Manage Windows Network Settings with Netsh Getting Down and Dirty with Network Settings via Netsh Eric Geier
Netsh is a powerful command-line tool that is installed by default on Windows 2000, XP, Vista, and recent Server editions. It lets you view and change TCP/IP, authentication, firewall, and other network settings.
The beauty of Netsh that you can configure multiple computers by using a logon script or other means, such as a batch file. Without this you have to bring up the GUIs for the network settings on each computer and manually modify them. Instead, you can write a script and run it from one PC to push the changes to all the others, or take a batch file around to each and make the changes with one click. This means much less clicking, typing, and time spent on managing everything.
We'll discover a few different things you can do with the Netsh commands. More specifically, we'll review how to view and modify the IP settings for adapters and how to manage Windows Firewall. Let's get started!
Viewing the Network Settings
Netsh lets you view the network (TCP/IP) settings and statistics. Before you make changes you may want to check the current settings. The statistics can also help when troubleshooting. Here are several commands you may want to check out:
netsh interface ip show addresses
Shows IP addressing method and IP addresses for each adapter.
netsh interface ip show config
Shows same information from above but includes DNS and WINS details.
With Netsh you change the TCP/IP properties of network connections: static or dynamic (DHCP) addressing, client IP address, gateway IP address, subnet mask, and DNS servers. This is useful, for example, if you want to change the addressing of multiple computers to static, or back to dynamic. Additionally, you could change the assigned static IP addresses or change the DNS servers to a different address.
In the following examples, you can replace Local Area Connection with Wireless Network Connection to configure the Wi-Fi adapter instead of the wired Ethernet card. If the default names aren't used on your PC, replace it with the correct name of the desired adapter. You can see the exact names on the Network Connections window in Windows or when viewing the network details at the command-line.
Here's an example of how to assign a network connection with a static IP:
netsh interface ip set address "Local Area Connection" static 192.168.0.101 255.255.255.0 192.168.0.1
(The IP address order is: client IP, subnet mask, and gateway IP.)
If you also want to manually assign the IP addresses for DNS servers, or change them from their current IP, try this:
netsh interface ip add dns "Local Area Connection" 208.67.222.222
netsh interface ip add dns "Local Area Connection" 208.67.220.220 index=2
(These IP addresses are for the OpenDNS servers; feel free to use different ones. The second line configures the secondary server address.)
Here's how to change to dynamic addressing:
netsh interface ip set address "Local Area Connection" dhcp
You can also tell the adapter to receive the DNS addresses automatically:
netsh interface ip delete dnsserver "Local Area Connection" all
(You could replace all with one of the current addresses to remove only it.)
Viewing the Windows Firewall Configuration
The Netsh also lets you manage the built-in Windows Firewall. Before you start adding or removing firewall entries or changing settings, you may want to check the current configuration. Here are several commands you may want to try:
netsh firewall show allowedprogram
Displays the details of programs added to the exception/allowed list.
netsh firewall show portopening
Displays the details of port added to the exception/allowed list.
