Управление учетными записями Windows через командную строку CMD

Для просмотра и управления учетными записями через командную строку используется команда NET USER.
Если ввести команду net user без параметров, то она покажет список пользователей Windows. Для просмотра справки по команде необходимо указать параметр net user /?

Список основных команд для работы с учетными записями через командную строку:

Добавить пользователя	net user /add имя_пользователя пароль
Включить учетную запись пользователя	net user /active:yes имя_пользователя
Отключить учетную запись пользователя	net user /active:no имя_пользователя
Удалить пользователя	net user /delete имя_пользователя

Для добавления пользователя в группу в командной строке используется команда управления локальными группами net localgroup

Добавить пользователя в группу	net localgroup имя_группы имя_пользователя /add
Удалить пользователя из группы	net localgroup имя_группы имя_пользователя /delete

Например, необходимо создать учетную запись пользователя «Root» с правами администратора и паролем 12345.
Создаем учетную запись: net user /add root 12345
Добавляем созданного пользователя в группу администраторов: net localgroup Администраторы root

Net user command : Manage user accounts from command line

Using Net user command, administrators can manage user accounts from windows command prompt. Below are some examples on how to use this command.

Add a domain user account:

Add new user on local computer:

Advanced options to add new user account can be read in the below article.
Add new user from windows command line.

Disable/Lock a domain user account:

To enable/unlock a domain user account:

Prevent users from changing their account password:

To allow users to change their password:

To retrieve the settings of a user:

thaaaaaaaaanx man for the precious information

One Extra Feature that might be very useful.. is to set the Password to Never Expires:

I am using the /EXPIRES:NEVER switch on the end of the command, however the Never Expires checkbow is not ticked when i check the properties

Please notice that the /expires – switch prevents the the account from expiring, but not to the password.

That’s correct. Thanks Ray for clarifying it here for the benefit of others.

Use This Command To Set “Password Never Expire”

WMIC USERACCOUNT WHERE “Name=’username_here’” SET PasswordExpires=FALSE

Is there a way to change the net user username?

My question is how to create multiple users on a network through a command in command prompt using only single command line.

with a loop for.
FOR/L %variable IN (start, step, end) DO command [Settings]

for /L %U in (10,1,20) do net user user-%U Password /add /dom
(to create 10 users named user-10, user-11 to user-20)

check FOR /F [“options”] %%parameter IN (“Text string to process”) DO command
it’s works but not secure

Very good post on windows command line. Thanks for sharing.

Your command for “Add a domain user account” is incorrect, the proper one is:
Net user domainuser domainpassword /add /domain

Gives result:
“The request will be processed at a domain controller for domain softros.local.
The command completed successfully.”

hi how can i create multiple users from cmd
but just with one command??

i know for creating a new user i can use this:
net user username password /add
and to make him an administrator i can use this:
net user username password administrator /add

correct me if i’m wrong and help me please.

Your query, [hi how can i create multiple users from cmd
but just with one command??] – did you ever get an answer to that question ?
Please let me know.

i am currently locked out of my local administrator account on my windows server 2008 r2

i am able to change user accounts and passwords how ever it still telling me that my username or password is incorrect.

i have created a new user account and password but even the new user account and password doesnt work.

Is there a way to put a number of hours logon to the guest account?

interesting stuff here .. Thanks …

hi every body…
please help me how to add users with environment variable(starting program)?

How can I know who changed password for a user on windows server 2008 R2 from CMD and OS?

How can I check from our Internal domain and not our normal /domain?

Thanks so much! However is there a line to reset a password?

Hi I have forgotten my password to get onto the two accounts set up. When I go into net user neither accounts are showing. I get a message saying
The command completed with one or more errors
Can anyone help

hello guys in my college when i type the command “net users” it shows two accounts one is “guest” and another is “administrator” but in the login screen there are two accounts one is “guest” and another is “ADMIN” .why this ‘ADMIN’ account is not showing in the cmd.

Is there a command line command to add a group or user name under the security tab option Group or user names: for a domain user?

How to check a user which was created in a different trusted domain. Not to the machine joined.

