Windows: Enable/Disable your LAN or Firewall on Shell

In the distant past, when I still used ZoneAlarm’s desktop firewall, I got used to have a big, red emergency-button to cut off internet-access with one single click. This came in handy from time to time when I suspected strange things happening in the background or when I wanted to use or test a program I suspected to secretly send data home. In the old days of Windows XP the disabling of the network adapter could have also be done with two simple clicks via the tray-symbol. But from Windows 7 on we no longer have a straigth and short path to nearly instantly cut off internet-access. I grumbled upon this matter time and again but never was in the mood to seek for a resolution. Until now. Here are four short commands for the purpose to disable/enable your network-adapter or Windows-Firewall (run them as Admin!). The latter can be useful in cases we just want to cut internet-access but still have access to our local network. The first one completely deactivates our LAN-Adapter.

Disable LAN-Adapter:

netsh interface set interface "Local Area Connection" disabled

Enable LAN-Adapter:

netsh interface set interface "Local Area Connection" enable

Disable Windows-Firewall:

netsh advfirewall set currentprofile firewallpolicy blockinbound,blockoutbound

Enable Windows-Firewall:

netsh advfirewall set currentprofile firewallpolicy blockinbound,allowoutbound

For (de)activating the LAN-Adapter we have to find the exact internal name of our interface (above it’s the string “Local Area Connection”). We do this on the command-line (shell). To get on the shell we hit the keys “WINDOWS + R”, type “cmd” in the dialog-box and hit enter. On the shell we type this line:

netsh interface show interface

After hitting enter we get the name of our interface to paste in the first two commands above as a replacement for the string “Local Area Connection”. Mind to enclose the interface-name with quotes if it contains blanks. We can create a batch-script-file for every of the four commands, store them on desktop and this way have made our own “internet-off-emergeny-buttons”. Just mind to right-click the batch-files and execute them “as Admin” cause otherwise you will get a confusing error-message.

Windows: Starting applications with admin-privileges

Usually you shouldn’t do your daily work under an admin-account for security reasons. But from time to time you will have the need to run a certain application or command with administrative privileges.
To keep you from the hassle of switching between your normal- and admin-account you can use the “RUNAS”-command on the command line:

runas /user:johndoe_admin "C:\path\to\your\adminrights_needing_tool.cmd"

After “/user:” you have to enter the name of your admin-account. Press ENTER and you will be prompted for the password of that account. After that the called program will be started and executed with admin-privileges until you terminate it.

It may be helpful to have a Windows command-shell that is already started with admin-rights, so that every command executed under that shell is “admin” too. You can create a link for the following command to get that shell:

runas /user:johndoe_admin "cmd /T:E0"

The parameter “/T:E0” sets the background-color of that shell to yellow so that you can easily distinguish it from your normal shells and are aware of the excessive rights bound to that shell.

It could be the fact that you are not able to start the explorer.exe with admin-rights. This as annoying when you must set some directory or file permissions or have to use the control panel. The solution for this is to create a link to the Internet Explorer (iexplore.exe):

runas /user:johndoe_admin "c:\Program Files\Internet Explorer\IEXPLORE.EXE -e c:"

This command opens the IE with admin-rights, points it to drive “C:” and makes it behave just like the normal file-explorer. As here is no way to make this “admin-explorer” look differently, you should be careful and close it as soon as you no longer need it.