Windows

Controlling user accounts from the command line

If you cut your teeth on DOS, then you may not always like to use a GUI to do things. Windows NT and 2000 both allow you to perform administrative tasks such as dealing with users from the command line. John Sheesley shows you how.

As a network administrator, you spend a lot of time managing user accounts on your network. Microsoft provides some nice GUI tools in Windows NT and Windows 2000 to help you administer your users; however, sometimes these things can be done more efficiently from the command line. In this Daily Feature, I’ll show you how you can administer user accounts from the command line using the Net User command.

Your wish is my command
Let’s face it, GUIs are designed to be easy to use, not necessarily to be efficient. How do you access a user account in Windows NT? Click Start. Click Programs. Click Administrative Tools (Common). Click User Manager For Domains. Click the user. If you want to do anything to the user, keep clicking. Click. Double-click. Right-click. Left-click. Click, click, click. Almost as much clicking as a tap dancer putting on a show. And Windows 2000 isn’t much better.

Fortunately, you can save your clicking finger by taking a quick trip to the command line. That’s only two clicks. Click Start. Click Run. Type cmd and press [Enter].

At the command line you can use one simple command—Net User. The Net User command can do almost all of the same things to users that you can do using the User Manager For Domains in Windows NT or Users And Computers in Windows 2000. Net User works the same way on both Windows NT and Windows 2000.

Casting your net
Although any user can use the Net User command, the user must have Administrator rights in order to do anything to anyone else using the command. Therefore, before you drop to the command prompt to use the command, make sure you’re logged on as Administrator or as a user with Administrator rights.

When you launch the command prompt, type net user and press [Enter]. When you do, you’ll see all of the users on the network.

If you want to view detailed information about an individual user, type net user username and press [Enter]. Just replace username with the name of the user you want information on. When you do, you’ll see a listing on the screen like this:

User name                                jsheesley
Full Name                                John Sheesley       
Comment
User's comment
Country code                             000 (System Default)
Account active                           Yes
Account expires                          Never

Password last set                        12/19/2000 4:18 PM
Password expires                         3/31/2001 3:05 PM
Password changeable               12/19/2000 4:18 PM
Password required                        Yes
User may change password                 Yes

Workstations allowed                     All
Logon script
User profile
Home directory
Last logon                               2/13/2001 11:41 AM

Logon hours allowed               All

Local Group Memberships                  *Administrators *Users
Global Group Memberships                 *None
The command completed successfully.


Net User includes other command line switches you can use to affect user accounts on your network. When you enter the command in conjunction with the switches, make sure you specify the username you want to affect. To view all of the switches, type net help user and press [Enter]. These switches include:
  • Password—This switch changes the user’s password. Type the new password right after the username switch (for example, net user jsheesley MyNewPassword). If you follow the username switch with a space and *, after you press [Enter], Windows will present you with a prompt to enter the password. The password won’t display when you type it at a password prompt.
  • /DOMAIN—Performs the operation on a domain controller of the current domain.
  • /ADD—Adds a user account to the user accounts database.
  • /DELETE—Removes a user account from the user accounts database.
  • /ACTIVE:—Type /ACTIVE:YES to activate the account. /ACTIVE:NO deactivates the account.
  • /COMMENT:”text”—You can use this command to provide a comment about the user. You can enter up to 48 characters as a description. Make sure you enclose the comment in quotation marks.
  • /COUNTRYCODE:—This switch allows you to change the operating system country code for the user. This will cause Windows to implement a language file for a user's help and error messages. A value of 0 signifies the default country code.
  • /EXPIRES:—This switch allows you to set an expiration date for the user. You can either enter a date in mm/dd/yyyy format or enter a value of NEVER. NEVER sets no expiration for the account.
  • /FULLNAME:"name"—This switch changes the user's full name, not the username. Replace name with the user’s name enclosed in quotation marks.
  • /HOMEDIR:pathname—This switch sets the path (pathname) for the user's home directory. The path must already exist for the switch to work properly.
  • /PASSWORDCHG:—If you type /PASSWORDCHG:YES, users can change their own passwords. Conversely, setting it to NO disables password changing. The default is YES.
  • /PASSWORDREQ:—This switch specifies whether a user account must have a password. The default is YES, but you can type /PASSWORDREQ:NO to disable passwords for the account.
  • /PROFILEPATH:pathname—This switch sets a path for the user's logon profile.
  • /SCRIPTPATH:pathname—This switch sets the location of the user's logon script.
  • /TIMES:—This switch allows you to set the user’s logon hours. If you set the value to ALL, the user can always log on. The syntax is reasonably complicated if you want to set available logon times. Times can only be expressed in one-hour increments. Starting times/days and ending times/days are separated by a dash (-). Days, and times in the same day, are separated by a comma (,). Multiple day/time combinations are separated by a semicolon (;). This might be a setting that would be more efficient using a GUI.
  • /USERCOMMENT:"text"—This switch sets the User Comment field shown above. Don’t confuse it with the Comment switch just mentioned.
  • /WORKSTATIONS:—This switch allows you to specify workstation names the user can log in from. By default, a user can use any workstation. You can specify this explicitly by following this switch with an asterisk (*). To limit a user, type in individual workstation names. You can enter as many as eight workstation names, separating each one with a comma.

Conclusion
GUIs can be useful to make your job easier, but in the process, they may make you less efficient. You can do some tasks, like administering user accounts, directly from the command line. In this Daily Feature, I showed you how to administer user accounts using the Net User command.
The authors and editors have taken care in preparation of the content contained herein but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.
6 comments
ansari989
ansari989

password never expire option from command line interface

Farhan Memon
Farhan Memon

My name is Uzair. From Pakistan. From I.T related any Problem Contact me. My Cell Number: +92-322-2450105.

nick0914
nick0914

Thanks for this great and usefull article.

thinesh_sk
thinesh_sk

i need, when a domain user is logged on another system, it should be asked domain password if need to connect domain.

unnatityagi07
unnatityagi07

Hi, I want to change description and username on NT Domain ( User manager) through command line. and also want to disable bulk IDs'.