Professional Windows Server 1002003 Security A Technical Reference [Electronic resources]

Roberta Bragg

نسخه متنی -صفحه : 415/ 345
نمايش فراداده

net user

Manages user accounts.

Syntax

net user [username [password | *] [options] ] [/domain]
net user username {password | *} /add [options] [/domain]
net user username [/delete] [/domain]

Options

None

Lists user accounts on computer or domain (see /domain later in this list).

username [password | *] [options]

Indicates user account (up to 20 characters long) and password (up to 127 characters long) to manage. An asterisk prompts for a password when the command is run. options specifies account options, which can include:

/active:[no | yes]

Enables or disables the account (enabled is default).

/comment:"text"

Indicates a descriptive comment up to 48 characters long.

/countrycode:nnn

Uses country/region codes to specify language file for user's Help and error messages (use 0 for default country/region code).

/expires:[date | never]

Represents the account expiration date (use mm/dd/yy, dd/mm/yy, or mmm,dd,yy format depending on the country/region code).

/fullname:"name"

Indicates the user's full name.

/homedir:path

Indicates path to user's home directory.

/passwordchg:[yes | no]

Specifies whether users can change their password (default is yes).

/passwordreq:[yes | no]

Specifies whether a password is required (default is yes).

/profilepath:[path]

Indicates path to user's logon profile.

/scriptpath:path

Indicates path to user's logon script, which must be relative to:

%Systemroot%\System32\Repl\Import\Scripts

/times:[times | all]

Represents logon hours allowed. Use:

day[-day][,day[-day]] ,time [-time][,time[-time]]

in one-hour time increments with days spelled out or abbreviated as M,T,W,Th,F,Sa,Su and hours in 12- or 24-hour notation). Using a null (blank) value means the user can never log on.

/usercomment:"text"

Specifies the "user comment" for the account.

/workstations:{computername[,...] | *}

Specifies up to eight workstations from which the user can log on (separate using commas). An asterisk means the user can log on from any machine.

/domain

Manages domain accounts.

/add [options]

Adds the account (see earlier in this list for options).

/delete

Removes the account.

Examples

Display a list of user accounts on a domain controller

TEST :

net user
User accounts for \\TEST
----------------------------------------------------
Administrator        Guest        ILS_ANONYMOUS_USER
IUSR_MS3             IUSR_TEST    IWAM_MS3
IWAM_TEST            krbtgt       mktulloch
NetShowServices      sally        TsInternetUser
The command completed successfully.

If you execute the previous command on a WS2003 machine, you need to add the /domain switch.

View details of user account Sally:

net user sally
usernames                    sally
Full Name                    sally
Comment
User's comment
Country code                 000 (System Default)
Account active               Yes
Account expires              Never
Password last set            6/23/2003 11:56 AM
Password expires             8/5/2003 10:44 AM
Password changeable          6/23/2003 11:56 AM
Password required            Yes
User may change password     Yes
Workstations allowed         All
Logon script
User profile
Home directory
Last logon                   Never
Logon hours allowed          All
Local Group Memberships
Global Group memberships     *support              *Domain Users
The command completed successfully.

Add user account

fredp (for Fred Penner) with high security password KDj59Pw8, allowing the user to log on between 8 a.m. and 5 p.m. from Monday to Friday, prohibiting the user from changing his password himself, and restricting the user to logging on from the workstation named

PRO115 :

net user fredp KDj59Pw8 /add /fullname:"Fred Penner" 
/times:M-F,8am-5pm /passwordchg:no 
/workstations:PRO115
The command completed successfully.

Since you entered a different password from the one Fred requested, you need to change it:

net user fredp *
Type a password for the user:********
Retype the password to confirm:********
The command completed successfully.

Generate a report listing all users in the computer's primary domain:

net user  /domain > users.txt

Notes

net users has the same effect as net user.

See Also

net accounts, net group, net localgroup,

Users