Netsh Commands for Wireless Local Area Network (WLAN) in Windows Server 2008 R2
Updated: May 7, 2009
Applies To: Windows 7, Windows Server 2008 R2
The Netsh commands for wireless local area network (WLAN) provide methods to configure 802.11 wireless connectivity and security settings for computers running Windows® 7, Windows Vista®, Windows Server® 2008 R2, and Windows Server® 2008. You can use the Netsh WLAN commands to configure the local computer or to configure multiple computers by using a logon script. You can also use the netsh WLAN commands to view applied wireless Group Policy settings.
Wireless Network (IEEE 802.11) Policies profiles are read-only, and cannot be modified or deleted by using Netsh WLAN commands.
Unless otherwise noted in this reference, Netsh commands in Windows Server 2008 R2 provide the same functionality as the Netsh commands in Windows Server 2008.
Running Netsh WLAN commands on computers running Windows Server 2008 R2
To run Netsh WLAN commands on computers running Windows Server 2008 R2 or Windows Server 2008, you must first install the Wireless LAN Service.
Note
note
Server Manager
Features,
To install Wireless LAN Service on computers running Windows Server 2008 and Windows Server 2008 R2
Do one of the following:
In Initial Configuration Tasks, in Customize This Server, click Add Features. The Add Features Wizard opens.

Click Start, and then click Server Manager. In the left pane of Server Manager, click Features, and in the details pane, in Features Summary, click Add Features. The Add Features Wizard opens.

In Select Features, in Features, scroll down the list, select Wireless LAN Service, and then click Next.
In Confirm installation selections, click Install.
In Installation Results, review your installation results, and then click Close.
Netsh WLAN commands
This section documents the following Netsh WLAN commands:
Note
note
show onlyusegpprofileforallowednetworks
add filter
Adds a wireless network, by Service Set Identifier (SSID) and network type, to the wireless allowed or blocked list.
Syntax
Add filter permission={allow|block|denyall }ssid=WirelessNetworkName networktype={infrastructure|adhoc}
Parameters
Permission
SSID
Networktype
Remarks
The ssid parameter is required if permission is allow or block. If permission is denyall, then do not specify the ssid parameter.
Example commands
add filter permission=allow ssid=WiFiNetwork networktype=infrastructure

  add filter permission=block ssid="Wireless Net" networktype=adhoc

add filter permission=denyall networktype=infrastructure

add profile
Adds a WLAN profile to the specified interface on the computer.
Syntax
add profile filename= PathAndFileName [[interface=]InterfaceName] [[user=]{all|current}]
Parameters
Filename
Interface
InterfaceName
Network Connections
netsh wlan show interfaces
User
Remarks
The interface parameter is one of the interface names shown by the netsh wlan show interface command. If the interface parameter is specified, the profile is added to the specified interface. If the interface parameter is not specified, the profile is added on all wireless interfaces. There is wildcard support for this parameter. You can use the characters ? and * to replace a letter and letters of the interface name, respectively.
The user parameter, if unspecified, applies the profile to all users.
Example commands
add profile filename=C:\Users\WirelessUser\Documents\profile1.xml interface="Wireless Network Connection"

  add profile filename="C:\Wireless Profiles\WiFi Profile.xml" interface=w*

connect
Connects to a wireless network by using the specified parameter.
Syntax
connect  name= ProfileName [[ssid=]WirelessNetworkName] interface=InterfaceName
Parameters
SSID
Name
ProfileName
Manage Wireless Networks
netsh wlan show profiles
Interface
InterfaceName
Network Connections
netsh wlan show interfaces
Remarks
If only one SSID is specified in the profile, then the specified SSID is used to connect, and the ssid parameter is not required. If the profile specifies multiple SSIDs, the ssid parameter is required.
The interface parameter is required only if there is more than one wireless interface on the computer. Wildcard (*) names cannot be used to specify the interface name.
If the specified interface is already connected to a wireless network, this command disconnects the interface from that network, and then attempts to connect to the new network. If the command attempts to connect to a network to which the interface is already connected, this command returns a message that the connection was successful, and does not change the state of the wireless adapter.
Examples
connect ssid=WiFiNetwork name=Profile1

