Netsh Commands for Wireless Local Area Network (WLAN) in Windows Server 2008

Applies To: Windows Server 2008, Windows Vista

The Netsh commands for wireless local area network (WLAN) provide methods to configure 802.11 wireless connectivity and security settings for computers running Windows Vista® and Windows Server® 2008. You can use the Netsh WLAN commands to configure the local computer or to configure multiple computers by using a logon script. You can also use the netsh WLAN commands to view applied wireless Group Policy settings.

Wireless Network (IEEE 802.11) Policies profiles are read-only, and cannot be modified or deleted by using Netsh WLAN commands.

Running Netsh wlan commands on computers running Windows Server2008

To run Netsh WLAN commands on computers running Windows Server 2008, you must first install the Wireless LAN Service.

Note

On computers running Windows Server 2008, installing the Wireless LAN Service in Server Manager / Features, adds and starts the WLAN AutoConfig service. WLAN AutoConfig is located in Server Manager/Diagnostics/Services Microsoft Management Console (MMC). To remove the WLAN AutoConfig service from a Computer running Windows Server 2008, you must remove (uninstall) the Wireless LAN Service from Server Manager / Features.

To install Wireless LAN Service on computers running Windows Server 2008

  1. Do one of the following:

    1. In Initial Configuration Tasks, in Customize This Server, click Add Features. The Add Features Wizard opens.

    2. Click Start, and then click Server Manager. In the left pane of Server Manager, click Features, and in the details pane, in Features Summary, click Add Features. The Add Features Wizard opens.

  2. In Select Features, in Features, scroll down the list, select Wireless LAN Service, and then click Next.

  3. In Confirm installation selections, click Install.

  4. In Installation Results, review your installation results, and then click Close.

Netsh WLAN commands

This section contains the following Netsh WLAN commands:

  • add filter

  • add profile

  • connect

  • delete filter

  • delete profile

  • disconnect

  • export profile

  • set autoconfig

  • set blockednetworks

  • set createalluserprofile

  • set profileorder

  • set profileparameter

  • set tracing

  • show all

  • show autoconfig

  • show blockednetworks

  • show drivers

  • show filters

  • show interfaces

  • show networks

  • show profiles

  • show settings

  • show tracing

add filter

Adds a wireless network, by Service Set Identifier (SSID), to the wireless allowed or blocked list.

Syntax

add filter permission={allow|block|denyall} ssid=WirelessNetworkNamenetworktype={infrastructure|adhoc}

Parameters

  • Permission
    Required. Specifies the permission type of the filter.
  • SSID
    Required [conditional, see "Remarks"]. SSID of the wireless network.
  • Networktype
    Required. Specifies the wireless network type.

Remarks

The ssid parameter is required if permission is allow or block. If permission is denyall, then do not specify the ssid parameter.

Example commands

  • add filter permission=allow ssid=WiFiNetwork networktype=infrastructure

  • add filter permission=block ssid="Wireless Net" networktype=adhoc

  • add filter permission=denyall networktype=infrastructure

add profile

Adds a WLAN profile to the specified interface on the computer.

Syntax

add profile filename=PathAndFileName [[interface=]InterfaceName] [[user=]{all|current}]

Parameters

  • Filename
    Required. Specifies both the path to, and name of the XML file containing the profile data.
  • Interface
    Optional. Specifies the name of the wireless interface on which to add the profile (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command)
  • User
    Optional. Specifies whether the profile is applied only to the current user or to all users.

Remarks

The interface parameter is one of the interface names shown by the netsh wlan show interface command. If the interface parameter is specified, the profile is added to the specified interface. If the interface parameter is not specified, the profile is added on all wireless interfaces. There is wildcard support for this parameter. You can use the characters ? and \* to replace a letter and letters of the interface name, respectively.

The user parameter, if unspecified, applies the profile to all users.

Example commands

  • add profile filename=C:\Users\WirelessUser\Documents\profile1.xml interface="Wireless Network Connection"

  • add profile filename="C:\Wireless Profiles\WiFi Profile.xml" interface=w\*

connect

Connects to a wireless network by using the specified parameter.

Syntax

connect [[ssid=]WirelessNetworkName] name=ProfileNameinterface=InterfaceName

Parameters

  • SSID
    Optional [conditional, see "Remarks"]. Specifies the SSID of the wireless network.
  • Name
    Required. Specifies the name of the wireless profile to use for the connection attempt, (where ProfileName is the name of the wireless profile, as listed in Manage Wireless Networks, or as rendered by the netsh wlan show profiles command).
  • Interface
    Required [conditional, see "Remarks"]. Specifies the wireless interface to use for the connection attempt, (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).

