The Netsh commands for wireless local area network (WLAN) provide methods to configure 802.11 wireless connectivity and security settings for computers running Windows Vista® and Windows Server® 2008. You can use the Netsh WLAN commands to configure the local computer or to configure multiple computers by using a logon script. You can also use the netsh WLAN commands to view applied wireless Group Policy settings.
Wireless Network (IEEE 802.11) Policies profiles are read-only, and cannot be modified or deleted by using Netsh WLAN commands.
Running Netsh wlan commands on computers running Windows Server2008
To run Netsh WLAN commands on computers running Windows Server 2008, you must first install the Wireless LAN Service.
Note |
---|
On computers running Windows Server 2008, installing the Wireless LAN Service in Server Manager / Features, adds and starts the WLAN AutoConfig service. WLAN AutoConfig is located in Server Manager/Diagnostics/Services Microsoft Management Console (MMC). To remove the WLAN AutoConfig service from a Computer running Windows Server 2008, you must remove (uninstall) the Wireless LAN Service from Server Manager / Features. |
To install Wireless LAN Service on computers running Windows Server 2008
-
Do one of the following:
- In Initial Configuration Tasks, in Customize This
Server, click Add Features. The Add Features
Wizard opens.
- Click Start, and then click Server Manager. In
the left pane of Server Manager, click Features, and
in the details pane, in Features Summary, click Add
Features. The Add Features Wizard opens.
- In Initial Configuration Tasks, in Customize This
Server, click Add Features. The Add Features
Wizard opens.
-
In Select Features, in Features, scroll down the list, select Wireless LAN Service, and then click Next.
-
In Confirm installation selections, click Install.
-
In Installation Results, review your installation results, and then click Close.
Netsh WLAN commands
This section contains the following Netsh WLAN commands:
- add
filter
- add
profile
- connect
- delete
filter
- delete
profile
- disconnect
- export
profile
- set
autoconfig
- set
blockednetworks
- set
createalluserprofile
- set
profileorder
- set
profileparameter
- set
tracing
- show all
- show
autoconfig
- show
blockednetworks
- show
drivers
- show
filters
- show
interfaces
- show
networks
- show
profiles
- show
settings
- show
tracing
add filter
Adds a wireless network, by Service Set Identifier (SSID), to the wireless allowed or blocked list.
Syntax
add filter permission={allow|block|denyall} ssid=WirelessNetworkName networktype={infrastructure|adhoc}
Parameters
- Permission
- Required. Specifies the permission type of the filter.
- SSID
- Required [conditional, see "Remarks"]. SSID of the wireless network.
- Networktype
- Required. Specifies the wireless network type.
Remarks
The ssid parameter is required if permission is allow or block. If permission is denyall, then do not specify the ssid parameter.
Example commands
- add filter permission=allow
ssid=WiFiNetwork networktype=infrastructure
- add filter permission=block ssid="Wireless
Net" networktype=adhoc
- add filter permission=denyall
networktype=infrastructure
add profile
Adds a WLAN profile to the specified interface on the computer.
Syntax
add profile filename=PathAndFileName [[interface=]InterfaceName] [[user=]{all|current}]
Parameters
- Filename
- Required. Specifies both the path to, and name of the XML file containing the profile data.
- Interface
- Optional. Specifies the name of the wireless interface on which to add the profile (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command)
- User
- Optional. Specifies whether the profile is applied only to the current user or to all users.
Remarks
The interface parameter is one of the interface names shown by the netsh wlan show interface command. If the interface parameter is specified, the profile is added to the specified interface. If the interface parameter is not specified, the profile is added on all wireless interfaces. There is wildcard support for this parameter. You can use the characters ? and * to replace a letter and letters of the interface name, respectively.
The user parameter, if unspecified, applies the profile to all users.
Example commands
- add profile
filename=C:\Users\WirelessUser\Documents\profile1.xml
interface="Wireless Network Connection"
- add profile filename="C:\Wireless
Profiles\WiFi Profile.xml" interface=w*
connect
Connects to a wireless network by using the specified parameter.
Syntax
connect [[ssid=]WirelessNetworkName] name=ProfileName interface=InterfaceName
Parameters
- SSID
- Optional [conditional, see "Remarks"]. Specifies the SSID of the wireless network.
- Name
- Required. Specifies the name of the wireless profile to use for the connection attempt, (where ProfileName is the name of the wireless profile, as listed in Manage Wireless Networks, or as rendered by the netsh wlan show profiles command).
- Interface
- Required [conditional, see "Remarks"]. Specifies the wireless interface to use for the connection attempt, (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).
