cheat sheet
netsh
Configure network interfaces, firewall rules, wireless profiles, port proxies, and Winsock settings from an elevated command prompt — the comprehensive Windows network configuration CLI.
netsh — Network Shell
What it is
netsh (Network Shell) is a built-in Windows command-line scripting utility for displaying and modifying the network configuration of the local or a remote machine. Its context-based sub-shell model covers IP configuration, firewall rules, wireless LAN profiles, TCP port proxying, DNS settings, DHCP helper, and Winsock reset. It is the primary scripting interface for Windows Firewall, replacing the deprecated netsh firewall context with the modern netsh advfirewall context. Requires Administrator privileges for most write operations.
Availability
netsh ships as C:\Windows\System32\netsh.exe on Windows XP and later. The advfirewall and wlan contexts require Windows Vista+.
netsh /?
Output:
Usage: netsh [-a AliasFile] [-c Context] [-r RemoteMachine] [-u [DomainName\]UserName] [-p Password | *]
[Command | -f ScriptFile]
The following commands are available:
...
branchcache - Changes to the `netsh branchcache' context.
bridge - Changes to the `netsh bridge' context.
dnsclient - Changes to the `netsh dnsclient' context.
firewall - Changes to the `netsh firewall' context.
http - Changes to the `netsh http' context.
interface - Changes to the `netsh interface' context.
lan - Changes to the `netsh lan' context.
namespace - Changes to the `netsh namespace' context.
nap - Changes to the `netsh nap' context.
p2p - Changes to the `netsh p2p' context.
ras - Changes to the `netsh ras' context.
rpc - Changes to the `netsh rpc' context.
trace - Changes to the `netsh trace' context.
wcn - Changes to the `netsh wcn' context.
winsock - Changes to the `netsh winsock' context.
wlan - Changes to the `netsh wlan' context.
Syntax
netsh <context> <sub-command> [parameters]
netsh -f <script.txt>
Output: (varies by sub-command)
Essential contexts
| Context | Covers |
|---|---|
interface ip | IPv4 addresses, gateways, DNS servers |
interface ipv6 | IPv6 addresses and routes |
advfirewall | Windows Defender Firewall rules (modern API) |
wlan | Wireless profiles and adapters |
portproxy | TCP port forwarding / NAT |
winsock | Winsock stack reset |
dnsclient | DNS client settings |
http | HTTP API — URL reservations and SSL certificates |
Interface IP configuration
netsh interface ip shows and sets IPv4 configuration for named adapters. Use netsh interface show interface to list adapter names first.
netsh interface show interface
Output:
Admin State State Type Interface Name
-------------------------------------------------------------------------
Enabled Connected Dedicated Ethernet
Enabled Disconnected Dedicated Wi-Fi
netsh interface ip show config "Ethernet"
Output:
Configuration for interface "Ethernet"
DHCP enabled: Yes
IP Address: 192.168.1.100
Subnet Prefix: 192.168.1.0/24 (mask 255.255.255.0)
Default Gateway: 192.168.1.1
Gateway Metric: 0
InterfaceMetric: 25
DNS servers configured through DHCP: 192.168.1.1
rem Set a static IP address
netsh interface ip set address "Ethernet" static 192.168.1.50 255.255.255.0 192.168.1.1
Output:
(none — exits 0 on success)
rem Revert to DHCP
netsh interface ip set address "Ethernet" dhcp
Output:
(none — exits 0 on success)
DNS settings
netsh interface ip set dns configures DNS server addresses for an adapter. Use index=1 for the primary and index=2 for the secondary server.
netsh interface ip set dns "Ethernet" static 8.8.8.8
netsh interface ip add dns "Ethernet" 8.8.4.4 index=2
Output:
(none — exits 0 on success)
(none — exits 0 on success)
rem Revert to DHCP-assigned DNS
netsh interface ip set dns "Ethernet" dhcp
Output:
(none — exits 0 on success)
Windows Firewall rules (advfirewall)
netsh advfirewall firewall manages inbound and outbound firewall rules. This is the scripting equivalent of the Windows Defender Firewall GUI.
rem Allow inbound TCP on port 8080
netsh advfirewall firewall add rule name="Allow MyApp 8080" dir=in action=allow protocol=TCP localport=8080
Output:
Ok.
rem Block outbound to a specific IP
netsh advfirewall firewall add rule name="Block ExternalServer" dir=out action=block remoteip=10.10.10.10
Output:
Ok.
rem Delete a rule by name
netsh advfirewall firewall delete rule name="Allow MyApp 8080"
Output:
Deleted 1 rule(s).
