The network shell (Netsh) of Windows can be a great way to view or manage network-related settings via the Command Prompt. You can use it to run one-off commands or utilize scripts for some automation. And as we'll discuss today, Netsh can also be used to manage remote workstations and servers.
Using the remote functionality of Netsh
The built-in remote functionality of Netsh allows you to send commands to individual machines on the network. You can specify a remote machine you'd like to run the command or script on by inserting the -r option. If necessary, you can also specify login credentials to use for the remote connection: -u for the username of the remote machine and -p for the password.
Open a Command Prompt and enter the following command to access the Netsh CLI on a remote machine:
netsh -r hostname -u domain\admin -p password
Once you've established that you can gain remote access, you can also run netsh commands directly. For instance, here's how to obtain the IP configuration:
netsh -r hostname -u domain\admin -p password interface ip show config
For the -r option, you can also use the IP address or FQDN in addition to the host name of remote machines.
If you run into connectivity issues with remote machines, ensure the Remote Registry service is running on the remote computer. If it is not, then Windows may display a "Network Path Not Found" error message. Additionally, verify File and Printer Sharing for Microsoft Networks is enabled in the network connection properties of the remote machine. As always, ensure there aren't any firewalls blocking the traffic.
If connectivity issues persist, try the following Registry edit:
- Open RegEdit on the remote machine and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
- Add a new DWORD value called "LocalAccountTokenFilterPolicy," if it doesn't already exist, and ensure its value is set to "1"
- Reboot the remote machine.
Using Netsh via psexec
Netsh lacks an easy way to simultaneously manage multiple remote machines. Though you could get creative with the built-in remote functionality, like incorporating multiple remote addresses in batch files and other scripts, you might have better luck pursuing other options.
For instance, utilizing the PsExec utility from Windows Sysinternals allows you to push out Netsh (or any other commands) to multiple machines at once.
Once you download PsExec, open a Command Prompt to the folder containing it and try the following command to access the CLI of a remote machine:
psexec \\hostname -u domain\admin -p password cmd
If the remote machine is Windows Vista or higher, you may need to use the -h option to have the process run with the account's elevated token.
Once you've established that you can gain remote access, you can also run netsh commands directly, for instance:
psexec \\hostname -u domain\admin -p password cmd.exe /c netsh.exe interface ip show config
If an interactive CLI isn't needed — for example, if you're running a command that doesn't provide output — consider adding the psexec -d option. This option tells it not to wait for the process to terminate. On the other hand, if you'd like the program to be interactive on the desktop of the remote machine, consider the -i option.
Eric Geier is a freelance tech writer -- keep up with his writings on Facebook. He's also the founder of NoWiresSecurity, a cloud-based Wi-Fi security service, and On Spot Techs, an on-site computer services company.