Windows User Management With Net User Like Creating, Deleting, Setting Password
Windows operating system have a lot of command line and GUI tools to manage user accounts. The most popular user management tool from command line like ms-dos or powershell is
net user command. In this tutorial we will look different usage examples about net user command.
Help about the net user command can be get with the
/? option like below.
$ net user /?
Before starting issuing commands we need to know that Windows is generally incase sensitive system. So following commands can be used uppercase or lowercase with username. The only exception is the password. So following commands are the same. But using accepted usage which is uppercase will make commands more readable
Existing user accounts can be listed just issuing the
net user command without any option. Only local user accounts will be listed. Domain user accounts will not be listed.
$ net user
As we can the the default users like Administrator and Guest all ready exist. New user
ismail is added previously.
Get User Account Information
The user information can be get by providing the user account name.
$ net user jack
This will list following information;
- User name
- Full name
- User’s comments
- Country Code
- Account Active
Account Expiresline shows where her after specified time account will be locked
Password Last Setline shows when the password is set for the last time
Password Expiresline shows whether the password of the user will expire after specified time.
Password Requiredline shows whether user account login needs password.
User may change passwordline show whether the user have privileges to change his own password.
Workstations allowedline show in which computers the user can login.
Logon scriptline shows which script file will be run during user logon
Home directoryline shows if the user home path is different then default location what is the user home path.
Last logonline shows what is the time where the user last time login.
Logon hours allowedline shows which hours is the user allowed to login.
Local Group Membershipsline show the local groups where the user is a member
Global group membershipsline show the global groups where the user is a member
Create User Account
Users can be created with
net user . This user will be created locally and do not exists in Active Directory. We will provide the user name to the command and
/ADD option like below. In this example we create a user named
$ net user test /ADD
The user is created successfully. If there is a problem we will get an error like
The account all ready exists
System error 5 has occurred. Access is deniedis we have do not have required privileges like Administrator.
Remove User Account
A user can be easily removed with the
$ net user test /DELETE
Set Password While User Account Creation
While creating user account we can set the password. But changing user creation time password will make things more secure. We will just append the user account password after user account name. In this example we will create a user account named test and set password 123456
$ net user test 123456 /ADD
Set Password Existing User
Changing existing user password is very similar to while adding. We will just remove the
/ADD and only provide the user account name and new password. In this example we set user
test password as
$ net user test 123456
Operate On Domain Users
Up to now we have operated on local users. Windows Active directory very popular technology used by corporates. Previously described commands can be used to manipulate domain users too. We just need to add
/DOMAIN option to the command. We need Domain Admin privileges to run these commands. Also current worked computer should be joined related domain.
Add User Account To Domain
$ net user test /ADD /DOMAIN
Delete Remove User Account
$ net user test /DELETE /DOMAIN
Change User Account Password
$ net user test 123456 /DOMAIN
Lock or Disable User Account
Windows operating system provides the ability to lock or disable user accounts. Locking accounts generally used for security. Locking or disabling account will prevent the account to login to the Windows systems. User account can be locked or disabled with
In this example we will lock user account named
$ net user jack /active:no
Enable User Account
The reverse operation can be done to enable all ready locked or disabled account. In this example we will unlock the user account
$ net user jack /active:yes