NETSH (Network Shell)
Configure Network Interfaces, Windows Firewall, Routing & remote access.
Syntax
NETSH [Context] [sub-Context] command
Key
The contexts and commands available vary by platform, the list below is for Windows 2008.
Use interactive mode/help (described below) to check the commands available on your machine.
= add - Add a configuration entry to a list of entries.
netsh add helper - Install the specified helper DLL
= advfirewall - Change the 'netsh advfirewall' context.
netsh advfirewall consec ? - Display a list of commands.
netsh advfirewall consec add - Add a new connection security rule.
netsh advfirewall consec delete - Delete all matching connection security rules.
netsh advfirewall consec dump - Display a configuration script.
netsh advfirewall consec set - Set new values for properties of an existing rule.
netsh advfirewall consec show - Display a specified connection security rule.
netsh advfirewall dump Create a script that contains the current configuration.
If saved to a file, this can be used to restore the configuration settings.
netsh advfirewall export path\filename - Export the current policy to the specified file.
netsh advfirewall import path\filename - Import policy from the specified file.
netsh advfirewall firewall add - Add a new inbound or outbound firewall rule.
netsh advfirewall firewall delete - Delete all matching inbound rules.
netsh advfirewall firewall dump - Display a configuration script.
netsh advfirewall firewall set - Set new values for properties of a existing rule.
netsh advfirewall firewall show - Display a specified firewall rule.
netsh advfirewall monitor delete - Delete all matching security associations.
netsh advfirewall monitor dump - Display a configuration script.
netsh advfirewall monitor show - Show all matching security associations.
netsh advfirewall reset - Reset to factory settings (Firewall=ON)
netsh advfirewall set allprofiles - Set properties in all profiles.
netsh advfirewall set currentprofile - Set properties in the active profile.
netsh advfirewall set domainprofile - Set properties in the domain profile.
netsh advfirewall set global - Set the global properties.
netsh advfirewall set privateprofile - Set properties in the private profile.
netsh advfirewall set publicprofile - Set properties in the public profile.
netsh advfirewall show allprofiles - Display properties for all profiles.
netsh advfirewall show currentprofile - Display properties for the active profile.
netsh advfirewall show domainprofile - Display properties for the domain properties.
netsh advfirewall show global - Display the global properties.
netsh advfirewall show privateprofile - Display properties for the private profile.
netsh advfirewall show publicprofile - Display properties for the public profile.
netsh advfirewall show store - Display the policy store for the current interactive session.
=bridge - Change to the 'netsh bridge' context.
netsh bridge dump - Display a configuration script.
netsh bridge install - Install the component corresponding to the current context.
netsh bridge set - Set configuration information.
netsh bridge show - Display information.
netsh bridge uninstall - Remove the component corresponding to the current context.
=delete - Delete a configuration entry from a list of entries.
netsh delete helper Remove the specified helper DLL from netsh.
Note that after a helper is removed, it is no longer supported by netsh.
=dhcpclient - Change to the 'netsh dhcpclient' context.
netsh dhcpclient list - List all the commands available.
netsh dhcpclient trace enable - Enable tracing for DHCP client and DHCP QEC.
netsh dhcpclient trace disable - Disable tracing for DHCP client and DHCP QEC.
=dump - Display a configuration script.
netsh dump - Create a script that contains the current configuration.
If saved to a file, this can be used to restore the configuration settings.
=exec - Run a script file.
exec - Load a script file and run it.
=firewall - Change to the 'netsh firewall' context.
netsh firewall add - Add firewall configuration.
netsh firewall delete - Delete firewall configuration.
netsh firewall dump - Display a configuration script.
netsh firewall reset - Reset firewall configuration to default.
netsh firewall set allowedprogram - Set firewall allowed program configuration.
netsh firewall set icmpsetting - Set firewall ICMP configuration.
netsh firewall set logging - Set firewall logging configuration.
netsh firewall set multicastbroadcastresponse - Set firewall multicast/broadcast response configuration.
netsh firewall set notifications - Set firewall notification configuration.
netsh firewall set opmode - Set firewall operational configuration.
netsh firewall set portopening - Set firewall port configuration.
netsh firewall set service - Set firewall service configuration.
netsh firewall show allowedprogram - Show firewall allowed program configuration.
netsh firewall show config - Show firewall configuration.
netsh firewall show currentprofile - Show current firewall profile.
netsh firewall show icmpsetting - Show firewall ICMP configuration.
netsh firewall show logging - Show firewall logging configuration.
netsh firewall show multicastbroadcastresponse - Show firewall multicast/broadcast response configuration.
netsh firewall show notifications - Show firewall notification configuration.
netsh firewall show opmode - Show firewall operational configuration.
netsh firewall show portopening - Show firewall port configuration.
netsh firewall show service - Show firewall service configuration.
netsh firewall show state - Show current firewall state.