  connect ssid="Wireless Net" name=Profile2 interface="Wireless Network Connection"

delete filter
Removes a wireless network from the wireless allowed or blocked list.
Syntax
delete  filter  permission={allow|block|denyall} ssid=WirelessNetworkName networktype={infrastructure|adhoc}]
Parameters
Permission
SSID
Networktype
Remarks
The ssid parameter is required, unless the value of the permission parameter is denyall. If the permission parameter is denyall, then the ssid parameter should not be given.
Example commands
delete filter permission=allow ssid=WiFiNetwork networktype=infrastructure

  delete filter permission=block ssid="Wireless Net" networktype=adhoc

  delete filter permission=denyall networktype=adhoc

delete profile
Removes a WLAN profile from one or multiple interfaces.
Syntax
delete  profile  name= ProfileName [[interface=]InterfaceName] [[key=] clear]
Parameters
Name
ProfileName
Manage Wireless Networks
netsh wlan show profiles
Interface
InterfaceName
Network Connections
netsh wlan show interfaces
key
Remarks
If the interface parameter is specified, then the profile is deleted only from the specified interface.
If the interface parameter is not specified, then the profile is deleted from all interfaces on the computer.
The name parameter can have wildcard characters; if multiple profiles having names that match wildcard characters, then all such profiles are deleted. You can use the characters ? and * to replace a letter and letters of the interface name, respectively.
Example commands
delete profile name="Profile 1" interface="Wireless Network Connection"

  delete profile name=Profile2 interface=*

  delete profile name="Profile 1" i=* key=clear

disconnect
Disconnects the specified interface from a wireless network.
Syntax
disconnect  interface= InterfaceName
Parameters
Interface
InterfaceName
Network Connections
netsh wlan show interfaces
Remarks
The interface parameter is required if there is more than one wireless interface on the computer. You can use Wildcard (*) characters in the interface name to specify multiple interfaces.
If the specified interface is not already connected to a wireless network, this command returns a message stating that the disconnection was successful; the state of the wireless adapter does not change.
Example commands
disconnect

  disconnect interface="Wireless Network Connection"

export hostednetworkprofile
Saves the hosted network profile as an XML file.
Syntax
export hostednetworkprofile
Parameters
There are no parameters associated with this command.
Remarks
This Netsh command is new in Windows Server 2008 R2 and cannot be run on computers running Windows Server 2008.
Example command
export hostednetworkprofile

export profile
Saves WLAN profiles as XML files to the specified location.
Syntax
export  profile  folder= PathAndFileName [[name=]ProfileName] [[interface=]InterfaceName] [[key=]clear]
Parameters
Folder
Name
ProfileName
Manage Wireless Networks
netsh wlan show profiles
Interface
InterfaceName
Network Connections
netsh wlan show interfaces
key
Remarks
The folder parameter must specify an existing folder that is accessible from the local computer. It can be either an absolute path or relative path to the current working directory. In addition, "." refers to the current working directory, and "." refers to the parent directory of the current working directory. The folder name cannot be a Universal Naming Convention (UNC) path.
If the name parameter is specified but the interface parameter is not, then all profiles with the specified name on the computer are saved. Otherwise all profiles on the computer with the specified name are saved.
If both the interface parameter and name parameter are specified, only the specified profile for that interface is saved.
Profiles of specified interfaces are saved in the file name format "InterfaceName ProfileName.xml."
Example commands
export profile folder=c:\profiles name="Profile 1" interface="Wireless Network Connection"

  export profile folder="c:\wifi profiles" name=Profile2 interface=*

refresh hostednetwork
Instructs the WLAN service to use a new security key for the hosted network.
Syntax
refresh hostednetwork key
Parameters
key
Remarks
This Netsh command is new in Windows Server 2008 R2 and cannot be run on computers running Windows Server 2008.
Example command
refresh hostednetwork key

reportissues
Generates a WLAN smart trace report, and prepares the smart trace for reporting WLAN issues.
Syntax
reportissues
Parameters
There are no parameters associated with this command.
Remarks
This Netsh command is new in Windows Server 2008 R2 and cannot be run on computers running Windows Server 2008.
Example command
reportissues

