Tuesday, August 11, 2009

NET.exe - Windows User Management From the Command Line

The NET Command is used to manage network security resources as follows:

View user account password and logon requirements (also displays the machine type - NT Server or NT workstation)

View password and logon requirements for the network domain.

Set the number of minutes a user has before being forced to log off when the account expires or valid logon hours expire

Prevent forced logoff when user accounts expire

Set the minimum number of characters for a password.
The range is 0-14 characters; the default is 6 characters.

Set the maximum number of days that a password is valid.
The range is 1-49710; the default is 90 days.

Set passwords to never expire.

Set a minimum number of days that must pass before a user can change a password (default = 0)

Require that new passwords be different from 'x' number of previous passwords
The range for 'x' is 1-24

Synchoronise the user accounts database (PDC and BDC)

View user account details

Add a user account.
NET USER username {password | *} /ADD [options] [/DOMAIN]

Modify a user account.
NET USER [username [password | *] [options]] [/DOMAIN]

Delete a username

Add a Workgroup
NET GROUP groupname /ADD [/COMMENT:"text"] [/DOMAIN]

Edit a workgroup
NET GROUP [groupname [/COMMENT:"text"]] [/DOMAIN]

Delete a group

Add a user to a group
NET GROUP groupname username [...] /ADD [/DOMAIN]

Delete a user from a group
NET GROUP groupname username [...] /DELETE [/DOMAIN]

To View, Add or modify a local workgroup replace GROUP in the commands above with LOCALGROUP.


Create a group

C:\>NET LOCALGROUP spud /add

Add to guests

C:\>NET LOCALGROUP guests spud /add

Then remove

C:\>NET LOCALGROUP guests spud /delete

C:\>NET LOCALGROUP spud /delete

NET USER options

The NET Command is used to manage network resources as follows:

options are as follows:

/active:{no | yes}
Enable or disable the user account.
The default is yes (login is allowed)
Disabling an account does not immediately log off any user sessions.

A descriptive comment (48 characters).

Use the OS country codes to implement specified language files for help and error messages. 0 = default country code.

/expires:{date | never}
Cause the user account to expire. date can be in mm/dd/yy, dd/mm/yy, or mmm,dd,yy format, depending on the /countrycode. Months can be a number, spelled out, or abbreviated with three letters. Use commas or slashes to separate parts of the date (no spaces).

The user's full name (rather than a username).

The path for the user's home directory. The path must exist.

/homedirreq:{yes | no}
Is a home directory required?

/passwordchg:{yes | no}
Can users change their own password? The default is yes.

/passwordreq:{yes | no}
Must a user account have a password? The default is yes.

The path for the user's logon profile.
This pathname will be used to store their registry profile.

Path for the user's logon script. This is relative to %systemroot%\SYSTEM32\REPL\IMPORT\SCRIPTS. (The NETLOGON share) You can't use an absolute path.

/times:{times | all}
The times the user is allowed to use the computer.
The times value is expressed as day[-day][,day[-day]] , time[-time][,time[-time]], limited to 1-hour time increments.
Days can be spelled out or abbreviated (M,T,W,Th,F,Sa,Su).
Hours can be 12- or 24-hour notation. For 12-hour notation, use AM, PM, or A.M., P.M.
The value all means a user can always log on.
A null value (blank) means a user can never log on.
Separate day and time with commas, and units of day and time with semicolons (for example, M,4AM-5PM;T,1PM-3PM).
Do not use spaces when designating /times.

Add or change the "User comment" for the account. Only Administrators can edit this.

/workstations:{computername[,...] | *}
List as many as eight workstations from which a user can log on to the network.
Separate multiple entries in the list with commas.
If /workstations has no list, or if the list is *, the user can log on from any computer.


NET USER jsmith p@ssw0rd /ADD /fullname:"Joe Smith" /scriptpath:logon.cmd

NET USER alice_smith /ACTIVE:yes /comment:"RAS User" /DOMAIN

NET USER fred_jones /HOMEDIR:\\Server_05\ /PROFILEPATH:\\Server_05\D$\USERS\fred_jones /DOMAIN

No comments:

Post a Comment