Remarks
If only one SSID is specified in the profile, then the specified SSID is used to connect, and the ssid parameter is not required. If the profile specifies multiple SSIDs, the ssid parameter is required.
The interface parameter is required only if there is more than one wireless interface on the computer. Wildcard (*) names cannot be used to specify the interface name.
If the specified interface is already connected to a wireless network, this command disconnects the interface from that network, and then attempts to connect to the new network. If the command attempts to connect to a network to which the interface is already connected, this command returns a message that the connection was successful, and does not change the state of the wireless adapter.
Examples
- connect ssid=WiFiNetwork
name=Profile1
- connect ssid="Wireless Net" name=Profile2
interface="Wireless Network Connection"
delete filter
Removes a wireless network from the wireless allowed or blocked list.
Syntax
delete filter permission={allow|block|denyall} ssid=WirelessNetworkName networktype={infrastructure|adhoc}]
Parameters
- Permission
- Required. Specifies the permission type of the filter.
- SSID
- Required [conditional, see "Remarks"]. Specifies the SSID of the wireless network.
- Networktype
- Required. Specifies whether the wireless network type is adhoc or infrastructure.
Remarks
The ssid parameter is required, unless the value of the permission parameter is denyall. If the permission parameter is denyall, then the ssid parameter should not be given.
Example commands
- delete filter permission=allow
ssid=WiFiNetwork networktype=infrastructure
- delete filter permission=block
ssid="Wireless Net" networktype=adhoc
- delete filter permission=denyall
networktype=adhoc
delete profile
Removes a WLAN profile from one or multiple interfaces.
Syntax
delete profile name=ProfileName [[interface=]InterfaceName]
Parameters
- Name
- Required. Specifies the name of the wireless profile to delete, (where ProfileName is the name of the wireless profile, as listed in Manage Wireless Networks, or as rendered by the netsh wlan show profiles command).
- Interface
- Optional. Specifies the name of the wireless interface on which to delete the profile, (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).
Remarks
If the interface parameter is specified, then the profile is deleted only from the specified interface.
If the interface parameter is not specified, then the profile is deleted from all interfaces on the computer.
The name parameter can have wildcard characters; if multiple profiles having names that match wildcard characters, then all such profiles are deleted. You can use the characters ? and * to replace a letter and letters of the interface name, respectively.
Example commands
- delete profile name="Profile 1"
interface="Wireless Network Connection"
- delete profile name=Profile2
interface=*
- delete profile name="Profile 1"
i=*
disconnect
Disconnects the specified interface from a wireless network.
Syntax
disconnect interface=InterfaceName
Parameters
- Interface
- Required [conditional, see "Remarks"]. Specifies which wireless interface is used for the disconnect attempt , (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).
Remarks
The interface parameter is required if there is more than one wireless interface on the computer. You can use Wildcard (*) characters in the interface name to specify multiple interfaces.
If the specified interface is not already connected to a wireless network, this command returns a message stating that the disconnection was successful; the state of the wireless adapter does not change.
Example commands
- disconnect
- disconnect interface="Wireless Network
Connection"
export profile
Saves WLAN profiles as XML files to the specified location.
Syntax
export profile folder=PathAndFileName [[name=]ProfileName] [[interface=]InterfaceName]
Parameters
- Folder
- Optional. Specifies the path and file where the profile XML file is to be saved, and the name to use for the saved file.
- Name
- Optional. Specifies the name of the wireless profile to export (where ProfileName is the name of the wireless profile, as listed in Manage Wireless Networks, or as rendered by the netsh wlan show profiles command).
- Interface
- Optional. Specifies the name of the wireless interface on which the profile is configured, (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).
Remarks
The folder parameter must specify an existing folder that is accessible from the local computer. It can be either an absolute path or relative path to the current working directory. In addition, "." refers to the current working directory, and "." refers to the parent directory of the current working directory. The folder name cannot be a Universal Naming Convention (UNC) path.
If the name parameter is specified but the interface parameter is not, then only that profile is saved. Otherwise all profiles on the computer with the specified name are saved.
If both the interface parameter and name parameter are specified, only the specified profile for that interface is saved.
Profiles of specified interfaces are saved in the file name format "InterfaceName ProfileName.xml." Profiles at the computer level are saved in the file name format "ProfileName.xml."
Example commands
- export profile folder=c:\profiles
name="Profile 1" interface="Wireless Network Connection"
- export profile folder="c:\wifi profiles"
name=Profile2 interface=*
set autoconfig
Enables or disables WLAN Auto Config Service on an interface.
Syntax
set autoconfig enabled={yes|no} interface=InterfaceName
Parameters
- enabled
- Required. Specifies whether to set WLAN Auto Config Service to enabled or disabled.
