How to: Manage Wireless Connections with Netsh in Vista

By Eric Geier

December 31, 2008

The Netsh command line utility offers powerful tools to configure, manage, and troubleshoot certain networking components. In this tutorial, we explain how to use the tool to import and export wireless profiles and to block connections to certain Wi-Fi networks.

The Netsh command line utility has been available for some time now in Windows 2000, Server 2003, and XP. It offers powerful tools to configure, manage, and troubleshoot certain networking components. For Windows Server 2008 and Vista, Microsoft made a few improvements, which include the addition of specific WLAN commands. Now Netsh provides the management of wireless adapters, profiles, and connectivity. In this tutorial, we explain how to use the tool to import and export wireless profiles and to block connections to certain Wi-Fi networks.

 

Exporting a wireless network profile (so it can be imported onto other machines) can save time when setting up new computers, especially if the network requires authentication and encryption settings. Instead of clicking through windows and dialogs, inputting all the settings manually, a wireless profile could be loaded from a flash or network drive onto the new computer with one line at the Command Prompt. Creating filters with Netsh to block connections to certain Wi-Fi networks is also very useful; for example, to prevent users from connecting to neighboring open networks. Additionally, blocked networks can even be hidden from the list of networks the user sees.

 

Step one: bring up the Command Prompt.

 

Working with the wireless profiles

When working with the wireless profiles, a good first step is to review the list of profiles, by entering the following command:

netsh wlan show profiles

 

That just shows the profile names, which is enough for importing and exporting. However, to display the settings of each profile, enter the following:

netsh wlan show all

 

As shown in Figure 1, the Show Profiles Name section contains a rundown of each profile’s basic, connectivity, and security settings.

 

Profile Names

Fig. 1. Click to enlarge.

 

To export a profile, use the following syntax:

netsh wlan export profile folder=PATH TO FOLDER name=PROFILENAME

 

It will create an XML file (see Figure 2) in the designated folder named with the interface and profile name, for example Wireless Network Connection-office_net.xml.

 

 

Netsch how to

Fig. 2. Click to enlarge.

 

To import a profile, use the following syntax from the directory in which the profile is stored:

netsh wlan add profile filename=”FILENAME.xml”

 

Figure 3 shows an example of exporting and importing a profile.

 

Netsch profiles

Fig. 3

 

Blocking networks with filters

In order to add or remove filters, the Command Prompt must be in the Elevated state. For example in Vista, click the start button, type cmd, right-click the icon in the search box, and select Run As Administrator.

 

Here’s how to see a list of currently enabled filters:

Netsh wlan show filters

 

To add a filter, use the following syntax:

netsh wlan add filter permission={allow|block|denyall} ssid=NETWORKNAME networktype={infrastructure|adhoc}

 

To remove a filter:

netsh wlan delete filter permission={allow|block|denyall} ssid=NETWORKNAME networktype={infrastructure|adhoc}]

 

If using the permission of denyall, emit the SSID attribute. For example, to block the users from creating or connecting to ad hoc wireless connections, enter the following command:

netsh wlan add filter permission=denyall networktype=adhoc

 

If only allowing connections to chosen wireless network(s) and blocking all others is desired, a denyall infrastructure networks filter could be used in conjunction with the command to allow certain SSID filters. For example, to only give users the ability to connect to the network with the SSID of OfficeNet, use the following commands:

netsh wlan add filter permission=denyall networktype= infrastructure

netsh wlan add filter permission=allow ssid=OfficeNet networktype= infrastructure

 

By default, blocked networks aren’t shown to the user on the Connect to a Network list. However, if displaying all networks is desired, the feature can be toggled using this syntax:

setblockednetworksdisplay={show|hide}

 

Creating a batch file

The Netsh WLAN commands also work in batch files. When working with more than a handful of computers, there are even more timesaving techniques that can help, especially when entering multiple Netsh commands. For example, instead of bringing up the Command Prompt on each computer to import a profile, block ad hoc connections, and block all other networks, double-click on a preassembled batch file to save yourself from entering in the four lines of commands. If administering a domain or advanced network, these Netsh commands can also be used on Logon scripts.

 

For those not familiar with creating batch files, follow these steps:

 

1.      Open Notepad and enter the following commands on separate lines.

2.      To hide the Netsh commands from the user when the batch file runs in DOS, enter @echo off.

3.      To remind the user that runs the file what it will do, enter echo and a sentence or two. For example, echo This will import the company’s wireless profile, block ad hoc connections, and block all other networks; press any key to continue.

4.      To make the batch file wait to perform the commands until the user presses a key, type pause.

5.      Enter all the desired Netsh WLAN commands, each one on its own line.

6.      To enable the user to review any feedback given in DOS from the executed commands, enter something along the lines of echo DONE; press any key to exit.

7.      To keep the feedback from zipping by and the DOS window from automatically closing, enter another pause.

8.      Save the file to the desired location, making sure to give it an extension of .bat.

 

Figure 4 shows the example batch file in Notepad and Figure 5 shows how it looks when run from Windows.

 

 

Netsch batch files

Fig. 4

 

 

 

Netsch Vista

Fig. 5

 

Now the batch file, along with the wireless profile(s), can be put onto a flash drive or other accessible location and run from computers that need to be configured. Remember, adding or removing network filters requires the Elevated privilege; right-click the batch file and select Run As Administrator.

 

Getting help and discovering more Netsh commands

To explore more commands, see Microsoft’s guide to Netsh WLAN commands. For help and advice, hit the Wi-Fi Planet Forums or search our archives. And be sure to read "How to: Manage Wireless Connections with Netsh in Vista, Part 2."

 

Eric Geier is the Founder and President of Sky-Nets, Ltd., a Wi-Fi hotspot network. He is also the author of many networking and computing books, including Home Networking All-in-One Desk Reference For Dummies (Wiley 2008) and 100 Things You Need to Know about Microsoft® Windows Vista (Que 2007).



Comment and Contribute
(Maximum characters: 1200). You have
characters left.