set allowexplicitcreds
Specifies whether to allow or disallow client computers to store and use shared user credentials for network authentication.
Syntax
set allowexplicitcreds allow={yes|no}
Parameters
allow
Remarks
This Netsh command is new in Windows Server 2008 R2 and cannot be run on computers running Windows Server 2008.
Example command
set allowexplicitcreds allow=no

set autoconfig
Enables or disables WLAN Auto configuration logic on an interface.
Syntax
set  autoconfig  enabled={yes|no} interface=InterfaceName
Parameters
enabled
Interface
InterfaceName
Network Connections
netsh wlan show interfaces
Remarks
This command does not disable the WLAN AutoConfig Service (WLANSVC). When WLAN Auto Config logic is enabled, computers running Windows Vista and Windows Server 2008 automatically connect to wireless networks by using the specified interface. By default, autoconfig is enabled on computers running Windows Vista.
If autoconfig is disabled, Windows will not automatically connect to any wireless networks by using the specified interface.
There is wildcard support for the interface parameter. You can use the characters ? and * to replace a letter and letters of the interface name, respectively.
Example command
set autoconfig enabled=yes interface="Wireless Network Connection"

set blockednetworks
Shows or hides the blocked networks in the visible network list.
Syntax
set  blockednetworks  display={show|hide}
Parameters
Display
Remarks
To view the list of available wireless networks, click Start, click Connect to, and the Connect to a network dialog opens. In Show, select Wireless to display only wireless networks.
Example command
set blockednetworks display=show

The example command specifies that blocked networks are shown in the list of available networks.
set blockperiod
Specifies in minutes, the amount of time during which auto connect will not attempt to connect to a network for which the previous connection attempt failed.
Syntax
set blockperiod [value=]numeric value in the range of 0 - 60
Parameters
Value
Remarks
This Netsh command is new in Windows Server 2008 R2 and cannot be run on computers running Windows Server 2008.
Modifies the blockperiod timer. The blocked state is reset upon a manual connection attempt, a session change or a media connect.
Example commands
set blockperiod value=2

  set blockperiod 25

set createalluserprofile
Specifies whether users are allowed to create all-user profiles, regardless of whether they are members of the Administrators group. Users who have membership in the Administrators group can create all-user profiles no matter whether “set createalluserprofile enabled=” is set to “yes” or “no.”
Note
note
Syntax
set  createalluserprofile  enabled={yes|no}
Parameters
Enabled
Remarks
If enabled is set to yes, then every user is allowed to create all user profiles. If enabled is set to no, then only users with administrator permissions are allowed to create all user profiles.
Example command
set createalluserprofile enabled=yes

set hostednetwork
Changes the properties of hosted network, including the SSID of the hosted network, allow or disallow the hosted network to run on the computer, and the user security key that is used by the hosted network.
Syntax
set hostednetwork [[mode={allow|disallow}] [[ssid=]WirelessNetworkName] [[key=]passphrase] [[keyUsage=]{persistent|temporary}]
Parameters
mode
ssid
key
keyusage
Remarks
This Netsh command is new in Windows Server 2008 R2 and cannot be run on computers running Windows Server 2008.
This command requires local computer administrator privileges.
You can use this command to change the properties of hosted network, including: SSID of the hosted network, allow or disallow the hosted network in the system, and a user security key that is used by the hosted network.
For security reasons, the user security key should contain 8 to 63 ASCII characters (a passphrase), or 64 hexadecimal digits (which represent 32 binary Bytes).
If the parameter keyUsage is specified as persistent, the security key will be saved and used each time the hosted network is started.
If the parameter keyUsage is specified as temporary it will be used only for the current hosted network session, or the next hosted network session if the hosted network is not started upon configuration of the keyusage parameter. Once the hosted network is stopped, the temporary security key will be deleted from the system. By default, if the keyUsage parameter is not specified it is persistent.
Example commands
set hostednetwork mode=allow