Remarks

If only one SSID is specified in the profile, then the specified SSID is used to connect, and the ssid parameter is not required. If the profile specifies multiple SSIDs, the ssid parameter is required.

The interface parameter is required only if there is more than one wireless interface on the computer. Wildcard (\*) names cannot be used to specify the interface name.

If the specified interface is already connected to a wireless network, this command disconnects the interface from that network, and then attempts to connect to the new network. If the command attempts to connect to a network to which the interface is already connected, this command returns a message that the connection was successful, and does not change the state of the wireless adapter.

Examples

  • connect ssid=WiFiNetwork name=Profile1

  • connect ssid="Wireless Net" name=Profile2 interface="Wireless Network Connection"

delete filter

Removes a wireless network from the wireless allowed or blocked list.

Syntax

deletefilterpermission={allow|block|denyall} ssid=WirelessNetworkNamenetworktype={infrastructure|adhoc}]

Parameters

  • Permission
    Required. Specifies the permission type of the filter.
  • SSID
    Required [conditional, see "Remarks"]. Specifies the SSID of the wireless network.
  • Networktype
    Required. Specifies whether the wireless network type is adhoc or infrastructure.

Remarks

The ssid parameter is required, unless the value of the permission parameter is denyall. If the permission parameter is denyall, then the ssid parameter should not be given.

Example commands

  • delete filter permission=allow ssid=WiFiNetwork networktype=infrastructure

  • delete filter permission=block ssid="Wireless Net" networktype=adhoc

  • delete filter permission=denyall networktype=adhoc

delete profile

Removes a WLAN profile from one or multiple interfaces.

Syntax

deleteprofilename=ProfileName [[interface=]InterfaceName]

Parameters

  • Name
    Required. Specifies the name of the wireless profile to delete, (where ProfileName is the name of the wireless profile, as listed in Manage Wireless Networks, or as rendered by the netsh wlan show profiles command).
  • Interface
    Optional. Specifies the name of the wireless interface on which to delete the profile, (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).

Remarks

If the interface parameter is specified, then the profile is deleted only from the specified interface.

If the interface parameter is not specified, then the profile is deleted from all interfaces on the computer.

The name parameter can have wildcard characters; if multiple profiles having names that match wildcard characters, then all such profiles are deleted. You can use the characters ? and \* to replace a letter and letters of the interface name, respectively.

Example commands

  • delete profile name="Profile 1" interface="Wireless Network Connection"

  • delete profile name=Profile2 interface=\*

  • delete profile name="Profile 1" i=\*

disconnect

Disconnects the specified interface from a wireless network.

Syntax

disconnectinterface=InterfaceName

Parameters

  • Interface
    Required [conditional, see "Remarks"]. Specifies which wireless interface is used for the disconnect attempt , (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).

Remarks

The interface parameter is required if there is more than one wireless interface on the computer. You can use Wildcard (\*) characters in the interface name to specify multiple interfaces.

If the specified interface is not already connected to a wireless network, this command returns a message stating that the disconnection was successful; the state of the wireless adapter does not change.

Example commands

  • disconnect

  • disconnect interface="Wireless Network Connection"

export profile

Saves WLAN profiles as XML files to the specified location.

Syntax

exportprofilefolder=PathAndFileName [[name=]ProfileName] [[interface=]InterfaceName]

Parameters

  • Folder
    Optional. Specifies the path and file where the profile XML file is to be saved, and the name to use for the saved file.
  • Name
    Optional. Specifies the name of the wireless profile to export (where ProfileName is the name of the wireless profile, as listed in Manage Wireless Networks, or as rendered by the netsh wlan show profiles command).
  • Interface
    Optional. Specifies the name of the wireless interface on which the profile is configured, (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).

Remarks

The folder parameter must specify an existing folder that is accessible from the local computer. It can be either an absolute path or relative path to the current working directory. In addition, "." refers to the current working directory, and "." refers to the parent directory of the current working directory. The folder name cannot be a Universal Naming Convention (UNC) path.

If the name parameter is specified but the interface parameter is not, then only that profile is saved. Otherwise all profiles on the computer with the specified name are saved.

If both the interface parameter and name parameter are specified, only the specified profile for that interface is saved.

Profiles of specified interfaces are saved in the file name format "InterfaceName ProfileName.xml." Profiles at the computer level are saved in the file name format "ProfileName.xml."

Example commands

  • export profile folder=c:\profiles name="Profile 1" interface="Wireless Network Connection"

  • export profile folder="c:\wifi profiles" name=Profile2 interface=\*

set autoconfig

Enables or disables WLAN Auto Config Service on an interface.

