Netsh Commands for Wireless Local Area Network (WLAN) in Windows Server 2008
Applies To: Windows Server 2008, Windows Vista
The Netsh commands for wireless local area network (WLAN) provide methods to configure 802.11 wireless connectivity and security settings for computers running Windows Vista® and Windows Server® 2008. You can use the Netsh WLAN commands to configure the local computer or to configure multiple computers by using a logon script. You can also use the netsh WLAN commands to view applied wireless Group Policy settings.
Wireless Network (IEEE 802.11) Policies profiles are read-only, and cannot be modified or deleted by using Netsh WLAN commands.
To run Netsh WLAN commands on computers running Windows Server 2008, you must first install the Wireless LAN Service.
Note
On computers running Windows Server 2008, installing the Wireless LAN Service in Server Manager / Features, adds and starts the WLAN AutoConfig service. WLAN AutoConfig is located in Server Manager/Diagnostics/Services Microsoft Management Console (MMC). To remove the WLAN AutoConfig service from a Computer running Windows Server 2008, you must remove (uninstall) the Wireless LAN Service from Server Manager / Features.
Do one of the following:
In Initial Configuration Tasks, in Customize This Server, click Add Features. The Add Features Wizard opens.
Click Start, and then click Server Manager. In the left pane of Server Manager, click Features, and in the details pane, in Features Summary, click Add Features. The Add Features Wizard opens.
In Select Features, in Features, scroll down the list, select Wireless LAN Service, and then click Next.
In Confirm installation selections, click Install.
In Installation Results, review your installation results, and then click Close.
This section contains the following Netsh WLAN commands:
add filter
add profile
connect
delete filter
delete profile
disconnect
export profile
set autoconfig
set blockednetworks
set createalluserprofile
set profileorder
set profileparameter
set tracing
show all
show autoconfig
show blockednetworks
show drivers
show filters
show interfaces
show networks
show profiles
show settings
show tracing
Adds a wireless network, by Service Set Identifier (SSID), to the wireless allowed or blocked list.
add filter permission={allow|block|denyall} ssid=WirelessNetworkNamenetworktype={infrastructure|adhoc}
- Permission
Required. Specifies the permission type of the filter.
- SSID
Required [conditional, see "Remarks"]. SSID of the wireless network.
- Networktype
Required. Specifies the wireless network type.
The ssid parameter is required if permission is allow or block. If permission is denyall, then do not specify the ssid parameter.
add filter permission=allow ssid=WiFiNetwork networktype=infrastructure
add filter permission=block ssid="Wireless Net" networktype=adhoc
add filter permission=denyall networktype=infrastructure
Adds a WLAN profile to the specified interface on the computer.
**add profile filename=**PathAndFileName [[interface=]InterfaceName] [[user=]{all|current}]
- Filename
Required. Specifies both the path to, and name of the XML file containing the profile data.
- Interface
Optional. Specifies the name of the wireless interface on which to add the profile (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command)
- User
Optional. Specifies whether the profile is applied only to the current user or to all users.
The interface parameter is one of the interface names shown by the netsh wlan show interface command. If the interface parameter is specified, the profile is added to the specified interface. If the interface parameter is not specified, the profile is added on all wireless interfaces. There is wildcard support for this parameter. You can use the characters ? and * to replace a letter and letters of the interface name, respectively.
The user parameter, if unspecified, applies the profile to all users.
add profile filename=C:\Users\WirelessUser\Documents\profile1.xml interface="Wireless Network Connection"
add profile filename="C:\Wireless Profiles\WiFi Profile.xml" interface=w*
Connects to a wireless network by using the specified parameter.
connect [[ssid=]WirelessNetworkName] **name=ProfileNameinterface=**InterfaceName
- SSID
Optional [conditional, see "Remarks"]. Specifies the SSID of the wireless network.
- Name
Required. Specifies the name of the wireless profile to use for the connection attempt, (where ProfileName is the name of the wireless profile, as listed in Manage Wireless Networks, or as rendered by the netsh wlan show profiles command).
- Interface
Required [conditional, see "Remarks"]. Specifies the wireless interface to use for the connection attempt, (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).
