I needed to set up a number of Windows server VMs (Windows 2012R2) as a test bed for a vulnerability scanning suite. This would have been fast & easy using AWS EC2 instances (or Azure!), but I decided to use my internal VMWare infrastructure instead.
For CentOS VMs I would typically use one of three things to configure the static IP, gateway, and default nameservers:
nmtui
(a text user interface to the network manager)- the interactive installer
- a custom kickstart file
How to accomplish the same thing on Windows 2012R2? In particular, I was looking for Powershell commands, since I would be connecting over a web-based console.
The first command I found was Set-NetIPAddress
. I combined that with a blog post on Microsoft’s TechNet site with a promising title: One-liner PowerShell to set IP Address, DNS Servers, and Default Gateway:
PS C:\Users\Administrator> Set-NetIPAddress -InterfaceAlias Ethernet0 -AddressFamily IPv4 -IPAddress 192.168.100.2 -PrefixLength 24 -DefaultGateway 192.168.100.1
Set-NetIPAddress : A parameter cannot be found that matches parameter name 'DefaultGateway'.
At line:1 char:104
Counter-intuitive, but you can’t use Set-NetIPAddress
for setting an IP address. As the Set-NetIPAddress command documentation states:
The Set-NetIPAddress cmdlet modifies IP address configuration properties of an existing IP address.
To create an IPv4 address or IPv6 address, use the New-NetIPAddress cmdlet.
Unfortunately, that led me to believe that DefaultGateway
was a bad parameter in general. That’s not the case, and it works just fine with the New-NetIPAddress
cmdlet as demonstrated in the TechNet article (and below):
PS C:\Users\Administrator> New-NetIPAddress -InterfaceAlias Ethernet0 -AddressFamily IPv4 -IPAddress 192.168.100.2 -PrefixLength 24 -DefaultGateway 192.168.100.1
The Microsoft documentation for the New-NetIPAddress cmdlet further describes the -DefaultGateway
option and other options.
Of course, I hadn’t figured that out at the time, and so I had to find a different way to set the default gateway. Change Default Gateway with Powershell was a helpful article, although overly convoluted for my needs. I didn’t need a function to wrap around a couple cmdlets. Here’s what I ended up doing:
Get-NetIPAddress -InterfaceIndex 12
Get-NetRoute -InterfaceIndex 12
Remove-NetIPAddress -InterfaceIndex 12
New-NetIPAddress -InterfaceIndex 12 -IPAddress 192.168.100.2 -PrefixLength 24
Remote-NetRoute -InterfaceIndex 12
New-NetRoute -InterfaceIndex 12 -NextHop 192.168.100.1 -DestinationPrefix 0.0.0.0/0
ping 192.168.100.1
ping 216.154.220.53
Get-DnsClientServerAddress -Interface 12
Set-DnsClientServerAddress -Interface 12 -ServerAddresses @("8.8.8.8","8.8.4.4")
ping osric.com
All of the pings succeeded. It worked!
As I learned later, I could have accomplished the same with just the following 2 commands:
New-NetIPAddress -InterfaceAlias Ethernet0 -IPAddress 192.168.100.2 -AddressFamily IPv4 -PrefixLength 24 -DefaultGateway 192.168.100.1
Set-DnsClientServerAddress -Interface 12 -ServerAddresses @("8.8.8.8","8.8.4.4")
You might wonder why I used InterfaceIndex 12
in the prior example. I used Powershell’s tab completion and for some reason it used -InterfaceIndex
instead of -InterfaceAlias
. Honestly, I’m not sure why and I’m not sure if InterfaceIndex 12 always corresponds to InterfaceAlias Ethernet0 or not. InterfaceAlias Ethernet0
is certainly more human-readable and is what I used when updating the IP address on subsequent cloned VMs:
- Add new IP address on same interface
- Remove old IP address on same interface
- (Reconnect to RDP [Remote Desktop Protocol] on the new address)
- Default gateway/routes unchanged, since both IP addresses were in the same subnet
Speaking of RDP, one additional task remained: Could I remote into the host? No, at least, not yet. The error message on Microsoft Remote Desktop (on Mac OSX):
Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.
Another online tutorial to the rescue: Enable Remote Desktop on Windows Server 2012 R2 via PowerShell. I was glad to find it, since the registry key step below was very foreign to my Linux mindset:
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name 'fDenyTSConnections' -Value 0
Enable-NetFirewallRule -DisplayGroup 'Remote Desktop'
One last thing I had to do in my Microsoft Remote Desktop client: specify the port:
192.168.100.2:3389
(Even though 3389 is the default RDP port, for some reason it needed that.)
Thanks for the article. I’m wrestling with this problem. Seems that no matter what I try, if either the IP address or default gateway is “remembered” then Powershell is not happy. My laptop is used on different networks and just wanted to be able to quickly set parameters when I move my laptop between each network. Can you run your commands twice?
Remote-NetRoute -InterfaceIndex 12
I think it should be
Remove-NetRoute -InterfaceIndex 12
Also:
Get-DnsClientServerAddress -Interface 12
Set-DnsClientServerAddress -Interface 12 -ServerAddresses @(“8.8.8.8″,”8.8.4.4”)
Should be -InterfaceIndex 12
With those it works great, thanks for an excellent HowTo 🙂