  set hostednetwork ssid=ssid1

  set hostednetwork key=passphrase keyUsage=persistent

set profileorder
Sets the preference order of a wireless network profile on a wireless network interface.
Syntax
set  profileorder  name= ProfileName  interface= InterfaceName  priority= integer
Parameters
Name
ProfileName
Manage Wireless Networks
netsh wlan show profiles
Interface
InterfaceName
Network Connections
netsh wlan show interfaces
Priority
Remarks
If parameter priority is set to 0 or 1, the profile will move to the first position in the list, regardless of whether another profile was previously set to 0 or 1. A lower number means a higher priority. There is no practical limit on the number of profiles you can have on a computer.
Example command
set profileorder name="profile 1" interface="Wireless Network Connection" priority=1

set profileparameter
Sets parameters in a wireless network profile.
Note
note
Syntax
set profileparameter  name= ProfileName [[interface=]InterfaceName] [[authMode=]{machineOrUser|machineOnly|userOnly|guest}] [[ssoMode=]{preLogon|postLogon|none}] [[maxDelay=]1-120] [[allowDialog={yes|no}] [[userVLAN=]{yes|no}] [[fips=]{yes|no}]
Parameters
Name
ProfileName
Manage Wireless Networks
netsh wlan show profiles
Interface    Optional. Specifies the name of the interface on which the profile is set, (where InterfaceName is the name of the wireless interface, as listed in Network Connections, or as rendered by the netsh wlan show interfaces command).

AuthMode
SSOMode
MaxDelay
AllowDialog
UserVLAN
FIPS
Remarks
Parameter name is required; all other parameters are optional, however, regardless of whether parameter interface is specified, at least one other parameter must be specified.
If the parameter interface is specified then only profiles associated with that interface are modified.
Example commands
set profileparameter name="Profile 1" authMode=userOnly ssoMode=preLogon

  set profileparameter name=Profile2 ssoMode=none fips=yes

set profiletype
Changes the profile type for the specified profile. If the parameter interface is specified, then the profile is only changed on that interface.
Syntax
set profiletype  name= ProfileName  profiletype={all|current} [[interface=]InterfaceName]
Parameters
name
profiletype
interface
Remarks
This Netsh command is new in Windows Server 2008 R2 and cannot be run on computers running Windows Server 2008.
Example command
set profiletype name=Profile1 profiletype=all

set tracing
Enables or disables WLAN tracing.
Syntax
set tracing  mode={yes|no|persistent}
Parameters
Mode
Remarks
If the mode parameter is set to yes, nonpersistent tracing is active until the mode is either set to no or the computer is restarted.
If the mode parameter is set to no, tracing is stopped for either persistent or nonpersistent tracing.
If the mode parameter is set to persistent, tracing will still be active even after the computer is restarted.
Example command
set  tracing  mode=persistent

show all
Displays the entire collection of information about wireless network adapters, wireless profiles and wireless networks.
Syntax
show all
Parameters
There are no parameters for this command.
Remarks
Displays the entire collection of 802.11 wireless interface information, network information, and wireless settings on the system, including:
Wireless adapter driver information

Wireless interface status

Wireless configuration settings

Wireless network filters

Wireless network profiles list and details

Visible wireless networks

Example command
show all

Show allowexplicitcreds
Displays the global setting whether to permit the use of stored user credentials for 802.1X authenticated network access by the computer when no user is logged on to the computer.
Syntax
show allowexplicitcreds
Parameters
There are no parameters associated with this command.
Remarks
This Netsh command is new in Windows Server 2008 R2 and cannot be run on computers running Windows Server 2008.
Example command
Show allowexplicitcreds

show autoconfig
Displays whether WLAN Auto configuration logic is enabled or disabled
Syntax
show  autoconfig
Parameters
There are no parameters for this command.
Remarks
Displays whether WLAN Auto configuration logic is enabled or disabled on each wireless adapter interface.
Example command
show autoconfig

show blockednetworks
Displays the global setting whether to display or hide blocked networks in the visible network list
Syntax
show  blockednetworks
Parameters
There are no parameters for this command.
Remarks
Displays the global setting whether to display or hide blocked networks in the visible network list.
Example command
show blockednetworks

