- Understanding Security Groups
- User Account Control: Smarter User Privileges
- Creating and Managing User Accounts
- Working with the User Accounts Dialog Box
- Working with the Local Users and Groups Snap-In
- Setting Account Policies
- Working with Users and Groups from the Command Line
- Creating and Enforcing Bulletproof Passwords
- Sharing Files with Other Users
- Using Parental Controls to Restrict Computer Usage
- Sharing Your Computer Securely
- From Here
This chapter is from the book
This chapter is from the book
This chapter is from the book
Working with Users and Groups from the Command Line
You can script your user and group chores by taking advantage of the NET USER and NET LOCALGROUP commands. These commands enable you to add users, change passwords, modify accounts, add users to groups, and remove users from groups. Note that you must run these commands under the Administrator account, so first follow these steps to open a command prompt session:
- Select Start, All Programs, Accessories.
- Right-click Command Prompt and then click Run as Administrator.
- Enter your User Account Control credentials.
The NET USER Command
You use the NET USER command to add users, set account passwords, disable accounts, set account options (such as the times of day the user is allowed to log on), and remove accounts. For local users, the NET USER command has the following syntax:
NET USER [username [password | * | /RANDOM] [/ADD] [/DELETE] [options]]
|
username |
The name of the user you want to add or work with. If you run NET USER with only the name of an existing user, the command displays the user's account data. |
|
|
password |
The password you want to assign to the user. If you use *, Windows Vista prompts you for the password; if you use the /RANDOM switch, Windows Vista assigns a random password (containing eight characters, consisting of a random mix of letters, numbers, and symbols), and then displays the password on the console. |
|
|
/ADD |
Creates a new user account. |
|
|
/DELETE |
Deletes the specified user account. |
|
|
options |
These are optional switches you can append to the command: |
|
|
/ACTIVE:{YES | NO} |
Specifies whether the account is active or disabled. |
|
|
/EXPIRES:{date | NEVER} |
The date (expressed in the system's Short Date format) on which the account expires. |
|
|
/HOMEDIR:path |
The home folder for the user, which should be a subfolder within %SystemDrive%\Users (make sure that the folder exists). |
|
|
/PASSWORDCHG:{YES | NO} |
Specifies whether the user is allowed to change his password. |
|
|
/PASSWORDREQ:{YES | NO} |
Specifies whether the user is required to have a password. |
|
|
/PROFILEPATH:path |
The folder that contains the user's profile. |
|
|
/SCRIPTPATH:path |
The folder that contains the user's logon script. |
|
|
/TIMES:{times | ALL} |
Specifies the times that the user is allowed to log on to the system. Use single days or day ranges (for example, Sa or M-F). For times, use 24-hour notation or 12-hour notation with am or pm. Separate the day and time with a comma, and separate day/time combinations with semicolons. Here are some examples: M-F,9am-5pm M,W,F,08:00-13:00 Sa,12pm-6pm;Su,1pm-5pm |
|
Note, too, that if you execute NET USER without any parameters, it displays a list of the local user accounts.
The NET LOCALGROUP Command
You use the NET LOCALGROUP command to add users to and remove users from a specified security group. NET LOCALGROUP has the following syntax:
NET LOCALGROUP [group
name1 [name2 ...] {/ADD | /DELETE}
|
group |
This is the name of the security group with which you want to work. |
|
name1 [name2 ...] |
One or more usernames that you want to add or delete, separated by spaces. |
|
/ADD |
Adds the user or users to the group. |
|
/DELETE |
Removes the user or users from the group. |