An advanced Model Context Protocol (MCP) server that provides comprehensive Windows system management capabilities through PowerShell, including network configuration, security management, registry operations, event log analysis, disk management, Windows Defender antivirus, CIS Benchmark security hardening, performance monitoring, database operations, and complete system administration.
This extended MCP server includes 250+ powerful tools across 19+ categories (expandable to 700+ tools with full CIS Benchmark implementation):
- Configure static IP addresses, gateways, and DNS servers
- Enable DHCP for automatic IP configuration
- Manage network adapters (enable/disable/restart)
- Test connectivity with ping, port testing, and traceroute
- Clear DNS cache and reset network stack
- Monitor network statistics and active connections
- Create and delete local users and manage passwords
- Add/remove firewall rules with port and program filtering
- Manage user group memberships and permissions
- Inspect and modify ACL permissions on files/folders
- Monitor firewall configuration and security groups
- Read, write, and delete registry values and keys
- Search registry recursively with pattern matching
- Export and import registry keys to .reg files
- Backup entire registry hives for disaster recovery
- Query, search, and export event logs
- Clear event logs with optional backup
- Write custom log entries for application tracking
- Configure log size and retention policies
- Initialize disks with GPT or MBR partition styles
- Format volumes with NTFS, ReFS, exFAT, or FAT32
- Resize partitions (extend/shrink)
- Assign drive letters and manage disk online status
- Monitor disk health with SMART data
- Optimize disks with defragmentation and TRIM
- List hardware devices and driver information
- Enable/disable devices and update drivers
- Diagnose device problems and conflicts
- Monitor USB devices and network adapters
- Check for and install updates automatically
- View update history and pending updates
- Hide or uninstall specific updates
- Check reboot requirements after updates
- Start Quick, Full, or Custom scans
- Update virus definitions automatically
- Manage scan exclusions (paths, extensions, processes)
- Enable/disable real-time protection
- User Rights Assignment - Audit and configure privileged access rights
- Advanced Audit Policy - Comprehensive security event auditing
- System Services - Disable unnecessary services (Xbox, Bluetooth, etc.)
- Compliance Reporting - Generate JSON/HTML compliance reports
- Configuration Backup/Restore - Safe hardening with rollback
- Master Baseline Application - Orchestrated security hardening
- Foundation for complete CIS Microsoft Windows 10/11 Benchmark v3.0.0
- Real-time CPU usage per core with detailed metrics
- Detailed memory statistics - physical, virtual, paging
- Disk I/O monitoring - IOPS, throughput, queue length
- Network throughput tracking - sent/received bytes per adapter
- Top CPU and memory processes - identify resource hogs
- System uptime and boot time analysis
- Performance reports - comprehensive health assessments
- Disk benchmarks - test read/write speeds
- Performance alert thresholds - configurable monitoring
- Performance counter monitoring - custom counters
- Test SQL Server connectivity with authentication
- Execute SQL queries with timeout control
- Get SQL Server information - version, edition, properties
- List databases and tables in SQL Server instances
- Backup and restore databases with compression
- SQL Server performance metrics - connections, requests, reads/writes
- List certificates in all stores (My, Root, CA, etc.)
- Get certificate details - subject, issuer, expiration
- Test certificate expiration - find expiring certificates
- Export/import certificates to/from files
- Test SSL/TLS certificates for websites
- Create self-signed certificates for development
- HTTP GET/POST/PUT/DELETE requests with custom headers
- Download files from URLs with progress
- Test URL availability and response times
- Extract web page content and parse HTML
- Parse JSON responses from REST APIs
- Base64 encoding/decoding for data transfer
- Custom authentication and header management
- List all printers with status and configuration
- View print queues and job details
- Clear print queues - remove all pending jobs
- Cancel specific print jobs by ID
- Set default printer for system
- Pause/resume printers for maintenance
- Create system restore points with descriptions
- List and restore from system restore points
- Create VSS snapshots - Volume Shadow Copy
- Export Event Viewer configuration for disaster recovery
- Backup registry hives - HKLM, HKCU, SAM
- Windows Backup status - check backup configuration
- View and remove detected threats
- Monitor Defender status and preferences
- List and uninstall applications
- Manage startup programs
- Start processes with elevation and arguments
- Monitor process performance in real-time
- Set process priorities (Idle to RealTime)
- View system-wide resource usage
- Advanced file searching with filters
- Calculate file hashes (MD5, SHA256, etc.)