Ok.
rem Show all inbound rules
netsh advfirewall firewall show rule name=all dir=in
Output:
Rule Name: Allow MyApp 8080
----------------------------------------------------------------------
Enabled: Yes
Direction: In
Profiles: Domain,Private,Public
Grouping:
LocalIP: Any
RemoteIP: Any
Protocol: TCP
LocalPort: 8080
RemotePort: Any
Edge traversal: No
Action: Allow
Port proxying (portproxy)
netsh interface portproxy creates a TCP port forwarding rule — any connection to listenaddress:listenport is forwarded to connectaddress:connectport. Useful for exposing a WSL service on a Windows port or redirecting traffic during testing.
rem Forward localhost:8080 to a WSL container at port 3000
netsh interface portproxy add v4tov4 listenport=8080 listenaddress=0.0.0.0 connectport=3000 connectaddress=172.28.0.1
Output:
(none — exits 0 on success)
netsh interface portproxy show all
Output:
Listen on ipv4: Connect to ipv4:
Address Port Address Port
--------------- ---------- --------------- ----------
0.0.0.0 8080 172.28.0.1 3000
rem Remove the forwarding rule
netsh interface portproxy delete v4tov4 listenport=8080 listenaddress=0.0.0.0
Output:
(none — exits 0 on success)
Wireless (wlan)
netsh wlan lists and exports wireless profiles, connects to networks, and manages adapter settings.
netsh wlan show profiles
Output:
Profiles on interface Wi-Fi:
Group policy profiles (read only)
---------------------------------
<None>
User profiles
-------------
All User Profile : HomeNetwork
All User Profile : OfficeWifi
rem Show saved password for a profile (requires elevation)
netsh wlan show profile name="HomeNetwork" key=clear
Output:
Profile HomeNetwork on interface Wi-Fi:
...
Security settings
-----------------
Authentication : WPA2-Personal
Cipher : CCMP
Security key : Present
Key Content : MyWifiPassword123
rem Export all profiles to XML files
netsh wlan export profile folder=C:\WlanBackup key=plain
Output:
Interface profile "HomeNetwork" is saved in file "C:\WlanBackup\Wi-Fi-HomeNetwork.xml" successfully.
Winsock reset
netsh winsock reset rebuilds the Winsock catalog to its default state — a last-resort fix for network stack corruption caused by malware, broken VPN drivers, or failed installs. A reboot is required afterward.
netsh winsock reset
Output:
Successfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
Interface IP reset
netsh int ip reset rewrites the TCP/IP stack registry keys back to defaults. Use it when DHCP completely fails to bind, or when a corrupted VPN client mangles the routing tables. Like winsock reset, this requires a reboot.
netsh int ip reset C:\Logs\ipreset.log
Output:
Resetting Compartment, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Restart the computer to complete this action.
TCP global tuning
netsh int tcp set global exposes the TCP-stack tuning knobs Windows otherwise hides behind registry keys. Adjusting these in production is rare — most defaults are correct — but the read side is the only sanctioned way to inspect them.
netsh int tcp show global
Output:
Querying active state...
TCP Global Parameters
----------------------------------------------
Receive-Side Scaling State : enabled
Receive Window Auto-Tuning Level : normal
Add-On Congestion Control Provider : default
ECN Capability : disabled
RFC 1323 Timestamps : allowed
Initial RTO : 1000
Receive Segment Coalescing State : enabled
Non Sack Rtt Resiliency : disabled
Max SYN Retransmissions : 4
Fast Open : enabled
Fast Open Fallback : enabled
HyStart : enabled
Proportional Rate Reduction : enabled
Pacing Profile : off
Tuning a high-latency uplink to use the modern CUBIC algorithm (default since 1809) explicitly:
netsh int tcp set supplemental Internet congestionprovider=cubic
Output:
Ok.
netsh int tcp show supplemental reports the currently selected congestion provider per supplemental template.
