Sometimes when you add 1 + 1 the result is
greater than
two. What I really means is that NetSh will teach you about PowerShell,
and PowerShell will help you get the most from NetSh. As a bonus we
are going to make sure the firewall is enabled.
Network Shell, or NetSh is a built-in program, which interrogates the
operating system for information about network objects. My examples will
concentrate on just one aspect of NetSh, namely the firewall. However, NetSh has other
useful 'contexts', for example, IpSec, interface, and NAP.
Let us step back, and take an overview of PowerShell and NetSh. In
the examples on this page,
PowerShell has only a minor role, it merely acts a 'Shell'
to run NetSh commands. We could equally run NetSh in a cmd DOS box.
Now the benefit of choosing PowerShell is that while we do some useful work
setting the firewall, we can get to know the rhythm of its commands.
My thinking is that if you can just
get started by using familiar operating system command in PowerShell, then you will be intrigued to
know more, and gradually you will pick up PowerShell skills as you go about everyday
tasks.
PowerShell Objectives
To see how easy it is to create $variables.
To appreciate the rhythm of the verb-Noun cmdlets.
To add simple error-correcting code.
Guy's Advice
Either start with the basics in Example 1
(recommended), or else if you are in a hurry, cut to the chase, and head for
Example 2.
PowerShell Pre-requisites and Checklist
In the case of Windows 7 and Server
2008, you don't need to download any extra files, just 'Add Feature' Windows PowerShell.
However, for older operating systems, installing can be confusing because
there are different versions of PowerShell for XP, Windows Server 2003 and
Vista. For such legacy systems only, you need to
download PowerShell from Microsoft's site.
Once you have installed PowerShell 2.0, I recommend choosing the
ISE (Integrated Scripting Engine) version, it
will save you buying a text editor.
I have deliberately chosen NetSh as the vehicle for these
simple PowerShell
script, because I want to emphasise how easy it is to make the transition
from the CMD 'DOS box', to PowerShell. Cynics would say we don't
PowerShell to configure the firewall, or even to use NetSh. My reply
is that I would rather a script that did real work, than a vacuous 'Hello
World' example.
# PowerShell NetSh command
Clear-Host netsh firewall show opmode
Learning Points
Note 1: The key NetSh verb in this
example is 'show', in the next example we are going to 'Set' the firewall's
operation mode.
Guy Recommends: Solarwinds' Free Bulk Import Tool
Import users from a spreadsheet. Just provide a list of the
users with their fields in the
top row, and save as .csv file. Then launch this FREE utility and match
your fields with AD's
attributes, click to import the users. Optionally, you can
provide the name of the OU where the new accounts will be born.
There are also two bonus tools in this free download, and all 3 have been approved by Microsoft:
In this example we are actually going to enable the firewall. We
could have taken the same approach as Example 1 and just used one line of
code: netsh firewall set opmode enable enable (The first 'enable'
is for the Domain Configuration, the second 'enable' is for the Standard
Profile Configuration.)
However, I wanted to add simple error checking code courtesy of the if
and elseif statements. To achieve this objective I put PowerShell to
work and created the variable $Fw
# PowerShell Script to enable Remote Administration Clear-Host Write-Host "Firewall configuration for $env:computername"
$Fw = netsh firewall set opmode enable enable $Fw if($Fw -match
'ok'){write-Host "$env:username's job is done"} elseif($Fw -match
'requires elevation') {write-Host "Call for an administrator"}
else{write-Host "Nothing happened"} netsh firewall show opmode
Learning Points
Note 1: Observe the structure of
PowerShell's commands verb-Noun cmdlets, for example, write-Host.
Note 2: Creating variables is easy, merely precede
the name with the dollar sign. $Pw, in PowerShell there is no need to
declare variables. Talking of variables $env corresponds to the
built-in environmental variables, hence COMPUTERNAME or USERNAME.
Note 3: Trace how cleverly PowerShell interprets
the variable in the speech marks. It always impresses me the way that
the script engine interprets $env:username and then seamlessly let me add
the apostrophe.
Guy Recommends: A Free Trial of the Network Performance Monitor
(NPM)
Solarwinds'
Orion performance monitor
will help you discover what's happening on your network. This
utility will also guide you through troubleshooting; the dashboard will
indicate whether the root cause is a broken link, faulty equipment or
resource overload.
Perhaps the NPM's best feature is the way it suggests solutions to network
problems. Its
second best feature is the ability to monitor the health of individual VMWare
virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you take advantage of Solarwinds' offer.
NetSh also has the ability to configure services such as Remote
Administration. Please investigate with this command: netsh firewall
show service. There are two further pieces of information that we need
to create this script. Firstly, the verb, or method 'set', secondly
knowledge that the name of the service is precisely: remoteAdmin.
# PowerShell Script to enable Remote Administration Clear-Host Write-Host "Firewall Remote Administration for $env:computername"
$Fw = netsh firewall set service remoteAdmin enable $Fw if($Fw -match
'ok'){write-Host "$env:username's job is done"} elseif($Fw
-match 'requires elevation') {write-Host "Call for an administrator"}
else{write-Host "Failed to configure Remote Administration"} netsh
firewall show service
Learning Points
Note 1: When you study the output,
be aware of two columns, the first column called 'Mode', and the second
column called 'Customized'. My point is that the 'Mode' is always
enabled, whereas the 'Customized' maybe say 'No', meaning not customized.
Note 2: My greatest joy is if you modify this
script to suit your own needs. There are dozens of ways of creating
the same objective, not to mention zillions of ways of satisfying similar
objectives. For example, scripts which disable instead of enable,
working with different services.
Where Next With NetSh?
The main purpose of this page is to get you started with PowerShell.
I firmly believe that once you get success from a few simple command, you
will be curiosity to achieve more with PowerShell. My second purpose
is to provide examples to get you started scripting NetSh.
The next step for NetSh is to investigate other 'contexts'.
Try researching with NetSh ?
Apply what you have learned here to other built-in commands, for
example IpConfig.
As for PowerShell, expand your repertoire of commands by
investigating objects such as Get-Process or Get-WmiObject -class xyz.
NetSh can help you learn about PowerShell, and PowerShell will help you
get the most from NetSh As a bonus, I hope that you have identified way of using NetSh in
your scripts and on your network.
If you like this page then please share it with your friends
See More Windows PowerShell Examples of Real-life Tasks
Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.
Windows Management Instrumentation (WMI) is one of the hidden
treasures of Microsoft operating systems.
Fortunately, Solarwinds
have created the
Free WMI Monitor so that you can actually see and understand these gems of
performance information. Take the guess work out of which
WMI counters to use for applications like Microsoft Active Directory,
SQL or Exchange Server.