=help - Display a list of netsh commands.
netsh help
=http - Change to the 'netsh http' context.
netsh http add - Add a configuration entry to a table.
netsh http delete - Delete a configuration entry from a table.
netsh http dump - Display a configuration script.
netsh http flush - Flushe internal data.
netsh http show - Display information.
=interface - Change to the 'netsh interface' context.
netsh interface 6to4 + Change to the 'netsh interface 6to4' context.
netsh interface add - Add a configuration entry to a table.
netsh interface delete - Delete a configuration entry from a table.
netsh interface dump - Display a configuration script.
netsh interface ipv4 + Change to the 'netsh interface ipv4' context.
netsh interface ipv6 + Change to the 'netsh interface ipv6' context.
netsh interface isatap + Change to the 'netsh interface isatap' context.
netsh interface portproxy + Change to the 'netsh interface portproxy' context.
netsh interface reset - Reset information.
netsh interface set - Set configuration information.
netsh interface show - Display information.
netsh interface tcp + Change to the 'netsh interface tcp' context.
netsh interface teredo + Change to the 'netsh interface teredo' context.
The following sub-contexts are available:
6to4 ipv4 ipv6 isatap portproxy tcp teredo
=ipsec - Change to the 'netsh ipsec' context.
netsh ipsec dump - Display a configuration script.
netsh ipsec dynamic add - Add policy, filter, and actions to SPD.
netsh ipsec dynamic delete - Delete policy, filter, and actions from SPD.
netsh ipsec dynamic dump - Display a configuration script.
netsh ipsec dynamic set - Modifiy policy, filter, and actions in SPD.
netsh ipsec dynamic show - Display policy, filter, and actions from SPD.
netsh ipsec static add - Create new policies and related information.
netsh ipsec static delete - Delete policies and related information.
netsh ipsec static dump - Display a configuration script.
netsh ipsec static exportpolicy - Export all the policies from the policy store.
netsh ipsec static importpolicy - Import the policies from a file to the policy store.
netsh ipsec static set - Modify existing policies and related information.
netsh ipsec static show - Display details of policies and related information.
=lan - Change to the 'netsh lan' context.
netsh lan add - Add a configuration entry to a table.
netsh lan delete - Delete a configuration entry from a table.
netsh lan dump - Display a configuration script.
netsh lan export - Save LAN profiles to XML files.
netsh lan reconnect - Reconnect on an interface.
netsh lan set - Configure settings on interfaces.
netsh lan show - Display information.
=nap - Change to the 'netsh nap' context.
netsh nap client + Change to the 'netsh nap client' context.
netsh nap dump - Display a configuration script.
netsh nap hra + Change to the 'netsh nap hra' context.
netsh nap reset - Reset configuration.
netsh nap show - Show configuration and state information.
=netio - Change to the 'netsh netio' context.
netsh netio add - Add a configuration entry to a table.
netsh netio delete - Delete a configuration entry from a table.
netsh netio dump - Display a configuration script.
netsh netio show - Display information.
=ras - Change to the 'netsh ras' context. (Remote Access Server)
netsh ras aaaa - Change to the 'netsh ras aaaa' context.
netsh ras add - Add items to a table.
netsh ras delete - Remove items from a table.
netsh ras diagnostics - Change to the 'netsh ras diagnostics' context.
netsh ras dump - Display a configuration script.
netsh ras ip - Change to the 'netsh ras ip' context.
netsh ras ipv6 - Change to the 'netsh ras ipv6' context.
netsh ras set - Set configuration information.
netsh ras show - Display information.
=rpc - Change to the 'netsh rpc' context. (RPC firewall filter)
netsh rpc add - Create an Add list of subnets.
netsh rpc delete - Create a Delete list of subnets.
netsh rpc dump - Display a configuration script.
netsh rpc filter - Change to the 'netsh rpc filter' context.
netsh rpc reset - Reset the selective binding settings to 'none' (listen on all interfaces).
netsh rpc show - Display the selective binding state for each subnet on the system.