If only one SSID is specified in the profile, then the specified SSID is used to connect, and the ssid parameter is not required. If the profile specifies multiple SSIDs, the ssid parameter is required.
The interface parameter is required only if there is more than one wireless interface on the computer. Wildcard (*) names cannot be used to specify the interface name.
If the specified interface is already connected to a wireless network, this command disconnects the interface from that network, and then attempts to connect to the new network. If the command attempts to connect to a network to which the interface is already connected, this command returns a message that the connection was successful, and does not change the state of the wireless adapter.
connect ssid=WiFiNetwork name=Profile1
connect ssid="Wireless Net" name=Profile2 interface="Wireless Network Connection"
Removes a wireless network from the wireless allowed or blocked list.
deletefilterpermission={allow|block|denyall} ssid=WirelessNetworkNamenetworktype={infrastructure|adhoc}]
- Permission
Required. Specifies the permission type of the filter.
- SSID
Required [conditional, see "Remarks"]. Specifies the SSID of the wireless network.
- Networktype
Required. Specifies whether the wireless network type is adhoc or infrastructure.
The ssid parameter is required, unless the value of the permission parameter is denyall. If the permission parameter is denyall, then the ssid parameter should not be given.
delete filter permission=allow ssid=WiFiNetwork networktype=infrastructure
delete filter permission=block ssid="Wireless Net" networktype=adhoc
delete filter permission=denyall networktype=adhoc
Removes a WLAN profile from one or multiple interfaces.
**deleteprofilename=**ProfileName [[interface=]InterfaceName]
- Name
Required. Specifies the name of the wireless profile to delete, (where ProfileName is the name of the wireless profile, as listed in Manage Wireless Networks, or as rendered by the netsh wlan show profiles command).
- Interface
Optional. Specifies the name of the wireless interface on which to delete the profile, (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).
If the interface parameter is specified, then the profile is deleted only from the specified interface.
If the interface parameter is not specified, then the profile is deleted from all interfaces on the computer.
The name parameter can have wildcard characters; if multiple profiles having names that match wildcard characters, then all such profiles are deleted. You can use the characters ? and * to replace a letter and letters of the interface name, respectively.
delete profile name="Profile 1" interface="Wireless Network Connection"
delete profile name=Profile2 interface=*
delete profile name="Profile 1" i=*
Disconnects the specified interface from a wireless network.
**disconnectinterface=**InterfaceName
- Interface
Required [conditional, see "Remarks"]. Specifies which wireless interface is used for the disconnect attempt , (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).
The interface parameter is required if there is more than one wireless interface on the computer. You can use Wildcard (*) characters in the interface name to specify multiple interfaces.
If the specified interface is not already connected to a wireless network, this command returns a message stating that the disconnection was successful; the state of the wireless adapter does not change.
disconnect
disconnect interface="Wireless Network Connection"
Saves WLAN profiles as XML files to the specified location.
**exportprofilefolder=**PathAndFileName [[name=]ProfileName] [[interface=]InterfaceName]
- Folder
Optional. Specifies the path and file where the profile XML file is to be saved, and the name to use for the saved file.
- Name
Optional. Specifies the name of the wireless profile to export (where ProfileName is the name of the wireless profile, as listed in Manage Wireless Networks, or as rendered by the netsh wlan show profiles command).
- Interface
Optional. Specifies the name of the wireless interface on which the profile is configured, (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).
The folder parameter must specify an existing folder that is accessible from the local computer. It can be either an absolute path or relative path to the current working directory. In addition, "." refers to the current working directory, and "." refers to the parent directory of the current working directory. The folder name cannot be a Universal Naming Convention (UNC) path.
If the name parameter is specified but the interface parameter is not, then only that profile is saved. Otherwise all profiles on the computer with the specified name are saved.
If both the interface parameter and name parameter are specified, only the specified profile for that interface is saved.
