Description of the NET USER command. Working with a local account in Windows Creating a user via the command line

Good afternoon, readers. Today, once again, I had to go searching for the necessary information. Often you have to help Windows users directly from the user account, and there are no tools at hand other than the one built into Windows cmd.exe command line. When working under a restricted account, you often have to perform some task with elevated Administrator rights. cmd For these tasks, the most suitable tool is that you don’t have to enter the administrator password many times; you just need to run it once command line as administrator and execute necessary actions run the necessary commands which I will describe below:

appwiz.cpl- Installing and removing programs
certmgr.msc- Certificates
ciadv.msc- Indexing service
cliconfg- SQL Network Client Program
clipbrd- Clipboard
compmgmt.msc- Computer management
dcomcnfg- DCOM component management console
ddeshare- DDE Shares (does not work on Win7)
desk.cpl- Screen properties
devmgmt.msc- Device Manager
dfrg.msc- Disk defragmentation
diskmgmt.msc- Disk management
drwtsn32- Dr.Watson
dxdiag- DirectX Diagnostic Service
eudcedit- Personal symbol editor
eventvwr.msc- Event Viewer
firewall.cpl- Windows firewall settings
gpedit.msc- Group Policy
iexpress- IExpress (I don’t know what it is)
fsmgmt.msc - Shared folders
fsquirt- Bluetooth File Transfer Wizard
chkdsk- Disk check (usually launched with parameters drive_letter: /f /x /r)
control printers- Printers and faxes - does not always start
control admintools- Computer administration - does not always start
control scheduled tasks- Scheduled tasks (scheduler)
control userpasswords2 - Account Management
compmgmt.msc- Computer management ( compmgmt.msc /computer=pc - remote control PC computer)
lusrmgr.msc- Local users and groups
mmc- creating your own equipment
mrt.exe- Malware removal
msconfig- System setup (autostart, services, etc...)
mstsc- Remote Desktop Connection
ncpa.cpl- Network connections
ntmsmgr.msc- Removable memory
ntmsoprq.msc- Removable RAM operator requests (for XP)
odbccp32.cpl- Data Source Administrator
perfmon.msc- Productivity
regedit- Registry editor
rsop.msc- Resulting policy
secpol.msc- Local Security Settings (Local Security Policy)
services.msc- Services
sfc /scannow- Recovery system files
sigverif- File signature verification
sndvol- volume control
sysdm.cpl- System properties
sysedit - System file editor (don't know what it is)
syskey - Account database protection
taskmgr- Task Manager
utilman Utility Manager
verifier Driver Verification Manager
wmimgmt.msc- WMI management infrastructure

This list is mainly GUI applications. Below I will highlight console commands in a separate list.

You can also run applications in Control Panel with administrator rights by clicking right click holding the mouse at the same time Shift key. And select Run as (RunAs...) (relevant for Win XP).

List of console commands:

nbtstat -a pc- username of the user working on the remote PC machine
net localgroup group user /add- Add user to the group group
net localgroupgroup user/delete- Remove user from group
net send pc ""text"" - send a message to a PC user
net sessions- list of users
net session /delete- closes all network sessions
net use l: \\computer name\folder\- connect network drive l: folder on the remote computer
net user name /active:no- block the user
net user name /active:yes- unblock the user
net user name /domain- information about the domain user
net user Name /add- add user
net user Name /delete- delete user
netstat -a- list of all connections to the computer
reg add- Add a parameter to the registry
reg compare- Compare parts of the registry.
reg copy- Copies from one partition to another
reg delete- Removes the specified parameter or section
reg export- Export part of the registry
reg import- Accordingly, import part of the registry
reg load- Loads the selected part of the registry
reg query- Displays the values ​​of a given registry branch
reg restore- Restores the selected part of the registry from a file
reg save- Saves the selected part of the registry
reg unload- Unloads the selected part of the registry
shutdown- shutting down a computer, you can turn off another one remotely.
SystemInfo /s machine- will show a lot of useful information about the remote machine

If you read the site's articles in order (not forgetting about the Directory), then you probably noticed that so far we have only briefly mentioned the Administrator account in the Answer File Settings article. And after the articles about installing applications, you probably have a question: how to organize automatic login so that the software is installed automatically after the OS and can this be done not under the Administrator account? This article is designed to answer this question: you will learn how to set up automatic login, as well as create new and rename built-in accounts. Let's start by creating accounts.