How can we check for an account creation or disablement date in cmd

How can we run a command to replace the email address in AD from powershell

I need your assistance with batch command tomake this change in my secpol.msc!

i need to set the “password policy” > Password must meet complexity….. to be DISABLED or ENABLED

Just be aware that unlocking/enabling a user account also sets it so that the password must be changed on next logon.

I limit login time with “net user time” command of our son account on W10, but when time expire … he is logout from his User account and login under Admin account WITHOUT been asked for Admin´s password!

Any idea why? Thank you.

Please help me can you find the password for profile, when you are on it.

The article seems to think these are the same things.
They are NOT:

Enabled/disable an account.
Lock/unlock an account.

why does the last logon line read “never”? i have this with my current user which i am trying to time restrict. it wont restrict because it claims to have never logged in.

How can I pull the information of a user who is the different domain in Active Directory like IN or BR or AR?

Hello,
Great read! I am hoping u can help me. I am trying to set time limits for a user. However it completed successfully and still allows user to logon when he is not supposed too! Any advice.

what command i can use get net user status in a single query ?i looking for the format
example
account status
admin enabled

Описание команды NET USER

Команда NET USER предназначена для добавления, редактирования или просмотра учетных записей пользователей на компьютерах. При выполнении команды в командной строке без параметров отображается список учетных записей пользователей Windows, присутствующих на компьютере (эта команда также хорошо работает и в Windows 10). Информация об учетных записях пользователей хранится в базе данных Windows.

Синтаксис команды NET USER

net user [имя_пользователя [пароль | *] [параметры]] [/domain]

net user имя_пользователя <пароль | *>/add [параметры] [/domain]

net user имя_пользователя [/delete] [/domain], где

• имя_пользователя — Указывает имя учётной записи пользователя, которую можно добавить, удалить, отредактировать или просмотреть. Имя может иметь длину до 20 символов.
• пароль — Присваивает или изменяет пароль пользователя. Введите звездочку (*) для вывода приглашения на ввод пароля. При вводе с клавиатуры символы пароля не выводятся на экран.

• /domain — Выполняет операцию на контроллере основного для данного компьютера домена.

• параметры — Задает параметр командной строки для команды.

• net help команда — Отображение справки для указанной команды net.

• /delete — Удаление учетной записи пользователя.

Дополнительные параметы команды NET USER

• /active: — Активирует или деактивирует учетную запись. Если учетная запись не активирована, пользователь не может получить доступ к серверу. По умолчанию учетная запись активирована.
• /comment:»текст» — Позволяет добавить описание учетной записи пользователя (максимум 48 символов). Текст описания заключается в кавычки.
• /countrycode: nnn — Использует код страны, указанный для операционной системы, для реализации соответствующих языковых файлов при отображении пользовательской справки и сообщений об ошибках. Значение 0 соответствует коду страны, используемому по умолчанию.
• /expires: <дата | never>— Дата истечения срока действия учетной записи. Значение never соответствует неограниченному сроку действия. Дата указывается в формате мм/дд/гг или дд/мм/гг в зависимости от кода страны. Месяц может указываться цифрами, полностью или в сокращенном виде (тремя буквами). Год может указываться двумя ли четырьмя цифрами. Элементы даты разделяются слэшем (/) без пробелов.
• /fullname:» имя » — Полное имя пользователя (в отличии от имени учетной записи пользователя). Имя указывается в кавычках.
• /homedir: путь — Указывает путь к домашнему каталогу пользователя. Указанное место должно существовать.
• /passwordchg: — Указывает, может ли пользователь изменять свой пароль (по умолчанию может).
• /passwordreq: — Указывает, должна ли учетная запись пользователя иметь пароль (по умолчанию должна).
• /profilepath[:путь] — Указывает путь к профилю входа в систему пользователя.
• /scriptpath: путь — Путь к сценарию, используемому пользователем для входа в систему.
• /times: <время | all>— Время для входа в систему. Параметр время указывается в формате день[-день][,день[-день]],час [-час][,час [-час]], причем приращение равняется 1 часу. Название дней недели могут указываться полностью или в сокращенном виде. Часы могут указываться в 12- или 24-часовом представлении. Для 12-часового представления используются обозначения am, pm, a.m. или p.m. Значение all соответствует отсутствию ограничений на время входа в систему, а пустое значение обозначает полный запрет на вход в систему. Значения дней недели и времени разделяются запятой; несколько записей для значений дней недели и времени разделяются точкой с запятой.
• /usercomment:»текст» — Позволяет администратору добавить или изменить комментарий к учетной записи.
• /workstations: <имя_компьютера[. ] | *>— Позволяет указать до 8 компьютеров, с которых пользователь может войти в сеть. Если для параметра/workstations не указан список компьютеров или указано значение *, пользователь может войти в сеть с любого компьютера.