Profiles of specified interfaces are saved in the file name format "InterfaceName ProfileName.xml." Profiles at the computer level are saved in the file name format "ProfileName.xml."
export profile folder=c:\profiles name="Profile 1" interface="Wireless Network Connection"
export profile folder="c:\wifi profiles" name=Profile2 interface=*
Enables or disables WLAN Auto Config Service on an interface.
setautoconfigenabled={yes|no} **interface=**InterfaceName
- enabled
Required. Specifies whether to set WLAN Auto Config Service to enabled or disabled.
- Interface
Required. Specifies the name of the interface on which the service has been enabled or disabled, (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).
When WLAN Auto Config Service is enabled, computers running Windows Vista and Windows Server 2008 automatically connect to wireless networks by using the specified interface. By default, autoconfig is enabled on computers running Windows Vista.
If autoconfig is disabled, Windows will not automatically connect to any wireless networks by using the specified interface.
There is wildcard support for the interface parameter. You can use the characters ? and * to replace a letter and letters of the interface name, respectively.
- set autoconfig enabled=yes interface="Wireless Network Connection"
Shows or hides the blocked networks in the visible network list.
setblockednetworksdisplay={show|hide}
- Display
Required. Specifies whether to show or hide the blocked networks in the list of available wireless. See "Remarks."
To view the list of available wireless networks, click Start, click Connect to, and the Connect to a network dialog opens. In Show, select Wireless to display only wireless networks.
- set blockednetworks display=show
The example command specifies that blocked networks are shown in the list of available networks.
Specifies whether users are allowed to create all-user profiles, regardless of whether they are members of the Administrators group. Users who have membership in the Administrators group can create all-user profiles no matter whether “set createalluserprofile enabled=” is set to “yes” or “no.”
Note
The set createalluserprofile is only available on computers running Windows Vista with Service Pack 1, and Windows Server 2008.
setcreatealluserprofileenabled={yes|no}
- Enabled
Required. Specifies whether all computer users are allowed to create all user profiles.
If enabled is set to yes, then every user is allowed to create all user profiles. If enabled is set to no, then only users with administrator permissions are allowed to create all user profiles.
- set createalluserprofile enabled=yes
Sets the preference order of a wireless network profile on a wireless network interface.
**setprofileordername=ProfileNameinterface=InterfaceNamepriority=**integer
- Name
Required. Specifies the name of the profile to set, (where ProfileName is the name of the wireless profile, as listed in Manage Wireless Networks, or as rendered by the netsh wlan show profiles command).
- Interface
Required. Specifies the name of the interface that has this profile configured, (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).
- Priority
Required. Specifies the new priority number for the profile. See "Remarks."
If parameter priority is set to 0 or 1, the profile will move to the first position in the list, regardless of whether another profile was previously set to 0 or 1. A lower number means a higher priority. There is no practical limit on the number of profiles you can have on a computer.
- set profileorder name="profile 1" interface="Wireless Network Connection" priority=1
Sets parameters in a wireless network profile.
Note
The set profileparameter is only available on computers running Windows Vista with Service Pack 1, and Windows Server 2008.
**set profileparametername=**ProfileName [[interface=]InterfaceName] [[authMode=]{machineOrUser|machineOnly|userOnly|guest}] [[ssoMode=]{preLogon|postLogon|none}] [[maxDelay=]1-120] [[allowDialog={yes|no}] [[userVLAN=]{yes|no}] [[fips=]{yes|no}]
- Name
Required. Specifies the name of the profile to set, (where ProfileName is the name of the wireless profile, as listed in Manage Wireless Networks, or as rendered by the netsh wlan show profiles command).
Interface
- Optional. Specifies the name of the interface on which the profile is set, (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).
- AuthMode
Optional [conditional, see "Remarks"]. Specifies the type of credentials to use for authentication.
- SSOMode
Optional [conditional, see "Remarks"]. Specifies the type of single sign on to be attempted, if any.
- MaxDelay
Optional [conditional, see "Remarks"]. Specifies the timeout value to establish single sign-on connection.
- AllowDialog
Optional [conditional, see "Remarks"]. Specifies whether to allow or disallow a dialog to be shown for prelogon.
- UserVLAN
Optional [conditional, see "Remarks"]. Specifies if the network switches to a different VLAN upon user authentication.
