PowerShell enable/disable ICS and allow other adapter access
-
There are a couple functions to help with this task using PowerShell version 3.0+ that are written and talked about in the [Configure Internet Connection Sharing with PowerShell](https://mikefrobbins.com/2017/10/19/configure-internet-connection-sharing-with-powershell/) post that I confirmed works with Windows 10.
I'll shorten it up a bit and post just the parts of the PowerShell commands which you need to complete the task you describe, but you can read over the full post for more detail if needed.
----------
Command Execution
-
After declaring the two functions, you simply just need to run one line of code to enable the ICS between the VPN and Ethernet adapter. When done, you can run another line of code to disable the ICS feature entirely from the VPN adapter.
The full code with the functions to run for it to work is below, but I want to clarify a few things in this section first to help ensure you understand how to get it to work for your task.
###Powershell
## List adapter names
(Get-NetAdapter).Name
## List adapter ICS statuses for the two that'll use ICS
Get-MrInternetConnectionSharing -InternetInterfaceName "Ethernet", "VPN"
## Enable ICS on the VPN adapter and allow Ethernet network to use it
Set-MrInternetConnectionSharing -InternetInterfaceName "VPN" -LocalInterfaceName "Ethernet" -Enabled $true
## Disable ICS entirely on the VPN adapter when done
Set-MrInternetConnectionSharing -InternetInterfaceName "VPN" -LocalInterfaceName "Ethernet" -Enabled $false
###Notes
- The `-InternetInterfaceName` parameter is passed the name of the network adapter which you want to enable ICS.
- The `-LocalInterfaceName` parameter is passed the name of the network adapter which you want to allow to use the ICS enabled adapter's Internet.
- Running the `Set-MrInternetConnectionSharing -InternetInterfaceName "VPN" -LocalInterfaceName "Ethernet" -Enabled $true` command will result in
[![enter image description here][1]][1]
----------
[Full PowerShell Code](https://mikefrobbins.com/2017/10/19/configure-internet-connection-sharing-with-powershell/)
-
**Note:** I have commented out the **disable** in the full script so you'll want to remove or add comments or adjust the logic to know if you are enabling or disabling per execution.
Adjusting or expanding on this further, finding a way to fully automate an enable or disable using this solution based on some event, etc. should just be a trivial matter to figure out within your environment—this takes care of the hard part at least.
#Requires -Version 3.0
function Get-MrInternetConnectionSharing {
<#
.SYNOPSIS
Retrieves the status of Internet connection sharing for the specified network adapter(s).
.DESCRIPTION
Get-MrInternetConnectionSharing is an advanced function that retrieves the status of Internet connection sharing
for the specified network adapter(s).
.PARAMETER InternetInterfaceName
The name of the network adapter(s) to check the Internet connection sharing status for.
.EXAMPLE
Get-MrInternetConnectionSharing -InternetInterfaceName Ethernet, 'Internal Virtual Switch'
.EXAMPLE
'Ethernet', 'Internal Virtual Switch' | Get-MrInternetConnectionSharing
.EXAMPLE
Get-NetAdapter | Get-MrInternetConnectionSharing
.INPUTS
String
.OUTPUTS
PSCustomObject
.NOTES
Author: Mike F Robbins
Website: http://mikefrobbins.com
Twitter: @mikefrobbins
#>
[CmdletBinding()]
param (
[Parameter(Mandatory,
ValueFromPipeline,
ValueFromPipelineByPropertyName)]
[Alias('Name')]
[string[]]$InternetInterfaceName
)
BEGIN {
regsvr32.exe /s hnetcfg.dll
$netShare = New-Object -ComObject HNetCfg.HNetShare
}
PROCESS {
foreach ($Interface in $InternetInterfaceName){
$publicConnection = $netShare.EnumEveryConnection |
Where-Object {
$netShare.NetConnectionProps.Invoke($_).Name -eq $Interface
}
try {
$Results = $netShare.INetSharingConfigurationForINetConnection.Invoke($publicConnection)
}
catch {
Write-Warning -Message "An unexpected error has occurred for network adapter: '$Interface'"
Continue
}
[pscustomobject]@{
Name = $Interface
SharingEnabled = $Results.SharingEnabled
SharingConnectionType = $Results.SharingConnectionType
InternetFirewallEnabled = $Results.InternetFirewallEnabled
}
}
}
}
#Requires -Version 3.0 -Modules NetAdapter
function Set-MrInternetConnectionSharing {
<#
.SYNOPSIS
Configures Internet connection sharing for the specified network adapter(s).