- Interface
- Required. Specifies the name of the interface on which the service has been enabled or disabled, (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).
Remarks
When WLAN Auto Config Service is enabled, computers running Windows Vista and Windows Server 2008 automatically connect to wireless networks by using the specified interface. By default, autoconfig is enabled on computers running Windows Vista.
If autoconfig is disabled, Windows will not automatically connect to any wireless networks by using the specified interface.
There is wildcard support for the interface parameter. You can use the characters ? and * to replace a letter and letters of the interface name, respectively.
Example command
- set autoconfig enabled=yes
interface="Wireless Network Connection"
set blockednetworks
Shows or hides the blocked networks in the visible network list.
Syntax
set blockednetworks display={show|hide}
Parameters
- Display
- Required. Specifies whether to show or hide the blocked networks in the list of available wireless. See "Remarks."
Remarks
To view the list of available wireless networks, click Start, click Connect to, and the Connect to a network dialog opens. In Show, select Wireless to display only wireless networks.
Example command
- set blockednetworks display=show
The example command specifies that blocked networks are shown in the list of available networks.
set createalluserprofile
Specifies whether users are allowed to create all-user profiles, regardless of whether they are members of the Administrators group. Users who have membership in the Administrators group can create all-user profiles no matter whether “set createalluserprofile enabled=” is set to “yes” or “no.”
Note |
---|
The set createalluserprofile is only available on computers running Windows Vista with Service Pack 1, and Windows Server 2008. |
Syntax
set createalluserprofile enabled={yes|no}
Parameters
- Enabled
- Required. Specifies whether all computer users are allowed to create all user profiles.
Remarks
If enabled is set to yes, then every user is allowed to create all user profiles. If enabled is set to no, then only users with administrator permissions are allowed to create all user profiles.
Example command
- set createalluserprofile
enabled=yes
set profileorder
Sets the preference order of a wireless network profile on a wireless network interface.
Syntax
set profileorder name=ProfileName interface=InterfaceName priority=integer
Parameters
- Name
- Required. Specifies the name of the profile to set, (where ProfileName is the name of the wireless profile, as listed in Manage Wireless Networks, or as rendered by the netsh wlan show profiles command).
- Interface
- Required. Specifies the name of the interface that has this profile configured, (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).
- Priority
- Required. Specifies the new priority number for the profile. See "Remarks."
Remarks
If parameter priority is set to 0 or 1, the profile will move to the first position in the list, regardless of whether another profile was previously set to 0 or 1. A lower number means a higher priority. There is no practical limit on the number of profiles you can have on a computer.
Example command
- set profileorder name="profile 1"
interface="Wireless Network Connection" priority=1
set profileparameter
Sets parameters in a wireless network profile.
Note |
---|
The set profileparameter is only available on computers running Windows Vista with Service Pack 1, and Windows Server 2008. |
Syntax
set profileparameter name=ProfileName [[interface=]InterfaceName] [[authMode=]{machineOrUser|machineOnly|userOnly|guest}] [[ssoMode=]{preLogon|postLogon|none}] [[maxDelay=]1-120] [[allowDialog={yes|no}] [[userVLAN=]{yes|no}] [[fips=]{yes|no}]
Parameters
- Name
- Required. Specifies the name of the profile to set, (where ProfileName is the name of the wireless profile, as listed in Manage Wireless Networks, or as rendered by the netsh wlan show profiles command).
- Interface
-
- Optional. Specifies the name of the interface
on which the profile is set, (where InterfaceName is the
name of the wireless interface, as listed in Network
Connections, or as rendered by the netsh wlan show
interfaces command).
- Optional. Specifies the name of the interface
on which the profile is set, (where InterfaceName is the
name of the wireless interface, as listed in Network
Connections, or as rendered by the netsh wlan show
interfaces command).
- AuthMode
- Optional [conditional, see "Remarks"]. Specifies the type of credentials to use for authentication.
- SSOMode
- Optional [conditional, see "Remarks"]. Specifies the type of single sign on to be attempted, if any.
- MaxDelay
- Optional [conditional, see "Remarks"]. Specifies the timeout value to establish single sign-on connection.
- AllowDialog
- Optional [conditional, see "Remarks"]. Specifies whether to allow or disallow a dialog to be shown for prelogon.
- UserVLAN
- Optional [conditional, see "Remarks"]. Specifies if the network switches to a different VLAN upon user authentication.
- FIPS
- Optional [conditional, see "Remarks"]. Specifies whether to enable or disable Federal Information Processing Standards Publications (FIPS) mode.