- Find duplicate files by content hash
- Copy/move files with advanced filtering
- Set file attributes and take ownership
- Robocopy sync for reliable directory mirroring
- Get comprehensive system information
- Manage Windows services (start/stop/configure)
- Create and manage scheduled tasks
- Export/import tasks to XML
- Monitor performance counters (CPU/RAM/disk)
- Control power settings and environment variables
- Check Windows activation status
- Install product keys and activate Windows
- Configure KMS servers for volume licensing
- Rearm activation trials
- Windows 10/11 or Windows Server 2016+
- Node.js 18.0.0 or higher
- PowerShell 5.1+ or PowerShell Core 7+
- MCP-compatible AI client (see Configuration section for supported clients)
git clone https://github.com/your-username/ai_powershell.git
cd ai_powershellnpm installThis MCP server works with any Model Context Protocol compatible client. See the Configuration Guide below for detailed setup instructions for:
- Claude Desktop - Anthropic's AI assistant
- VS Code with Continue - AI coding assistant extension
- Cline (formerly Claude Dev) - AI development assistant
- Zed Editor - Next-generation code editor
- Cursor IDE - AI-powered code editor
- Custom MCP Clients - Any client supporting the MCP protocol
Quick Setup Example:
Add to your MCP client's configuration file:
{
"mcpServers": {
"powershell-extended": {
"command": "node",
"args": ["C:\\path\\to\\ai_powershell\\src\\server.js"],
"env": {}
}
}
}See the Client Configuration section for specific instructions for your MCP client.
Restart your AI client application for the configuration to take effect.
Test network connectivity to hosts with multiple methods.
Parameters:
computerName(string, required): Target hostname or IP addressport(number, optional): Port number to testcount(number, optional): Number of ping attempts (default: 4)traceroute(boolean, optional): Perform traceroute (default: false)
Examples:
- "Test connection to google.com"
- "Test if port 443 is open on example.com"
- "Traceroute to 8.8.8.8"
Get information about network adapters.
Parameters:
adapterName(string, optional): Filter by adapter nameincludeDisabled(boolean, optional): Include disabled adapters (default: false)
Examples:
- "Show me all network adapters"
- "Get info about WiFi adapter"
- "List all network adapters including disabled ones"
Get IP configuration for network interfaces.
Parameters:
adapterName(string, optional): Filter by adapter namedetailed(boolean, optional): Include detailed info (default: false)
Examples:
- "Show IP configuration"
- "Get detailed IP config for Ethernet adapter"
Get network connection statistics.
Parameters:
protocol(enum: TCP/UDP/All, optional): Protocol filter (default: All)state(string, optional): Connection state (e.g., ESTABLISHED, LISTENING)port(number, optional): Filter by port number
Examples:
- "Show all TCP connections"
- "List all listening ports"
- "Show connections on port 80"
Resolve DNS names to IP addresses.
Parameters:
name(string, required): Hostname or IP to resolvetype(enum: A/AAAA/CNAME/MX/NS/PTR/TXT/ALL, optional): DNS record type (default: A)server(string, optional): DNS server to query
Examples:
- "Resolve google.com"
- "Get MX records for example.com"
- "Reverse lookup 8.8.8.8"
Get information about local users.
Parameters:
userName(string, optional): Filter by usernameincludeGroups(boolean, optional): Include group memberships (default: true)
Examples:
- "List all local users"
- "Show info for user Administrator"
- "Get all users with their groups"
Get Windows Firewall rules.
