Netsh (Network shell)
Configure network interfaces, Windows Firewall, routing & remote access.
Syntax
Netsh [Context] [Sub-context] command
Key
The contexts and commands available vary by platform, the list below is for Windows 2008.
Use interactive mode/help (described below) to check the commands available on your machine.
= Add-Add a configuration entry to a list of entries.
Netsh add helper-install the specified helper DLL
= Advfirewall-change the 'netsh advfirewall' context.
Netsh advfirewall Consec? -Display a list of commands.
Netsh advfirewall consec add-Add a new connection security rule.
Netsh advfirewall consec Delete-delete all matching connection security rules.
Netsh advfirewall consec dump-display a configuration script.
Netsh advfirewall consec set-set new values for properties of an existing rule.
Netsh advfirewall consec show-display a specified connection security rule.
Netsh advfirewall dump create a script that contains the current configuration.
If saved to a file, this can be used to restore the configuration settings.
Netsh advfirewall export path \ filename-export the current policy to the specified file.
Netsh advfirewall import path \ filename-import policy from the specified file.
Netsh advfirewall Firewall add-Add a new inbound or outbound firewall rule.
Netsh advfirewall firewall Delete-delete all matching inbound rules.
Netsh advfirewall firewall dump-display a configuration script.
Netsh advfirewall firewall set-set new values for properties of a existing rule.
Netsh advfirewall firewall show-display a specified firewall rule.
Netsh advfirewall monitor Delete-delete all matching security associations.
Netsh advfirewall monitor dump-display a configuration script.
Netsh advfirewall Monitor show-show all matching security associations.
Netsh advfirewall reset-reset to factory settings (firewall = on)
Netsh advfirewall set allprofiles-Set Properties in all profiles.
Netsh advfirewall set currentprofile-set properties in the active profile.
Netsh advfirewall set domainprofile-set properties in the Domain Profile.
Netsh advfirewall set global-set the global properties.
Netsh advfirewall set privateprofile-set properties in the Private Profile.
Netsh advfirewall set publicprofile-set properties in the public profile.
Netsh advfirewall show allprofiles-Display Properties for all profiles.
Netsh advfirewall show currentprofile-Display Properties for the active profile.
Netsh advfirewall show domainprofile-Display Properties for the domain properties.
Netsh advfirewall show global-display the global properties.
Netsh advfirewall show privateprofile-Display Properties for the Private Profile.
Netsh advfirewall show publicprofile-Display Properties for the Public Profile.
Netsh advfirewall show store-display the policy store for the current interactive session.
= Bridge-change to the 'netsh bridge 'Context.
Netsh bridge dump-display a configuration script.
Netsh Bridge Install-install the component corresponding to the current context.
Netsh bridge set-set configuration information.
Netsh bridge show-display information.
Netsh bridge uninstall-remove the component corresponding to the current context.
= Delete-delete a configuration entry from a list of entries.
Netsh Delete helper remove the specified helper DLL from netsh.
Note that after a helper is removed, it is no longer supported by netsh.
= Dhcpclient-change to the 'netsh dhcpclient' context.
Netsh dhcpclient list-list all the commands available.
Netsh dhcpclient trace enable-enable tracing for DHCP Client and DHCP qec.
Netsh dhcpclient trace disable-Disable tracing for DHCP Client and DHCP qec.
= Dump-display a configuration script.
Netsh dump-create a script that contains the current configuration.
If saved to a file, this can be used to restore the configuration settings.
= Exec-run a script file.
Exec-load a script file and run it.
= Firewall-change to the 'netsh Firewall' context.
Netsh Firewall add-add firewall configuration.
Netsh firewall Delete-delete firewall configuration.
Netsh firewall dump-display a configuration script.
Netsh firewall reset-Reset firewall configuration to default.
Netsh firewall set allowedprogram-Set firewall allowed program configuration.
Netsh firewall set icmpsetting-Set firewall ICMP configuration.
Netsh firewall set logging-Set firewall logging configuration.
Netsh firewall set multicastbroadcastresponse-Set firewall multicast/broadcast response configuration.
Netsh firewall set configurations-Set firewall notification configuration.
Netsh firewall set opmode-Set firewall operational configuration.
Netsh firewall set portopening-Set firewall port configuration.
Netsh firewall set service-Set firewall service configuration.
Netsh firewall show allowedprogram-show firewall allowed program configuration.
Netsh firewall show config-show firewall configuration.
Netsh firewall show currentprofile-show current firewall profile.
