Eugene's Site
FAQ: Management
This part is devoted to the issues of managing Windows networking components



What technologies are available for managing Windows networking components and configuration?


A whole lot of them. The following is a short list of most important ones with brief description of uses, advantages and disadvantages

IP Helper
IP Helper is a plain Win32 API for manipulating TCP/IP configuration. It's main advantage is that it is just a normal Win32 API (no COM, no weird scripting stuff, no including DDK headers). However, it has quite a few disadvantages. First of all it is heavily oriented towards reading things (get functions) rather than modifying them (set functions). Though most common set operations are supported often you will need to use something else from this list. Second problem is that IP Helper is rather new API so its support on various Windows flavors is uneven. Some functions may not be available below XP and may behave differently. It's future is also uncertain. Microsoft seems to favor WMI (see below) so it is not sure whether IP Helper will be actively developed in the future.
This is Microsoft's flagship configuration API. It is not designed exclusively for networking but rather is a whole framework for manipulating machine configuration. Similar to IP Helper it is mostly read-only API though some set methods are provided. Interestingly, WMI and IP Helper tend to complement each other for modifying stuff since things "settable" in one are read-only in another and vice versa. WMI's main advantages are ability to be called remotely, extensibility and support for multiple languages including scripting ones. Plus, since it is the recommended configuration API it's future looks bright. However, with these advantages comes the price. Expect a steep learning curve. Being familiar with COM and directory-like services such as AD or LDAP helps but this is not all. The framework is designed to be scripting friendly, which means that absolutely everything is done at runtime. This makes programming in strongly typed languages a pain. Then there is still the problem of things working somewhat differently on different platforms. Only because everything is done at runtime you will only learn about it when your application crashes. Expect to write once and debug everywhere as Java motto goes ;-). Personally I tend to avoid WMI unless absolutely necessary and from my online observations so do many other people.
Network Configuration Interfaces
For reasons that are beyond my imagination Microsoft had chosen to document this COM API in DDK making it virtually unknown to user-mode Win32 programmers. It a pity because this is a nice, classical COM API that allows manipulation of network hardware stack (i.e. everything below actual protocols). When you open property pages for a network connection you can see this API in action. It allows you to do manipulate bindings i.e. what protocols and services are enabled for a particular adapter, enable and disable adapters, open their property pages and more. The main advantage of this API is that it is very user-mode friendly gateway to hardware stuff. The only disadvantage is poor documentation and somewhat limited functionality.
Device Installation API
Supported since Win2k and in a limited fashion on NT this API is for installation of hardware and drivers including networking ones. Some things are doable only through this API so you may occasionally need it.
Shell network interfaces
The shell network interfaces are an interesting thing. They are scantly documented in MSDN in conjunction with internet connection sharing (ICS) but they are very useful for many other tasks. Unlike other network management APIs these interfaces work with network connections, which are the Windows shell abstraction, rather than hardware adapters. Since network connections are the thing that normal user usually sees these interfaces fit nicely for usage in GUI driven code.
The network management functions have a dual role. First, they are the original (pre-Active Directory) way to manage user accounts and related information. Second they are the primary way to manage Windows (as opposed to general TCP/IP) network resources, such as servers, workstations and shares. It can also do some unexpected thing like schedule remote jobs or send messages to machines. Some of the functionality of this API is directly exposed to user via net command line utility.
This API deals with adding and removing mapped drives or other Windows network connections in various and assorted ways. Compared with Net API its main advantage is that it adds common GUI stuff such as standard connection dialog boxes and messages.
In Microsoft world Routing and Remote Access (RAS or RRAS) include not only conventional dial-up but also VPN and some more esoteric kinds of connections. This API allows to manage and manipulate them. Curiously wireless connections which are logically very similar are managed differently.
Configuration files
Windows TCP/IP networking has its origins in Unix and retains some of the configuration files Unix uses. Take a look at your %systemroot%\system32\drivers\etc directory to see them.
Manual registry modifications
Sometimes, though much more rarely than people think, there is no other way than modify the registry. Use this only as a last resort since Microsoft usually makes no guarantees about how its configuration information is stored there.
Back to top

Enabling and disabling interface/adapter


I want to programmatically enable or disable a particular network interface/adapter/card.


There are multiple ways to do it depending on what exactly you need and on which OSes. Some of the possibilities are outlined below

Using IP Helper

The API you need is SetIfEntry. Note that this function "administratively" disables or enables the interface. This method is the most simple one but has a few problems. First, it does not produce the same results as disabling the network adapter from Network Connections folder or device manager. Second, it only disables TCP/IP so you can still use Netbios and other low-level communication APIs. Thus it is usually unsuitable for security related tasks.

Using Device Installation API

[Thanks to Arkady Frenkel for this tip] If you have DDK you can look at its sample enable (look in src\setup\enable) that demonstrates how to use it. In a newsgroup post Arkady noted the following

I heard from MS guys that some side effects take place with enable example but I used it for both network and serial drivers and for me that work like a charm.

If you don't have DDK, Alick Ye from Microsoft posted equivalent code. This method disables the actual device much like doing it manually from Device Manager. It is also supported on wider variety of platforms. Also you may want to take a look at DevCon tool that comes with source code.

Using Shell Network Interfaces

This method is most useful when you want to enable or disable network connection which appear in Network Connections shell folder. Unfortunately it is only available for XP and higher. The following sample demonstrates how to use them to enable or disable a connection.

+ Click here to expand/collapse sample

Using WMI

If your adapter uses DHCP it is possible to "disable" or "enable" it by releasing and renewing IP address using WMI. More details here. Of course this doesn't really disables or enables anything so I mention it here only as a trick in case somebody asks. There is no way to actually disable and adapter using WMI.