Show createalluserprofile
Displays the global setting whether creating all user profiles is allowed for everyone.
Syntax
show createalluserprofile
Parameters
There are no parameters associated with this command.
Remarks
This Netsh command is new in Windows Server 2008 R2 and cannot be run on computers running Windows Server 2008.
Example command
show createalluserprofile

show drivers
Displays the properties of the wireless adapter drivers on the computer.
Syntax
show drivers [[interface=]InterfaceName]
Parameters
Interface
InterfaceName
Network Connections
netsh wlan show interfaces
Remarks
Shows the 802.11 wireless LAN interface driver information.
The following list summarizes the type of information presented by this command:
Interface name (Wireless Network Connection)

Driver (model and type)

Vendor (manufacturer name)

Provider (driver provider)

Date (the date the driver was written)

Version (driver version number)

INF file (location of driver INF file)

Type (Native Wi-Fi driver or Legacy Wi-Fi driver)

Radio types supported (Direct Sequence Spread Spectrum [DSSS], 802.11g, 802.11b)

Authentication and cipher supported in infrastructure mode (WPA2-Enterprise TKIP; CCMP, Wi-Fi Protected Access [WPA]-Enterprise Temporal Key Integrity Protocol [TKIP]; CCMP, WPA2-Personal TKIP; CCMP, WPA-Personal TKIP; CCMP, Open Wired Equivalent Privacy [WEP], Open None, Shared WEP, Shared None)

Authentication supported in ad-hoc mode (Open-WEP, Open-None, Shared WEP)

Example command
show drivers interface="Wireless Network Connection"

show filters
Displays the current list of allowed and blocked wireless networks.
Syntax
show  filters [[permission=]{allow|block}]
Parameters
Permission
Remarks
If parameter permission is specified, the command displays the list of networks configured on the system that have the specified permission type (allow or block). Otherwise, both the allowed and blocked lists are shown.
Example commands
show filters

  show filters permission=allow

  show filters permission=block

show hostednetwork
Displays the properties and status of the hosted network.
Syntax
show hostednetwork [[setting=]security]
Parameters
setting
Remarks
This Netsh command is new in Windows Server 2008 R2 and cannot be run on computers running Windows Server 2008.
Example commands
show hostednetwork

  show hostednetwork setting=security

show interfaces
Displays a list of the current wireless interfaces on a computer.
Syntax
show  interfaces
Parameters
There are no parameters for this command.
Remarks
Shows the wireless interfaces configured on the computer.
Displayed information includes:
The number of interfaces on the computer

Name (for example, "Wireless Network Connection")

Description (for example, Broadcom 802.11g Network Adapter)

GUID (hexadecimal string)

Interface state (connected or disconnected)

Example command
show interfaces

show networks
Displays a list of wireless networks that are visible on the computer.
Syntax
show  networks [[interface=]InterfaceName] [[mode=]{ssid|bssid}]
Parameters
Interface
InterfaceName
Network Connections
netsh wlan show interfaces
Mode
Remarks
Displays the wireless networks available to the computer.
If the interface parameter is specified, only the networks visible to the specified interface are listed. Otherwise, all networks visible to the computer are listed.
If the mode=ssid parameter is specified, then information about each visible SSID is listed.
Displayed SSID information includes:
Interface name

Number of visible networks

Network name, by SSID

Network type (infrastructure or ad hoc)

Authentication (Known as "Security type" in the properties of a wireless profile. Security types include WPA2-Enterprise, WPA2-Personal, WPA-Enterprise, WPA-Personal, WEP and Open.)

Encryption method (examples include Advanced Encryption Standard (AES) and Temporal Key Integrity Protocol (TKIP)).

If the mode parameter is not specified, only SSIDs are listed.

If the mode=bssid parameter is specified, then information for the visible BSSIDs for each visible SSID is listed.
Displayed BSSID information includes:
Interface name

Number of visible networks

Network name, by SSID

Network type (infrastructure or ad-hoc)

Authentication (Known as "Security type" in the properties of a wireless profile. Security types include WPA2-Enterprise, WPA2-Personal, WPA-Enterprise, WPA-Personal, WEP and Open.)