- FIPS
Optional [conditional, see "Remarks"]. Specifies whether to enable or disable Federal Information Processing Standards Publications (FIPS) mode.
Parameter name is required; all other parameters are optional, however, regardless of whether parameter interface is specified, at least one other parameter must be specified.
If the parameter interface is specified then only profiles associated with that interface are modified.
set profileparameter name="Profile 1" authMode=userOnly ssoMode=preLogon
set profileparameter name=Profile2 ssoMode=none fips=yes
Enables or disables WLAN tracing.
set tracingmode={yes|no|persistent}
- Mode
Required. Specifies whether tracing is disabled, enabled and persistent, or enabled and nonpersistent. See "Remarks" for additional information.
If the mode parameter is set to yes, nonpersistent tracing is active until the mode is either set to no or the computer is restarted.
If the mode parameter is set to no, tracing is stopped for either persistent or nonpersistent tracing.
If the mode parameter is set to persistent, tracing will still be active even after the computer is restarted.
The default value for mode parameter is nonpersistent.
- settracingmode=persistent
Displays the entire collection of information about wireless network adapters, wireless profiles and wireless networks.
show all
There are no parameters for this command.
Displays the entire collection of 802.11 wireless interface information, network information, and wireless settings on the system, including:
Wireless adapter driver information
Wireless interface status
Wireless configuration settings
Wireless network filters
Wireless network profiles list and details
Visible wireless networks
- show all
Displays whether WLAN AutoConfig service is enabled or disabled
showautoconfig
There are no parameters for this command.
Displays whether WLAN AutoConfig service is enabled or disabled on each wireless adapter interface.
- show autoconfig
Displays the global setting whether to display or hide blocked networks in the visible network list
showblockednetworks
There are no parameters for this command.
Displays the global setting whether to display or hide blocked networks in the visible network list.
- show blockednetworks
Displays the properties of the wireless adapter drivers on the computer.
showdrivers [[interface=]InterfaceName]
- Interface
Optional. Specifies the name of the interface for which driver information is displayed, (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).
Shows the 802.11 wireless LAN interface driver information.
The following list summarizes the type of information presented by this command:
Interface name (Wireless Network Connection)
Driver (model and type)
Vendor (manufacturer name)
Provider (driver provider)
Date (the date the driver was written)
Version (driver version number)
INF file (location of driver INF file)
Type (Native Wi-Fi driver or Legacy Wi-Fi driver)
Radio types supported (Direct Sequence Spread Spectrum [DSSS], 802.11g, 802.11b)
Authentication and cipher supported in infrastructure mode (WPA2-Enterprise TKIP; CCMP, Wi-Fi Protected Access [WPA]-Enterprise Temporal Key Integrity Protocol [TKIP]; CCMP, WPA2-Personal TKIP; CCMP, WPA-Personal TKIP; CCMP, Open Wired Equivalent Privacy [WEP], Open None, Shared WEP, Shared None)
Authentication supported in ad-hoc mode (Open-WEP, Open-None, Shared WEP)
- show drivers interface="Wireless Network Connection"
Displays the current list of allowed and blocked wireless networks.
showfilters [[permission=]{allow|block}]
- Permission
Optional. Specifies whether to show the list of allowed and blocked networks configured on the computer.
If parameter permission is specified, the command displays the list of networks configured on the system that have the specified permission type (allow or block). Otherwise, both the allowed and blocked lists are shown.
show filters
show filters permission=allow
show filters permission=block
Displays a list of the current wireless interfaces on a computer.
showinterfaces
There are no parameters for this command.
Shows the wireless interfaces configured on the computer.
Displayed information includes:
The number of interfaces on the computer
Name (for example, "Wireless Network Connection")
Description (for example, Broadcom 802.11g Network Adapter)
GUID (hexadecimal string)
Interface state (connected or disconnected)
- show interfaces
Displays a list of wireless networks that are visible on the computer.
shownetworks [[interface=]InterfaceName] [[mode=]{ssid|bssid}]
- Interface
Optional. Specifies for which interface the network information is returned, (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).