Syntax

setautoconfigenabled={yes|no} interface=InterfaceName

Parameters

  • enabled
    Required. Specifies whether to set WLAN Auto Config Service to enabled or disabled.
  • Interface
    Required. Specifies the name of the interface on which the service has been enabled or disabled, (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).

Remarks

When WLAN Auto Config Service is enabled, computers running Windows Vista and Windows Server 2008 automatically connect to wireless networks by using the specified interface. By default, autoconfig is enabled on computers running Windows Vista.

If autoconfig is disabled, Windows will not automatically connect to any wireless networks by using the specified interface.

There is wildcard support for the interface parameter. You can use the characters ? and \* to replace a letter and letters of the interface name, respectively.

Example command

  • set autoconfig enabled=yes interface="Wireless Network Connection"

set blockednetworks

Shows or hides the blocked networks in the visible network list.

Syntax

setblockednetworksdisplay={show|hide}

Parameters

  • Display
    Required. Specifies whether to show or hide the blocked networks in the list of available wireless. See "Remarks."

Remarks

To view the list of available wireless networks, click Start, click Connect to, and the Connect to a network dialog opens. In Show, select Wireless to display only wireless networks.

Example command

  • set blockednetworks display=show

The example command specifies that blocked networks are shown in the list of available networks.

set createalluserprofile

Specifies whether users are allowed to create all-user profiles, regardless of whether they are members of the Administrators group. Users who have membership in the Administrators group can create all-user profiles no matter whether “set createalluserprofile enabled=” is set to “yes” or “no.”

Note

The set createalluserprofile is only available on computers running Windows Vista with Service Pack 1, and Windows Server 2008.

Syntax

setcreatealluserprofileenabled={yes|no}

Parameters

  • Enabled
    Required. Specifies whether all computer users are allowed to create all user profiles.

Remarks

If enabled is set to yes, then every user is allowed to create all user profiles. If enabled is set to no, then only users with administrator permissions are allowed to create all user profiles.

Example command

  • set createalluserprofile enabled=yes

set profileorder

Sets the preference order of a wireless network profile on a wireless network interface.

Syntax

setprofileordername=ProfileNameinterface=InterfaceNamepriority=integer

Parameters

  • Name
    Required. Specifies the name of the profile to set, (where ProfileName is the name of the wireless profile, as listed in Manage Wireless Networks, or as rendered by the netsh wlan show profiles command).
  • Interface
    Required. Specifies the name of the interface that has this profile configured, (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).
  • Priority
    Required. Specifies the new priority number for the profile. See "Remarks."

Remarks

If parameter priority is set to 0 or 1, the profile will move to the first position in the list, regardless of whether another profile was previously set to 0 or 1. A lower number means a higher priority. There is no practical limit on the number of profiles you can have on a computer.

Example command

  • set profileorder name="profile 1" interface="Wireless Network Connection" priority=1

set profileparameter

Sets parameters in a wireless network profile.

Note

The set profileparameter is only available on computers running Windows Vista with Service Pack 1, and Windows Server 2008.

Syntax

set profileparametername=ProfileName [[interface=]InterfaceName] [[authMode=]{machineOrUser|machineOnly|userOnly|guest}] [[ssoMode=]{preLogon|postLogon|none}] [[maxDelay=]1-120] [[allowDialog={yes|no}] [[userVLAN=]{yes|no}] [[fips=]{yes|no}]

Parameters

  • Name
    Required. Specifies the name of the profile to set, (where ProfileName is the name of the wireless profile, as listed in Manage Wireless Networks, or as rendered by the netsh wlan show profiles command).
  • Interface

    • Optional. Specifies the name of the interface on which the profile is set, (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).
  • AuthMode
    Optional [conditional, see "Remarks"]. Specifies the type of credentials to use for authentication.
  • SSOMode
    Optional [conditional, see "Remarks"]. Specifies the type of single sign on to be attempted, if any.
  • MaxDelay
    Optional [conditional, see "Remarks"]. Specifies the timeout value to establish single sign-on connection.
  • AllowDialog
    Optional [conditional, see "Remarks"]. Specifies whether to allow or disallow a dialog to be shown for prelogon.
  • UserVLAN
    Optional [conditional, see "Remarks"]. Specifies if the network switches to a different VLAN upon user authentication.
  • FIPS
    Optional [conditional, see "Remarks"]. Specifies whether to enable or disable Federal Information Processing Standards Publications (FIPS) mode.