Parameters:
ruleName(string, optional): Filter by rule namedirection(enum: Inbound/Outbound/All, optional): Filter by direction (default: All)enabled(boolean, optional): Filter by enabled statuslimit(number, optional): Max results (default: 50)
Examples:
- "Show all firewall rules"
- "List inbound firewall rules"
- "Show enabled firewall rules for port 80"
Get ACL permissions for files or folders.
Parameters:
path(string, required): Path to file or folderdetailed(boolean, optional): Include detailed access rules (default: false)
Examples:
- "Show permissions for C:\Windows\System32"
- "Get detailed permissions for C:\ProgramData\MyApp"
Test if current user has specific permissions.
Parameters:
path(string, required): Path to testaccessType(enum: Read/Write/Execute/FullControl, required): Type of access
Examples:
- "Do I have write access to C:\Program Files"
- "Check if I can read C:\Windows\System32\config"
Get local security groups and members.
Parameters:
groupName(string, optional): Filter by group nameincludeMembers(boolean, optional): Include group members (default: true)
Examples:
- "List all security groups"
- "Show Administrators group with members"
Read values from the Windows Registry.
Parameters:
path(string, required): Registry path (e.g., "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion")valueName(string, optional): Specific value name (if omitted, returns all values)
Examples:
- "Read registry value ProgramFilesDir from HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion"
- "Show all values in HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion"
Search for registry keys or values.
Parameters:
path(string, required): Base path to searchsearchTerm(string, required): Search termsearchType(enum: Keys/Values/Both, optional): What to search (default: Both)maxResults(number, optional): Max results (default: 50)
Examples:
- "Search for 'chrome' in HKLM:\SOFTWARE"
- "Find all registry values containing 'version'"
List subkeys in a registry path.
Parameters:
path(string, required): Registry pathrecursive(boolean, optional): List recursively (default: false)maxDepth(number, optional): Max recursion depth (default: 1)
Examples:
- "List all subkeys in HKLM:\SOFTWARE\Microsoft"
- "List registry keys recursively in HKCU:\Software with depth 2"
Test if a registry path or value exists.
Parameters:
path(string, required): Registry path to testvalueName(string, optional): Specific value to test
Examples:
- "Check if registry key HKLM:\SOFTWARE\Microsoft\Windows exists"
- "Test if ProgramFilesDir value exists in HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion"
Retrieve Windows Event Log entries.
Parameters:
logName(string, required): Log name (e.g., Application, System, Security)maxEvents(number, optional): Max events to retrieve (default: 50)level(enum: Critical/Error/Warning/Information/Verbose/All, optional): Filter by level (default: All)source(string, optional): Filter by event sourceeventId(number, optional): Filter by event IDafterDate(string, optional): Filter events after date (ISO format)
Examples:
- "Show last 50 events from Application log"
- "Get critical and error events from System log"
- "Show events with ID 1000 from Application log"
List all available Windows Event Logs.
Parameters:
includeClassic(boolean, optional): Include classic logs (default: false)
Examples:
- "List all event logs"
- "Show all event logs including classic ones"
Get statistics about events in a log.
Parameters:
logName(string, required): Log name to analyzehours(number, optional): Hours to analyze (default: 24)
Examples:
- "Show statistics for System log from last 24 hours"
- "Get Application log statistics from last 48 hours"
Search across multiple event logs.
Parameters:
searchTerm(string, required): Search termlogNames(array of strings, optional): Logs to search (default: ["Application", "System"])maxEvents(number, optional): Max events to search (default: 100)hours(number, optional): Search last N hours (default: 24)
Examples:
- "Search for 'failed' in event logs"
- "Find 'network' in Application and System logs from last 12 hours"
Get recent critical errors and warnings.