Encryption method (examples include AES and TKIP)

BSSID number (for example, 00:54:96:32:06)

  Signal strength (by %)

Radio type (for example, 802.11b)

Channel (radio channel number)

Example commands
show networks interface="Wireless Network Connection"

  show networks mode=bssid

  show networks

show onlyusegpprofileforallowednetworks
Displays the global setting that specifies whether to only permit the use of Group Policy wireless profiles to connect to wireless networks for which Group Policy profiles are configured.
Syntax
show onlyusegpprofilesforallowednetworks
Parameters
There are no parameters associated with this command.
Remarks
This Netsh command is new in Windows Server 2008 R2 and cannot be run on computers running Windows Server 2008.
Example command
show onlyUseGPProfilesforAllowedNetworks

show profiles
Displays a list of wireless profiles that are configured on the computer.
Syntax
show  profiles [[name=]ProfileName] [[interface=]InterfaceName] [[key=clear]
Parameters
Name
ProfileName
Manage Wireless Networks
netsh wlan show profiles
Interface
InterfaceName
Network Connections
netsh wlan show interfaces
key
Remarks
Displays the profile data or lists the profiles on the computer.
If the name parameter is specified, then only the content for the specified profile is displayed. If the name parameter is not specified, only the profile name and description are displayed.
If the interface parameter is specified, only the profiles on the specified interface are displayed. If the interface parameter is not specified, all profiles with the specified name are displayed.
Displayed information includes:
All Users or Current User Profile

Profile name

Applied profile (Current User or All Users)

Control options

  Connect automatically or connect manually

Visible SSID or hidden SSID

connectivity settings:

  Number of SSIDs (listed by number and SSID)

Network type (infrastructure or ad hoc)

Radio type

Vendor extension

Security settings

  Number of auth/cipher combinations (for example, auth: WPA2-Enterprise, cipher: TKIP)

Security key

802.1X (enabled or disabled)

Extensible Authentication Protocol (EAP) type

802.1X authentication credential

Cache user information

Example commands
show profiles name="profile 1" interface="Wireless Network Connection"

  show profiles name=profile2

  show profiles

show settings
Displays the current global settings of the wireless LAN.
Syntax
show  settings
Parameters
There are no parameters for this command.
Remarks
Shows the global setting for wireless network service, including whether or not WLAN Auto Config Service is enabled on each interface and whether blocked networks are shown or hidden.
Allow and block filter lists are available by using the show filters command.
Example command
show settings

show tracing
Displays whether wireless tracing is enabled or disabled.
Syntax
show  tracing
Parameters
There are no parameters for this command.
Remarks
Displayed information includes:
Tracing state (enabled or disabled)

If enabled:

  Trace log file location (for example c:\Windows\tracing\wireless\wireless.etl)

Tracing configuration (maximum size, file mode, report options).

List of WLAN trace providers that have been enabled.

Trace folder location where additional data will be available after tracing is stopped (for example "c:\Windows\tracing\wireless\").

Example command
show tracing

start hostednetwork
Instructs the WLAN AutoConfig service to start the hosted network.
Syntax
start hostednetwork
Parameters
Remarks
This Netsh command is new in Windows Server 2008 R2 and cannot be run on computers running Windows Server 2008.
This command requires administrator privileges on the local computer.
Example command
Start hostednetwork

stop hostednetwork
Instructs the WLAN AutoConfig service to stop the hosted network.
Syntax
stop hostednetwork
Parameters
There are no parameters associated with this command.
Remarks
This Netsh command is new in Windows Server 2008 R2 and cannot be run on computers running Windows Server 2008.
This command requires administrator privileges on the local computer.
Example command
stop hostednetwork

Community Additions
ADD
Is it possible to export the saved user credentials in a WPA2-Enterprise profile?
Hi,
I'm looking to export a WLAN profile that uses WPA2-Enterprise. We use MAC allow lists on the WLAN, but a shared username/password to access the wireless network. The User name and password can be embed via the GUI through:
From the "Network and Sharing Centre":
Manage Wireless --> Properties of the WPA2-Enterprise Network --> Security Tab --> Advanced Settings.
In the 802.1x settings tab:
Tick Specify authentication mode, and select User authentication. Then the Save Credential button will become active, and you can then save a username and password.
However, when you export the profile, this info is not exported. The "key=clear" option does not work in this instance.
Master Technician Technology Services