Netsh firewall show icmpsetting-show firewall ICMP configuration.
Netsh firewall show logging-show firewall logging configuration.
Netsh firewall show multicastbroadcastresponse-show firewall multicast/broadcast response configuration.
Netsh firewall show notifications-show firewall notification configuration.
Netsh firewall show opmode-show firewall operational configuration.
Netsh firewall show portopening-show firewall port configuration.
Netsh firewall show service-show Firewall service configuration.
Netsh firewall show state-show current Firewall State.
= Help-display a list of netsh commands.
Netsh help
= Http-change to the 'netsh http' context.
Netsh HTTP add-Add a configuration entry to a table.
Netsh HTTP Delete-delete a configuration entry from a table.
Netsh HTTP dump-display a configuration script.
Netsh HTTP flush-flushe internal data.
Netsh HTTP show-display information.
= Interface-change to the 'netsh interface' context.
Netsh interface 6to4 + change to the 'netsh interface 6to4 'context.
Netsh interface add-Add a configuration entry to a table.
Netsh interface Delete-delete a configuration entry from a table.
Netsh interface dump-display a configuration script.
Netsh interface IPv4 + change to the 'netsh interface IPv4 'context.
Netsh interface IPv6 + change to the 'netsh interface ipv6' context.
Netsh interface isatap + change to the 'netsh interface isatap 'context.
Netsh interface portproxy + change to the 'netsh interface portproxy' context.
Netsh interface reset-Reset information.
Netsh interface set-set configuration information.
Netsh interface show-display information.
Netsh interface TCP + change to the 'netsh interface TCP 'context.
Netsh interface Teredo + change to the 'netsh interface teredo' context.
The following sub-contexts are available:
6to4 IPv4 IPv6 isatap portproxy TCP Teredo
= IPSec-change to the 'netsh IPSec 'context.
Netsh IPSec dump-display a configuration script.
Netsh IPSec dynamic add-Add Policy, filter, and actions to SPD.
Netsh IPSec dynamic Delete-Delete Policy, filter, and actions from SPD.
Netsh IPSec dynamic dump-display a configuration script.
Netsh IPSec dynamic set-modifiy policy, filter, and actions in SPD.
Netsh IPSec dynamic show-Display Policy, filter, and actions from SPD.
Netsh IPSec static add-create new indexes ies and related information.
Netsh IPSec static Delete-delete policies and related information.
Netsh IPSec static dump-display a configuration script.
Netsh IPSec static exportpolicy-export all the specified ies from the policy store.
Netsh IPSec static importpolicy-import the policies from a file to the policy store.
Netsh IPSec static set-Modify existing protocols ies and related information.
Netsh IPSec static show-display details of related ies and related information.
= Lan-change to the 'netsh Lan' context.
Netsh LAN add-Add a configuration entry to a table.
Netsh LAN Delete-delete a configuration entry from a table.
Netsh LAN dump-display a configuration script.
Netsh LAN export-save LAN profiles to XML files.
Netsh LAN reconnect-Reconnect on an interface.
Netsh LAN set-configure settings on interfaces.
Netsh LAN show-display information.
= Nap-change to the 'netsh nap 'Context.
Netsh nap client + change to the 'netsh nap client' context.
Netsh nap dump-display a configuration script.
Netsh nap HRA + change to the 'netsh nap HRA 'context.
Netsh nap reset-Reset configuration.
Netsh nap show-show configuration and state information.
= Netio-change to the 'netsh netio 'context.
Netsh netio add-Add a configuration entry to a table.
Netsh netio Delete-delete a configuration entry from a table.
Netsh netio dump-display a configuration script.
Netsh netio show-display information.
= Ras-change to the 'netsh Ras 'context. (remote access server)
Netsh Ras aaaa-change to the 'netsh Ras aaa' context.
Netsh Ras add-add items to a table.
Netsh Ras Delete-remove items from a table.
Netsh Ras diagnostics-change to the 'netsh Ras diagnostics 'context.
Netsh Ras dump-display a configuration script.
Netsh Ras IP-change to the 'netsh Ras ip' context.
Netsh Ras IPv6-change to the 'netsh Ras ipv6' context.
Netsh Ras set-set configuration information.
Netsh Ras show-display information.
= RPC-change to the 'netsh RPC 'Context. (RPC firewall filter)
Netsh RPC add-create an add list of subnets.
Netsh RPC Delete-create a delete list of subnets.
Netsh RPC dump-display a configuration script.