Adding accounts

There are two ways to add accounts, and we'll cover both.

Method OOBEINFO.INI

Note: the method only works for Windows XP/2003

Using this method, you simply automate the process of creating users, which is usually performed manually during one of the graphical stages of Windows installation - mini-setup.

Let's get started. Open Notepad and copy the following lines there:

Identity000="Vadikan"
Identity001="Alex"

The username is enclosed in quotation marks; substitute yours. If you only need one user, then remove the second one. If you need more users, then add lines, increasing the number by one. This method allows you to create no more than six accounts(up to Identity005). Please note that all users will be included in the Administrators group.

When finished, save the file as oobeinfo.ini in the directory $OEM$\$$\System32\oobe. As you can see, everything is very simple.

NET USER method

This method was described in previous version site. It is more universal, because... works on all NT platforms and allows you to create as many accounts as you like, placing them in different groups.

We will create accounts during the graphical phase of Windows installation. To do this we will use the file cmdlines.txt(more about cmdlines.txt in the corresponding article). From it we will perform batch file useraccounts.cmd, containing the commands necessary to create accounts.

If you have not yet created a file cmdlines.txt, then open Notepad and copy the following text there

"useaccounts.cmd"

Save the file as cmdlines.txt in the directory C:\XPCD\$OEM$\.

Now we need to create useraccounts.cmd. Copy the following text into Notepad:

net user Vadikan asdf1234 /add
net localgroup Administrators Vadikan /add

net accounts /maxpwage:unlimited
EXIT

Let's look at the commands in order.

• net user Vadikan asdf1234 /add- creates user Vadikan with password asdf1234
• net localgroup Administrators Vadikan /add- adds user Vadikan to the Administrators group
• net localgroup Users Vadikan /delete- removes the Vadikan user from the Users group (the user is automatically added to it when created
• net accounts /maxpwage:unlimited- allows you to avoid password expiration (14 days)

For an account placed in the Administrators group, password required. Replace the username and password as you wish and save the file as useraccounts.cmd in the directory C:\XPCD\$OEM$\. Similarly, you can add other users to the desired groups using the same file useraccounts.cmd and the net user and net localgroup commands

Attention: in the localized Russian version, the Administrators group is called Administrators, and Users is called Users. Therefore, you need to make the appropriate changes and save the file in OEM encoding (DOS 866). Notepad does not support this encoding, and another editor is needed (a list of them is in the FAQ.

Another thing to note: if you want to create a user whose name has spaces (for example, Super Vadikan), then you must enclose such a name in quotes:

net user "Super Vadikan" asdf1234 /add

Combined method

After studying both methods, you may be wondering how to create accounts using the OOBEINFO.INI method, but only make one of them Administrator. In principle, this is possible. Pay attention to the file useraccounts.cmd, which used the net user command in combination with the /add option to add accounts. To delete accounts, use the /delete parameter. In my example, I created Vadikan and Alex accounts. Let's say I want to move Alex from administrators to regular users. First, let's remove it from Administrators, and then add it to Users:

net localgroup Administrators "Alex" /delete
net localgroup Users "Alex" /add

These commands can be added to any batch file that will be executed upon first login.

We will assume that we have sorted out adding users. If you want to automatically install applications after the OS installation is complete, you need to organize automatic login under the desired user. Let's get on with it.

Automatic login

As usual, we will consider several options. Let's start with perhaps the simplest thing: all you need is to organize automatic login for the built-in Administrator account.

Built-in Administrator account

If you are not interested in other accounts (which I highly doubt;), then the easiest way is to use the answer file to automatically log in to the built-in Administrator account. In the answer file ( winnt.sif) you should have the following lines:

AdminPassword="mypassword"
EncryptedAdminPassword=No
AutoLogon=Yes
AutoLogonCount=2

In order, they mean the following: administrator password, whether the administrator password is encrypted (you can encrypt it using Setup Manager), automatic logon, number of automatic logins (in Windows 2000, the maximum number of automatic logins is 2).

