Remove From My Forums

Modifying network policy profile attribute using netsh

Question
0

Sign in to vote

I recently started using netsh to manage NPS. I am wondering if there is a way to modify a specific profile attribute without touching other attributes of a network policy

Problem:
Network policy configuration:
---------------------------------------------------------
Name = blah
State = Enabled
Processing order = 5
Policy source = 10

Condition attributes:

Name Id Value
---------------------------------------------------------
Condition0 0x1023 "XXXXXXXXXXXXXXXXXX"

Profile attributes:

Name Id Value
---------------------------------------------------------
Ignore-User-Dialin-Properties 0x1005 "FALSE"
NP-Allow-Dial-in 0x100f "TRUE"
NP-Allowed-EAP-Type 0x100a "19000000000000000000000000000000"
NP-Authentication-Type 0x1009 "0x5" "0x1" "0x2" "0x3" "0x4"
Vendor-Specific 0x1a "01000006220106blah"
Framed-Protocol 0x7 "0x1"
Service-Type 0x6 "0x2"

I would like to change vendor specific parameter alone from "01000006220106blah" to "01000006220106rofl".

I tried using

netsh nps set np name = "blah" profileid = "0x1a" profiledata = "01000006220106rofl"

With the above i am able to set profileid "0x1a" to "01000006220106rofl" but all the other profile attributes are set to default values.
After running the command, profile attributes are as below

Profile attributes:

Name Id Value
---------------------------------------------------------
NP-Authentication-Type 0x1009 "0x3" "0x9" "0x4" "0xa"
Vendor-Specific 0x1a "01000006220106rofl"

As you can see NP-Authentication-TYpe, NP-Allowed-EAP-Type and other attributes are set to default values.

Is there a way to change one profile attribute while keeping the others untouched using netsh or any another command.

Last resort is to set all attribues excpet "Vendor-Specific" to existing values and set Vendor-Specific attribute to new value in the same netsh command

C:\>netsh nps set np name = "blah" profileid = "0x1a" profiledata = "01000006220106blah" profileid = "0x1009" profiledata = "0x5" profiledata = "0x1" profiledata = "0x2" profiledata = "0x3" profiledata = "0x4" profileid = "0x100a" profiledata = "19000000000000000000000000000000"

Learning

Friday, July 3, 2020 9:22 AM

All replies

0

Sign in to vote

Hi，

There are two ways mentioned in the official article for reference:

https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-admintools#use-netsh-nps-commands-to-manage-an-nps

You can try to use netsh command and powershell, or try other ways the article refers.

Best regards

Cherry
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Monday, July 6, 2020 3:17 AM
0

Sign in to vote

Hi Cherry,

Thanks for the answer.

I went through the links. Powershell link finally lead to https://docs.microsoft.com/en-us/powershell/module/nps/?view=win10-ps&redirectedfrom=MSDN&viewFallbackFrom=winserverr2-ps

As per this link, Powershell has very few cmdlets for managing NPS. All of them are for either managing client config or exporting or importing NPS config. I couldnt find any commands for modifying a specific network policy.

Netsh link lead to https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc755242(v=ws.10)

I have already tried the 'set' command in in netsh, but i have already explained the issue with "set" command in my question.

If you think i missed something in the above links, please point me to the specific link.

Regards,

Rohith

Learning

Monday, July 6, 2020 4:58 AM
0

Sign in to vote
Hi，

Sorry, I found another article about netsh command, it's more detailed but still no command for modifying specific attribute.

http://winintro.ru/netsh.en/html/82643060-1414-4f3f-9a2d-c8d679e41003.htm

Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

Best Regards,

Cherry

Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
- Proposed as answer by CherryZhang2020Microsoft contingent staff Monday, July 13, 2020 1:40 AM
Monday, July 6, 2020 7:25 AM
0

Sign in to vote

Hi,

Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

Best Regards,

Cherry
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Wednesday, July 8, 2020 1:13 AM
0

Sign in to vote

Hi,

Just want to confirm the current situations.

Please feel free to let us know if you need further assistance.

Best Regards,

Cherry
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Friday, July 10, 2020 1:51 AM
0

Sign in to vote
Hi，

As this thread has been quiet for a while, we will mark it as ‘Answered’ as the information provided should be helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.

BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.

This "Network Access Protection" Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

Best regards

Cherry

"Network Access Protection" forum will be migrating to a new home on Microsoft Q&A!

We invite you to post new questions in the "Network Access Protection" forum's new home on Microsoft Q&A!

For more information, please refer to the sticky post.
- Edited by CherryZhang2020Microsoft contingent staff Tuesday, July 14, 2020 6:05 AM
Monday, July 13, 2020 1:34 AM