Remarks

Parameter name is required; all other parameters are optional, however, regardless of whether parameter interface is specified, at least one other parameter must be specified.

If the parameter interface is specified then only profiles associated with that interface are modified.

Example commands

  • set profileparameter name="Profile 1" authMode=userOnly ssoMode=preLogon

  • set profileparameter name=Profile2 ssoMode=none fips=yes

set tracing

Enables or disables WLAN tracing.

Syntax

set tracingmode={yes|no|persistent}

Parameters

  • Mode
    Required. Specifies whether tracing is disabled, enabled and persistent, or enabled and nonpersistent. See "Remarks" for additional information.

Remarks

If the mode parameter is set to yes, nonpersistent tracing is active until the mode is either set to no or the computer is restarted.

If the mode parameter is set to no, tracing is stopped for either persistent or nonpersistent tracing.

If the mode parameter is set to persistent, tracing will still be active even after the computer is restarted.

The default value for mode parameter is nonpersistent.

Example command

  • settracingmode=persistent

show all

Displays the entire collection of information about wireless network adapters, wireless profiles and wireless networks.

Syntax

show all

Parameters

There are no parameters for this command.

Remarks

Displays the entire collection of 802.11 wireless interface information, network information, and wireless settings on the system, including:

  • Wireless adapter driver information

  • Wireless interface status

  • Wireless configuration settings

  • Wireless network filters

  • Wireless network profiles list and details

  • Visible wireless networks

Example command

  • show all

show autoconfig

Displays whether WLAN AutoConfig service is enabled or disabled

Syntax

showautoconfig

Parameters

There are no parameters for this command.

Remarks

Displays whether WLAN AutoConfig service is enabled or disabled on each wireless adapter interface.

Example command

  • show autoconfig

show blockednetworks

Displays the global setting whether to display or hide blocked networks in the visible network list

Syntax

showblockednetworks

Parameters

There are no parameters for this command.

Remarks

Displays the global setting whether to display or hide blocked networks in the visible network list.

Example command

  • show blockednetworks

show drivers

Displays the properties of the wireless adapter drivers on the computer.

Syntax

showdrivers [[interface=]InterfaceName]

Parameters

  • Interface
    Optional. Specifies the name of the interface for which driver information is displayed, (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).

Remarks

Shows the 802.11 wireless LAN interface driver information.

The following list summarizes the type of information presented by this command:

  • Interface name (Wireless Network Connection)

  • Driver (model and type)

  • Vendor (manufacturer name)

  • Provider (driver provider)

  • Date (the date the driver was written)

  • Version (driver version number)

  • INF file (location of driver INF file)

  • Type (Native Wi-Fi driver or Legacy Wi-Fi driver)

  • Radio types supported (Direct Sequence Spread Spectrum [DSSS], 802.11g, 802.11b)

  • Authentication and cipher supported in infrastructure mode (WPA2-Enterprise TKIP; CCMP, Wi-Fi Protected Access [WPA]-Enterprise Temporal Key Integrity Protocol [TKIP]; CCMP, WPA2-Personal TKIP; CCMP, WPA-Personal TKIP; CCMP, Open Wired Equivalent Privacy [WEP], Open None, Shared WEP, Shared None)

  • Authentication supported in ad-hoc mode (Open-WEP, Open-None, Shared WEP)

Example command

  • show drivers interface="Wireless Network Connection"

show filters

Displays the current list of allowed and blocked wireless networks.

Syntax

showfilters [[permission=]{allow|block}]

Parameters

  • Permission
    Optional. Specifies whether to show the list of allowed and blocked networks configured on the computer.

Remarks

If parameter permission is specified, the command displays the list of networks configured on the system that have the specified permission type (allow or block). Otherwise, both the allowed and blocked lists are shown.

Example commands

  • show filters

  • show filters permission=allow

  • show filters permission=block

show interfaces

Displays a list of the current wireless interfaces on a computer.

Syntax

showinterfaces

Parameters

There are no parameters for this command.

Remarks

Shows the wireless interfaces configured on the computer.

Displayed information includes:

  • The number of interfaces on the computer

  • Name (for example, "Wireless Network Connection")

  • Description (for example, Broadcom 802.11g Network Adapter)

  • GUID (hexadecimal string)

  • Interface state (connected or disconnected)

Example command

  • show interfaces

show networks

Displays a list of wireless networks that are visible on the computer.

Syntax

shownetworks [[interface=]InterfaceName] [[mode=]{ssid|bssid}]

Parameters

  • Interface
    Optional. Specifies for which interface the network information is returned, (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).
  • Mode
    Optional. Specifies whether to display information for Basic Service Set Identifier (BSSID), or Service Set Identifier (SSID).

