NETSH – Windows CMD Command
Configure Network Interfaces, Windows Firewall, Routing & remote access.
Syntax
NETSH [Context] [sub-Context] command
Key
The contexts and commands available vary by platform, the list below is for Windows Server 2016.
Use interactive mode/help (described below) to check the commands available on your machine.
= abort - Discard changes made while in offline mode.
= add - Add a configuration entry to a list of entries.
netsh add helper - Install the specified helper DLL
= advfirewall - Change the 'netsh advfirewall' context.
netsh advfirewall consec ? - Display a list of commands.
netsh advfirewall consec add - Add a new connection security rule.
netsh advfirewall consec delete - Delete all matching connection security rules.
netsh advfirewall consec dump - Display a configuration script.
netsh advfirewall consec set - Set new values for properties of an existing rule.
netsh advfirewall consec show - Display a specified connection security rule.
netsh advfirewall dump Create a script that contains the current configuration.
If saved to a file, this can be used to restore the configuration settings.
netsh advfirewall export path\filename - Export the current policy to the specified file.
netsh advfirewall import path\filename - Import policy from the specified file.
netsh advfirewall firewall add - Add a new inbound or outbound firewall rule.
netsh advfirewall firewall delete - Delete all matching inbound rules.
netsh advfirewall firewall dump - Display a configuration script.
netsh advfirewall firewall set - Set new values for properties of a existing rule.
netsh advfirewall firewall show - Display a specified firewall rule.
netsh advfirewall monitor delete - Delete all matching security associations.
netsh advfirewall monitor dump - Display a configuration script.
netsh advfirewall monitor show - Show all matching security associations.
netsh advfirewall reset - Reset to factory settings (Firewall=ON)
netsh advfirewall set allprofiles - Set properties in all profiles.
netsh advfirewall set currentprofile - Set properties in the active profile.
netsh advfirewall set domainprofile - Set properties in the domain profile.
netsh advfirewall set global - Set the global properties.
netsh advfirewall set privateprofile - Set properties in the private profile.
netsh advfirewall set publicprofile - Set properties in the public profile.
netsh advfirewall show allprofiles - Display properties for all profiles.
netsh advfirewall show currentprofile - Display properties for the active profile.
netsh advfirewall show domainprofile - Display properties for the domain properties.
netsh advfirewall show global - Display the global properties.
netsh advfirewall show privateprofile - Display properties for the private profile.
netsh advfirewall show publicprofile - Display properties for the public profile.
netsh advfirewall show store - Display the policy store for the current interactive session.
=alias - Add an alias.
=branchcache - Change to the `netsh branchcache' context.
=bridge - Change to the 'netsh bridge' context.
netsh bridge dump - Display a configuration script.
netsh bridge install - Install the component corresponding to the current context.
netsh bridge set - Set configuration information.
netsh bridge show - Display information.
netsh bridge uninstall - Remove the component corresponding to the current context.
=bye - Exits the program.
=commit - Commits changes made while in offline mode.
=delete - Delete a configuration entry from a list of entries.
netsh delete helper Remove the specified helper DLL from netsh.
Note that after a helper is removed, it is no longer supported by netsh.
=dhcpclient - Change to the 'netsh dhcpclient' context.
netsh dhcpclient list - List all the commands available.
netsh dhcpclient trace enable - Enable tracing for DHCP client and DHCP QEC.
netsh dhcpclient trace disable - Disable tracing for DHCP client and DHCP QEC.
=dnsclient - Changes to the `netsh dnsclient' context.
=dump - Display a configuration script.
netsh dump - Create a script that contains the current configuration.
If saved to a file, this can be used to restore the configuration settings.
=exec - Run a script file.
=exit - Exits the program.
=firewall - Change to the 'netsh firewall' context.
netsh firewall add - Add firewall configuration.
netsh firewall delete - Delete firewall configuration.
netsh firewall dump - Display a configuration script.
netsh firewall reset - Reset firewall configuration to default.
netsh firewall set allowedprogram - Set firewall allowed program configuration.
netsh firewall set icmpsetting - Set firewall ICMP configuration.
netsh firewall set logging - Set firewall logging configuration.
netsh firewall set multicastbroadcastresponse - Set firewall multicast/broadcast response configuration.
netsh firewall set notifications - Set firewall notification configuration.
netsh firewall set opmode - Set firewall operational configuration.
netsh firewall set portopening - Set firewall port configuration.
netsh firewall set service - Set firewall service configuration.
netsh firewall show allowedprogram - Show firewall allowed program configuration.
netsh firewall show config - Show firewall configuration.
netsh firewall show currentprofile - Show current firewall profile.
netsh firewall show icmpsetting - Show firewall ICMP configuration.
netsh firewall show logging - Show firewall logging configuration.
netsh firewall show multicastbroadcastresponse - Show firewall multicast/broadcast response configuration.
netsh firewall show notifications - Show firewall notification configuration.
netsh firewall show opmode - Show firewall operational configuration.
netsh firewall show portopening - Show firewall port configuration.
netsh firewall show service - Show firewall service configuration.
netsh firewall show state - Show current firewall state.
