Contact

Subscribe via Email

Subscribe via RSS/JSON

Categories

Creative Commons Attribution 4.0 International License
© Rakhesh Sasidharan

Elsewhere

Initial Server 2012 Core configuration using PowerShell

Just for future reference to myself.

  1. Install Server Core 2012 as usual.
  2. Login. Change the IP address thus:
  3. Specify DNS server addresses:
  4. Rename the computer:
  5. Restart the computer so the name change takes effect.
  6. Update: Rename the computer & join the domain (thanks to Daniel Streefkerf (check out his blog, if you like my blog posts you’ll surely enjoy his!) for pointing this out – since PowerShell 3.0 the Add-Computer cmdlet has a -NewName switch that lets you rename and add/ move a computer):

Update: If you want to do NIC teaming, do the following after step 1.

Now continue with assigning IP address etc, but use the newly created Team adapter instead.

Using Remove-NetRoute to mass remove routes

Was checking my Windows 8 machine routing table (route print) when I noticed many entries like this:

Not sure what they are. I didn’t create them, and the 192.168.1.1 address is not on my network.

To be on the safe side I wanted to remove them. One could do it via route delete but that’s so old fashioned and slow (I would have to do it for each entry). What I want is a quick and easy way of mass removing routes. Enter the routing table related cmdlets in PowerShell 3.0.

The following one-liner will remove all routes whose NextHop address is 192.168.1.1:

Easy peasy!

For PowerShell 2.0 am sure there would be a WMI way of achieving the same. Will post that later.

Windows Advanced Firewall

Just some notes on the Windows Firewall.

  1. Starting with Windows Vista and Windows Server 2008 you have to use the netsh advfirewall firewall command-line context to manage the firewall. You still have the netsh firewall context, but that’s just for backward compatibility.
  2. Starting with Windows Vista and Windows Server 2008 you also have three profiles: domain (which applies when you are connected to a domain), public (for networks you mark as public), and private (for networks you mark as private/ home). Prior to this the firewall only had a domain profile (which is still present) and a standard profile (which now maps to the private profile). So by using the netsh firewall context you can only modify the domain and private profiles
  3. netsh advfirewall firewall (show|add|set|delete) commands can be used to view, add, modify, and delete rules. You can’t filter by rule names unfortunately. All you can do is filter for all rules based on their profile and direction (inbound or outbound). Moreover you can’t format the output and neither can you manage multiple rules (except if they are part of a group but then you can’t filter further in terms of “all rules of a particular group that belong to such and such profile”). Very limited, actually.
  4. Starting with Windows 8 and Windows Server 2012 you have PowerShell 3 and this can manage the firewall. Unfortunately, while you can install PowerShell 3 on Windows 7 and Windows Server 2008 R2, it doesn’t have the NetSecurity module which provides the firewall cmdlets. So you can’t manage the firewall on these OSes with PowerShell 3. See this blog post for a list of PowerShell 3 firewall related cmdlets.

Managing network interfaces with PowerShell v3

Update: Learnt from this StackOverflow post that the cmdlets below are only available on PowerShell v3 running on Windows 8/ Windows Server 2012 (and later). They are not available on PowerShell v3 running on Windows 7/ Windows Server 2008.

Windows Server 2012 comes with PowerShell v3 and that has the ability to manipulate the network interface from within PowerShell. Meaning you can view the IP address, set IP address, change name of the interface, and so on. I find that cool!

I explored these new cmdlets by typing Get-Net at the PowerShell prompt and pressing TAB. This shows all the commands and I kept trying the ones I felt interested in and discovered new ones from reading the help pages.

For starters, Get-NetIPInterface shows you the available network interfaces. You can pass the cmdlet parameters to filter the results in terms of (say) showing only the interfaces that are connected or showing only the interfaces that are assigned an IP from DHCP.

image.png

To see the IP addresses, use the Get-NetIPAddress cmdlet:

image.png

We can combine the two cmdlets. For instance, to find the IP addresses of the DHCP assigned interfaces one can pipe the two commands: Get-NetIPInterface –Dhcp Enabled | Get-NetIPAddress

image.png

To change an interface settings such as enable/ disable DHCP use the Set-NetIPInterface cmdlet.

To assign a new IP address use the New-NetIPAddress cmdlet (this automatically disables DHCP on that interface if it’s enabled). To change the property of an existing IP address (such as the subnet mask, for instance) use the Set-NetIPAddress cmdlet. And To un-assign an IP address use the Remove-NetIPAddress cmdlet.

image.png

image.png

I find the Set-NetIPAddress cmdlet slightly confusing. One would expect it to be able to set an IP address too, for instance, but it does not work that way. To add to the confusion this cmdlet too has switches similar to the New-NetIPAddress cmdlet to specify an IP Address (the -IPAddress switch) so you’d think it’s possible to set an IP address this way. But don’t be fooled. All this –IPAddress switch does with the Set-NetIPAddress cmdlet is to let you select interfaces matching that IP address.