.DESCRIPTION
Set-MrInternetConnectionSharing is an advanced function that configures Internet connection sharing
for the specified network adapter(s). The specified network adapter(s) must exist and must be enabled.
To enable Internet connection sharing, Internet connection sharing cannot already be enabled on any
network adapters.
.PARAMETER InternetInterfaceName
The name of the network adapter to enable or disable Internet connection sharing for.
.PARAMETER LocalInterfaceName
The name of the network adapter to share the Internet connection with.
.PARAMETER Enabled
Boolean value to specify whether to enable or disable Internet connection sharing.
.EXAMPLE
Set-MrInternetConnectionSharing -InternetInterfaceName Ethernet -LocalInterfaceName 'Internal Virtual Switch' -Enabled $true
.EXAMPLE
'Ethernet' | Set-MrInternetConnectionSharing -LocalInterfaceName 'Internal Virtual Switch' -Enabled $false
.EXAMPLE
Get-NetAdapter -Name Ethernet | Set-MrInternetConnectionSharing -LocalInterfaceName 'Internal Virtual Switch' -Enabled $true
.INPUTS
String
.OUTPUTS
PSCustomObject
.NOTES
Author: Mike F Robbins
Website: http://mikefrobbins.com
Twitter: @mikefrobbins
#>
[CmdletBinding()]
param (
[Parameter(Mandatory,
ValueFromPipeline,
ValueFromPipelineByPropertyName)]
[ValidateScript({
If ((Get-NetAdapter -Name $_ -ErrorAction SilentlyContinue -OutVariable INetNIC) -and (($INetNIC).Status -ne 'Disabled' -or ($INetNIC).Status -ne 'Not Present')) {
$True
}
else {
Throw "$_ is either not a valid network adapter of it's currently disabled."
}
})]
[Alias('Name')]
[string]$InternetInterfaceName,
[ValidateScript({
If ((Get-NetAdapter -Name $_ -ErrorAction SilentlyContinue -OutVariable LocalNIC) -and (($LocalNIC).Status -ne 'Disabled' -or ($INetNIC).Status -ne 'Not Present')) {
$True
}
else {
Throw "$_ is either not a valid network adapter of it's currently disabled."
}
})]
[string]$LocalInterfaceName,
[Parameter(Mandatory)]
[bool]$Enabled
)
BEGIN {
if ((Get-NetAdapter | Get-MrInternetConnectionSharing).SharingEnabled -contains $true -and $Enabled) {
Write-Warning -Message 'Unable to continue due to Internet connection sharing already being enabled for one or more network adapters.'
Break
}
regsvr32.exe /s hnetcfg.dll
$netShare = New-Object -ComObject HNetCfg.HNetShare
}
PROCESS {
$publicConnection = $netShare.EnumEveryConnection |
Where-Object {
$netShare.NetConnectionProps.Invoke($_).Name -eq $InternetInterfaceName
}
$publicConfig = $netShare.INetSharingConfigurationForINetConnection.Invoke($publicConnection)
if ($PSBoundParameters.LocalInterfaceName) {
$privateConnection = $netShare.EnumEveryConnection |
Where-Object {
$netShare.NetConnectionProps.Invoke($_).Name -eq $LocalInterfaceName
}
$privateConfig = $netShare.INetSharingConfigurationForINetConnection.Invoke($privateConnection)
}
if ($Enabled) {
$publicConfig.EnableSharing(0)
if ($PSBoundParameters.LocalInterfaceName) {
$privateConfig.EnableSharing(1)
}
}
else {
$publicConfig.DisableSharing()
if ($PSBoundParameters.LocalInterfaceName) {
$privateConfig.DisableSharing()
}
}
}
}
#(Get-NetAdapter).Name
#Get-MrInternetConnectionSharing -InternetInterfaceName "Ethernet", "VPN"
Set-MrInternetConnectionSharing -InternetInterfaceName "VPN" -LocalInterfaceName "Ethernet" -Enabled $true
#Set-MrInternetConnectionSharing -InternetInterfaceName "VPN" -LocalInterfaceName "Ethernet" -Enabled $false
[Script Source](https://mikefrobbins.com/2017/10/19/configure-internet-connection-sharing-with-powershell/)
----------
Supporting Resources
-
- [Get-NetAdapter](https://docs.microsoft.com/en-us/powershell/module/netadapter/get-netadapter?view=win10-ps)
- [Configure Internet Connection Sharing with PowerShell](https://mikefrobbins.com/2017/10/19/configure-internet-connection-sharing-with-powershell/)
[1]: https://i.sstatic.net/Ck0o6.png