DNS client deep inspection
netsh dnsclient configures the resolver itself — different from netsh interface ip set dns, which assigns server addresses. Use dnsclient to manage the Name Resolution Policy Table (NRPT), DNS-over-HTTPS, and per-domain rules.
netsh dnsclient show state
Output:
Name Resolution Policy Table Options
----------------------------------------------
Query Failure Behavior : Always fall back to LLMNR and NetBIOS if the name does
not exist in DNS or if the DNS servers are unreachable
when on a private network
Query Resolution Behavior : Resolve only DNS suffixes and FQDN matching policy table
Network Location Behavior : Let Network ID determine when Direct Access rules apply
Machine Location : Outside corporate network
Direct Access Settings : Configured but not in use
DNSSEC Settings : Not configured
Smart Multi-Homed Name Resolution : enabled
Add a DNS-over-HTTPS server entry (Windows 11):
netsh dns add encryption server=8.8.8.8 dohtemplate=https://dns.google/dns-query
netsh dns add encryption server=1.1.1.1 dohtemplate=https://cloudflare-dns.com/dns-query
netsh dns show encryption
Output:
Server: 8.8.8.8
Template: https://dns.google/dns-query
AutoUpgrade: no
UDPFallback: no
Server: 1.1.1.1
Template: https://cloudflare-dns.com/dns-query
AutoUpgrade: no
UDPFallback: no
HTTP URL reservations and SSL bindings
netsh http manages http.sys — the kernel-mode HTTP listener used by IIS, WinRM, Docker for Windows, and many .NET services. Two operations dominate: URL ACL reservations (who is allowed to bind to a URL) and certificate-to-port bindings.
netsh http show urlacl
Output:
URL Reservations:
-----------------
Reserved URL : http://+:5985/wsman/
User: NT AUTHORITY\NETWORK SERVICE
Listen: Yes
Delegate: No
SDDL: D:(A;;GX;;;NS)
Reserve a URL so a non-admin user (e.g. Alice) can listen on a port without elevation:
netsh http add urlacl url=http://+:8080/ user=MYHOST\Alice
Output:
URL reservation successfully added
Bind a TLS certificate to port 443 (replacement for the IIS Manager GUI binding step):
netsh http add sslcert ipport=0.0.0.0:443 certhash=A1B2C3D4E5F6A7B8C9D0E1F2A3B4C5D6E7F8A9B0 appid="{12345678-1234-1234-1234-123456789012}"
Output:
SSL Certificate successfully added
List existing bindings:
netsh http show sslcert
Output:
IP:port : 0.0.0.0:443
Certificate Hash : a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0
Application ID : {12345678-1234-1234-1234-123456789012}
Certificate Store Name : MY
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
Reject Connections : Disabled
Network tracing (netsh trace)
netsh trace is Windows' built-in packet capture and event tracing framework — equivalent to tcpdump plus ETW events bundled into a single .etl file. Useful when you need a full network trace without installing Wireshark on a server.
Start a capture scoped to a specific scenario:
netsh trace start scenario=InternetClient capture=yes tracefile=C:\Logs\nettrace.etl
Output:
Trace configuration:
-------------------------------------------------------------------
Status: Running
Trace File: C:\Logs\nettrace.etl
Append: Off
Circular: On
Max Size: 250 MB
Report: Off
Reproduce the issue, then stop the trace — Windows finalises the .etl and .cab support bundle:
netsh trace stop
Output:
Correlating traces ... done
Generating data collection ... done
Merging traces ... done
Generating report ... done
The trace file and additional troubleshooting information have been compiled as
"C:\Logs\nettrace.cab".
File location = C:\Logs\nettrace.etl
Tracing session was successfully stopped.
Convert the .etl to .pcap for analysis in Wireshark via the etl2pcapng utility (separate download).