Remarks

Displays the wireless networks available to the computer.

If the interface parameter is specified, only the networks visible to the specified interface are listed. Otherwise, all networks visible to the computer are listed.

If the mode=ssid parameter is specified, then information about each visible SSID is listed.

Displayed SSID information includes:

  • Interface name

  • Number of visible networks

  • Network name, by SSID

  • Network type (infrastructure or ad hoc)

  • Authentication (Known as "Security type" in the properties of a wireless profile. Security types include WPA2-Enterprise, WPA2-Personal, WPA-Enterprise, WPA-Personal, WEP and Open.)

  • Encryption method (examples include Advanced Encryption Standard (AES) and Temporal Key Integrity Protocol (TKIP)).

  • Whether the mode parameter is not specified, only SSIDs are listed.

Displayed SSID information includes:

  • Interface name

  • Number of visible networks.

  • Network name, by SSID

  • Network type (infrastructure or ad hoc)

  • Authentication (access point - network authentication)

  • Encryption method

If the mode=bssid parameter is specified, then information for the visible BSSIDs for each visible SSID is listed.

Displayed BSSID information includes:

  • Interface name

  • Number of visible networks

  • Network name, by SSID

  • Network type (infrastructure or ad-hoc)

  • Authentication (Known as "Security type" in the properties of a wireless profile. Security types include WPA2-Enterprise, WPA2-Personal, WPA-Enterprise, WPA-Personal, WEP and Open.)

  • Encryption method (examples include AES and TKIP)

  • BSSID number (for example, 00:54:96:32:06)

    • Signal strength (by %)

    • Radio type (for example, 802.11b)

    • Channel (radio channel number)

Example commands

  • show networks interface="Wireless Network Connection"

  • show networks mode=bssid

  • show networks

show profiles

Displays a list of wireless profiles that are configured on the computer.

Syntax

showprofiles [[name=]ProfileName] [[interface=]InterfaceName]

Parameters

  • Name
    Optional. Specifies the name of the profile to display, (where ProfileName is the name of the wireless profile, as listed in Manage Wireless Networks, or as rendered by the netsh wlan show profiles command).
  • Interface
    Optional. Specifies the name of the interface which has this profile configured, (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).

Remarks

Displays the profile data or lists the profiles on the computer.

If the name parameter is specified, then only the content for the specified profile is displayed. If the name parameter is not specified, only the profile name and description are displayed.

If the interface parameter is specified, only the profiles on the specified interface are displayed. If the interface parameter is not specified, all profiles with the specified name are displayed.

Displayed information includes:

  • All Users or Current User Profile

  • Profile name

  • Applied profile (Current User or All Users)

  • Control options

    • Connect automatically or connect manually

    • Visible SSID or hidden SSID

  • connectivity settings:

    • Number of SSIDs (listed by number and SSID)

    • Network type (infrastructure or ad hoc)

    • Radio type

    • Vendor extension

  • Security settings

    • Number of auth/cipher combinations (for example, auth: WPA2-Enterprise,cipher: TKIP)

    • Security key

    • 802.1X (enabled or disabled)

    • Extensible Authentication Protocol (EAP) type

    • 802.1X authentication credential

    • Cache user information

Example commands

  • show profiles name="profile 1" interface="Wireless Network Connection"

  • show profiles name=profile2

  • show profiles

show settings

Displays the current global settings of the wireless LAN.

Syntax

showsettings

Parameters

There are no parameters for this command.

Remarks

Shows the global setting for wireless network service, including whether or not WLAN Auto Config Service is enabled on each interface and whether blocked networks are shown or hidden.

Allow and block filter lists are available by using the show filters command.

Example command

  • show settings

show tracing

Displays whether wireless tracing is enabled or disabled.

Syntax

showtracing

Parameters

There are no parameters for this command.

Remarks

Displayed information includes:

  • Tracing state (enabled or disabled)

  • Tracing persistence state (running or not running)

  • Trace log file location (for example "c:\Windows\system32\logfiles\WirelessAutoLog\")

Example command

  • show tracing

See Also

Other Resources

Active Directory Schema Extensions for Windows Vista Wireless and Wired Group Policy Enhancements
Microsoft TechNet Wireless Networking
Wi-Fi Protected Access 2 Data Encryption and Integrity: The Cable Guy, August 2005
Wi-Fi Protected Access 2 (WPA2) Overview: The Cable Guy, May 2005
Deployment of Secure 802.11 Networks Using Microsoft Windows