A dmin KnowledgeBase A rticles & Tutorials A uthors Blogs Free Tools Hardware Message Boards Newsletters RSS Software

Software White Papers

Search Site
Advanced Search
Community Area

Log in | Register

Admin KnowledgeBase New Netsh Commands in Windows 7 and Server 2008 R2

Articles & Tutorials This article reviews the new Netsh commands in Windows 7 and Windows
Server 2008 R2.
Authors
Blogs Published: Dec 14, 2010
Updated: Dec 14, 2010
Free Tools
Section: Articles & Tutorials :: Windows 7
Hardware
Author: Eric Geier
Message Boards Company: NoWiresSecurity
Newsletter Signup Printable Version
RSS Feed Adjust font size:
Services Rating: 4.3/5 - 12 Votes

Software 1 2 3 4 5

White Papers
IP PBX, SIP & VoIP FAQ
Sponsored by 3CX Introduction
The Network Shell (Netsh) tool was first introduced with Windows 2000. It allows you to configure, troubleshoot, and
FEATURED PRODUCTS administer many different network components of Windows via the command line both locally and remotely. More
contexts and commands have been added with Windows releases to support new and existing network functions.

Wireless LAN (WLAN) Commands

One new feature of Windows 7 and Windows Server 2008 R2 is Wireless Hosted Networks. It lets you create a virtual
wireless access point (AP) with your wireless adapter, even when connected to a wireless network. Once you
enable Internet Connection Sharing (ICS), others can connect to your virtual AP with the encryption key and access the
Internet.
You can create and manage Wireless Hosted Networks with Netsh:
3CX VOIP Phone System
Download Free edition netsh wlan set hostednetwork: Define the settings for the Wireless Hosted Network, using the following
optional parameters:
- mode = { allow | disallow }
- ssid = WirelessNetworkName
- key = YourDesiredPassword
- keyUsage = { persistent | temporary }
netsh wlan refresh hostednetwork: Set a new WPA2-PSK encryption key. Enter the command followed by the
new key.
netsh wlan start hostednetwork: Enable and start broadcasting the Wireless Hosted Network.
netsh wlan stop hostednetwork: Disable and stop broadcasting the Wireless Hosted Network.
Web Monitoring & Security
Download FREE trial! netsh wlan show hostednetwork: Print the settings of the Wireless Hosted Network, including a list of
connected users.
READERS' CHOICE netsh wlan export hostednetworkprofile: Save the Wireless Hosted Network profile as an XML file, using the
following parameters:
Which is your preferred - Folder = PathandFileName
Network Monitoring & - Name = WirelessProfileName (as shown when using the netsh wlan show profiles command)
Management solution?
ActiveXperts Network
Monitor
AggreGate Network
Manager
Altiris Client
Management Suite
EventSentry
GFI Network Server
Monitor
Goverlan Remote
Administration Suite
ManageEngine
OpManager
PacketTrap IT FEATURED FREEWARE!
ServersCheck
Monitoring Software
Solarwinds Orion
Network Performance
Monitor
Spiceworks
Other please specify Figure 1: Setting up and starting a Wireless Hosted Network.
Here are some new WLAN commands to show or print the value of other settings:
Vote!
netsh wlan show allowexplicitcreds: Shows if the computer is allowed to use stored user credentials for
 TECHGENIX SITES
ISAserver.org
The No.1 Forefront TMG /
UAG and ISA Server
resource site.
MSExchange.org
The leading Microsoft
Exchange Server 2010 /
2007 / 2003 resource site.
WindowSecurity.com
Network Security &
Information Security
resource for IT
administrators.
VirtualizationAdmin.com
The essential
Virtualization resource site
for administrators.
802.1X authentication when a user isn’t logged on to the computer.
netsh wlan show createalluserprofile: Shows if users can create wireless profiles for all users, rather than
just for their own Windows account.
netsh wlan show onlyusegpprofilesforallowednetworks: Displays if only the wireless profiles of Group
Policy are allowed when Group Policy is implemented.
Here are a couple more new miscellaneous Netsh WLAN commands:
netsh wlan set allowexplicitcreds: Specify if the computer is allowed to use any stored user credentials for
wireless 802.1X authentication when a user isn’t logged in, using the following parameter:
- allow = { yes | no }
netsh wlan set profiletype: Specify whether only the current user or all users can use the given wireless
network profile, using the following parameter:
- name = ProfileName
SolarWinds WMI Monitor
- profiletype = { all | current }
monitors any Windows
netsh wlan set blockperiod: Specify the number of minutes (0 – 60) a user must wait to retry after
application or server, giving
unsuccessfully connecting to a wireless network. you amazing insight into
netsh wlan reportissues: Create a report in the C:\Windows\Tracing directory for troubleshooting wireless real-time performance.
networking issues.
Get your free copy today!
Local Area Network (LAN) Commands
There are only two new Netsh LAN commands, which are the wired version of the two new Netsh WLAN commands:
netsh lan set allowexplicitcreds: Specify if the computer is allowed to use any stored user credentials for wired
802.1X authentication when a user isn’t logged in, using the following parameter:
- allow = { yes | no }
netsh lan set blockperiod: Specify the number of minutes (0 – 60) a user must wait to retry after unsuccessfully
connecting to a wired network.
Windows Filtering Platform (WFP) Commands
The Windows Filtering Platform (WFP) is a new architecture that debuted in Windows Vista and Windows Server
2008. It gives software developers much more access and control over the TCP/IP stack.
Microsoft added a diagnostic tool for the WFP in Windows 7 and Windows Server 2008 R2. It can help you
troubleshoot issues with Windows Firewall and IPsec. It runs diagnostic tests and creates a report in XML format. Here
are the diagnostic capture commands:
netsh wfp capture start: Begins the capturing, and continues until you enter the stop command, with the following
optional parameters:
- cab = { on | off }: Specify if the two output files should be compressed into a .cab file. When not specified, it is set
to on.
- traceonly = { on | off }: State if only event tracing data should be captured, reducing the output file size. When not
specified, it is set to off.
- keywords = { none | bcast | mcast | bcast+mcast }: Set the type of network traffic to capture. Unicast
network traffic is always included, even when set to none. bcast means broadcast traffic and mcast is multicast
traffic.
- file = PathAndFilename: Specify the path and filename (without extension) to write the output files.
netsh wfp capture status: Shows if a capture session is currently active.
netsh wfp capture stop: Stops the capturing session.
Figure 2: Starting and stopping the capturing.
Two persistent options for the diagnostic capturing can be set with the netsh wfp set options command, using the
following parameters:
netevents = { on | off }: Specify if network events should be included in the diagnostics output. The default value
is on.
keywords = { none | bcast | mcast | bcast+mcast }: Set the type of network traffic to capture. Unicast network
traffic is always included, even when set to none. bcast means broadcast traffic and mcast is multicast traffic.
Information about the current WFP and firewall configuration, filters, and network events that’s set when Windows
first starts can be displayed with netsh wfp show, using the following commands:
netsh wfp show appid: Show the device-based application path for a file, using the following parameter:
- file = PathAndFilename: Define the file path using the standard, i.e. C:\folder\subfolder.
· netsh wfp show boottimepolicy: Displays the WFP policy and filters that’s set when Windows first starts,
before the Windows Firewall with Advanced Security service is loaded, using the following optionally parameter:
- file = PathAndFilename: Specify where to write the output. If not specified, the filename is btpol.xml. If you enter
a dash (-) for the file value, it is written only to the console.
netsh wfp show filters: Shows the currently active WFP filters. You can specify the output file (or print to the
 console) and limit results with the following parameters:
- file = PathAndFilename
- protocol = IPProtocolNumber
- localaddr = IPv4orIPv6Address
- remoteaddr = IPv4orIPv6Address
- localport = PortNumber
- remoteport = PortNumber
- appid = PathAndFileName
- userid = { SID | UserName }
- dir = { in | out }
- verbose = { on | off }
netsh wfp show netevents: Displays the list of network traffic events. You can specify the output file (or print to
the console) and limit results with the following parameters:
- file = PathAndFilename
- protocol = IPProtocolNumber
- localaddr = IPv4orIPv6Address
- remoteaddr = IPv4orIPv6Address
- localport = PortNumber
- remoteport = PortNumber
- appid = PathAndFileName
- userid = { SID | UserName }
- timewindow = secondsprevious
netsh wfp show options: Shows the value of the netevents or keywords settings, with the following parameter:
- optionsfor = { netevents | keywords }
netsh wfp show security: Displays the security descriptor of a selected item, using the following parameters:
- type = { callout | engine | filter | kesadb | ipsecsadb | layer | netevents | provider | providercontext |
sublayer }
- guid = GUID
netsh wfp show state: Shows the current functioning state of the WFP and IPsec, using the following optionally
parameter:
- file = PathAndFilename: Specify where to write the output. If not specified, the filename is wfpstate.xml. If you
enter a dash (-) for the file value, it is written only to the console.
netsh wfp show sysports: Displays the TCP and UDP ports currently used by the TCP/IP protocol stack, and the
remote procedure call (RPC) subsystem, using the following optionally parameter:
- file = PathAndFilename: Specify where to write the output. If not specified, the filename is sysports.xml. If you
enter a dash (-) for the file value, it is written only to the console.

