Netsh uses various helper DLLs, which provide an extensive set of network configuration and monitoring settings. Each group of commands specific to a networking component is called a context. For example, dhcpmon.dll provides Netsh the context and set of commands necessary to configure and manage DHCP servers. The contexts that you can use depend on which networking components you have installed.
Netsh can run in either a wired or wireless context as well; when using the tool, the user must change to the context that contains the desired command. Both contexts allow viewing and configuring connectivity and security settings of both the local and multiple computers, but to view the applied wireless Group Policy settings, for example, the wireless context must be used. For those comfortable with command-line tools, Netsh is a good, lightweight alternative to Group Policy. The help documentation for each available command is reached by the '/?' or Help options.
Vista itself has two new Netsh contexts, which I'm sure you'll find useful:
- ipsec - this context is most comparable to policy creation in XP.
- advfirewall - this context maps to the Windows Firewall with Advanced Security snap-in.
One definite improvement in Vista is the integration of firewall-filtering functions and IPsec protection settings. The design makes it far less likely that new firewall filters will conflict with IPsec policies and prevent network traffic from flowing as intended. It is now possible to confirm, add, modify and delete firewall rules using Windows Firewall with Advanced Security. While most users will still configure their Windows Firewall using the Windows Firewall Control Panel tool, the snap-in allows users to easily perform advanced configuration. Windows Firewall with Advanced Security provides a GUI interface for configuring Windows Firewall on remote computers and via Group Policy.
I know that some administrators have had problems trying to get scripts that previously used ipseccmd functions to then work on Vista using Netsh. That aside, the new Vista tools do make it easier to control what enters and exits your network PCs, so give them a go.More information:
Dig Deeper on Microsoft Windows security
Related Q&A from Michael Cobb
The development of WPA3 helps advance Wi-Fi protocol, as the next generation of Wi-Fi-enabled devices begins to demand more. Expert Michael Cobb ... Continue Reading
An increase of IoT botnets has been seen since the Mirai malware source code was leaked. Learn how the new variants pose to be a serious threat to ... Continue Reading
Android Pixel vulnerabilities could open the smartphone up to attack. Expert Michael Cobb explains the vulnerabilities and how to defend against them. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.