List available trace scenarios:
netsh trace show scenarios
Output:
Available scenarios (40):
-------------------------------------------------------------------
AddressAcquisition : Troubleshoot address acquisition-related issues
DirectAccess : Troubleshoot DirectAccess-related issues
FileSharing : Troubleshoot common file and printer sharing problems
InternetClient : Diagnose web connectivity issues
InternetServer : Set of HTTP service counters
L2SEC : Troubleshoot Layer 2 authentication-related issues
LAN : Troubleshoot wired LAN-related issues
Layer2 : Troubleshoot Layer 2 connectivity-related issues
WirelessLAN : Troubleshoot wireless LAN-related issues
WWAN : Troubleshoot mobile broadband-related issues
Bridge interfaces
netsh bridge toggles the legacy Network Bridge feature — useful for chaining two physical NICs together at L2 without buying a switch. Modern alternatives are Hyper-V virtual switches or New-VMSwitch, but the legacy bridge still works.
netsh bridge show adapter
Output:
Id AdapterFriendlyName Compartment AdapterDescription
---- ------------------------------- ----------- ------------------------------------
1 Ethernet 1 Intel(R) Ethernet Connection
2 Ethernet 2 1 Realtek PCIe GbE Family Controller
PowerShell equivalents
The Net* PowerShell modules supersede most netsh contexts on modern Windows. Use this map to translate between the two.
netsh command | PowerShell equivalent |
|---|---|
netsh interface ip show config | Get-NetIPConfiguration |
netsh interface ip set address ... static ... | New-NetIPAddress |
netsh interface ip set address ... dhcp | Set-NetIPInterface -Dhcp Enabled |
netsh interface ip set dns ... static ... | Set-DnsClientServerAddress -ServerAddresses ... |
netsh interface ip set dns ... dhcp | Set-DnsClientServerAddress -ResetServerAddresses |
netsh interface show interface | Get-NetAdapter |
netsh advfirewall firewall add rule ... | New-NetFirewallRule |
netsh advfirewall firewall show rule ... | Get-NetFirewallRule |
netsh advfirewall firewall delete rule ... | Remove-NetFirewallRule |
netsh interface portproxy add ... | (no direct cmdlet — netsh is still the way) |
netsh wlan show profiles | (netsh wlan show profiles) — no PS replacement |
netsh winsock reset | (no direct cmdlet) |
netsh int tcp show global | Get-NetTCPSetting |
netsh trace start ... | Start-NetEventSession |
Example — the modern way to add a firewall rule:
New-NetFirewallRule -DisplayName 'Allow MyApp 8080' `
-Direction Inbound `
-Protocol TCP `
-LocalPort 8080 `
-Action Allow `
-Profile Domain,Private
Output:
Name : {00000000-0000-0000-0000-000000000000}
DisplayName : Allow MyApp 8080
Description :
DisplayGroup :
Group :
Enabled : True
Profile : Domain, Private
Platform : {}
Direction : Inbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
Example — modern firewall query equivalent to netsh advfirewall firewall show rule:
Get-NetFirewallRule -Direction Inbound -Action Allow -Enabled True |
Get-NetFirewallPortFilter |
Where-Object Protocol -eq 'TCP' |
Select-Object @{N='Rule';E={$_.InstanceID}}, LocalPort, RemotePort
Output:
Rule LocalPort RemotePort
---- --------- ----------
Allow MyApp 8080 8080 Any
Remote Desktop - User Mode 3389 Any
WinRM-HTTP-In-TCP-PUBLIC 5985 Any
Static IP via PowerShell (one-shot script)
A cleaner alternative to the netsh batch in the Real-world recipes section.
