Working with Users and Groups from the Command Line
You can script your user and group chores by taking advantage of the NET USER and NET LOCALGROUP command-line utilities. These commands enable you to add users, change passwords, modify accounts, add users to groups, and remove users from groups.
For local users, the NET USER command has the following syntax:
NET USER [username [password | * | /RANDOM] [/ADD] [/DELETE] [options]]
username | The name of the user you want to add or work with. If you run NET USER with only the name of an existing user, the command displays the user's account data. | |
password | The password you want to assign to the user. If you use * instead, Windows XP prompts you for the password; if you use the /RANDOM switch instead, Windows XP assigns a random password (containing eight characters, consisting of a random mix of letters, numbers, and symbols), and then displays that password on the console. | |
/ADD | Creates a new user account. | |
/DELETE | Deletes the specified user account. | |
options | These are optional switches you can append to the command: | |
/ACTIVE:{YES | NO} | Specifies whether the account is active or disabled. | |
/EXPIRES:{date | NEVER} | The date (expressed in the system's Short Date format) on which the account expires. This parameter cannot be set nor viewed by other Windows XP tools. | |
/HOMEDIR:path | The home folder for the user (make sure the folder exists). | |
/PASSWORDCHG:{YES | NO} | Specifies whether the user is allowed to change his or her password. | |
/PASSWORDREQ:{YES | NO} | Specifies whether the user is required to have a password. This parameter cannot be set nor viewed by other Windows XP tools. | |
/PROFILEPATH:path | The folder that contains the user's profile. | |
/SCRIPTPATH:path | The folder that contains the user's logon script. | |
/TIMES:{times | ALL} | Specifies the times that the user is allowed to log on to the system. Use single days or day ranges (for example, Sa or M-F). For times, use 12-hour notation with am or pm, or 24-hour notation. Separate the day and time with a comma; separate day/time combinations with semicolons. Here are some examples: M-F,9am-5pm M,W,F,08:00-13:00 Sa,12pm-6pm;Su,1pm-5pm Note that the abbreviated form of Thursday, Saturday, or Sunday requires the use of the first two characters of the day's name. This parameter cannot be set or viewed by other Windows XP tools. | |
Caution If you use the /RANDOM switch to create a random password, be sure to make a note of the new password so that you can communicate it to the new user.
Note that if you run NET USER without any parameters, it displays a list of the local user accounts.
Tip If you want to force a user to log off when his or her logon hours expire, open the Group Policy editor and select Computer Configuration, Windows Settings, Security Settings, Local Policies, Security Options. In the Network Security group of policies, enable the Force Logoff When Logon Hours Expire policy.
The NET LOCALGROUP has the following syntax for adding users to, or removing users from, a group:
NET LOCALGROUP [group name1 [name2 ...] {/ADD | /DELETE}
group | This is the name of the local group with which you want to work. If the name1 [ name2...] parameters are not provided, then the /ADD or /DELETE switch applies to the named group. |
name1 [name2 ...] | One or more user names that you want to add or delete, separated by spaces. |
/ADD | Adds the user or users to the named group or, if no users are named, the named group is added to the system. |
/DELETE | Removes the user or users from the named group or, if no users are named, the named group is deleted from the system. |
In this tutorial:
- Managing Logons and Users
- Useful Windows XP Logon Strategies
- Setting Up an Automatic Logon
- Setting Logon Policies
- More Logon Registry Tweaks
- Getting the Most Out of User Accounts
- Control Panel's User Accounts Icon
- The Local Users And Groups Snap-In
- Setting Account Policies
- Working with Users and Groups from the Command Line
- Creating and Enforcing Bulletproof Passwords
- User Account Password Options
- Recovering a Forgotten Password
- Sharing Your Computer Securely