Remarks
Parameter name is required; all other parameters are optional, however, regardless of whether parameter interface is specified, at least one other parameter must be specified.
If the parameter interface is specified then only profiles associated with that interface are modified.
Example commands
- set profileparameter name="Profile 1"
authMode=userOnly ssoMode=preLogon
- set profileparameter name=Profile2
ssoMode=none fips=yes
set tracing
Enables or disables WLAN tracing.
Syntax
set tracing mode={yes|no|persistent}
Parameters
- Mode
- Required. Specifies whether tracing is disabled, enabled and persistent, or enabled and nonpersistent. See "Remarks" for additional information.
Remarks
If the mode parameter is set to yes, nonpersistent tracing is active until the mode is either set to no or the computer is restarted.
If the mode parameter is set to no, tracing is stopped for either persistent or nonpersistent tracing.
If the mode parameter is set to persistent, tracing will still be active even after the computer is restarted.
The default value for mode parameter is nonpersistent.
Example command
- set tracing
mode=persistent
show all
Displays the entire collection of information about wireless network adapters, wireless profiles and wireless networks.
Syntax
show all
Parameters
There are no parameters for this command.
Remarks
Displays the entire collection of 802.11 wireless interface information, network information, and wireless settings on the system, including:
- Wireless adapter driver information
- Wireless interface status
- Wireless configuration settings
- Wireless network filters
- Wireless network profiles list and
details
- Visible wireless networks
Example command
- show all
show autoconfig
Displays whether WLAN AutoConfig service is enabled or disabled
Syntax
show autoconfig
Parameters
There are no parameters for this command.
Remarks
Displays whether WLAN AutoConfig service is enabled or disabled on each wireless adapter interface.
Example command
- show autoconfig
show blockednetworks
Displays the global setting whether to display or hide blocked networks in the visible network list
Syntax
show blockednetworks
Parameters
There are no parameters for this command.
Remarks
Displays the global setting whether to display or hide blocked networks in the visible network list.
Example command
- show blockednetworks
show drivers
Displays the properties of the wireless adapter drivers on the computer.
Syntax
show drivers [[interface=]InterfaceName]
Parameters
- Interface
- Optional. Specifies the name of the interface for which driver information is displayed, (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).
Remarks
Shows the 802.11 wireless LAN interface driver information.
The following list summarizes the type of information presented by this command:
- Interface name (Wireless Network
Connection)
- Driver (model and type)
- Vendor (manufacturer name)
- Provider (driver provider)
- Date (the date the driver was written)
- Version (driver version number)
- INF file (location of driver INF file)
- Type (Native Wi-Fi driver or Legacy Wi-Fi
driver)
- Radio types supported (Direct Sequence Spread
Spectrum [DSSS], 802.11g, 802.11b)
- Authentication and cipher supported in
infrastructure mode (WPA2-Enterprise TKIP; CCMP, Wi-Fi Protected
Access [WPA]-Enterprise Temporal Key Integrity Protocol [TKIP];
CCMP, WPA2-Personal TKIP; CCMP, WPA-Personal TKIP; CCMP, Open Wired
Equivalent Privacy [WEP], Open None, Shared WEP, Shared None)
- Authentication supported in ad-hoc mode
(Open-WEP, Open-None, Shared WEP)
Example command
- show drivers interface="Wireless Network
Connection"
show filters
Displays the current list of allowed and blocked wireless networks.
Syntax
show filters [[permission=]{allow|block}]
Parameters
- Permission
- Optional. Specifies whether to show the list of allowed and blocked networks configured on the computer.
Remarks
If parameter permission is specified, the command displays the list of networks configured on the system that have the specified permission type (allow or block). Otherwise, both the allowed and blocked lists are shown.
Example commands
- show filters
- show filters permission=allow
- show filters permission=block
show interfaces
Displays a list of the current wireless interfaces on a computer.
Syntax
show interfaces
Parameters
There are no parameters for this command.
Remarks
Shows the wireless interfaces configured on the computer.
Displayed information includes:
- The number of interfaces on the computer
- Name (for example, "Wireless Network
Connection")
- Description (for example, Broadcom 802.11g
Network Adapter)
- GUID (hexadecimal string)
- Interface state (connected or
disconnected)
Example command
- show interfaces
show networks
Displays a list of wireless networks that are visible on the computer.
Syntax
show networks [[interface=]InterfaceName] [[mode=]{ssid|bssid}]
Parameters
- Interface
- Optional. Specifies for which interface the network information is returned, (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).
- Mode
- Optional. Specifies whether to display information for Basic Service Set Identifier (BSSID), or Service Set Identifier (SSID).