Netsh RPC filter-change to the 'netsh RPC filter' context.
Netsh RPC reset-reset the selective binding settings to 'None' (listen on all interfaces ).
Netsh RPC show-display the selective binding state for each subnet on the system.
= Set-Update Configuration Settings on a remote machine.
Netsh set Machine [name =] [user =] [[domainname \] username] [Pwd =] [Password | *]
If a machine name is not specified, the local machine is used.
A username and password cannot be used to connect to the local machine.
= Show-display information.
Netsh show alias-list all defined aliases.
Netsh show helper-list all the top-level helpers.
= WinHTTP-change to the 'netsh winhttp' context.
Netsh WinHTTP dump-display a configuration script.
Netsh WinHTTP import-import WinHTTP proxy settings.
Netsh WinHTTP reset-Reset WinHTTP settings.
Netsh WinHTTP set-configure WinHTTP settings.
Netsh WinHTTP show-display currents settings.
= Winsock-change to the 'netsh winsock' context.
Netsh Winsock audit-display a list of WinSock LSPs that have been installed and removed.
Netsh Winsock dump-display a configuration script.
Netsh Winsock remove-remove a Winsock LSP from the system.
Netsh Winsock reset-reset the Winsock catalog to a clean state.
Netsh Winsock show-display information.
Netsh-Interactive Mode
In interactive mode, switch context by typing any context name: advfirewall, bridge, firewall, HTTP, interface, IPSec.. etc
LIST commands? Exit interactive mode with quit or exit.
To view help for any command, type the command, followed by a space and?
The syntax on this page is based on Windows 2008, for backwards compatibility with xp dns is an alias for dnsserver, IP is an alias for IPv4
Examples:
Install ipmontr. dll:
C: \> netsh advfirewall NET add helper ipmontr. dll
Export the fiewall policy:
C: \> netsh advfirewall export "C: \ advfirewallpolicy. WFW"
Show TCP/IP Settings
C: \> netsh interface IP show config
Set a static IP address (e.g. For a laptop)
C: \> netsh interface IP Set address name = "Local Area Connection" Source = static ADDR = 192.168.0.10 mask = 255.255.255.0 gateway = 192.168.0.1 gwmetric = 1
Set a dynamic IP address with DHCP
C: \> netsh interface IP Set address name = "Local Area Connection" Source = DHCP
Add multiple DNS servers:
C: \> netsh interface IPv4 add DNS "Local Area Connection" 10.0.0.1
C: \> netsh interface IPv4 add DNS "Local Area Connection" 10.0.0.3 Index = 2
Index = 2 adds the IP as a secondary DNS server.
Set a static DNS server address:
C: \> netsh interface IP Set DNS name = "Local Area Connection" Source = static ADDR = 192.168.0.2 register = none
Set a dynamic dns server address with DHCP:
C: \> netsh interface IP Set DNS name = "Local Area Connection" Source = DHCP
Set a static address for the WINS Server:
C: \> netsh interface IP Set wins name = "Local Area Connection" Source = static ADDR = 192.168.100.3
To configure wins from DHCP:
C: \> netsh interface IP Set wins name = "Local Area Connection" Source = DHCP
Backup the local DHCP server configuration to a file:
C: \> netsh dump DHCP> C: \ backupdhcpconfig. dat
You can use this backup file to recreate the DHCP server with netsh.
Work against a remote machine:
C: \> netsh set machine server64
Backup the current network interface configuration to a file:
C: \> netsh dump interface> C: \ backupinterfaceconfig. dat
Restore network interface configuration from a file:
C: \> netsh exec c: \ backupinterfaceconfig. dat
Run netsh from powershell (returns a Text object you can manipulate)
PS c: \> $ myfwstate = netsh firewall show state
PS c: \> $ myfwstate-match "Disable"
Disable network auto-tuning (certain routers and networking devices perform better with this off .)
PS c: \> netsh interface TCP set global autotuning = disabled
Enable network auto-tuning (certain routers and networking devices perform better with this on .)
PS c: \> netsh interface TCP set global autotuning = normal
"Once you eliminate your #1 problem, #2 gets a promotion"-Gerald weberger, "the secrets of consulting"
Related:
Netsh 2008 technical reference-Microsoft.com
Netsh command reference-Microsoft.com
Q242468-how to use the netsh.exe Tool
Q257748-change from static IP address to DHCP with netsh
Q140859-Win NT TCP/IP routing Basics
Route-Manipulate network routing tables