All you have to do is enter your password and set the desired number of automatic logins. All.

Other accounts

In truth, the methods described below are quite applicable to the built-in Administrator account. By the way, I recommend that you read the MS KB article Automating Windows Login before starting to study this section.

So, we want to import auto logon for the newly created user. You can automate the process of making changes to the registry in various ways. We will look at importing from a *.REG file with the REGEDIT command, as well as the REG ADD command.

In the first edition of the article, only the *.REG file was considered, but several people had problems with import, the nature of which remained unclear (in general, REGEDIT should work on the T-12). REG ADD solved the problem.

Importing from a *.REG file using the REGEDIT command

We will create a file autologon.reg, containing the registry parameters necessary for autologon, and then we organize the import of data using the REGEDIT command from useraccounts.cmd. Copy the following lines into Notepad

Windows Registry Editor Version 5.00

"DefaultUserName"="Vadikan"
"DefaultPassword"="asdf1234"
"AutoAdminLogon"="1"
"AutoLogonCount"=dword:00000001

The AutoLogonCount parameter specifies the number of automatic logons (in this case, one). Clear this option if you want to log in automatically all the time. Substitute your name and password, and then save the text as autologon.reg in the directory C:\XPCD\$OEM$\.

You should now have three files in the $OEM$ directory: cmdlines.txt, useraccounts.cmd And autologon.reg. Now you need to enter useraccounts.cmd command to import our registry settings. I think you already guessed how to do this - you just need to add the line

REGEDIT /S autologon.reg

This will ensure that the automatic login settings are imported into the registry.

REG ADD command

In principle, REG ADD does the same thing as REGEDIT /S - imports the necessary parameters into the registry. In this case we do not need any additional files, and we'll just enter the commands directly into useraccounts.cmd:

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V DefaultUserName /t REG_SZ /D "Vadikan" /f
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V DefaultPassword /t REG_SZ /D asdf1234 /f
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V AutoAdminLogon /t REG_SZ /D 1 /f
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V AutoLogonCount /t REG_DWORD /D 1 /f

Remove the last line if you want to log in automatically all the time. Substitute your username and password, and then add the resulting lines to useraccounts.cmd.

Important note! When organizing automatic login for other accounts, you need to make sure that the section is in winnt.sif contains only two lines related to the Administrator account:

AdminPassword=*
EncryptedAdminPassword=No

Remove everything else (eg. AutoLogon or AutoLogonCount). Replace the sprocket in AdminPassword password if you want to protect the Administrator account from unauthorized access.

It must be remembered that everything you indicate in winnt.sif(For example, AdminPassword), does not affect the Vadikan account described on this page. This only affects the built-in Administrator account.

Attention! Automatic login parameters specified in the file svcpack.inf, do not work. Use other methods described in this article.

If you did everything correctly, then during the installation of Windows at stage T-12 the file useraccounts.cmd will be launched from cmdlines.txt.

Other options for working with accounts.

This section is optional, but there may be situations in which the information below may be useful to you.

Renaming built-in accounts

Renaming built-in accounts is not necessary, but some do it for security reasons (an attacker will have to guess not only the password, but also the account name), or simply for convenience (Administrator is too long a name, especially for those who often have to enter it). It is possible to change the default usernames used in XP ( Administrator, Guest for localized version or Administrator And Guest for other versions). This can be done either from the command line or by changing one file in the distribution.

Renaming accounts from the command line

There are two tiny utilities - renuser.exe (10 kb) and netuser.exe (20 kb), using either of which you can solve the problem with one command. The utility must be placed in $OEM$\$$\system32\ and on the T-12 execute the command, for example, from the file cmdlines.txt.

"renuser Administrator NewName"

"NetUser Administrator /name:NewName"

The examples above rename the Administrator account.

Changing the defltwk.inf file

You can specify your own names for built-in accounts by editing the defltwk.inf file contained in the distribution package in compressed form. It's done like this (thanks, ):

1. Finding the file i386\DEFLTWK.IN_ torName =
2. We remove the comment before the name that we want to change (remove the ";") and set new values ​​after equals in quotes, for example.