Remarks
Displays the wireless networks available to the computer.
If the interface parameter is specified, only the networks visible to the specified interface are listed. Otherwise, all networks visible to the computer are listed.
If the mode=ssid parameter is specified, then information about each visible SSID is listed.
Displayed SSID information includes:
- Interface name
- Number of visible networks
- Network name, by SSID
- Network type (infrastructure or ad hoc)
- Authentication (Known as "Security type" in
the properties of a wireless profile. Security types include
WPA2-Enterprise, WPA2-Personal, WPA-Enterprise, WPA-Personal, WEP
and Open.)
- Encryption method (examples include Advanced
Encryption Standard (AES) and Temporal Key Integrity Protocol
(TKIP)).
- Whether the mode parameter is not
specified, only SSIDs are listed.
Displayed SSID information includes:
- Interface name
- Number of visible networks.
- Network name, by SSID
- Network type (infrastructure or ad hoc)
- Authentication (access point - network
authentication)
- Encryption method
If the mode=bssid parameter is specified, then information for the visible BSSIDs for each visible SSID is listed.
Displayed BSSID information includes:
- Interface name
- Number of visible networks
- Network name, by SSID
- Network type (infrastructure or ad-hoc)
- Authentication (Known as "Security type" in
the properties of a wireless profile. Security types include
WPA2-Enterprise, WPA2-Personal, WPA-Enterprise, WPA-Personal, WEP
and Open.)
- Encryption method (examples include AES and
TKIP)
- BSSID number (for example,
00:54:96:32:06)
- Signal strength (by %)
- Radio type (for example, 802.11b)
- Channel (radio channel number)
- Signal strength (by %)
Example commands
- show networks interface="Wireless Network
Connection"
- show networks mode=bssid
- show networks
show profiles
Displays a list of wireless profiles that are configured on the computer.
Syntax
show profiles [[name=]ProfileName] [[interface=]InterfaceName]
Parameters
- Name
- Optional. Specifies the name of the profile to display, (where ProfileName is the name of the wireless profile, as listed in Manage Wireless Networks, or as rendered by the netsh wlan show profiles command).
- Interface
- Optional. Specifies the name of the interface which has this profile configured, (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).
Remarks
Displays the profile data or lists the profiles on the computer.
If the name parameter is specified, then only the content for the specified profile is displayed. If the name parameter is not specified, only the profile name and description are displayed.
If the interface parameter is specified, only the profiles on the specified interface are displayed. If the interface parameter is not specified, all profiles with the specified name are displayed.
Displayed information includes:
- All Users or Current User Profile
- Profile name
- Applied profile (Current User or All
Users)
- Control options
- Connect automatically or connect manually
- Visible SSID or hidden SSID
- Connect automatically or connect manually
- connectivity settings:
- Number of SSIDs (listed by number and
SSID)
- Network type (infrastructure or ad hoc)
- Radio type
- Vendor extension
- Number of SSIDs (listed by number and
SSID)
- Security settings
- Number of auth/cipher combinations (for
example, auth: WPA2-Enterprise, cipher: TKIP)
- Security key
- 802.1X (enabled or disabled)
- Extensible Authentication Protocol (EAP)
type
- 802.1X authentication credential
- Cache user information
- Number of auth/cipher combinations (for
example, auth: WPA2-Enterprise, cipher: TKIP)
Example commands
- show profiles name="profile 1"
interface="Wireless Network Connection"
- show profiles name=profile2
- show profiles
show settings
Displays the current global settings of the wireless LAN.
Syntax
show settings
Parameters
There are no parameters for this command.
Remarks
Shows the global setting for wireless network service, including whether or not WLAN Auto Config Service is enabled on each interface and whether blocked networks are shown or hidden.
Allow and block filter lists are available by using the show filters command.
Example command
- show settings
show tracing
Displays whether wireless tracing is enabled or disabled.
Syntax
show tracing
Parameters
There are no parameters for this command.
Remarks
Displayed information includes:
- Tracing state (enabled or disabled)
- Tracing persistence state (running or not
running)
- Trace log file location (for example
"c:\Windows\system32\logfiles\WirelessAutoLog\")
Example command
- show tracing
See Also
Other Resources
Active Directory Schema Extensions for Windows Vista Wireless and Wired Group Policy EnhancementsMicrosoft TechNet Wireless Networking
Wi-Fi Protected Access 2 Data Encryption and Integrity: The Cable Guy, August 2005
Wi-Fi Protected Access 2 (WPA2) Overview: The Cable Guy, May 2005
Deployment of Secure 802.11 Networks Using Microsoft Windows