Network shell (netsh) is a command-line utility that allows you to configure and display the status of various network communications server roles and components after they are installed on computers running Windows® 7, Windows Server® 2008 R2, Windows Vista®, or Windows Server® 2008.

Some client technologies, such as Network Access Protection (NAP) client, also provide netsh commands that allow you to configure client computers running Windows 7 or Windows Vista.

In most cases, netsh commands provide the same functionality that is available when using the Microsoft Management Console (MMC) snap-in for each server role or component. In addition, there are netsh commands for network functionality, such as for IPv6, network bridge, and remote procedure call (RPC), that are not available in the user interface as an MMC snap-in.

You can use netsh commands to configure and display the status of network components on the local computer and on remote computers.

In addition, netsh commands can be run manually by typing commands at the netsh prompt and they can be run in batch files and scripts.

Netsh commands are organized in a hierarchy of contexts. Each network technology with netsh command functionality has its own context. For example, the netsh context for remote access service is ras.

Network communications technologies that provide netsh functionality

Netsh functionality is provided for some server roles, role services, features, and technologies.

Server roles and role services

The following server roles provide netsh command functionality:

  • The Dynamic Host Configuration Protocol (DHCP) server role. After installing the DHCP server role, you can configure the DHCP server by using the commands at the netsh dhcp context. The context for DHCP is netsh dhcp.

  • The Network Policy and Access Services server role. This server role provides netsh functionality for the following role services after the role services are installed:

    • Health Registration Authority (HRA). The context for HRA is netsh nap hra.

    • Network Policy Server (NPS). The context for NPS is netsh nps.

    • Routing and Remote Access. The contexts for Routing and Remote Access are netsh routing and netsh ras.

Features and other network communications technologies

The following features provide netsh command functionality:

  • Windows Internet Name Service (WINS). The context for WINS is netsh wins.

The following network communications technologies provide netsh functionality:

  • DHCP client. The context for DHCP client is netsh dhcpclient.

  • Firewall. See Windows Firewall with Advanced Security.

  • Hypertext Transfer Protocol (HTTP). The context for HTTP is netsh http.

  • Internet Authentication Service. IAS is renamed to Network Policy Server (NPS), and the context for NPS is netsh nps.

  • Internet Protocol version 4 (IPv4). The context for IPv4 is netsh interface ip.

  • Internet Protocol version 6 (IPv6). The context for IPv6 is netsh interface ipv6.

  • IPv4 and IPv6 network and application proxy. The context for the IPv4 and IPv6 network and application proxy is netsh interface portproxy.

  • Internet Protocol security (IPsec). The context for IPsec is netsh ipsec.

    Important
    The ipsec context is provided for backwards compatibility only. Use the advfirewall consec context instead.
  • Local Area Network. See Wired Local Area Network.

  • Network Access Protection (NAP). The context for NAP client is netsh nap. In addition, NPS provides netsh commands at the netsh nps context that allow you to configure NPS as a NAP policy server.

  • Network Bridge. The context for network bridge is netsh bridge.

  • Network input output (netio). The context for netio is netsh netio.

  • Remote Procedure Call (RPC). The context for RPC is netsh rpc.

  • Windows Firewall. The context for Windows Firewall is netsh firewall.

    Important
    The firewall context is provided for backwards compatibility only. Use the advfirewall firewall context instead.
  • Windows Firewall with Advanced Security. The context for Windows Firewall with Advanced Security is netsh advfirewall.

  • Windows HTTP. The context for Windows HTTP is netsh winhttp.

  • Windows Sockets (winsock). The context for Windows Sockets is netsh winsock.

  • Wired Local Area Network (LAN). The context for wired LAN is netsh lan.

  • Wireless LAN. The context for wireless LAN is netsh wlan.

The following sections provide information about the netsh commands and their use, including a comprehensive command reference with syntax and parameters for all commands.

See Also