   NewGuestName = "Type_guest"
   NewAdministra torName = "as_admin"

3. * - Microsoft has a typo in the default name option Administrator, don’t forget to add the letter “r” between the letters “t” and “a” (highlighted in the example).
4. Save changes
5. We pack it back using the MAKECAB.EXE program (recommended) or put the unpacked file in a folder i386\, having previously removed the original from there ( DEFLTWK.IN_)

Add accounts interactively

Sometimes you need to quickly add an account or even do it on the T-12, and it is not known in advance what name and password the user needs and what group to place him in. To do this, you can use the program (download (173 kb),) made by a participant in the Oszone conference.

The program adds a user (using net user), changes the computer name (ComputerName parameter), user name (RegisteredOwner parameter), registers an autologon (AutoAdminLogon parameter) or simply makes the default user name (DefaultUserName parameter), and can also enter a command in RunOnceEx , understands any paths (local, UNC, global, variables).

A program similar in functionality recently made its way to MSFN - .

Conclusion

As you can see, accounts are a fairly large and important topic in autoinstallation. However, in reality it turns out to be quite simple if you understand the mechanisms for creating accounts and autologin. There are various options for solving problems, as well as built-in Windows commands and utilities that will help with this.

Let's consider two simple ways Granting the account local administrator rights.

After you have created an account on the server Windows Server, the question often arises, how to add a user to the local administrators group?

In this article we will show how to add a user to local admins using an example operating system Windows Server 2012 R2. All information applies to any other supported Windows operating systems. Naturally, to perform these operations, the account making these changes must have administrative rights.

Adding to the Administrators Group Using the Computer Management Console

Adding a user as an administrator using the net user command

Log into the Windows operating system under an account that has administrator rights and launch an elevated command prompt.

To display a list of all local user accounts on the system, enter the command

As you can see, there are 6 accounts in the system.

To add the root user account to the local administrators group, run the following command and press Enter:

net localgroup administrators root /add

In Russian version Windows local The administrators group is named differently, so if the previous command returned the error "The specified local group does not exist", use a different command:

net localgroup "Administrators" root /add

If you need to add a domain user account to system administrators Active Directory, the command format will be like this:

net localgroup administrators yourdomain\root /add

You can check the composition of the local administrators group using the command:

Net localgroup administrators

As you can see, the root user account is now the server administrator.

Long gone are the days when Windows installation had to use boot diskette. If not for experiments with reinstalling Windows(I remember the delight of installing Millenium instead of 98) and frequent use CMD and its utilities, then the desire to learn something more, something that lies beyond, would have sunk into oblivion.

As a rule, at that time the main functionality (I remember I also bought a book on computer science) was to use standard utilities, like , or format Nowadays, times are different, and perhaps even a middle school student can easily overtake a teacher in computer science if the teacher does not have the Internet, but the student has, plus, a great desire to learn something new. Unfortunately, you often see these schoolchildren on TV, in the news with the loud title “Schoolchildren stole $5,000 from electronic wallets” or something similar.

Perhaps every user personal computer from the operating room Windows system created an account at least once, or saw how it was done. And, perhaps, many are proud that they have an account with Administrator rights, but if they also set a password... then, perhaps, they feel like a king. If when using the Control Panel everything is quite simple - you created a new unit, selected the “administrator” type, set a password and that’s it, you can go to bed peacefully. However, if we try to do the same thing, that is, then many unexpected and interesting moments will appear before our eyes. And so, in order to add or remove a user from the command line, use the command netuse, which is used in conjunction with the following parameters:

net user NewUser New pass / active:no / add

Then it will not be displayed during system boot and even in the “User Accounts” applet.

