Netsh uses various helper DLLs, which provide an extensive set of network configuration and monitoring settings. Each group of commands specific to a networking component is called a context. For example, dhcpmon.dll provides Netsh the context and set of commands necessary to configure and manage DHCP servers. The contexts that you can use depend on which networking components you have installed.
Netsh can run in either a wired or wireless context as well; when using the tool, the user must change to the context that contains the desired command. Both contexts allow viewing and configuring connectivity and security settings of both the local and multiple computers, but to view the applied wireless Group Policy settings, for example, the wireless context must be used. For those comfortable with command-line tools, Netsh is a good, lightweight alternative to Group Policy. The help documentation for each available command is reached by the '/?' or Help options.
Vista itself has two new Netsh contexts, which I'm sure you'll find useful:
- ipsec - this context is most comparable to policy creation in XP.
- advfirewall - this context maps to the Windows Firewall with Advanced Security snap-in.
One definite improvement in Vista is the integration of firewall-filtering functions and IPsec protection settings. The design makes it far less likely that new firewall filters will conflict with IPsec policies and prevent network traffic from flowing as intended. It is now possible to confirm, add, modify and delete firewall rules using Windows Firewall with Advanced Security. While most users will still configure their Windows Firewall using the Windows Firewall Control Panel tool, the snap-in allows users to easily perform advanced configuration. Windows Firewall with Advanced Security provides a GUI interface for configuring Windows Firewall on remote computers and via Group Policy.
I know that some administrators have had problems trying to get scripts that previously used ipseccmd functions to then work on Vista using Netsh. That aside, the new Vista tools do make it easier to control what enters and exits your network PCs, so give them a go.More information:
Dig Deeper on Microsoft Windows security
Related Q&A from Michael Cobb
Shellcode is a set of instructions that executes a command in software to take control of or exploit a compromised machine. Read up on the malware ... Continue Reading
The popular port scan is a hacking tool that enables attackers to gather information about how corporate networks operate. Learn how to detect and ... Continue Reading
See which encryption method uses digital signatures, symmetric key exchanges, bulk encryption and much more in this Diffie-Hellman vs. RSA showdown. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.