Pipes all services through a filter to surface only those not currently running — faster than scrolling through Services.msc for a quick health check.

Get-Service | Where-Object
PowerShell Remote Port Check

A smarter alternative to ping — tests if a specific TCP port is open on a remote host. Use this before opening a ticket about connectivity; it tells you exactly where the block is.

Test-NetConnection
PowerShell Filter System Errors

Cuts through event log noise to show only Error-level entries from the System log. Add -Newest 50 to limit output, or -Source to narrow by application.

Get-EventLog
PowerShell Find Disabled AD Accounts

Queries Active Directory for all disabled user accounts in one shot. Useful for quarterly access reviews, offboarding audits, or license cleanup before renewals.

Get-ADUser -Filter
PowerShell Force Reboot

Forces a reboot on a hung or unresponsive machine, bypassing any "are you sure?" prompts. Add -ComputerName [server] to reboot a remote machine.

Restart-Computer -Force
PowerShell Remote Command Execution

Runs any command or script block on a remote server without opening RDP. Wrap multiple commands in the ScriptBlock — cleaner and faster than logging into each machine.

Invoke-Command

03 /

Default Network Ports

Memorize these for firewall rules and connectivity troubleshooting — the ports you'll reference on every ticket.

Remote Access & Management

Network SSH / SFTP — Secure Shell & File Transfer

The standard for encrypted remote access and secure file transfer. Should be your default for any remote terminal work — never use Telnet.

:22
Network Warning Telnet — Unencrypted Remote Access

Transmits everything in plaintext — credentials included. Block it at the firewall. Only relevant for legacy hardware that doesn't support SSH.

:23
Network RDP — Remote Desktop Protocol

Windows GUI remote access. Always restrict this port to a VPN or specific IP ranges — exposed RDP on the internet is a primary ransomware vector.

:3389

Web & Directory Services

Network HTTP / HTTPS — Web Traffic

All modern web traffic should be on 443. If you see 80 open in production without a redirect, that's a misconfiguration. Force HTTPS at the load balancer or server level.

:80 / :443
Network DNS — Domain Name System (TCP/UDP)

Most queries run over UDP; TCP is used for large responses and zone transfers. If DNS is broken, nearly everything breaks — always check this first when connectivity goes down.

:53
Network LDAP / LDAPS — Active Directory

389 is unencrypted LDAP — prefer LDAPS on 636 in any environment handling credentials. Required for AD authentication, group policy, and directory lookups.

:389 / :636

File & Email

Network SMTP — Email Sending

Port 25 is server-to-server. Use 587 (STARTTLS) for client submission — most ISPs block outbound 25 from residential IPs to prevent spam.

:25 / :587
Network IMAP — Email Retrieval

143 is standard IMAP (unencrypted); 993 is IMAPS (SSL/TLS). Always configure clients to use 993. IMAP keeps mail on the server — good for multi-device access.

:143 / :993
Network SMB — Windows File Sharing

Used for Windows network shares, printers, and inter-process communication. Block this at your perimeter firewall — it should never be exposed to the internet (EternalBlue).

:445
Network NFS — Network File System

Linux/Unix network file sharing. Restrict access via /etc/exports and firewall rules — NFS has no built-in encryption, so use it only on trusted internal networks.

:2049

04 /

The SysAdmin Gold Rules

The principles that separate good administrators from great ones — internalize these and they'll save you from disasters.

Rule Rule of Least Privilege

Never give a user — or yourself — more access than is strictly necessary. Use a standard account for daily tasks and elevate only when required. Limits blast radius when something goes wrong.

01
Rule Snapshot / Backup First

Before hitting Update or Delete, ensure you have a way back. A 5-minute backup saves a 5-hour restore. This applies to config files, databases, VMs, and anything you're about to touch.

02
Rule The Reboot Reality

If a system is acting "weird," a reboot clears the stack and memory. It's often the most efficient first diagnostic step — eliminates transient issues before you spend hours chasing phantom bugs.

03
Rule Document the "Why"

Don't just document what you changed — document why you changed it. Future-you (and your teammates) will need the context six months from now when something breaks and no one remembers the original reasoning.

04

📋 Quick Reference

Unix/Linux commands work on any modern Linux distro and macOS terminal. Some (like netstat) may require net-tools to be installed — on newer systems, ss -tulpn is the preferred alternative.

PowerShell cmdlets require the appropriate modules — Get-ADUser needs the ActiveDirectory RSAT module installed. Run PowerShell as Administrator for any commands that touch services, event logs, or remote machines.

Port numbers listed are defaults — applications can be configured to listen on non-standard ports. Always verify with netstat or ss rather than assuming.