If you run the net user command without parameters, you can see that in addition to the user created from the command line, there is also... Account Administrator and Guest. Unfortunately, this command does not show which is activated and which is not. It is worth remembering that the built-in system Accounts Administrator and Guest cannot be deleted using the command netuser Administrator / delete. They can only be disabled:

net user Guest / active:no net user Administrator / active:no

It is worth remembering that these accounts may have other names (Administrator, admin...). And now the most interesting thing, if you are a happy owner of XP, for example SP3 (I believe that a lot also depends on the build), then when installing the operating system, the “Administrator” Account remains enabled; moreover, it is not displayed when you log in. There is a video on the Internet with the loud title “Bypassing the administrator password”, and so, when logging in to the system (when the welcome window appears), it was enough to enter the combination CTRL+Alt+DEL(twice), in the window that appears, enter Administrator and Enter, you will be logged into the system, and even with administrator rights! It is clear that if the account does not have a password and is active, then nothing prevents you from getting into the middle. For the curious, you can open Control Panel/Administration/Computer Management and similarly see which accounts exist and which are active. But, if you are the lucky owner of Seven, then the trick with CTRL+Alt+DEL will no longer work, since the Administrator is disabled.

But, creating a user from the command line using the net user utility, he will automatically be enrolled in the users group, which is not good, especially if we want to do our shady deeds under this account.

And so, the next command netlocalgroup allows you to view existing groups in the system and add a new user from CMD (command line) to a particular group. Having performed similar actions, we will see that there are not two groups as expected (Administrators and Guests), but much more.

Okay, let's add NewUser to the administrators group:

Here it is worth paying attention to Seven, there is sometimes a very annoying UAC mechanism - User Account Control. When you try to install or change something on the system, it offers the option to allow it or not. Sometimes this mechanism does not allow you to install a game or software package (it is worth remembering that some only work if, for example, creating a user from the command line if you run it as an administrator), in this case you can try activating the built-in system entry Administrator and already perform the necessary actions under it. BUT!!! Afterwards, you need to either disable it again, or set a password, out of harm’s way.

In this article we will look at most common tasks related to local accounts OS users Windows, namely we:

• Let's create local account user. [ Three universal ways 2 V GUI, 1 V cmd]
• Let's consider shift/setting a password local account.
• Let's add a user to the group.[ In general you may need to add a user to any another groupAdministrators local administrator]

Also, along the way, we will consider options that are not so important, but come to our attention.

All material presented in this article tested on OS Windows 10 And Windows Server 2016.

Working with local account on Windows

1. - Working in "Local users and groups"

", follow the steps -> Let's go to " Execute"[ Win+R ] -> Enter - lusrmgr.msc -> Click " OK".(Fig.1.1)

Fig.1.1 - Run - lusrmgr.msc

1.1. - Create a local account

A window will open - "".(Fig.1.2)

In the middle we see user list existing in the system.

In order to create local user, on the left, right-click on the section " Users" and in the drop-down menu select - "".

Fig.1.2 - Local users and groups.

A window will open - "".(Fig.1.3)

The standard procedure for adding a user... enter whatever we want... in my case, I create a user with the name - firstdeer .

• User: firstdeer
• Full name: firstdeer
• Description: you don't have to enter it. [ ]
• Password: default minimum password length 0 characters[ as in Windows 10, and in Windows Server 2016], so if necessary, you don’t have to enter a password. [ What is not recommended when working with Windows Server 2016... safety is everything... ]

Pay attention to the checkbox - " Require a password change the next time you log in", by default it included, if you are creating a user for yourself, then for convenience it would be better turn off. If you uncheck this box, the following checkboxes will become active:

• The password has no expiration date.[ By default, the password expiration date is 42 day, if necessary, it can be changed in group policies ]

Also pay attention to the checkbox - " Disable account". - Existing in the system account May be disabled if she disabled, then with the help of it it is forbidden will log in in the system. [ For example, in Windows 10 default disabled standard accounts - " Administrator" And " Guest"]

After entering all the data -> Click - " Create" -> all entered information will disappear -> click " Close".

Fig.1.3 - New user.

That's it, account created, Can login using it in the system.

1.2. - Change/Set account password

Attention!!! This password change method should only be used if the user forgot my password And there is no disk with the password archive

In order to Change/Set a password user account, you need to find in the list of users the desired user -> Right click on it -> Select an item from the drop-down menu " Set a password".(Fig.1.4)

delete account[ By selecting " Delete"]

Fig.1.4 - Local users and groups.

Will open warning ↓(Fig.1.5):

Resetting your password may lead to irreversible loss of information for this user account. For safety reasons Windows protects some information, prohibiting access to it when the user password is reset.

This command should be used, only if user forgot his password And there is no disk with the password archive. If there is such a disk, then you should use it to set a new password.

