Netsh Commands for Wired Local Area Network (LAN) in Windows Server 2008 and Windows Server 2008 R2

Updated: June 11, 2009

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

The Netsh commands for wired local area network (LAN) provide methods to configure connectivity and security settings for computers running Windows Server® 2008 R2, Windows® 7, Windows Server® 2008, and Windows Vista®. You can use the Netsh LAN commands to configure the local computer or to configure multiple computers by using a logon script. You can also use the Netsh LAN commands to view wired 802.1X Group Policy and to administer user wired 802.1X settings.

Wired Network (IEEE 802.3) Policies profiles are read-only, and cannot be modified or deleted by using Netsh LAN commands.

Netsh LAN commands

Following are the Netsh LAN commands that you can run on computers running Windows Server® 2008 R2, Windows® 7, Windows Server® 2008, and Windows Vista®.

  • add profile

  • delete profile

  • export profile

  • reconnect

  • set allowexplicitcreds

  • set autoconfig

  • set profileparameter

  • set tracing

  • show interfaces

  • show profiles

  • show settings

  • show tracing

The following command is new in Windows Server 2008 R2, and Windows 7, and cannot be run against computers running Windows Server 2008, Windows Vista, or earlier releases of the Windows operating system.

  • set blockperiod

Netsh LAN command reference

The following entries provide details for each command.

add profile

Adds a LAN profile to the specified interface on the computer.

Syntax

**add profile filename=**PathAndProfileName [[interface=]InterfaceName]

Parameters

  • filename
    Required. Specifies the path and name of the XML file containing the profile data.
  • interface
    Optional. Specifies the name of the interface on which the profile will be set (where InterfaceName is the name of the interface as displayed in Network Connections or as rendered by the Netsh lan show interfaces command).

Remarks

The interface parameter specifies one of the interface names shown by the Netsh lan show interface command. If the interface is specified, the profile is added to the specified interface. There is wildcard support for this parameter. You can use the characters ? and * to replace a letter and letters of the interface name, respectively.

Example command

  • add profile filename=C:\Users\WiredUser\Documents\profile1.xml interface="Local Area Connection"

delete profile

Removes a LAN profile from one or multiple interfaces.

Syntax

**delete profile interface=**InterfaceName

Parameters

  • interface

    • Required. Specifies the name of the interface on which one or more profiles are to be deleted (where InterfaceName is the name of the interface as displayed in Network Connections, or as rendered by the Netsh lan show interfaces command).

Remarks

There is wildcard support for the interface parameter. You can use the characters ? and * to replace a letter and letters of the interface name, respectively.

Example commands

  • delete profile interface="Local Area Connection"

  • delete profile interface=L*

export profile

Saves LAN profiles as XML files to a specified location.

Syntax

**export profile folder=**PathAndFileName [[interface=]InterfaceName]

Parameters

  • folder

    • Required. Specifies the path and file name for the profile XML file.
  • interface
    Optional. Specifies the name of the interface on which the profile is configured (where InterfaceName is the name of the interface as displayed in Network Connections, or as rendered by the Netsh lan show interfaces command).

Remarks

The folder parameter must specify an existing folder that is accessible from the local computer. It can be either an absolute path or relative path to the current working directory. In addition, "." refers to the current working directory, and ".." refers to the parent directory of the current working directory. The folder name cannot be a Universal Naming Convention (UNC) path.

If the interface parameter is specified, only the specified profile associated with that interface is saved. Otherwise, all profiles on the computer with the specified name are saved.

Profiles of specified interfaces are saved in the format "InterfaceName ProfileName.xml." Profiles at the computer level are saved in the file name format "ProfileName.xml."

There is wildcard support for this parameter. You can use the characters ? and * to replace a letter and letters of the interface name, respectively.

Example commands

  • export profile folder=c:\Users\user\Documents\ interface="Local Area Connection"

  • export profile folder=c:\Users\user\Documents\

reconnect

Attempts to reauthenticate to a wired network by using the specified interface.

Syntax

reconnect [[interface=]InterfaceName]

Parameters

  • interface
    Optional. Specifies the interface that is used for the connection attempt (where InterfaceName is the name of the interface as displayed in Network Connections, or as rendered by the Netsh lan show interfaces command).

Remarks

If the interface parameter is specified, only the specified interface is used for the connection attempt. If the interface parameter is not specified, all interfaces attempt to reconnect. Wildcard (*) names cannot be used to specify the interface name.

Example command

  • reconnect interface="Local Area Connection"

set allowexplicitcreds

Specifies whether to allow or disallow client computers to store and use shared user credentials for network authentication.

Syntax

set allowexplicitcreds allow={yes|no}

Parameters

  • allow
    Required. The options for parameter allow are “yes” or “no.”

Remarks

This Netsh command is new in Windows Server 2008 R2 and cannot be run on computers running Windows Server 2008.

Example command

  • set allowexplicitcreds allow=yes

set autoconfig

Enables or disables Wired AutoConfig Service on an interface.

Syntax

set autoconfig enabled={yes|no} **interface=**InterfaceName

Parameters

  • enabled
    Required. Specifies whether to set Wired AutoConfig Service to enabled or disabled.
  • interface
    Required. Specifies the name of the interface on which the service is enabled or disabled (where InterfaceName is the name of the interface as displayed in Network Connections, or as rendered by the Netsh lan show interfaces command).

Remarks

When Wired AutoConfig is enabled, computers running Windows Vista and Windows Server 2008 automatically connect to the network by using the specified interface. By default, Wired AutoConfig is enabled.

