The Cable Guy - November 2001
Managing Windows 2000 Networking Components with Netsh
You can use the Netsh command-line and scripting utility to configure Windows 2000 networking components on the local computer or remote computers. You can run Netsh commands from the Windows 2000 command prompt, interactively from a Netsh command prompt, or create a script file to run a batch of Netsh commands. You can also use the Netsh utility to save a computer's current network configuration in a script file for either archival and restoration purposes or to configure other servers.
Netsh supports multiple Windows 2000 components through the addition of Netsh helper DLLs. A Netsh helper DLL extends Netsh functionality by providing additional commands to monitor or configure a specific Windows 2000 networking component. For example, Dhcpmon.dll provides commands to configure the DHCP Server service. Each Netsh helper DLL provides a context'a group of commands for a specific networking component. Within each context, subcontexts might exist. For example, within the routing context, the subcontexts ip and ipx group IP and IPX routing commands.
Netsh command-line syntax
Netsh command-line parameters include the following:
Specifies that an alias file is used. An alias file contains both a list of netsh commands and an aliased version of each. You can use the aliased command to shorten a Netsh command.
Specifies the default context for subsequent commands at the Netsh command prompt. Without the -c option, the default context is the root context netsh>.
Specifies the netsh command to run. You must specify a full Netsh command, complete with parameters. Otherwise, Netsh displays command-line help. If the -c option is used, the context is included as part of the Netsh command.
Specifies that all of the Netsh commands in the ScriptFile file are run.
Specifies that the Netsh commands are run against a remote computer, as specified by either its computer name or IP address.
You can run commands at either the Windows 2000 command prompt:
C:\>netsh interface ip show address
or at a Netsh command prompt in interactive mode:
netsh>interface ip show address
The actual command to run at the Netsh command prompt depends on the current context. For example, all of the following commands produce the same result:
netsh>interface ip show address
interface>ip show address
interface ip>show address
You can abbreviate commands to their shortest, unambiguous form. For example:
C:\>netsh interface ip show address
is equivalent to:
C:\>netsh int ip sh ad
Netsh commands are either global or context-specific. Global commands can be issued in any context and are used for general Netsh utility functions. Context-specific commands vary according to the context.
You cannot run a command from one context for another context. For example, you cannot run the following command:
ras>interface ip show address
because ras and interface are different contexts.
Netsh global commands
The following table lists the netsh global commands.
||Changes to the context that is one level up from the current context. The root context is netsh>.
|Displays command-line help, including syntax, and examples.
||Installs a Netsh helper DLL.
||Removes a Netsh helper DLL.
||Displays the installed Netsh helper DLLs.
||Sets the current mode to online.
||Sets the current mode to offline.
||Sets the current mode to online or offline.
||Displays the current mode.
||Discards any changes in offline mode.
||Commits changes made in offline mode.
||Configures the computer on which the Netsh commands are run.
||Runs a script file that contains Netsh commands.
|Exits the Netsh utility.
||Displays the current configuration as a series of Netsh commands.
||Saves the current context to the top of a last-in-first-out (LIFO) stack and, optionally, changes to a different context.
||Restores a context from the top of a LIFO stack.
||Adds an alias to an existing command.
||Deletes an alias from an existing command.
A Netsh helper DLL that is installed on the local computer provides a context (that is, a grouping of commands) and, optionally, subcontexts. You can only run commands that correspond to locally installed helper DLLs, even when a remote computer has the helper DLLs installed.
For example, this is the situation when you are using the Netsh utility on a computer running Windows 2000 Professional to remotely administer a computer running Windows 2000 Server. Although the computer running Windows 2000 Server has the additional helper DLLs installed for the management of the Dynamic Host Configuration Protocol (DHCP) Server service, Windows Internet Name Service (WINS), and Internet Authentication Service (IAS), if these helper DLLs are not installed on the computer running Windows 2000 Professional, you cannot use the Netsh utility on this computer to configure these services on the computer running Windows 2000 Server.
There are two solutions to this problem:
Install the Windows 2000 Administration Tools on the computer running Windows 2000 Professional by running the Adminpak.msi file from the I386 folder on a Windows 2000 Server CD-ROM.
With this solution, the computer running Windows 2000 Professional will have all of the Netsh helpers installed to remotely manage computers running Windows 2000 Server.
Make either a Terminal Services or Telnet connection from the computer running Windows 2000 Professional to the computer running Windows 2000 Server, and then run Netsh from the computer running Windows 2000 Server.
With this solution, remote mode is not being used at all.