If the user knows the password and wants to change it, press the keys CTRL+ALT+DELETE and press the button " Change password".

Click " Continue".

Fig.1.5 - Setting a password for the user.

In the next window Enter And Confirm new password, and also pay attention to warning(Fig.1.6):

A little about password complexity, for general development.

Password complexity is regulated by group policy - " The password must meet complexity requirements", by default this policy is Windows 10 turned off, and in Windows Server 2016 included, therefore in Windows 10 You can set any password, and in Windows Server 2016 you'll have to come up with a password at least 6 characters long, which does not contain the user account name or parts of the full user name longer than two adjacent characters, and also contains characters from three of the four categories listed below:

• Latin capital letters [ from A to Z ]
• Latin small letters [ from a to z ]
• Numbers [ from 0 to 9 ]
• Characters other than letters and numbers [ for example, !, $, #, % ]

It's strange that the system creation local user does not look for presence group policy, and when changing an existing password the user looks...

If you click the " OK", the following will happen:

This account immediately will lose access to all my encrypted files , saved passwords And personal security certificates.

Click - " OK".

Fig.1.6 - Setting a password for the user.

All! Password has been changed!

1.3. - Adding a user to the "Administrators" group

to any another group, but we will consider adding the user to the group" Administrators", thereby making our user local administrator".

Let's get started.

In the window - "", we see our newly created user. (Fig. 1.7)

Click on the user right mouse button -> go to " Properties".

Fig.1.7 - Local users and groups.

In the window Properties"on tab" General", you can edit the details of an existing user, such as " Full name" And " Description".(Fig.1.8)

You can also check the following boxes if necessary:

• Require a password change the next time you log in.
• Prevent the user from changing the password.
• The password has no expiration date.
• Disable account.

We have already discussed this in the previous paragraph...

Fig.1.8 - Properties - General.

Go to the tab " Group Membership".(Fig.1.9)

If you need to make your user local administrator, then here you need to add it to the group " Administrators".

Click - " Add".

Fig.1.9 - Properties - Group membership.
Fig.1.10 - Select: Groups.

-> Click " Search" -> we see a list of everyone local groups -> Select " Administrators" -> Click " OK".(Fig.1.11)

Fig.1.11 - Select: Groups.

Here also - Click " OK".(Fig.1.12)

Fig.1.12 - Select: Groups.

To make changes" Group Memberships" came into force necessary relogin in the system.

1.4. - Roamable account

In the window Properties"on tab" Profile", you can do roaming account.(Fig.1.13)

Let's say we have file server[ Shared folder ] With IP address - 10.0.0.25 profile And home folder user - firstdeer was stored on this server.

• Profile path to which - \\10.0.0.25\Users\firstdeer
• Home directory path to which -

[ I personally tested with existing folders on the server. ]

There's nothing complicated here, it's simple insert paths and press - " OK".

Fig.1.13 - Roamable account.

On this with the snap "" [ lusrmgr.msc ] let's finish.

2. - Working in "User Accounts"

To open the snap-in " User Accounts", follow the steps -> Let's go to "Run" -> Enter - control userpasswords2 -> Click " OK".(Fig.2.1)

Fig.2.1 - Run - control userpasswords2

2.1. - Create a local account

A window will open - " User Accounts".(Fig.2.2)

To add new local user press the button - " Add".

Please also note that here you can delete account[ by selecting an account and clicking -> "Delete"] , we don't need this right now, but just keep that in mind.

Fig.2.2 - User accounts.

A window will open - " Adding a user".(Fig.2.3)

Standard procedure for adding a user... enter what we want... and click - " Next".

Fig.2.3 - Adding a user.

In the next window just click " Ready".(Fig.2.4)

Fig.2.4 - Adding a user.

Now in the window" User Accounts", our newly created account, with the help of it you can already login in the system.

2.2. - Change/Create account password

IN " User Accounts", if necessary, you can change/create user password.

Choose user -> Click " Change password".(Fig.2.5)

Fig.2.5 - User accounts - Change password.

In the window that opens - " Change password", enter And we confirm new password user -> Click " OK". (Fig.2.6)

Fig.2.6 - Enter and confirm the password.

