Setting a static IP, default gateway, and nameservers via PowerShell

I needed to set up a number of Windows server VMs (Windows 2012R2) as a test bed for a vulnerability scanning suite. This would have been fast & easy using AWS EC2 instances (or Azure!), but I decided to use my internal VMWare infrastructure instead.

For CentOS VMs I would typically use one of three things to configure the static IP, gateway, and default nameservers:

  • nmtui (a text user interface to the network manager)
  • the interactive installer
  • a custom kickstart file

How to accomplish the same thing on Windows 2012R2? In particular, I was looking for Powershell commands, since I would be connecting over a web-based console.

The first command I found was Set-NetIPAddress. I combined that with a blog post on Microsoft’s TechNet site with a promising title: One-liner PowerShell to set IP Address, DNS Servers, and Default Gateway:

PS C:\Users\Administrator> Set-NetIPAddress -InterfaceAlias Ethernet0 -AddressFamily IPv4 -IPAddress 192.168.100.2 -PrefixLength 24 -DefaultGateway 192.168.100.1
Set-NetIPAddress : A parameter cannot be found that matches parameter name 'DefaultGateway'.
At line:1 char:104

Counter-intuitive, but you can’t use Set-NetIPAddress for setting an IP address. As the Set-NetIPAddress command documentation states:

The Set-NetIPAddress cmdlet modifies IP address configuration properties of an existing IP address.

To create an IPv4 address or IPv6 address, use the New-NetIPAddress cmdlet.

Unfortunately, that led me to believe that DefaultGateway was a bad parameter in general. That’s not the case, and it works just fine with the New-NetIPAddress cmdlet as demonstrated in the TechNet article (and below):

PS C:\Users\Administrator> New-NetIPAddress -InterfaceAlias Ethernet0 -AddressFamily IPv4 -IPAddress 192.168.100.2 -PrefixLength 24 -DefaultGateway 192.168.100.1

The Microsoft documentation for the New-NetIPAddress cmdlet further describes the -DefaultGateway option and other options.

Of course, I hadn’t figured that out at the time, and so I had to find a different way to set the default gateway. Change Default Gateway with Powershell was a helpful article, although overly convoluted for my needs. I didn’t need a function to wrap around a couple cmdlets. Here’s what I ended up doing:

Get-NetIPAddress -InterfaceIndex 12
Get-NetRoute -InterfaceIndex 12
Remove-NetIPAddress -InterfaceIndex 12
New-NetIPAddress -InterfaceIndex 12 -IPAddress 192.168.100.2 -PrefixLength 24
Remote-NetRoute -InterfaceIndex 12
New-NetRoute -InterfaceIndex 12 -NextHop 192.168.100.1 -DestinationPrefix 0.0.0.0/0
ping 192.168.100.1
ping 216.154.220.53
Get-DnsClientServerAddress -Interface 12
Set-DnsClientServerAddress -Interface 12 -ServerAddresses @("8.8.8.8","8.8.4.4")
ping osric.com

All of the pings succeeded. It worked!

As I learned later, I could have accomplished the same with just the following 2 commands:

New-NetIPAddress -InterfaceAlias Ethernet0 -IPAddress 192.168.100.2 -AddressFamily IPv4 -PrefixLength 24 -DefaultGateway 192.168.100.1
Set-DnsClientServerAddress -Interface 12 -ServerAddresses @("8.8.8.8","8.8.4.4")

You might wonder why I used InterfaceIndex 12 in the prior example. I used Powershell’s tab completion and for some reason it used -InterfaceIndex instead of -InterfaceAlias. Honestly, I’m not sure why and I’m not sure if InterfaceIndex 12 always corresponds to InterfaceAlias Ethernet0 or not. InterfaceAlias Ethernet0 is certainly more human-readable and is what I used when updating the IP address on subsequent cloned VMs:

  • Add new IP address on same interface
  • Remove old IP address on same interface
  • (Reconnect to RDP [Remote Desktop Protocol] on the new address)
  • Default gateway/routes unchanged, since both IP addresses were in the same subnet

Speaking of RDP, one additional task remained: Could I remote into the host? No, at least, not yet. The error message on Microsoft Remote Desktop (on Mac OSX):

Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.

Another online tutorial to the rescue: Enable Remote Desktop on Windows Server 2012 R2 via PowerShell. I was glad to find it, since the registry key step below was very foreign to my Linux mindset:

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name 'fDenyTSConnections' -Value 0
Enable-NetFirewallRule -DisplayGroup 'Remote Desktop'

One last thing I had to do in my Microsoft Remote Desktop client: specify the port:

192.168.100.2:3389

(Even though 3389 is the default RDP port, for some reason it needed that.)

Leave a Reply

Your email address will not be published. Required fields are marked *