If Wired AutoConfig is disabled, Windows will not automatically connect to any networks by using the specified interface.

There is wildcard support for the interface parameter. You can use the characters ? and * to replace a letter and letters of the interface name, respectively.

Example command

  • set autoconfig enabled=yes interface="Local Area Connection"

set blockperiod

Specifies in minutes, the amount of time during which auto connect attempts to this network are suspended.

Syntax

set blockperiod [value=]numeric value in the range of 0 - 60

Parameters

  • value
    The parameter value tag is optional, however, a numeric value in the range of 0 – 60 is required; see example commands below.

Remarks

This Netsh command is new in Windows Server 2008 R2 and cannot be run on computers running Windows Server 2008.

Modifies the blockperiod timer. The blocked state is reset upon a manual connection attempt, a session change or a media connect.

Example commands

  • set blockperiod value=2

  • set blockperiod 25

set profileparameter

Sets parameters in a wired network profile.

Note

The set profileparameter is only available on computers running Windows Vista with Service Pack 1, and Windows Server 2008, and subsequent releases of the Windows operating system.

Syntax

**set profileparameter name=**ProfileName [[interface=]InterfaceName] [[authMode=]{machineOrUser|machineOnly|userOnly|guest}] [[ssoMode=]{preLogon|postLogon|none}] [[maxDelay=]1-120] [[allowDialog={yes|no}] [[userVLAN=]{yes|no}][oneXEnabled={yes|no}] [oneXEnforced=yes|no]

Parameters

  • Name
    Required. Specifies the name of the profile to set (where ProfileName is the name of the profile, as rendered by the Netsh lan show profile command).
  • interface
    Optional. Specifies the name of the interface on which the profile is set (where InterfaceName is the name of the interface as displayed in Network Connections, or as rendered by the Netsh lan show interfaces command).
  • authMode
    Optional [conditional, see "Remarks"]. Specifies the type of credentials to be used for authentication.
  • SSOMode
    Optional [conditional, see "Remarks"].Specifies the type of single sign on (SSO) to be attempted if any.
  • MaxDelay
    Optional [conditional, see "Remarks"]. Specifies the timeout value allowed to establish the single sign-on connection.
  • AllowDialog
    Optional [conditional, see "Remarks"].Specifies whether to allow or disallow a dialog to be shown for preLogon.
  • userVLAN

    • Optional [conditional, see "Remarks"]. Specifies if the network switches to a different VLAN upon user authentication.
  • oneXEnabled
    Optional [conditional, see "Remarks"]. Specifies whether OneX authentication is enabled.
  • oneXEnforced
    Optional [conditional, see "Remarks"]. Specifies whether OneX authentication is enforced.

Remarks

On computers running Windows Server 2008 R2 and Windows Server 2008, you must first start the Wired AutoConfig Service (dot3svc), in order to run the “Netsh LAN set profileparameter” command.

Parameter name is required; all other parameters are optional, however, regardless of whether parameter interface is specified, at least one other parameter must be specified.

If the parameter interface is specified then only profiles associated with that interface are modified.

Example commands

  • set profileparameter name="Profile 1" authMode=userOnly ssoMode=preLogon

  • set profileparameter name=Profile2 interface="Local Area Connection" ssoMode=none

set tracing

Enables or disables wired tracing.

Syntax

set tracing [[mode=]{yes|no|persistent}]

Parameters

  • mode
    Required. Specifies whether wired tracing is disabled, enabled and persistent, or enabled and nonpersistent. See "Remarks" for additional information.

Remarks

  • If the mode parameter is set to yes, nonpersistent tracing is active until the mode is either set to no or the computer is restarted.

  • If the mode parameter is set to no, tracing is stopped for either persistent or nonpersistent tracing.

If the mode parameter is set to persistent, tracing is active even after the computer is restarted.

The default value for the mode parameter is nonpersistent.

Example command

  • set tracing mode=persistent

show interfaces

Displays a list of the current wired interfaces on the computer.

Syntax

show interfaces

Parameters

There are no parameters for this command.

Remarks

Shows the wired interfaces configured on the computer.

Displayed information includes:

  • The number of interfaces on the computer

  • Interface name

  • Description

  • GUID

  • Ethernet adapter physical address (MAC address).

  • State [network authentication support (yes or no)]

Example command

  • show interfaces

show profiles

Displays a list of wired profiles that are configured on the computer.

Syntax

show profiles [[interface=]InterfaceName]

Parameters

  • Interface
    Optional. Specifies the name of the interface which has this profile configured (where InterfaceName is the name of the interface as displayed in Network Connections, or as rendered by the Netsh lan show interfaces command). See "Remarks."

Remarks

If the interface parameter is specified, then only the contents of the wired profile for the specified interface are displayed. Otherwise all profiles will be displayed with their name and description.

Example commands

  • show profiles interface="Local Area Connection"

  • show profiles

show settings

Displays the current global settings of the wired LAN

Syntax

show settings

Parameters

There are no parameters for this command.

Remarks

Shows the global settings for wired network service, including whether or not auto-configuration logic (Wired AutoConfig) is enabled on each interface.

Example command

  • show settings

show tracing

Displays whether wired tracing is enabled or disabled.

Syntax

show tracing

Parameters

There are no parameters for this command.

Remarks

Displayed information includes:

  • Wired tracing state (started or stopped)

  • Wired tracing persistence state (enabled or disabled)

  • Trace log file location (for example, "c:\Windows\system32\logfiles\WiredAutoLog\"

Example command

  • show tracing