2.3. - Adding a user to the "Administrators" group

As stated at the beginning of the article - "...you may need to add a user to any another group, but we will consider adding the user to the group" Administrators", thereby making our user local administrator".

Let's get started.

Choose user -> Let's go to " Properties".(Fig.2.7)

Fig.2.7 - User accounts - Properties.

In the properties tab " General", (Fig.2.8) we can change:

• Username: firstdeer
• Full name: firstdeer
• Description: you don't have to enter it. [ it is only needed in order not to get confused in a huge list of accounts ]

Fig.2.8 - User properties - General.

In the properties tab " Group Membership", you can specify access level, provided to this user. [ Add a user to a group ] (Fig.2.9)

Make it normal by the user, Administrator PC, or specify Another access level [ Guests, Remote Desktop Users... ]

As we remember, we were going to make our user here local administrator, so we have two options:

• or switch the radio button to - " Administrator"
• or switch to - " Another" and select the group you need, in our case - " Administrators"

And press " OK".

Fig.2.9 - User properties - Group membership.

To make changes" Group Memberships" came into force necessary relogin in the system.

On this with " User Accounts"[ control userpasswords2 ] let's finish.

Working with a local account in Windows

First we need to run command line with administrator rights, to do this follow the steps -> Let's go to "Run" -> Enter - cmd -> Press on the keyboard keyboard shortcut "CTRL"+"SHIFT"+"ENTER". That's it! Let's get started.

3. - NET USER command

Here we will consider the work only with local accounts.

Team net user intended for account management users. To withdraw the full certificates use the command:

Net user /help

The syntax for this command is:

net user [USER [password | * ] [options]]

net user USER (password | * ) /ADD [options]

net user USER

net user USER

net user USER

3.1. - Displaying a list of existing accounts in the system

In order to look list, existing in the system user accounts, you need to enter the command - net user without parameters (Fig.3.1):

Net user
Fig.3.1 - Command output - net user.

As you can see, there are three accounts in my system:

• DefaultAccount
• Administrator
• Guest

3.2. - Creating/Deleting accounts

/add- In order to create user account without password, use the command:

Net user USER /add

In order to create user account with password:

Net user USER PASSWORD /add

If necessary, you can add to the command parameters described in the next paragraph - .

The command might look something like this: [ immediately with the specified full name, description, time to enter into the system and prohibiting password changes user ] :

Net user USER PASSWORD /add /fullname:"FULL NAME" /comment:"DESCRIPTION" /times:Mon-Fri,09:00-18:00 /passwordchg:no

In my case, I create a user - firstdeer, with password - pa$$w0rd. (Fig.3.2):

Net user firstdeer pa$$w0rd /add
Fig.3.2 - Creating a user account with a password on the command line.

/del -Delete user account:

Net user USER /del

3.3. - Changing accounts

For parameter changes In your account, use the command:

Net user USER PARAMETER1 PARAMETER2 ... PARAMETER5

I bring description of parameters, and the teams for copy-paste:

/fullname:"FULL_NAME" - Add full name:

Net user USER/fullname:"FULL NAME"

/comment:"DESCRIPTION" - Add description account:

Net user USER/comment:"DESCRIPTION"

/expires:( never | DATE) - Specify validity period scientific note:

Meaning never - unlimited period actions.

Net user USER /expires:never

Meaning DATE- indication dates, until which it will be active account. The date is indicated in the format DD.MM.YY. The year can be indicated by four [ 2019] or two [ 19] in numbers. Date elements are separated by a dot [ .] or slash [ /] no spaces.

Net user USER /expires:DD.MM.YY

/passwordchg:( yes | no) - Allow/Prohibit user change mine password.

Allow user change mine password [ default - allowed ] :

Net user USER /passwordchg:yes

Prohibit user change mine password:

Net user USER /passwordchg:no

/passwordreq:( yes | no) - Should/Shouldn't user account have a password [ As a result of my testing... in short, this parameter doesn't work... The user is not prompted to set a password if there is none, and if there is one, the user will be able to remove it ] :

User account must have a password:

Net user USER /passwordreq:yes

User account should not have a password:

Net user USER /passwordreq:no

/countrycode: NNN - Specify country code for the operating system. [ Specifies which country's language files should be used when displaying user help and error messages ] :

I still don’t understand how this parameter works. I tried to specify a bunch of different codes and always got an error in response - " ...invalid value entered". What code should I specify? I don’t know... please tell me in the comments.