If you try and set an IP address using the Set-NetIPAddress cmdlet you get an error:

image.png

The error message is obvious. You can see the cmdlet is trying to find interfaces matching the IP address you specify – and failing – rather than set that as the IP address of an interface.

Moving on, I like to rename the network adapters in my VMs. That too is possible using PowerShell now. Rename-NetAdapter is your friend!

image.png

I also like to disable some of my network adapters. You can do that too now through PowerShell using the Disable-NetAdapter cmdlet.

image.png

Would have been handy if cmdlets such as Disable-NetAdapter were a part of Set-NetAdapter (via a switch).

PowerShell is also now cool enough to fiddle with the bindings. So, for instance, if you want to disable IPv6 for one of your interfaces – possible now via PowerShell! Use Get-NetAdapterBinding to see the available bindings (IPv4, IPv6, etc) and disable using Disable-NetAdapterBinding.

image.png

Goes without saying – all these Disable-* cmdlets have an Enable-* counterpart too. So you can enable whatever you disable.

This TechNet topic gives a list of all the Network related cmdlets in PowerShell.

When assigning a new IP address to an interface using New-NetIPAddress you can pass a default gateway IP too via the –DefaultGateway switch. If you forget to do that, there’s no way to add a default gateway – perhaps using the Set-NetIPAddress cmdlet as I was expecting. The only alternatives are to remove the IP address via the Remove-NetIPAddress cmdlet and then re-add the IP address but this time specifying the default gateway; or use the New-NetRoute cmdlet to manipulate the routing table directly.

The Get-NetRoute cmdlet can be used to view the existing routing table. And the New-NetRoute can be used to add a new route. To make a route the default gateway set the destination prefix as 0.0.0.0/0 (for IPv4) or ::/0 (for IPv6). Examples below:

image.png

image.png

image.png

Lastly, there are cmdlets to configure the DNS resolvers. The Get-DnsClient cmdlet shows you DNS configuration information for each interface. It doesn’t show the resolver addresses; rather this cmdlet is about the DNS client itself and so shows information such as the DNS suffixes and the search list for these suffixes. The Get-DnsClientServerAddress cmdlet does what it says – it shows you the resolver server address for each interface – and is probably what most of us will commonly use.

image.png

To set DNS resolves you can use the Set-DnsClientServerAddress cmdlet. To specify multiple addresses put them in brackets with the entries comma separated and in double quotes. The double quotes are important because without them the addresses are ignored.

image.png

The same cmdlet can be used with a –ResetServerAddresses switch to remove the server addresses.

image.png

And that’s more or less it. These cmdlets only touch the tip of the ice-berg, but I think these are the ones most of us will regularly use.

Just to summarize here’s a table with all the cmdlets:

Get-NetIPInterface Shows you the available network interfaces. Can pass parameters to filter the results (e.g. only the DHCP assigned ones).
Get-NetIPAddress Shows you the IP addresses. Again, can filter using parameters.
Set-NetIPInterface Change an interface settings. Such as turn off/ on DHCP, IPv6 neighbor discovery settings, router settings (advertising, packet forwarding), and Wake on LAN.
New-NetIPAddress Assign a new IP address to an interface. Use the –DefaultGateway switch to specify the default gateway.
Remove-NetIPAddress Remove an assigned IP address from an interface.
Set-NetIPAddress Change IP address properties. For instance: change the subnet mask.
Rename-NetAdapter Rename a network adapter.
Disable-NetAdapter Disable a network adapter. To enable use Enable-NetAdapter.
Get-NetAdapterBinding View the network adapter bindings. Such as IPv4, IPv6, Client for Microsoft Networks.
Disable-NetAdapterBinding Disable network adapter bindings. To enable use Enable-NetAdapterBinding.
Get-NetRoute View the routing table.
New-NetRoute Add an entry to the routing table. Use destination prefix as 0.0.0.0/0 (for IPv4) or ::/0 (for IPv6) to set default gateway.
Remove-NetRoute Remove a routing table entry.
Get-DnsClient View the DNS client settings. Such as DNS suffix, search list, and so on.
Get-DnsClientServerAddress View the DNS client server addresses.
Set-DnsClient Modify the DNS client settings.
Set-DnsClientServerAddress Add DNS client server addresses. Put multiple address as (“x.x.x.x”, “x.x.x.x.”, …"). Use the -ResetServerAddresses switch to remove the server addresses

Now that’s a good reference for me too to check whenever I forget these commands!