=help - Display a list of netsh commands.
netsh help
=http - Change to the 'netsh http' context.
netsh http add - Add a configuration entry to a table.
netsh http delete - Delete a configuration entry from a table.
netsh http dump - Display a configuration script.
netsh http flush - Flushe internal data.
netsh http show - Display information.
=interface - Change to the 'netsh interface' context.
netsh interface 6to4 + Change to the 'netsh interface 6to4' context.
netsh interface add - Add a configuration entry to a table.
netsh interface delete - Delete a configuration entry from a table.
netsh interface dump - Display a configuration script.
netsh interface ipv4 + Change to the 'netsh interface ipv4' context.
netsh interface ipv6 + Change to the 'netsh interface ipv6' context.
netsh interface isatap + Change to the 'netsh interface isatap' context.
netsh interface portproxy + Change to the 'netsh interface portproxy' context.
netsh interface reset - Reset information.
netsh interface set - Set configuration information.
netsh interface show - Display information.
netsh interface tcp + Change to the 'netsh interface tcp' context.
netsh interface teredo + Change to the 'netsh interface teredo' context.
The following sub-contexts are available:
6to4 ipv4 ipv6 isatap portproxy tcp teredo
=ipsec - Change to the 'netsh ipsec' context.
netsh ipsec dump - Display a configuration script.
netsh ipsec dynamic add - Add policy, filter, and actions to SPD.
netsh ipsec dynamic delete - Delete policy, filter, and actions from SPD.
netsh ipsec dynamic dump - Display a configuration script.
netsh ipsec dynamic set - Modifiy policy, filter, and actions in SPD.
netsh ipsec dynamic show - Display policy, filter, and actions from SPD.
netsh ipsec static add - Create new policies and related information.
netsh ipsec static delete - Delete policies and related information.
netsh ipsec static dump - Display a configuration script.
netsh ipsec static exportpolicy - Export all the policies from the policy store.
netsh ipsec static importpolicy - Import the policies from a file to the policy store.
netsh ipsec static set - Modify existing policies and related information.
netsh ipsec static show - Display details of policies and related information.
=ipsecdosprotection - Change to the `netsh ipsecdosprotection' context.
=lan - Change to the 'netsh lan' context.
netsh lan add - Add a configuration entry to a table.
netsh lan delete - Delete a configuration entry from a table.
netsh lan dump - Display a configuration script.
netsh lan export - Save LAN profiles to XML files.
netsh lan reconnect - Reconnect on an interface.
netsh lan set - Configure settings on interfaces.
netsh lan show - Display information.
=namespace - Change to the `netsh namespace' context.
=netio - Chang to the 'netsh netio' context.
netsh netio add - Add a configuration entry to a table.
netsh netio delete - Delete a configuration entry from a table.
netsh netio dump - Display a configuration script.
netsh netio show - Display information.
=offline - Set the current mode to offline.
=online - Set the current mode to online.
=popd - Pop a context from the stack.
=pushd - Pushe current context on stack.
=quit - Exit the program.
=ras - Change to the 'netsh ras' context. (Remote Access Server)
netsh ras aaaa - Change to the 'netsh ras aaaa' context.
netsh ras add - Add items to a table.
netsh ras delete - Remove items from a table.
netsh ras diagnostics - Change to the 'netsh ras diagnostics' context.
netsh ras dump - Display a configuration script.
netsh ras ip - Change to the 'netsh ras ip' context.
netsh ras ipv6 - Change to the 'netsh ras ipv6' context.
netsh ras set - Set configuration information.
netsh ras show - Display information.
=rpc - Change to the 'netsh rpc' context. (RPC firewall filter)
netsh rpc add - Create an Add list of subnets.
netsh rpc delete - Create a Delete list of subnets.
netsh rpc dump - Display a configuration script.
netsh rpc filter - Change to the 'netsh rpc filter' context.
netsh rpc reset - Reset the selective binding settings to 'none' (listen on all interfaces).
netsh rpc show - Display the selective binding state for each subnet on the system.
=set - Update configuration settings on a remote machine.
netsh set machine [name=] [user=][[DomainName\]UserName] [pwd=][Password | *]
If a machine name is not specified, the local machine is used.
A username and password cannot be used to connect to the local machine.