$nic = 'Ethernet'
Get-NetAdapter -Name $nic | Set-NetIPInterface -Dhcp Disabled
New-NetIPAddress -InterfaceAlias $nic -IPAddress 10.0.0.50 -PrefixLength 24 -DefaultGateway 10.0.0.1
Set-DnsClientServerAddress -InterfaceAlias $nic -ServerAddresses 10.0.0.10,10.0.0.11
Output:
IPAddress : 10.0.0.50
InterfaceIndex : 12
InterfaceAlias : Ethernet
AddressFamily : IPv4
Type : Unicast
PrefixLength : 24
PrefixOrigin : Manual
SuffixOrigin : Manual
AddressState : Tentative
Common pitfalls
netsh advfirewallvsnetsh firewall—netsh firewallis deprecated (XP-era); always usenetsh advfirewall firewallfor firewall rules on Vista+.- Adapter name must be exact — use
netsh interface show interfaceto get the exact name including spaces; mismatches silently fail or target the wrong adapter. portproxyrules persist across reboots — unlike many in-memory network settings, portproxy rules are stored in the registry and survive reboots; remove them explicitly with/deletewhen done.- Winsock reset requires a reboot — the command returns success immediately but the reset takes effect only after restarting; scripted automation must include a
shutdown /r. wlan show profile key=clearrequires elevation — running as a standard user returns the profile without the key content; right-click cmd.exe → Run as administrator.netshis being de-emphasized — Microsoft documentsnetshas legacy on most pages; PowerShellNet*cmdlets are the recommended path on Windows 8+/Server 2012+. Some contexts (portproxy,winsock reset,int ip reset) have no PS replacement.- Scripts using
-f script.txt— script files must end with a newline; trailing-newline-less files silently drop their last command. portproxy v4tov4 listenaddress=0.0.0.0— listens on every adapter, including ones that should be private. Always specify the listen address explicitly for security.netsh trace stopcan take a long time — finalising a 250 MB ETL file can take 30 seconds or more; do not Ctrl+C during the wait or the trace file becomes unreadable.- Remote
netsh -r— uses RPC over port 135 + dynamic high ports; in modern networks PowerShell remoting (Invoke-Command) is the cleaner channel and is firewall-friendlier. - Adapter names with non-ASCII characters — on non-English Windows the default name may be
イーサネットorЛокальная сеть; quoting plus the exact name is mandatory or usenetsh int show interfaceto copy the value verbatim. netsh advfirewallis officially on the deprecated list as of 2026 — Microsoft's 2026 Deprecated features in the Windows client page now listsnetsh advfirewall firewallalongsidenetsh firewall, recommending theNetFirewall*PowerShell cmdlets and Microsoft Defender Firewall Group Policy / Intune CSP. Existing rules and scripts continue to work, but new automation should targetNew-NetFirewallRule/Set-NetFirewallProfileto stay forward-compatible.- WMIC was removed in 24H2 — scripts that combined
netshwithwmic nicno longer run on a fresh Windows 11 24H2/25H2 install; rewrite toGet-CimInstance Win32_NetworkAdapteror use thewmicFeature-on-Demand if you must.
Real-world recipes
Configure a static IP for a server deployment
@echo off
netsh interface ip set address "Ethernet" static 10.0.0.50 255.255.255.0 10.0.0.1
netsh interface ip set dns "Ethernet" static 10.0.0.10
netsh interface ip add dns "Ethernet" 10.0.0.11 index=2
echo Network configured: 10.0.0.50/24 GW 10.0.0.1
Output:
Network configured: 10.0.0.50/24 GW 10.0.0.1
Open a firewall port for a deployed service
netsh advfirewall firewall add rule ^
name="MyService TCP 9000" ^
dir=in ^
action=allow ^
protocol=TCP ^
localport=9000 ^
profile=domain,private
Output:
Ok.
Export and import all wireless profiles for migration
rem On source machine
netsh wlan export profile folder=C:\WlanExport key=plain
rem On destination machine
for %F in (C:\WlanExport\*.xml) do netsh wlan add profile filename="%F"
Output:
Profile HomeNetwork is added on interface Wi-Fi.
Profile OfficeWifi is added on interface Wi-Fi.
Forward host port to a WSL2 service across reboots
WSL2's IP address changes on every restart, so a hard-coded connectaddress breaks. Wrap the portproxy add in a script that fetches the current WSL IP first.