Meaning 000 - default country code.

Meaning NNN- the country code you want to specify.

Net user USER /countrycode:NNN

/active:( no | yes) - Turn off/Turn on account. By default, the newly created account is active[ Enabled ] .

Turn off [ make inactive ] it can be done with the command:

Net user USER /active:no

Turn on[ make active ] :

Net user USER /active:yes

/times:( all | TIME ) - Time indication for user login.

Meaning all - no restriction at the time of login.

Net user USER /times:all

Meaning TIME - Time indication, you will understand in more detail how the time is indicated in examples below ↓

Example 1: Let's resolve user log in only with Monday By Friday, With 9 am to 6 pm:

Net user USER /times: Mon-Fri,09:00-18:00

Example 2: Let's resolve user log in only Monday And Thursday, With 9 am to 6 pm:

Net user USER /times: Mon, Thu, 09:00-18:00

Can be specified for each day a different period of time, then the records [ Day, Time period ; Day, Time period ] will have to separate semicolon[;]

Example 3: Let's resolve user log in only Monday- With 9 am to 6 pm, and in Thursday With 12 days to 9 pm:

Net user USER /times: Mon, 09:00-18:00; Thu, 12:00-21:00

Two parameters:

/homedir:" PATH " - Indicates path to home directory user.

/profilepath:" PATH " - Indicates path to login profile to the user's system.

3.4. - View account properties

To view properties account, use the command:

Net user USER

In my case, I look properties user - firstdeer(Fig.3.3):

Net user firstdeer
Fig.3.3 - Viewing account properties.

3.5. - Change/Set account password

In order to change or set a password user account, use the command (Fig. 3.4):

Net user USER *

In my case, I I change my password to the user - firstdeer.(Fig.3.3):

Net user firstdeer *
Fig.3.4 - Changing the account password.

3.6. - Roamable account

Let's say we have file server[ Shared folder ] With IP address - 10.0.0.25, and we need to make sure that profile And home folder user - firstdeer was stored on this server.

• Profile will be stored in a folder on the server, complete path to which - \\10.0.0.25\Users\firstdeer
• Home directory our user will have a folder on the server, complete path to which - \\10.0.0.25\Usersfolder\firstdeer

[ I personally tested with existing folders on the server. ]

In order to realize our plans, we will need two parameters:

/homedir:" PATH " - Indicates path to home directory user.

/profilepath:" PATH " - Indicates path to login profile to the user's system.

to you for copy-paste team:

Net user USER /profilepath:"PATH " /homedir:"PATH "

And in my case the command will look like this:

Net user firstdeer /profilepath:"\\10.0.0.25\Users\firstdeer" /homedir:"\\10.0.0.25\Usersfolder\firstdeer"

3.7. - Adding a user to the "Administrators" group

The first thing you need to do is look exact name of the group, this is done using the command displaying all local groups -net localgroup

Net localgroup

This action is mandatory because group name maybe like on Russian so on English language and team For Russian language won't work in English and vice versa :c

And so I see that I have the names of the groups in Russian, and the group I need is called - " Administrators".(Fig.3.5)

Fig.3.5 - List of local groups.

Now you need see members this groups[ Who's on the list ] .(Fig.3.6)

Net localgroup" Administrators"

As we see in the group " Administrators"there is one account -" Administrator".

Fig.3.6 - View members of the local group.

Now you need add our user to group, for this we use the command:

Net localgroup" GROUP_NAME " "USER " /add

In order to remove a user from a group:

Net localgroup" GROUP_NAME " "USER " /del

In my case, I add a local user - firstdeer to the group Administrators(Fig.3.7):

Net localgroup" Administrators" "firstdeer " /add
Fig.3.7 - Adding a user to a group.

Net localgroup" Administrators"
Fig.3.8 - View members of the local group.

Everything is ok! Our user in group and is local administrator. In order to changes came into force user need to re-login to the system.

How we did the same in PowerShell -