Saturday, August 30, 2008

10 Windows Server 2008 Netsh commands you should know


Taking a look at ten Netsh commands that every Windows administrator should know.
Introduction

I have written a number of different Netsh articles and other authors have published their own Netsh articles. This just shows how important and innovative Netsh really is. In this article, I will cover 10 Netsh commands that every Windows admin should know. In my opinion. Netsh is so powerful and flexible; I cannot choose the “most important” Netsh commands as the importance of a command will vary from admin to admin. What I can do is to choose the 10 commands that I feel will either show you valuable information or will help you out when you are in trouble. Keep in mind that these commands can be scripted (as they are all command line tools) so whatever you can do with just an individual command on a single machine, you could write a script to perform that command on all machines in your network. 
What is Netsh?

Microsoft Windows Netsh is a command line scripting utility. With Netsh, you can view or change the network configuration of your local computer or a remote computer. You can manually run Netsh commands or you can create batch files or scripts to automate the process. Not only can you run these commands on your local computer but also on remote computers, over the network.

Netsh also provides a scripting feature that allows you to run a group of commands in batch mode against a specified computer. With netsh, you can save a configuration script in a text file for archival purposes or to help you configure other computers.

Netsh is not “new” with Windows Server 2008 or Windows Vista. Netsh has been around for a long time. Netsh commands are available in Windows 2000, XP, and Windows Server 2003. What is new are a number of options for Netsh with Windows Server 2008 and Vista. Additionally, I feel that Netsh is underutilized by admins and most admins are not aware of the new Windows Server 2008 and Vista Netsh enhancements. It is my hope to educate Windows admins about the new netsh features and the power of netsh in this article.
What is different about Windows Server 2008 netsh vs. Windows XP?

There are a number of differences even at the core command level between the Windows XP version of netsh and the Windows Server 2008 netsh. To compare these, I ran “netsh /?” in each operating system. While Windows XP has “routing” listed as a context and Windows Server 2008 does not, that is the only context that Win 2008 lacks (and that is included in the Win 2008 RAS context). Otherwise, Windows Server 2008 has the following netsh context options available that Windows XP does not:
dhcp 
dhcpclient 
http 
ipsec 
lan 
nap 
netio 
rpc 
winhttp

Thus, as you can see, there are many more “context” / options available in Window Server 2008.

With no more delay, let’s get started with our Netsh top 10 Netsh commands that every admin should know.
#10 – How to get help

Every Windows admin should know how to get guided help with netsh. This is easy – just use the “/?” command to be guided through what you are trying to do. For example, to show all netsh contexts (categories of options), just type: netsh /?
Figure 1: Results of netsh /? help options

From there, you can select a context and be guided through configuring or showing options in that context. For example, say that I typed netsh lan /?, I would see:
Figure 2: Results of netsh lan /?

From there, I can continue with the guided help by doing-

netsh lan show /?

And, from there, I would see that I can show interfaces with-

netsh lan show interfaces

Being able to guide yourself through the many netsh commands using /? is a very valuable skill.
#9 – Supplying remote machine names and credentials

If you run netsh /? you will see that you can supply the remote machine name & IP address and credentials for the remote machine you will run netsh against. The options are “-r” for the machine, “-u” for the username, and “-p” for the password. Here is an example:

netsh -r WinXP-1 -u winxp-1\administrator -p My!Pass1 interface ip show config

As you can see, I supplied the remote machine name, remote username, and password which allowed me to perform this command over the network. You can perform any of the commands shown here over the network as long as the remote machine supports that command (different operating systems will use different variations of commands).
#8 – Run Netsh in interactive mode or with a script

Netsh can be run either interactively (just you typing commands manually) or when using scripting. Say that you wanted to manually step through some commands on your local machine or remote machine. You could just start by typing netsh at the command line and you would see: 

netsh>

From there, you can enter all the netsh commands you want, or even tell netsh to connect to a remote machine with set machine.

On the other hand, you could use netsh –f and specify a script that netsh would use.
#7 – Open a port on your firewall

With netsh, you can quickly and easily open a port on your firewall if you know the right command. Here is an example of opening port 445-

netsh firewall set portopening tcp 445 smb enable

If the command was successful, you should get a response of “Ok.”
#6 – Export your current network configuration to a file and import it

With netsh, exporting and importing your IP address configuration is easy – unlike in the GUI interface. To export your configuration, just do:

netsh –c interface dump > test.txt

Figure 3: Export of IP address configuration and viewing the file

Later on this machine or on a different machine, you could import this configuration with-

netsh –f test.txt
#5 – Try out the latest Netsh uses

As mentioned above, there are a lot of new features in Windows Server 2008 as it pertains to netsh.

Here are the new categories that I see on my Windows Server 2008 system:
dhcp 
dhcpclient 
http 
ipsec 
lan 
nap 
netio 
rpc 
winhttp

For example, you can configure not only your DHCP client but also your DHCP server. You can configure IPSec encryption, the network access protection (NAP) client, and many more!

As you add other roles & features to your server, you will have additional contexts available to you. For example, if you add the network policy server to Windows Server 2008, you will have “nps” as a net netsh context that can be configured.

For the official Microsoft Windows Server 2008 netsh documentation, see this URL:

Microsoft TechNet- Windows Server 2008 -Netsh Technical Reference
#4 – TCP/IP troubleshooting and interface resets

There are a number of things you can do with netsh to troubleshoot and reset your TCP/IP network interface. Here are some examples:
Reset all IP protocol stack configurations on your interface and send the output to a log file- netsh int ipv4 reset resetlog.txt 
Install the TCP/IP protocol- netsh int ipv4 install 
UnInstall the TCP/IP protocol- netsh int ipv4 uninstall
#3 – Configure the Windows Advanced Firewall

In my previous article, How to Configure Windows 2008 Advanced Firewall with the NETSH CLI, I discussed how you can now configure the new Windows advanced (bi-directional) firewall using the new advfirewall networking context settings using netsh in Windows Server 2008 and Windows Vista. Of course, you can also configure the traditional Windows firewall. Here are some examples:
Show all firewall rules - netsh advfirewall firewall show rule name=all 
Delete an inbound advanced firewall rule for port 21 - netsh advfirewall firewall delete name rule name=all protocol=tcp localport=21 
Export Windows Advanced Firewall settings - netsh advfirewall export “c:\advfirewall.wfw”

Perhaps the most common command you might use is the command to enable or disable your Windows firewall, like this:

netsh firewall set opmode disable

or

netsh firewall set opmode enable

However, for more specific information & examples, please see my article, above.
#2 – Configure Wireless Settings

In another article, Configuring Windows Server 2008 & Windows Vista Wireless connections from the CLI using netsh wlan, I discussed how you can now configure wireless networking context settings using netsh in Windows Server 2008 and Windows Vista. Here are some examples:
Connect to an already defined wireless network- netsh wlan connect ssid=”mySSID” name=”WLAN-Profil1” 
Show your current wireless settings - netsh wlan show settings 
Add an already exported wireless network profile - netsh wlan add profile filename="Wireless Network Connection-BOW.xml"


Comment Box is loading comments...