Network Trace Commands

Netsh in Windows 7 and Windows Server 2008 R2 features trace commands to help you diagnose and trace network-
related issues. Here are three commands you need to know to use the diagnosis tool:
netsh trace show scenarios: Lists the network components you can perform traces and diagnosis on.
netsh trace show scenario: Shows the information for the specified scenario, including the attribute(s) for the
you can use to perform the diagnosis, using the required parameter:
- name = ScenarioName: Specify the name of the desired scenario.
netsh trace diagnose: Starts a diagnostic session that tries to detect the root cause and repair the issue, using
the following parameters:
- scenario = ScenarioName (Required)
- namedAttribute = AttributeValue (Required)
- saveSessionTrace = { yes | no }
- report = { yes | no }
- capture = { yes | no }

Figure 3: Running a FileSharing diagnosis to see why the LAPTOP computer isn’t accessible.
Here are the commands to perform network traces:
netsh trace start: Begins a trace session, using the following optional parameters:
- scenario = Scenario1,Scenario2
- globalKeywords = keywords
- globalLevel = level
- capture = { yes | no }
- report = { yes | no }
- persistent = { yes | no }
- traceFile = Path\Filename
- maxSize = MaxFileSizeInMB
- fileMode = { single | circular | append }
- overwrite = { yes | no }
- correlation = { yes | no | disabled }
- provider = ProviderIdOrName
 - keywords = KeywordM askOrSet
- level = level
- provider = Provider2IdOrName
- keywords = Keyword2M askOrSet
netsh trace Stop: Stops the trace session.

Figure 4: Starting and stopping a trace on the WLAN.

The trace convert and trace correlate commands can help you manipulate the trace files. Plus you might look into
the following that can display more information related to tracing and diagnosis:
netsh trace show CaptureFilterHelp
netsh trace show globalKeywordsAndLevels
netsh trace show helperclass
netsh trace show interfaces
netsh trace show provider
netsh trace show providers
netsh trace show status