Parameters:
hours(number, optional): Hours to look back (default: 24)maxEvents(number, optional): Max events to return (default: 50)includeWarnings(boolean, optional): Include warnings (default: true)
Examples:
- "Show recent errors from last 24 hours"
- "Get critical errors only from last 48 hours"
Get comprehensive Windows Defender antivirus status.
Examples:
- "Get Windows Defender status"
- "Show me Defender real-time protection status"
- "When was the last antivirus scan?"
Start a Windows Defender antivirus scan.
Parameters:
scanType(enum: Quick/Full/Custom, required): Type of scanscanPath(string, optional): Path for Custom scan
Examples:
- "Start a Quick Defender scan"
- "Run a Full antivirus scan"
- "Scan C:\Downloads with Defender"
View detected threats and threat history.
Examples:
- "Show me detected threats"
- "Are there any viruses detected?"
Update virus and spyware definitions.
Examples:
- "Update Defender virus definitions"
- "Update antivirus signatures"
List all Windows Defender scan exclusions.
Examples:
- "Show me all Defender exclusions"
- "What paths are excluded from antivirus scanning?"
Add an exclusion to Windows Defender scanning.
Parameters:
exclusionType(enum: Path/Extension/Process, required): Type of exclusionexclusionValue(string, required): The value to exclude
Examples:
- "Add C:\Dev to Defender path exclusions"
- "Exclude .tmp files from Defender scanning"
- "Add node.exe to Defender process exclusions"
Remove a scan exclusion.
Parameters:
exclusionType(enum: Path/Extension/Process, required): Type of exclusionexclusionValue(string, required): The value to remove
Examples:
- "Remove C:\Dev from Defender exclusions"
- "Remove .tmp from excluded extensions"
Enable or disable real-time antivirus protection.
Parameters:
enabled(boolean, required): True to enable, false to disable
Examples:
- "Disable Defender real-time protection"
- "Enable Windows Defender real-time protection"
View all Windows Defender configuration preferences.
Examples:
- "Show me Defender preferences"
- "Get Defender scan settings"
Remove detected threats.
Parameters:
threatId(number, optional): Specific threat IDremoveAll(boolean, optional): Remove all threats
Examples:
- "Remove all detected threats"
- "Remove threat ID 12345"
Start a new process with advanced options.
Parameters:
filePath(string, required): Path to executablearguments(string, optional): Command line argumentsworkingDirectory(string, optional): Working directorywindowStyle(enum: Normal/Hidden/Minimized/Maximized, optional): Window stylerunAs(boolean, optional): Run as administratorwait(boolean, optional): Wait for process to exit
Examples:
- "Start notepad.exe"
- "Start powershell as administrator"
- "Run C:\Tools\backup.exe with arguments /full /log"
Monitor a specific process in real-time.
Parameters:
processId(number, optional): Process IDprocessName(string, optional): Process name
Examples:
- "Monitor process chrome"
- "Show CPU and memory usage for process 1234"
- "Monitor SQL Server process"
Get system-wide process performance metrics.
Parameters:
sortBy(enum: CPU/Memory/Handles/Threads, optional): Sort by metrictopCount(number, optional): Number of top processes (default: 10)
Examples:
- "Show top 10 processes by CPU"
- "Get top 20 processes by memory usage"
- "Show processes using most handles"
Change the priority class of a running process.
Parameters:
processId(number, optional): Process IDprocessName(string, optional): Process namepriority(enum: Idle/BelowNormal/Normal/AboveNormal/High/RealTime, required): Priority class
Examples:
- "Set chrome to High priority"
- "Change process 5678 to BelowNormal priority"
- "Set SQL Server to AboveNormal priority"
Create a new scheduled task.
