NET ACCOUNTS / NET USER / NET GROUP

The NET command is used to manage user accounts and groups.

Syntax
      NET ACCOUNTS  [/FORCELOGOFF:{minutes | NO} ] [/MINPWLENGTH:length]
             [/MAXPWAGE:{days | UNLIMITED}] [/MINPWAGE:days] [/UNIQUEPW:number] [/DOMAIN]

      NET USER username {password | *} /ADD [options] [/DOMAIN]

      NET USER [username [password | *] [options]] [/DOMAIN]

      NET USER username [/DELETE] [/DOMAIN]

      NET USER username [/TIMES:{times | ALL]

      NET USER username [/ACTIVE: {YES | NO}]

      Generate a random password:
      NET USER username /random

      NET GROUP groupname {/ADD [/COMMENT:"text"] | /DELETE} [/DOMAIN]
      NET LOCALGROUP groupname {/ADD [/COMMENT:"text"] | /DELETE} [/DOMAIN]

      Edit a group:
      NET GROUP [groupname [/COMMENT:"text"]] [/DOMAIN]
      NET LOCALGROUP [groupname [/COMMENT:"text"]] [/DOMAIN]

      NET GROUP groupname Username [...] {/ADD | /DELETE} [/DOMAIN]
      NET LOCALGROUP groupname Username [...] {/ADD | /DELETE} [/DOMAIN]

      Delete a group:
NET GROUP groupname /DELETE [/DOMAIN]
NET LOCALGROUP groupname /DELETE [/DOMAIN]

LOCALGROUP will create/modify a group that is local to the computer rather than an Active Directory domain-wide group, see Group Types.

Examples

View the current password & logon restrictions for the computer (plus machine role: Server/ Workstation):
NET ACCOUNTS

View the current password & logon restrictions for the domain:
NET ACCOUNTS /DOMAIN

Set the number of minutes a user has before being forced to log off when the account expires or valid logon hours expire:
NET ACCOUNTS /FORCELOGOFF:minutes /DOMAIN

Prevent forced logoff when user accounts expire:
NET ACCOUNTS /FORCELOGOFF:NO /DOMAIN

Set the minimum number of characters for a password:
NET ACCOUNTS /MINPWLEN:C /DOMAIN
The range is 0-14 characters; the default is 6 characters.

Set the maximum number of days that a password is valid:
NET ACCOUNTS /MAXPWAGE:dd /DOMAIN
The range is 1-49710; the default is 90 days.

View user account details:
NET USER [/DOMAIN]

Change the password of a local user account:
NET USER LocalUser64 Secr3t

View the password properties of user account 'Ella', this will show if the account requires a password:
NET USER Ella | findstr "Password"

Change the properties of user account 'Ella' to make the password not required. To reverse this, change 'false' to 'true':
WMIC useraccount where name='Ella' set PasswordRequired=false

Synchoronise the user accounts database (PDC and BDC):
NET ACCOUNTS /SYNC /DOMAIN

Set passwords to never expire:
NET ACCOUNTS /MAXPWAGE:UNLIMITED /DOMAIN

Set a minimum number of days that must pass before a user can change a password (default = 0):
NET ACCOUNTS /MINPWAGE:dd /DOMAIN

Require that new passwords be different from 'x' number of previous passwords:
NET ACCOUNTS /UNIQUEPW:x /DOMAIN
The range for 'x' is 1-24

Create a group
NET LOCALGROUP LocalScanningGroup /add

Add to guests
NET LOCALGROUP guests LocalScanningGroup /add

Then remove the group from guests:
NET LOCALGROUP guests LocalScanningGroup /delete

And delete the group completely:
NET LOCALGROUP LocalScanningGroup /delete

Related commands:

Q324639 - NET.EXE /ADD does not support names longer than 20 characters.
NET.exe - Manage network resources.
NTRIGHTS - Edit user account rights (Logon Locally etc).
DSADD - Add user (computer, contact, group..) to active directory.
DSMOD - Modify user (computer, contact, group..) in active directory.
PRNMNGR - Add, delete, list printers and printer connections.
RunAs - Force a password Sync between a local machine and the domain.
TSPROF - Copy Terminal Server User Profile.
WMIC GROUP - WMI access to Group membership.
WMIC USERACCOUNT - WMI access to User info.
Q149427 - Change Password using the Settings app.
PowerShell: Set-LocalUser - Modify a local user account / Set-adAccountPassword - Modify the password of an AD account.
Equivalent bash command (Linux): useradd - Add user account.


 
Copyright © 1999-2022 SS64.com
Some rights reserved