=set - Update configuration settings on a remote machine.
netsh set machine [name=] [user=][[DomainName\]UserName] [pwd=][Password | *]
If a machine name is not specified, the local machine is used.
A username and password cannot be used to connect to the local machine.
=show - Display information.
netsh show alias - List all defined aliases.
netsh show helper - List all the top-level helpers.
=winhttp - Change to the 'netsh winhttp' context.
netsh winhttp dump - Display a configuration script.
netsh winhttp import - Import WinHTTP proxy settings.
netsh winhttp reset - Reset WinHTTP settings.
netsh winhttp set - Configure WinHTTP settings.
netsh winhttp show - Display currents settings.
=winsock - Change to the 'netsh winsock' context.
netsh winsock audit - Display a list of Winsock LSPs that have been installed and removed.
netsh winsock dump - Display a configuration script.
netsh winsock remove - Remove a Winsock LSP from the system.
netsh winsock reset - Reset the Winsock Catalog to a clean state.
netsh winsock show - Display information.
netsh - Interactive mode
In interactive mode, switch context by typing any context name: advfirewall, bridge, firewall, http, interface, ipsec.. etc
list commands with ? exit interactive mode with Quit or Exit.
To view help for any command, type the command, followed by a space and ?
The syntax on this page is based on Windows 2008, for backwards compatibility with XP dns is an alias for dnsserver, ip is an alias for ipv4
Examples:
Install ipmontr.dll:
C:\> netsh advfirewall net add helper ipmontr.dll
Export the fiewall policy:
C:\> netsh advfirewall export "c:\advfirewallpolicy.wfw"
Show TCP/IP settings
C:\> netsh interface ip show config
Set a static IP address (e.g. for a laptop)
C:\> Netsh interface ip set address name="Local Area Connection" source=static addr=192.168.0.10 mask=255.255.255.0 gateway=192.168.0.1 gwmetric=1
Set a dynamic IP address with DHCP
C:\> Netsh interface ip set address name="Local Area Connection" source=dhcp
Add multiple DNS servers:
C:\> Netsh interface ipv4 add dns "Local Area Connection" 10.0.0.1
C:\> Netsh interface ipv4 add dns "Local Area Connection" 10.0.0.3 index=2
index=2 adds the IP as a secondary dns server.
Set a static DNS server address:
C:\> Netsh interface ip set dns name="Local Area Connection" source=static addr=192.168.0.2 register=none
Set a dynamic DNS server address with DHCP:
C:\> netsh interface ip set dns name="Local Area Connection" source=dhcp
Set a static address for the WINS server:
C:\> Netsh interface ip set wins name="Local Area Connection" source=static addr=192.168.100.3
To configure WINS from DHCP:
C:\> Netsh interface ip set wins name="Local Area Connection" source=dhcp
Backup the local DHCP server configuration to a file:
C:\> netsh dump dhcp > C:\backupDHCPconfig.dat
You can use this backup file to recreate the DHCP server with Netsh .
Work against a remote machine:
C:\> netsh set machine server64
Backup the current network interface configuration to a file:
C:\> netsh dump interface > c:\backupInterfaceConfig.dat
Restore network interface configuration from a file:
C:\> netsh exec c:\backupInterfaceConfig.dat
Run Netsh from Powershell (returns a Text object you can manipulate)
PS C:\> $myFWstate=netsh firewall show state
PS C:\> $myFWstate -match "disable"
Disable Network auto-tuning (certain routers and networking devices perform better with this off.)
PS C:\> netsh interface tcp set global autotuning=disabled
Enable Network auto-tuning (certain routers and networking devices perform better with this on.)
PS C:\> netsh interface tcp set global autotuning=normal
"Once you eliminate your #1 problem, #2 gets a promotion" - Gerald Weinberg, "The Secrets of Consulting"
Related:
Netsh 2008 Technical Reference - Microsoft.com
Netsh command reference - Microsoft.com
Q242468 - How to Use the Netsh.exe Tool
Q257748 - Change from Static IP Address to DHCP with NETSH
Q140859 - Win NT TCP/IP Routing Basics
ROUTE - Manipulate network routing tables
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