Parameters:
taskName(string, required): Name of the tasktaskPath(string, optional): Task folder path (default: \)action(string, required): Command to executearguments(string, optional): Command argumentstriggerType(enum: AtStartup/AtLogon/Daily/Weekly/Once/OnIdle, required): When to runtriggerTime(string, optional): Time in HH:MM format (for Daily/Weekly/Once)daysInterval(number, optional): Days interval for Daily triggerrunAsUser(string, optional): User to run as (default: SYSTEM)runWithHighestPrivileges(boolean, optional): Run elevated
Examples:
- "Create a daily task to run backup.ps1 at 2:00 AM"
- "Create a task that runs at startup to start monitoring service"
- "Schedule cleanup.bat to run weekly on Monday at 3:00 AM"
Delete a scheduled task.
Parameters:
taskName(string, required): Name of the tasktaskPath(string, optional): Task folder path (default: \)
Examples:
- "Delete the backup task"
- "Remove scheduled task named OldCleanup"
Export a scheduled task to XML.
Parameters:
taskName(string, required): Name of the tasktaskPath(string, optional): Task folder path (default: \)outputPath(string, required): Where to save the XML
Examples:
- "Export the backup task to C:\Tasks\backup.xml"
- "Save WindowsUpdate task to D:\Backup\task.xml"
Import a scheduled task from XML.
Parameters:
taskName(string, required): Name for the imported tasktaskPath(string, optional): Task folder path (default: \)xmlPath(string, required): Path to XML filerunAsUser(string, optional): User to run as (default: SYSTEM)
Examples:
- "Import task from C:\Backup\maintenance.xml"
- "Import scheduled task backup.xml as DailyBackup"
This MCP server works with any Model Context Protocol compatible AI client. Below are setup instructions for the most popular clients:
Configuration File Location:
- Windows:
%APPDATA%\Claude\claude_desktop_config.json - macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Linux:
~/.config/Claude/claude_desktop_config.json
Configuration:
{
"mcpServers": {
"powershell-extended": {
"command": "node",
"args": ["C:\\path\\to\\ai_powershell\\src\\server.js"],
"env": {}
}
}
}Restart: Completely close and reopen Claude Desktop.
Installation:
- Install the Continue extension from VS Code marketplace
- Open Continue settings (Ctrl+Shift+P β "Continue: Open config.json")
Configuration:
Add to ~/.continue/config.json:
{
"mcpServers": [
{
"name": "powershell-extended",
"command": "node",
"args": ["C:\\path\\to\\ai_powershell\\src\\server.js"],
"env": {}
}
]
}Usage: Press Ctrl+L to open Continue chat and use natural language commands.
Installation:
- Install Cline from VS Code marketplace
- Open Cline settings
Configuration: Add to Cline's MCP settings (accessible via the extension's gear icon):
{
"mcpServers": {
"powershell-extended": {
"command": "node",
"args": ["C:\\path\\to\\ai_powershell\\src\\server.js"],
"env": {}
}
}
}Usage: Open Cline panel (Ctrl+Shift+P β "Cline: Open") and interact via chat.
Configuration File Location:
- Windows:
%APPDATA%\Zed\settings.json - macOS:
~/Library/Application Support/Zed/settings.json - Linux:
~/.config/zed/settings.json
Configuration: Add to your Zed settings.json:
{
"context_servers": {
"powershell-extended": {
"command": "node",
"args": ["C:\\path\\to\\ai_powershell\\src\\server.js"]
}
}
}Usage: Access via Zed's AI assistant panel.
Configuration File Location:
- Windows:
%APPDATA%\Cursor\User\globalStorage\settings.json - macOS:
~/Library/Application Support/Cursor/User/globalStorage/settings.json - Linux:
~/.config/Cursor/User/globalStorage/settings.json
Configuration: Add to Cursor's MCP settings:
{
"mcpServers": {
"powershell-extended": {
"command": "node",
"args": ["C:\\path\\to\\ai_powershell\\src\\server.js"],
"env": {}
}
}
}Usage: Use Ctrl+K or Ctrl+L to interact with Cursor's AI assistant.