Conclusion
a d v e r t i s e m e n t

We discovered the Netsh commands new to Windows 7 and Server 2008 R2. You should now know how to create
Wireless Hosted Networks and perform other miscellaneous WLAN and LAN functions. You should also be able to
troubleshoot Windows Firewall and IPsec issues and perform network diagnostics and traces. Please, note that we
did not discuss the new RAS, NPS, and BranchCache commands, which only apply to Windows Server 2008 R2 and
not Windows 7.
Receive all the latest articles by email! About Eric Geier
Get all articles delivered directly to your mailbox as and Eric Geier (Dayton, Ohio) is a tech writer
when they are released on WindowsNetworking.com! and author specializing in computer
Choose between receiving instant updates with the Real- networking.
Time Article Update, or a monthly summary with the
Monthly Article Update. Sign up to the He's also the founder and CEO of
WindowsNetworking.com Monthly Newsletter, written by NoWiresSecurity, which provides an
Dr. Tom Shinder, containing news, the hottest tips,
Networking links of the month and much more. Subscribe outsourced RADIUS/802.1X service to
today and don't miss a thing! help businesses secure their Wi-Fi
networks with the Enterprise mode of WPA/WPA2
Real-Time Article Update (click for sample) encryption.
Monthly Article Update (click for sample) Additionally, he's a Field Technician for Fast-Teks, an on-
Monthly Newsletter (click for sample) site computer services company that has hundreds of
locations across the US.
Enter email address
Click here for Eric Geier's section.

Related links
Review of Microsoft's Branch Office Infrastructure
Solution (BOIS)
Introduction to Internet Information Services 7.0
 Understanding the Windows 2003 Registry
An Introduction to Network Access Protection (Part 2)
An Introduction to Network Access Protection (Part 3)
Featured Links*
ManageEngine OpManager - The Complete Network Monitoring Software
Monitor WAN infrastructure, LAN, Servers, Switches, Routers, Services, Apps, CPU, Memory, AD, URL, Logs, Printers.
Satisfies your entire Network infrastructure Management needs.
ManageEngine ServiceDesk Plus - The Out-of-the-box ITIL Ready HelpDesk Software
Get an out-of-the-box, flexible helpdesk with integrated asset management and ITIL features, used by more than 10000
IT managers in 23 different languages
Internet monitoring, Web security and Internet Access Control - All in one!
Boost employee productivity by monitoring, controlling and reporting on employee internet access. Protect users and
company network against malware infection through web browsing and downloads, as well as phishing scams.
Download Spiceworks IT Management & Help Desk – Now with iPhone App – All Free!
Download Spiceworks IT management software to make your IT day easier! In addition to network monitoring, help
desk functionality, a built-in TFTP server, & IT community access, Spiceworks now offers an iPhone app to manage IT
from anywhere. And it’s still 100% free!
Get a free Windows SIP Server / IP PBX
IP Telefonanlage, VOIP Telefooncentrale, Centralino Telefonico IP, PABX-IP, Centralita Telefonica VOIP, Centrala
Telefoniczna, Telefonni system, IP telefonvaxel, Central Telefonica IP, VOIP Telefonsentral, IP telefonanlaeg, IP
Puhelinvaihde, Telefon Sistemi, IP PBX (Russian), IP PBX (Greek), IP PBX (Japanese), IP PBX (Korean), IP PBX (Simplified
Chinese), IP PBX (Traditional Chinese), IP PBX (Arabic)

Receive all the latest articles by email! Become a WindowsNetworking.com member!

Receive Real-Time & Monthly WindowsNetworking.com Discuss your network issues with thousands of other
article updates in your mailbox. Enter your email below! network administrators. Click here to join!
Click for Real-Time sample & Monthly sample
Enter Email

A dmin KnowledgeBase A rticles & Tutorials A uthors Blogs Free Tools Hardware Links Message Boards
Newsletters RSS Software White Papers
About Us : Email us : Product Submission Form : Advertising Information
WindowsNetworking.com is in no way affiliated with Microsoft Corp. *Links are sponsored by advertisers.
Copyright © 2011 TechGenix Ltd. All rights reserved. Please read our Privacy Policy and Terms & Conditions.