# Remove any prior forward, then add a fresh one
netsh interface portproxy delete v4tov4 listenport=8080 listenaddress=0.0.0.0 2>$null
$wslIp = (wsl hostname -I).Trim().Split(' ')[0]
netsh interface portproxy add v4tov4 listenport=8080 listenaddress=0.0.0.0 connectport=3000 connectaddress=$wslIp
netsh interface portproxy show all
Output:
Listen on ipv4: Connect to ipv4:
Address Port Address Port
--------------- ---------- --------------- ----------
0.0.0.0 8080 172.28.231.45 3000
Open a port only on private/domain profiles (defence-in-depth)
Pinning the rule to Domain,Private ensures the port stays closed when the machine moves to a public network like a coffee-shop Wi-Fi.
New-NetFirewallRule -DisplayName 'Web (internal only)' `
-Direction Inbound `
-Action Allow `
-Protocol TCP `
-LocalPort 8443 `
-Profile Domain,Private `
-RemoteAddress LocalSubnet
Output:
Name : {GUID}
DisplayName : Web (internal only)
Enabled : True
Direction : Inbound
Action : Allow
Profile : Domain, Private
Reset everything network (last resort)
When TCP/IP is completely broken — wrong IP, ghost adapters, broken DNS — the nuclear reset is to flush every cache, reset Winsock, reset the IP stack, and reboot. Save this as a .cmd file pinned to your toolbox.
@echo off
netsh winsock reset
netsh int ip reset C:\Logs\ipreset.log
netsh int ipv6 reset
ipconfig /release
ipconfig /flushdns
ipconfig /renew
echo Network stack reset. A reboot is required.
Output:
Successfully reset the Winsock Catalog.
Resetting Compartment, OK!
...
Restart the computer to complete this action.
Successfully flushed the DNS Resolver Cache.
Network stack reset. A reboot is required.
Capture a full network trace for support escalation
When a vendor or Microsoft support asks for a "netsh trace", this is the canonical incantation.
netsh trace start scenario=InternetClient,LAN,Layer2 capture=yes report=yes maxsize=512 tracefile=C:\Logs\nettrace_%COMPUTERNAME%.etl
echo Reproduce the issue, then press any key.
pause
netsh trace stop
Output:
Trace configuration:
-------------------------------------------------------------------
Status: Running
Trace File: C:\Logs\nettrace_MYHOST.etl
Append: Off
Circular: Off
Max Size: 512 MB
Report: On
...
Generating report ... done
Merging traces ... done
The trace file and additional troubleshooting information have been compiled as
"C:\Logs\nettrace_MYHOST.cab".
Audit all firewall rules created in the last 30 days
Useful during incident response to flag unexpected rule additions.
$cutoff = (Get-Date).AddDays(-30)
Get-NetFirewallRule | Where-Object { $_.CreationTime -gt $cutoff } |
Select-Object DisplayName, Direction, Action, Enabled, CreationTime,
@{N='Port';E={ ($_ | Get-NetFirewallPortFilter).LocalPort }} |
Sort-Object CreationTime -Descending
Output:
DisplayName Direction Action Enabled CreationTime Port
----------- --------- ------ ------- ------------ ----
Allow MyApp 8080 Inbound Allow True 5/20/2026 10:42:10 AM 8080
Block ExternalServer Outbound Block True 5/15/2026 03:18:22 PM Any
Related references
| Tool | Purpose |
|---|---|
Get-NetIPConfiguration | Modern adapter inspection |
Get-NetAdapter | Adapter list, MAC, link speed |
New-NetIPAddress / Set-NetIPInterface | Static IP config |
Set-DnsClientServerAddress | DNS server config |
New-NetFirewallRule / Get-NetFirewallRule | Firewall management |
Get-NetTCPSetting | TCP global tuning |
Start-NetEventSession | Modern packet/ETW tracing |
New-VMSwitch | Hyper-V virtual switching (replaces netsh bridge) |
ipconfig /all | Adapter status snapshot |
Resolve-DnsName | DNS query (replaces nslookup) |
Sources
- Microsoft Learn — netsh — top-level reference for every context.
- Microsoft Learn — Deprecated features in the Windows client — confirms
netsh advfirewallis now flagged as legacy alongsidenetsh firewall. - Microsoft Learn — New-NetFirewallRule — recommended PowerShell replacement for
netsh advfirewall firewall add rule. - Microsoft Learn — DnsClient module — modern replacement for
netsh interface ipv4 set dns.