I needed to set up a number of Windows server VMs (Windows 2012R2) as a test bed for a vulnerability scanning suite. This would have been fast & easy using AWS EC2 instances (or Azure!), but I decided to use my internal VMWare infrastructure instead.
For CentOS VMs I would typically use one of three things to configure the static IP, gateway, and default nameservers:
nmtui(a text user interface to the network manager)
- the interactive installer
- a custom kickstart file
How to accomplish the same thing on Windows 2012R2? In particular, I was looking for Powershell commands, since I would be connecting over a web-based console.
The first command I found was
Set-NetIPAddress. I combined that with a blog post on Microsoft’s TechNet site with a promising title: One-liner PowerShell to set IP Address, DNS Servers, and Default Gateway:
PS C:\Users\Administrator> Set-NetIPAddress -InterfaceAlias Ethernet0 -AddressFamily IPv4 -IPAddress 192.168.100.2 -PrefixLength 24 -DefaultGateway 192.168.100.1 Set-NetIPAddress : A parameter cannot be found that matches parameter name 'DefaultGateway'. At line:1 char:104
Counter-intuitive, but you can’t use
Set-NetIPAddress for setting an IP address. As the Set-NetIPAddress command documentation states:
The Set-NetIPAddress cmdlet modifies IP address configuration properties of an existing IP address.
To create an IPv4 address or IPv6 address, use the New-NetIPAddress cmdlet.
Unfortunately, that led me to believe that
DefaultGateway was a bad parameter in general. That’s not the case, and it works just fine with the
New-NetIPAddress cmdlet as demonstrated in the TechNet article (and below):
PS C:\Users\Administrator> New-NetIPAddress -InterfaceAlias Ethernet0 -AddressFamily IPv4 -IPAddress 192.168.100.2 -PrefixLength 24 -DefaultGateway 192.168.100.1
The Microsoft documentation for the New-NetIPAddress cmdlet further describes the
-DefaultGateway option and other options.
Of course, I hadn’t figured that out at the time, and so I had to find a different way to set the default gateway. Change Default Gateway with Powershell was a helpful article, although overly convoluted for my needs. I didn’t need a function to wrap around a couple cmdlets. Here’s what I ended up doing:
Get-NetIPAddress -InterfaceIndex 12 Get-NetRoute -InterfaceIndex 12 Remove-NetIPAddress -InterfaceIndex 12 New-NetIPAddress -InterfaceIndex 12 -IPAddress 192.168.100.2 -PrefixLength 24 Remote-NetRoute -InterfaceIndex 12 New-NetRoute -InterfaceIndex 12 -NextHop 192.168.100.1 -DestinationPrefix 0.0.0.0/0 ping 192.168.100.1 ping 22.214.171.124 Get-DnsClientServerAddress -Interface 12 Set-DnsClientServerAddress -Interface 12 -ServerAddresses @("126.96.36.199","188.8.131.52") ping osric.com
All of the pings succeeded. It worked!
As I learned later, I could have accomplished the same with just the following 2 commands:
New-NetIPAddress -InterfaceAlias Ethernet0 -IPAddress 192.168.100.2 -AddressFamily IPv4 -PrefixLength 24 -DefaultGateway 192.168.100.1 Set-DnsClientServerAddress -Interface 12 -ServerAddresses @("184.108.40.206","220.127.116.11")
You might wonder why I used
InterfaceIndex 12 in the prior example. I used Powershell’s tab completion and for some reason it used
-InterfaceIndex instead of
-InterfaceAlias. Honestly, I’m not sure why and I’m not sure if InterfaceIndex 12 always corresponds to InterfaceAlias Ethernet0 or not.
InterfaceAlias Ethernet0 is certainly more human-readable and is what I used when updating the IP address on subsequent cloned VMs:
- Add new IP address on same interface
- Remove old IP address on same interface
- (Reconnect to RDP [Remote Desktop Protocol] on the new address)
- Default gateway/routes unchanged, since both IP addresses were in the same subnet
Speaking of RDP, one additional task remained: Could I remote into the host? No, at least, not yet. The error message on Microsoft Remote Desktop (on Mac OSX):
Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.
Another online tutorial to the rescue: Enable Remote Desktop on Windows Server 2012 R2 via PowerShell. I was glad to find it, since the registry key step below was very foreign to my Linux mindset:
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name 'fDenyTSConnections' -Value 0 Enable-NetFirewallRule -DisplayGroup 'Remote Desktop'
One last thing I had to do in my Microsoft Remote Desktop client: specify the port:
(Even though 3389 is the default RDP port, for some reason it needed that.)