You cannot enter a specific Netsh context from the Windows 2000 command line by specifying the context as a command. For example, you cannot use the following command to run Netsh and change to the interface> context:
To enter a netsh context at the Windows 2000 command line, use the -c command-line option. For example:
C:\>netsh -c interface
Windows 2000 Professional provides the following contexts:
Used to configure interface parameters for remote access connections and TCP/IP configuration.
Used to configure the Incoming Connections component of Network and Dial-up Connections.
Used to configure the Internet Connection Sharing (ICS) component of Network and Dial-up Connections.
Windows 2000 Server provides the following contexts:
Used to configure interface parameters for remote access and demand-dial connections, and TCP/IP configuration.
Used to configure the Incoming Connections component of Network and Dial-up Connections and the Routing and Remote Access service.
Used to configure the ICS component of Network and Dial-up Connections and the Routing and Remote Access service.
Used to configure the DHCP Server service.
Used to configure WINS.
Used to configure the authentication, authorization, accounting, and auditing (AAAA) database that is used by both IAS and the Routing and Remote Access service.
Netsh command modes
The Netsh utility has the following command modes:
When you issue Netsh commands at a Windows 2000 command prompt, you are in non-interactive mode.
When you issue commands at a Netsh command prompt, you are in interactive mode.
In online mode, commands that are run at a Netsh command prompt are run immediately. Netsh is in online mode by default. To put Netsh in the online mode, use the online or set mode online commands.
In offline mode, commands that are run at a Netsh command prompt are accumulated and run as a batch by issuing the commit global command. You can discard accumulated commands by issuing the abort global command. To put Netsh in the offline mode, use the offline or set mode offline commands.
When you either use the -f command-line option or run the exec global command, all of the Netsh commands in the specified file are run in script mode.
In local mode, commands are applied to the local machine.
In remote mode, commands are applied to a remote computer that is specified by computer name or IP address. For more information about remote mode, see "Remote configuration" in this article.
Using the dump command to create a configuration script
To create a script of the current network configuration, use the global dump command. The dump command displays the current network configuration in terms of Netsh commands. To create a script file, use the following command at a Windows 2000 command prompt:
C:\>netsh dump > config.nsh
You can use the script created by this command to either configure a new server or reconfigure an existing server by running the following command at a Windows 2000 command prompt:
C:\>netsh -f config.nsh
If you are making extensive changes to the configuration of a component, it is recommended that you begin the configuration session by saving the current configuration to a script file. Doing this before changes are made ensures that you can restore the configuration.
Example Netsh script
This example Netsh script performs an auto-static update of routes on a branch office router that is running Windows 2000 and the Routing and Remote Access service. The commands that need to be run are:
netsh interface set interface name=CorpHub connect=CONNECTED
netsh routing ip rip update CorpHub
netsh interface set interface name=CorpHub connect=DISCONNECTED
You can run these commands from a batch file or you can place them in a Netsh script file. For example, the script file Corphub.nsh contains the following commands:
interface set interface name=CorpHub connect=CONNECTED routing ip rip update CorpHub interface set interface name=CorpHub connect=DISCONNECTED
To run the Corphub.scp script file, type the following at a command prompt:
netsh -f corphub.nsh
After the Netsh script file is created, you can either run it when needed or on a periodic basis with Windows 2000 Task Scheduler.
One of the most useful aspects of Netsh is the ability to remotely configure computers running Windows 2000. You can indicate the computer to remotely configure by either specifying the -r RemoteMachine command-line option or using the set machine global Netsh command. In both cases, you can specify a remote computer with a NetBIOS name, a UNC name, a DNS domain name, or an IP address in dotted decimal notation.
To run the commands on a remote computer, you must have administrator permissions on the remote computer. You must be logged on with a user account that is a member of the Administrators group on the remote computer. Alternately, you must have an existing connection to the remote computer that uses a user account that is a member of the Administrators group on the remote computer.
When you use the set machine command to specify the remote computer, the netsh command prompt changes to indicate the name or IP address of the remote computer on which commands are run. Here is an example:
netsh>set machine 22.214.171.124 [126.96.36.199] netsh>interface
You can configure multiple remote computers with the same script file by beginning each set of commands to be run on a remote computer with the appropriate set machine command.
Some commands, such as those in the aaaa context, cannot be remotely executed. To reset Netsh back to the local computer, issue the set machine command without any parameters.
For More Information
For more information about Netsh in Windows 2000, consult the following resources:
- Windows 2000 Server Documentation (Networking\Routing and Remote Access)
- Platform SDK documentation on Netsh
- Microsoft Product Support Services Knowledge Base
For a list of all The Cable Guy articles, click here.