Примеры команды NET USER

• Для вывода списка всех пользователей данного компьютера служит команда: net user;
• Для вывода информации о пользователе «petr» служит следующая команда: net user petr;
• Для добавления учетной записи пользователя Petr с полным именем пользователя и правом на подключение с 8 до 17 часов с понедельника по пятницу используется следующая команда: net user petr /add /times:Пн-Пт,08:00-17:00/fullname:»Petr».
• Для удаления учетной записи необходимо ввести команду: net user petr /delete;
• Для отключения учетной записи необходимо ввести команду: net user petr /active:no.

Видео — Работа с утилитой NET USER

Add user to group from command line (CMD)

Windows provides command line utilities to manager user groups. In this post, learn how to use the command net localgroup to add user to a group from command prompt’

Add user to a group

Run the steps below –

1. Open elevated command prompt
2. Run the below command

For example to add a user ‘John’ to administrators group, we can run the below command.

Few more examples:

To add a domain user to local users group:

This command should be run when the computer is connected to the network. Otherwise you will get the below error.

To add a domain user to local administrator group:

To add a user to remote desktop users group:

To add a user to debugger users group:

To add a user to Power users group:

This command works on all editions of Windows OS i.e Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows 7. In Vista and Windows 7, even if you run the above command from administrator login you may still get access denied error like below.

The solution for this is to run the command from elevated administrator account. See How to open elevated administrator command prompt

When you run the ‘net localgroup’ command from elevated command prompt:

To list the users belonging to a particular group we can run the below command.

For example to list all the users belonging to administrators group we need to run the below command.

Add new user account from command line (CMD)

Some times we may want to add new users from command line instead of using the UI. For example, if we have to add some 100 users, using a script will save lot of time and manual effort. Windows provides net user command for this purpose. This command works on Windows 2000, Windows XP/2003, Vista and Windows 7.

To add a new user account on the local computer:

Example: To add a new user account with the loginid John and with password fadf24as

Hide password

If you do not want the password to be visible while adding new user account, you can use ‘*’ as shown below.

To add a new user account to the domain:

Note that the command does not include the domain name.

Rename a user account

Net use command does not have any switches to rename a user account. But we can do that using wmic commands. Please check this – Rename user accounts on Windows

Few more Advanced uses of net user command.

To set user full name while creating the user account

To allow user to change password:

To restrict user not to change the password:

To set account expiry time we can use /EXPIRES switch. This can also be used to set that the account never expires.

To specify if the user must have a password set we can use /PASSWORDREQ switch. For more information on all net user options, read this – Net user command: syntax and examples

How to create a new administrator account?

An administrator account can’t be created directly. We first need to create a user account and then add the user to the administrators group.

Errors:

1. If you don’t have privileges to add new user account to the system, you would get an error like below.
2. While adding user to domain, make sure that your computer is connected to the domain. Otherwise it throws up below error.

Related Posts:

Possibly the most in-depth article about adding and deleting users by far. Thank you.

Is there a command/script to create a user in multiple servers at a time, also give him a mandatory chance to change his login password once he logs in the next time, in Windows Server 2003 OS?

You need to run your script on each of the servers. To make it mandatory to change the password, you can use the switch /LOGONPASSWORDCHG.
Command is:
net user loginname password /add /LOGONPASSWORDCHG:yes

Thanks for sharing this. I need to write a batch file to create users through command line. Your tip has helped me. This site is very useful for command prompt users on windows.

Is it possible to create a new user account without specifying a password?

I’m not aware of a way to create user acounts without a password and I wouldn’t recommend it. However I would suggest you could use a randomly generated string to use as the password when the account is created. Or how about the current system time using %time%. For example:
net user loginname %time% /add

It may not work if your password policy is more restrictive.