- Mode
Optional. Specifies whether to display information for Basic Service Set Identifier (BSSID), or Service Set Identifier (SSID).
Displays the wireless networks available to the computer.
If the interface parameter is specified, only the networks visible to the specified interface are listed. Otherwise, all networks visible to the computer are listed.
If the mode=ssid parameter is specified, then information about each visible SSID is listed.
Displayed SSID information includes:
Interface name
Number of visible networks
Network name, by SSID
Network type (infrastructure or ad hoc)
Authentication (Known as "Security type" in the properties of a wireless profile. Security types include WPA2-Enterprise, WPA2-Personal, WPA-Enterprise, WPA-Personal, WEP and Open.)
Encryption method (examples include Advanced Encryption Standard (AES) and Temporal Key Integrity Protocol (TKIP)).
Whether the mode parameter is not specified, only SSIDs are listed.
Displayed SSID information includes:
Interface name
Number of visible networks.
Network name, by SSID
Network type (infrastructure or ad hoc)
Authentication (access point - network authentication)
Encryption method
If the mode=bssid parameter is specified, then information for the visible BSSIDs for each visible SSID is listed.
Displayed BSSID information includes:
Interface name
Number of visible networks
Network name, by SSID
Network type (infrastructure or ad-hoc)
Authentication (Known as "Security type" in the properties of a wireless profile. Security types include WPA2-Enterprise, WPA2-Personal, WPA-Enterprise, WPA-Personal, WEP and Open.)
Encryption method (examples include AES and TKIP)
BSSID number (for example, 00:54:96:32:06)
Signal strength (by %)
Radio type (for example, 802.11b)
Channel (radio channel number)
show networks interface="Wireless Network Connection"
show networks mode=bssid
show networks
Displays a list of wireless profiles that are configured on the computer.
showprofiles [[name=]ProfileName] [[interface=]InterfaceName]
- Name
Optional. Specifies the name of the profile to display, (where ProfileName is the name of the wireless profile, as listed in Manage Wireless Networks, or as rendered by the netsh wlan show profiles command).
- Interface
Optional. Specifies the name of the interface which has this profile configured, (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).
Displays the profile data or lists the profiles on the computer.
If the name parameter is specified, then only the content for the specified profile is displayed. If the name parameter is not specified, only the profile name and description are displayed.
If the interface parameter is specified, only the profiles on the specified interface are displayed. If the interface parameter is not specified, all profiles with the specified name are displayed.
Displayed information includes:
All Users or Current User Profile
Profile name
Applied profile (Current User or All Users)
Control options
Connect automatically or connect manually
Visible SSID or hidden SSID
connectivity settings:
Number of SSIDs (listed by number and SSID)
Network type (infrastructure or ad hoc)
Radio type
Vendor extension
Security settings
Number of auth/cipher combinations (for example, auth: WPA2-Enterprise,cipher: TKIP)
Security key
802.1X (enabled or disabled)
Extensible Authentication Protocol (EAP) type
802.1X authentication credential
Cache user information
show profiles name="profile 1" interface="Wireless Network Connection"
show profiles name=profile2
show profiles
Displays the current global settings of the wireless LAN.
showsettings
There are no parameters for this command.
Shows the global setting for wireless network service, including whether or not WLAN Auto Config Service is enabled on each interface and whether blocked networks are shown or hidden.
Allow and block filter lists are available by using the show filters command.
- show settings
Displays whether wireless tracing is enabled or disabled.
showtracing
There are no parameters for this command.
Displayed information includes:
Tracing state (enabled or disabled)
Tracing persistence state (running or not running)
Trace log file location (for example "c:\Windows\system32\logfiles\WirelessAutoLog\")
- show tracing
Active Directory Schema Extensions for Windows Vista Wireless and Wired Group Policy Enhancements
Microsoft TechNet Wireless Networking
Wi-Fi Protected Access 2 Data Encryption and Integrity: The Cable Guy, August 2005
Wi-Fi Protected Access 2 (WPA2) Overview: The Cable Guy, May 2005
Deployment of Secure 802.11 Networks Using Microsoft Windows