=show - Display information.
netsh show alias - List all defined aliases.
netsh show helper - List all the top-level helpers.
=trace - Change to the `netsh trace' context.
=unalias - Delete an alias.
=wfp - Change to the `netsh wfp' context.
=winhttp - Change to the 'netsh winhttp' context.
netsh winhttp dump - Display a configuration script.
netsh winhttp import - Import WinHTTP proxy settings.
netsh winhttp reset - Reset WinHTTP settings.
netsh winhttp set - Configure WinHTTP settings.
netsh winhttp show - Display currents settings.
=winsock - Change to the 'netsh winsock' context.
netsh winsock audit - Display a list of Winsock LSPs that have been installed and removed.
netsh winsock dump - Display a configuration script.
netsh winsock remove - Remove a Winsock LSP from the system.
netsh winsock reset - Reset the Winsock Catalog to a clean state.
netsh winsock show - Display information.
netsh - Interactive modeIn interactive mode, switch context by typing any context name: advfirewall, bridge, firewall, HTTP, interface, ipsec.. etc
list commands with? exit interactive mode with Quit or Exit.
To view help for any command, type the command, followed by a space and?
For run Netsh against a remote machine, both File and Printer sharing must be enabled and the Remote Registry service must be running on the remote machine.
The syntax on this page is based on Windows 2008, for backward compatibility with XP DNS is an alias for dnsserver, ip is an alias for ipv4
Examples:
Enable or Disable File and Printer Sharing:
C:\> netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes
C:\> netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=No
Install ipmontr.dll:
C:\> netsh advfirewall net add helper ipmontr.dll
Export the fiewall policy:
C:\> netsh advfirewall export "c:\advfirewallpolicy.wfw"
Show TCP/IP settings
C:\> netsh interface ip show config
Set a static IP address (e.g. for a laptop)
C:\> netsh interface ip set address name="Local Area Connection" source=static addr=192.168.0.10 mask=255.255.255.0 gateway=192.168.0.1 gwmetric=1
Set a dynamic IP address with DHCP
C:\> netsh interface ip set address name="Local Area Connection" source=dhcp
Add multiple DNS servers:
C:\> netsh interface ipv4 add dns "Local Area Connection" 10.0.0.1
C:\> netsh interface ipv4 add dns "Local Area Connection" 10.0.0.3 index=2
index=2 adds the IP as a secondary dns server.
Set a static DNS server address:
C:\> netsh interface ip set dns name="Local Area Connection" source=static addr=192.168.0.2 register=none
<blockquote class="wp-block-quote">Working with foreign locales: you cannot rely on the interface name being English e.g. in French the Local Area Network is called "Connexion au réseau local" (why yes that is unicode!) To display the different interfaces with their index numbers:
C:\> netsh interface ip show interfaces
Knowing the index number (the main/active interface tends to be 13.) we can set a static address/gateway using the index number:
C:\> netsh interface ip set address 13 static 192.168.0.10 255.255.255.0 192.168.0.1 1</blockquote>
Set a dynamic DNS server address with DHCP:
C:\> netsh interface ip set dns name="Local Area Connection" source=dhcp
Set a static address for the WINS server:
C:\> netsh interface ip set wins name="Local Area Connection" source=static addr=192.168.100.3
To configure WINS from DHCP:
C:\> netsh interface ip set wins name="Local Area Connection" source=dhcp
List general configuration state including DirectAccess and DNSSEC.
C:\> netsh dns show state
Disable IPv6 <a href="https://blog.bimajority.org/2014/09/05/the-network-nightmare-that-ate-my-week/">privacy</a> extensions:
C:\> netsh interface ipv6 set privacy state=disabled store=persistent (saved configuration)
C:\> netsh interface ipv6 set privacy state=disabled store=active (running configuration)
Backup the local DHCP server configuration to a file:
C:\> netsh dump dhcp > C:\backupDHCPconfig.dat
You can use this backup file to recreate the DHCP server with Netsh .
Work against a remote machine:
C:\> netsh set machine serverF4T
Backup the current network interface configuration to a file:
C:\> netsh dump interface > c:\backupInterfaceConfig.dat
Restore network interface configuration from a file:
C:\> netsh exec c:\backupInterfaceConfig.dat
Run Netsh from <a href="https://F4T.com/ps/">PowerShell</a> (returns a Text object you can manipulate)
PS C:\> $myFWstate=netsh firewall show state
PS C:\> $myFWstate -match "disable"
Disable Network auto-tuning (certain routers and networking devices perform better with this off.)
PS C:\> netsh interface tcp set global autotuning=disabled
Enable Network auto-tuning (certain routers and networking devices perform better with this on.)
PS C:\> netsh interface tcp set global autotuning=normal
