NET.exe – Windows User Management From the Command Line

Posted in Linux, Passwords, Windows

The NET Command is used to manage network security resources as follows:

View user account password and logon requirements (also displays the machine type – NT Server or NT workstation)
NET ACCOUNTS

View password and logon requirements for the network domain.
NET ACCOUNTS /DOMAIN

Set the number of minutes a user has before being forced to log off when the account expires or valid logon hours expire
NET ACCOUNTS /FORCELOGOFF:minutes /DOMAIN

Prevent forced logoff when user accounts expire
NET ACCOUNTS /FORCELOGOFF:NO /DOMAIN

Set the minimum number of characters for a password.
NET ACCOUNTS /MINPWLEN:C /DOMAIN
The range is 0-14 characters; the default is 6 characters.

Set the maximum number of days that a password is valid.
NET ACCOUNTS /MAXPWAGE:dd /DOMAIN
The range is 1-49710; the default is 90 days.

Set passwords to never expire.
NET ACCOUNTS /MAXPWAGE:UNLIMITED /DOMAIN

Set a minimum number of days that must pass before a user can change a password (default = 0)
NET ACCOUNTS /MINPWAGE:dd /DOMAIN

Require that new passwords be different from ‘x’ number of previous passwords
NET ACCOUNTS /UNIQUEPW:x /DOMAIN
The range for ‘x’ is 1-24

Synchoronise the user accounts database (PDC and BDC)
NET ACCOUNTS /SYNC /DOMAIN

View user account details
NET USER [/DOMAIN]

Add a user account.
NET USER username {password | *} /ADD [options] [/DOMAIN]

Modify a user account.
NET USER [username [password | *] [options]] [/DOMAIN]

Delete a username
NET USER username [/DELETE] [/DOMAIN]

Add a Workgroup
NET GROUP groupname /ADD [/COMMENT:”text”] [/DOMAIN]

Edit a workgroup
NET GROUP [groupname [/COMMENT:”text”]] [/DOMAIN]

Delete a group
NET GROUP groupname /DELETE [/DOMAIN]

Add a user to a group
NET GROUP groupname username […] /ADD [/DOMAIN]

Delete a user from a group
NET GROUP groupname username […] /DELETE [/DOMAIN]

To View, Add or modify a local workgroup replace GROUP in the commands above with LOCALGROUP.

Examples

Create a group

C:>NET LOCALGROUP spud /add

Add to guests

C:>NET LOCALGROUP guests spud /add

Then remove

C:>NET LOCALGROUP guests spud /delete

C:>NET LOCALGROUP spud /delete

NET USER options

The NET Command is used to manage network resources as follows:

options are as follows:

/active:{no | yes}
Enable or disable the user account.
The default is yes (login is allowed)
Disabling an account does not immediately log off any user sessions.

/comment:”text”
A descriptive comment (48 characters).

/countrycode:nnn
Use the OS country codes to implement specified language files for help and error messages. 0 = default country code.

/expires:{date | never}
Cause the user account to expire. date can be in mm/dd/yy, dd/mm/yy, or mmm,dd,yy format, depending on the /countrycode. Months can be a number, spelled out, or abbreviated with three letters. Use commas or slashes to separate parts of the date (no spaces).

/fullname:”name”
The user’s full name (rather than a username).

/homedir:path
The path for the user’s home directory. The path must exist.

/homedirreq:{yes | no}
Is a home directory required?

/passwordchg:{yes | no}
Can users change their own password? The default is yes.

/passwordreq:{yes | no}
Must a user account have a password? The default is yes.

/profilepath:[path]
The path for the user’s logon profile.
This pathname will be used to store their registry profile.

/scriptpath:path
Path for the user’s logon script. This is relative to %systemroot%SYSTEM32REPLIMPORTSCRIPTS. (The NETLOGON share) You can’t use an absolute path.

/times:{times | all}
The times the user is allowed to use the computer.
The times value is expressed as day[-day][,day[-day]] , time[-time][,time[-time]], limited to 1-hour time increments.
Days can be spelled out or abbreviated (M,T,W,Th,F,Sa,Su).
Hours can be 12- or 24-hour notation. For 12-hour notation, use AM, PM, or A.M., P.M.
The value all means a user can always log on.
A null value (blank) means a user can never log on.
Separate day and time with commas, and units of day and time with semicolons (for example, M,4AM-5PM;T,1PM-3PM).
Do not use spaces when designating /times.

/usercomment:”text”
Add or change the “User comment” for the account. Only Administrators can edit this.

/workstations:{computername[,…] | *}
List as many as eight workstations from which a user can log on to the network.
Separate multiple entries in the list with commas.
If /workstations has no list, or if the list is *, the user can log on from any computer.

Examples

NET USER jsmith p@ssw0rd /ADD /fullname:”Joe Smith” /scriptpath:logon.cmd

NET USER alice_smith /ACTIVE:yes /comment:”RAS User” /DOMAIN

NET USER fred_jones /HOMEDIR:\Server_05 /PROFILEPATH:\Server_05D$USERSfred_jones /DOMAIN

Posted on By user

Leave a Reply

Your email address will not be published. Required fields are marked *