The following example shows the syntax of the net user command:
net user [username [password | *] [options]] [/domain]
username {password | *} /add [options] [/domain]
username [/delete] [/domain]
You can use the net user command to create and modify user accounts on computers. When you use this command without command-line switches, the user accounts for the computer are listed. The user account information is stored in the user accounts database. This command works only on servers.
You can use the following parameters with the net user command: • username
Is the name of the user account you want to add, delete, modify, or view. The name of the user account can have as many as 20 characters.
• password
Assigns or changes a password for the user's account. A password must satisfy the minimum length set with the /minpwlen option of the net accounts command. It can contain as many as 14 characters.
• *
Produces a prompt for the password. The password is not displayed when you type it at a password prompt.
• /domain
Performs the operation on the primary domain controller (PDC) of the current domain. This parameter applies only to computers running Windows NT Workstation that are members of a Windows NT Server domain. By default, Windows NT Server-based computers perform operations on the PDC.
• /add
Adds a user account to the user accounts database.
• /delete
Removes a user account from the user accounts database.
Options for the Net User Command• /active:{yes | no}
Activates or deactivates the account. If the account is not active, the user cannot gain access to the server. The default is yes.
• /comment:"text"
Provides a descriptive comment about the user's account (maximum of 48 characters). Be sure to put quotation marks around the text you use.
• /countrycode:nnn
Uses the operating system country code to implement the specified language files for a user's help and error messages. A value of 0 signifies the default country code.
• /expires:{date | never}
Causes the account to expire if date is set. The never option sets no time limit on the account. An expiration date is in the form mm/dd/yy or dd/mm/yy, depending on the country code. Months can be a number, spelled out, or abbreviated with three letters. Year can be two or four numbers. Use slashes (/) with no spaces to separate parts of the date.
• /fullname:"name"
Is a user's full name (rather than a user name). Enclose the name in quotation marks.
• /homedir:pathname
Sets the path for the user's home directory. The path must exist.
• /passwordchg:{yes | no}
Specifies whether users can change their own password. The default is yes.
• /passwordreq:{yes | no}
Specifies whether a user account must have a password. The default is yes.
• /profilepath[:path]
Sets a path for the user's logon profile.
• /scriptpath:pathname
Is the location of the user's logon script.
• /times:{times | all}
Is the logon hours. The times option is expressed as day[-day][,day[-day]],time[-time][,time [-time]], and is limited to 1-hour increments. Days can be spelled out or abbreviated. Hours can be 12-hour or 24-hour notation. For 12-hour notation, use am, pm, a.m., or p.m. The all option specifies that a user can always log on, and a blank value specifies that a user can never log on. Separate day and time entries with a comma, and separate multiple day and time entries with a semicolon.
• /usercomment:"text"
Lets an administrator add or change the user comment for the account.
• /workstations:{computername[,...] | *}
Lists as many as eight computers from which a user can log on to the network. If the /workstations option has no list or if the list is *, the user can log on from any computer.
• net help user | more
Displays Help one screen at a time.
Non-administrators receive a "System error 5 has occurred. Access is denied" error message when they attempt to change the password.
simplified version:
on both cases, if we don't add the /domain switch, the command will be performed on the local SAM and NOT on the DC SAM.
password change:
NET USER
NET USER administrator 123456
NET USER testdomainuser 123456 /DOMAIN
when prompted for password enter new pass - not current pass
then when asked for confirmation, enter new pass again
adding a user:
NET USER
eg.:
NET USER user 123456 /add
NET USER domainuser 123456 /add /LEADMAS
NET USER byebyeuser /delete /METALCO
administrative passwords might be asked here
(enter LOCAL ADMIN pass if the NET USER command is run on local SAM or DOMAIN ADMIN pass if run on the DC SAM)
No comments:
Post a Comment