I should also mention here that it is impossible to use Network Configuration Interfaces to enable or disable an adapter. Just in case you'd ask ;-)

Back to top

Remote OS version


How can I determine Windows OS version and/or OS type on a remote computer?


Use either NetServerGetInfo with level 102 or NetWkstaGetInfo with level 100.

Alternatively, you can use WMI and query Win32_OperatingSystem class.

Back to top

Connection to internet


How can I check whether my computer is connected to the Internet? Can I be notified when this happens? When my computer gets online I need to ...


I bet you are used to a dial-up connection :-). Internet in general is not an electric grid to which you are either connected or not. Think about a corporate user that can fire up his browser and visit Google but cannot access most other sites (because his gateway blocks them). Is he connected to Internet? Or take a home user that is behind a wireless router with a firewall. He can access any site but nobody can access his computer. Is he online? Most people would answer yes to these questions but for the purpose of your application this may not be so. What you probably care about is whether your application can connect to its server or be a server itself. In other words you actually want to know whether your application will be able to communicate, not whether "connection to the Internet" exists in some abstract sense.

After we have restated the question in this way it should be obvious that it is in general impossible to answer. Whether your application will be able to access another machine depends on many factors such as correct routing, security software allowing the traffic and the other machine being physically up. You cannot reliably determine all of this from the code that runs on your machine. Thus the only way to be sure that you can communicate is to try it. In other words just connect a socket (or whatever other communication mechanism you are using) and see if this succeeds. If it does you are all set and no other checks "whether Internet is available" are needed.

What if connection fails? The error code will rarely provide any useful information about the real reason for failure but many applications legitimately want to help the user with troubleshooting. To this end it could be helpful to distinguish between "server is down" and "you computer has no way to reach the server". As long as you remember that there is no general solution you can try some heuristics.

Arkady Frenkel had investigated some possible options in detail and kindly provided the following results

+ Click here to expand/collapse

For your convenience the functions mentioned in Arkady's note are

Some other things that you may want to try

  • Check operational status of all interfaces using GetIfTable. At least one should be up.
  • Check all the network adapters and validate their IP addresses, DNS servers and gateways. The GetAdaptersInfo API will help with that. If all the IP addresses are, DNS servers are not set etc. most likely the user is not physically connected.

Back to top

Enumerate computers


How to find out all computer names on my network?


The answer depends on what you mean by "all computers" and "my network". In the most general case there is no solution. However, if what you really need is all Windows machines and by network you mean Windows domain or workgroup then it is certainly possible. Some ways to accomplish this are

Back to top

Advanced RAS/VPN Properties


I am trying to programmatically create RAS/VPN connection and some of the properties available through Windows GUI are not exposed by RAS API. How to specify them?


There are couple of options. Some things can be managed through WMI. The Win32_NetworkAdapterConfiguration class exposes a number of methods that allow you to change network adapter parameters. When WMI provides the necessary functionality it is always preferrable as this is the recommended and supported API. Unfortunately sometimes WMI is not an option or it doesn't provide access to a specific setting.

Given that on NT-based systems information about RAS/VPN connection is stored in phonebook files, one possible solution is to directly modify them. The RasEnumEntries API allows to find the name of the phonebook file for each RAS entry. The default location of "all users" phonebook file is
%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk
The format of a phonebook file is obviously the standard Windows INI file format which can be manipulated by WritePrivateProfileString and related functions. Each RAS/VPN connection is a section while its settings are key/value pairs. Most of the options have self-explanatory names and you always can find which option corresponds to a given GUI setting by modifying the connection properties in GUI and observing the changes in a phonebook file. The following table summarizes some options frequently asked about on Usenet. Note that these options are not documented or supported by MS so they may disappear or change meaning in the future. In addition I made my tests on XP SP2 and it is entirely possible that some of them may be missing or have different menaing on other Windows versions.

Option GUI Analog Possible Values WMI alternative
ShowMonitorIconInTaskBar Show Icon in notification area when connected Boolean: 1 or 0 Unknown
IpDnsFlags Various setting on DNS tab of TCP/IP properties Bitmask: 1 - Register this connection's address in DNS
Back to top

MAC address


How to find network card's MAC address?


There are multiple ways to do it depending on what exactly you need and on which OSes. Some of the possibilities are outlined below. Note that my intent is to show methods that are known to be reliable in a sense that they always produce unambiguous results. For completeness I also include unreliable methods at the end of this list but please do not use htem.

Using SNMP

This method is described at Winsock Programmer's FAQ. Despite being in that FAQ for a long time it is relatively little known. Its biggest advantage is that this method is the most portable one and does not require any special machine configuration.

Using IPHelper

The MAC address can be obtained simply by calling GetAdaptersInfo (replaced on newer systems by GetAdaptersAddresses), GetIfTable or GetIfEntry. If you can use it it is the simplest documented method. It is not available on older 9x systems though.

Using WMI

The class you need are Win32_NetworkAdapter. Alternatively you can use under-documented MSNDIS_EthernetCurrentAddress class as described at

Sending ARP request

This method is usually used to find MAC address of a remote machine but can also be used with a local one. The relevant API is SendARP

Talking to a driver

See for details.

Using Netbios API

This method is unreliable. It is described in detail at Winsock Programmer's FAQ and also in Knowledge Base article Q118623. Note that Netbios is being gradually phased out and may not even be present on modern machines.


This method is unreliable and can only be described as a hack. More details can be found at Winsock Programmer's FAQ and at

Back to top