For custom implementations or other MCP-compatible clients:
Server Command:
node /path/to/ai_powershell/src/server.jsProtocol: stdio-based JSON-RPC communication Transport: StdioServerTransport from @modelcontextprotocol/sdk
Environment Variables:
- None required by default
- Can set
NODE_ENV=productionfor production deployments
Testing Connection:
# Test the server directly
node src/server.js
# Should output: [PowerShell MCP Extended] Starting Extended PowerShell MCP Server v4.1.0...Simply ask your AI assistant to use these tools naturally:
"What's my IP configuration?"
"Test if I can connect to google.com"
"Show me recent errors from the event log"
"Check what firewall rules are enabled"
"Search the registry for Chrome"
"Do I have write access to C:\Program Files?"
Network Troubleshooting:
"Test connection to server.example.com on port 443"
"Show me all active network connections"
"What are my DNS settings?"
Security Auditing:
"List all users in the Administrators group"
"Show firewall rules for port 3389"
"Check permissions on C:\Windows\System32"
System Diagnostics:
"Show critical errors from the last hour"
"Search event logs for 'crash'"
"Get statistics for the Application log"
Registry Investigation:
"Read the Windows version from registry"
"Search for startup programs in the registry"
"List installed programs from registry"
node src/server.js# Network test
npm start
# Then use your AI assistant to test: "Test connection to 8.8.8.8"This MCP server executes PowerShell commands with the following capabilities:
- Read & Write Operations: Can modify system configuration (registry, files, network, users)
- Registry Access: Can read and write registry values (requires admin for some hives)
- Network Access: Can perform network diagnostics and configuration changes
- Event Logs: Can read, write, and clear system event logs
- Disk Operations: Can format drives, create partitions (destructive operations)
- Windows Defender: Can modify antivirus settings and exclusions
- Permissions: Operates with current user's permissions (admin required for many actions)
Best Practices:
- Review commands before execution in production environments
- Use administrator privileges only when necessary
- Monitor event logs for unusual activity
- Back up critical data before disk/partition operations
- Be cautious with Windows Defender exclusions
- Test scheduled tasks in non-production environments first
WARNING - Destructive Operations:
- Disk formatting and partition deletion
- Registry key deletion
- Event log clearing
- User account deletion
- Firewall rule removal
- v4.1.0 (Nov 2025) - Added Windows Defender tools (10), process monitoring (4), and advanced task scheduling (4). Total: 131 tools
- v4.0.0 (Oct 2025) - Added 42 action tools across all categories for full system administration. Total: 113 tools
- v3.0.0 - Added disk management, device tools, Windows Update, licensing, applications, files, and computer management. Total: 71 tools
- v2.0.0 - Initial extended version with network, security, registry, and event log tools. Total: 24 tools
# Check Node.js version (needs 18+)
node --version
# Reinstall dependencies
rm -rf node_modules
npm install- Verify configuration path in your MCP client's config file
- Completely restart your MCP client application
- Check server logs:
node src/server.jsshould show registered tools - Ensure PowerShell 5.1+ is available:
$PSVersionTable
Some operations require elevated privileges:
- Run PowerShell as Administrator for certain registry/security operations
- Check Windows UAC settings
- Verify your user account has necessary permissions
Contributions are welcome! Potential areas for future expansion:
- BitLocker encryption management
- Advanced Windows Firewall with IPsec rules
- Network packet capture and analysis
- Performance monitoring with historical trends
- Group Policy management
- Hyper-V virtual machine control
- IIS web server management
- SQL Server administration tools
MIT License - Feel free to use and modify!
Built with:
- Model Context Protocol SDK v1.0.4+
- node-powershell v5.0.1
- Zod v3.24.1 for schema validation
Special thanks to the PowerShell and MCP communities!
Version: 4.1.0 (131 tools)
Repository: https://github.com/yourusername/advanced-powershell-mcp
Quick Links:
For questions, issues, or feature requests, please open an issue on GitHub!