The NET Command is used to manage network security resources as follows:
View user account password and logon requirements (also displays the machine type – NT Server or NT workstation)
NET ACCOUNTS
View password and logon requirements for the network domain.
NET ACCOUNTS /DOMAIN
Set the number of minutes a user has before being forced to log off when the account expires or valid logon hours expire
NET ACCOUNTS /FORCELOGOFF:minutes /DOMAIN
Prevent forced logoff when user accounts expire
NET ACCOUNTS /FORCELOGOFF:NO /DOMAIN
Set the minimum number of characters for a password.
NET ACCOUNTS /MINPWLEN:C /DOMAIN
The range is 0-14 characters; the default is 6 characters.
Set the maximum number of days that a password is valid.
NET ACCOUNTS /MAXPWAGE:dd /DOMAIN
The range is 1-49710; the default is 90 days.
Set passwords to never expire.
NET ACCOUNTS /MAXPWAGE:UNLIMITED /DOMAIN
Set a minimum number of days that must pass before a user can change a password (default = 0)
NET ACCOUNTS /MINPWAGE:dd /DOMAIN
Require that new passwords be different from ‘x’ number of previous passwords
NET ACCOUNTS /UNIQUEPW:x /DOMAIN
The range for ‘x’ is 1-24
Synchoronise the user accounts database (PDC and BDC)
NET ACCOUNTS /SYNC /DOMAIN
View user account details
NET USER [/DOMAIN]
Add a user account.
NET USER username {password | *} /ADD [options] [/DOMAIN]
Modify a user account.
NET USER [username [password | *] [options]] [/DOMAIN]
Delete a username
NET USER username [/DELETE] [/DOMAIN]
Add a Workgroup
NET GROUP groupname /ADD [/COMMENT:”text”] [/DOMAIN]
Edit a workgroup
NET GROUP [groupname [/COMMENT:”text”]] [/DOMAIN]
Delete a group
NET GROUP groupname /DELETE [/DOMAIN]
Add a user to a group
NET GROUP groupname username […] /ADD [/DOMAIN]
Delete a user from a group
NET GROUP groupname username […] /DELETE [/DOMAIN]
To View, Add or modify a local workgroup replace GROUP in the commands above with LOCALGROUP.
Examples
Create a group
C:>NET LOCALGROUP spud /add
Add to guests
C:>NET LOCALGROUP guests spud /add
Then remove
C:>NET LOCALGROUP guests spud /delete
C:>NET LOCALGROUP spud /delete
NET USER options
The NET Command is used to manage network resources as follows:
options are as follows:
/active:{no | yes}
Enable or disable the user account.
The default is yes (login is allowed)
Disabling an account does not immediately log off any user sessions.
/comment:”text”
A descriptive comment (48 characters).
/countrycode:nnn
Use the OS country codes to implement specified language files for help and error messages. 0 = default country code.
/expires:{date | never}
Cause the user account to expire. date can be in mm/dd/yy, dd/mm/yy, or mmm,dd,yy format, depending on the /countrycode. Months can be a number, spelled out, or abbreviated with three letters. Use commas or slashes to separate parts of the date (no spaces).
/fullname:”name”
The user’s full name (rather than a username).
/homedir:path
The path for the user’s home directory. The path must exist.
/homedirreq:{yes | no}
Is a home directory required?
/passwordchg:{yes | no}
Can users change their own password? The default is yes.
/passwordreq:{yes | no}
Must a user account have a password? The default is yes.
/profilepath:[path]
The path for the user’s logon profile.
This pathname will be used to store their registry profile.
/scriptpath:path
Path for the user’s logon script. This is relative to %systemroot%SYSTEM32REPLIMPORTSCRIPTS. (The NETLOGON share) You can’t use an absolute path.
/times:{times | all}
The times the user is allowed to use the computer.
The times value is expressed as day[-day][,day[-day]] , time[-time][,time[-time]], limited to 1-hour time increments.
Days can be spelled out or abbreviated (M,T,W,Th,F,Sa,Su).
Hours can be 12- or 24-hour notation. For 12-hour notation, use AM, PM, or A.M., P.M.
The value all means a user can always log on.
A null value (blank) means a user can never log on.
Separate day and time with commas, and units of day and time with semicolons (for example, M,4AM-5PM;T,1PM-3PM).
Do not use spaces when designating /times.
/usercomment:”text”
Add or change the “User comment” for the account. Only Administrators can edit this.
/workstations:{computername[,…] | *}
List as many as eight workstations from which a user can log on to the network.
Separate multiple entries in the list with commas.
If /workstations has no list, or if the list is *, the user can log on from any computer.
Examples
NET USER jsmith p@ssw0rd /ADD /fullname:”Joe Smith” /scriptpath:logon.cmd
NET USER alice_smith /ACTIVE:yes /comment:”RAS User” /DOMAIN
NET USER fred_jones /HOMEDIR:\Server_05 /PROFILEPATH:\Server_05D$USERSfred_jones /DOMAIN