It is possible
Just type:
Net user Username /ADD

tried this tell’s me it worked then i go switch user and Nothing

thats because you need to login to your account say you had 2 accounts 1 admin the other not you would create the new account dosnt show login to the non admin 1 the lock it u will the find it by pressing swithch user

iam having a username as the member of administrator group. but while using to add a user acc in command prompt it shows the error as system error 5 has occured access denied.

can anyone help this

Are you doing it from elevated administrator command prompt?

Thanks a lot. Simple and solves the purpose immediately.

I am using the /EXPIRES:NEVER switch on the end of the command, however the Never Expires checkbow is not ticked when i check the properties

/Expires switch is for the account but not for the password. /Expires:Never actually sets your a/c not to expire, but not for the password.

Why does mine says access is denied?

Make sure that you have administrator privileges to add new user account.

is it possible to create a user from command promt with normal user

No. Only users with admin privileges can add new users.

Can you please tell me. How to create bulk user in local machine user name & password with Never EXPIRES ..

You can use for loop and create user accounts in bulk.
Check this: For loop examples

wmic path Win32_UserAccount WHERE Name=’PUT_USER_NAME_HERE’ set PasswordExpires=false

Thanks for this article! You have saved me!!
Ciao from Italy

Hey, sorry to ask but how do i get past the System Error 5?

I am on the only Admin account on my lapyop, but it still only says that whenever i try to change anythimg abouy accounts.

Hey, did you tried to lunch command promt: right-click>run as administrator?

You need to check the reply given by admin:
*********************
admin August 27, 2012 at 7:29 am

Are you doing it from elevated administrator command prompt?
************************************************
For elevated command prompt , the below link might be helpful to you
http://www.windows-commandline.com/elevated-command-prompt/

How do I create a local user account on a Domain server? Is there a command that I can use? There is no facility to add a local account on a Domain machine. Please assist

This scenario well describes my issue. How can I get admin. privileges using the embedded Administrator?

An administrator account can’t be created directly. We first need to create a user account and then add the user to the administrators group.

If you don’t have privileges to add new user account to the system, you would get an error like below.
C:\>net user John /add
System error 5 has occurred.
Access is denied.
C:\>

I followed the instructions for command prompt. Keep getting the message: “is not recognized as an internal or external command, operable program or batch file”
I do not have the right click option on command. Have to type Command Prompt in search to to open, then type in the command line which gives me the above posted result.

Hold CTrl and shift together then click on cmd icon after you search it .
This should open as admin.
Fixes your right click problem .

How do you get rid of “system error 5 has occurred” and make me to be able to use commands

Niels, please read the comments, this question was answered 5 times already – hint: elevated privileges.

Command ran successfully – But user directory structure is not there.

For example, under Documents and Settings there is not a directory of the new users Name.

Does the user have to login once for that to be created ?

Yes, account must be logged into to make default profile for user.

My Windows could not start up normally.
And with recovery I needed to login with an user account. But Windows did not see my one account. (that account have administrator access). So what I have done. Next: rebooted my pc into safe mode with cmd
In cmd I made an new administrator account.
Using this cmd code: net username password /ADD
Then i rebooted my pc into advanced recovery. Where I used the option:
Bring Windows back to a restore point.
And logged in with the account I made in cmd.

This helped for me

for creating the user id in local server below is the commend

net user arul “[email protected]″ /ADD /FULLNAME:”James areul” /comment:”server support enginer” /LOGONPASSWORDCHG:yes

I know that you need to be an administrator to run the commands.If you don’t have privileges , you would get an error like below.
System error 5 has occurred.
Access is denied.

I want to query the groups of the user remotely.
net user John /domain
I am able to run this command when i run it via rdp.
But when the same is done via powershell with the administrator, it still gives me a Access is denied error.
How can i resolve this ?

Thanks to your answer. I am also need how to create admin user account with password using CMD-line. Note that when I create it, the password must hidden when I write the password.
Thank you for Your Help me.

Added command in the post to hide the password. Check this out.
Adding admin account is done in two steps, first add user account and then give admin privileges to the account.

But can you add a Microsoft Account with command com?

Useful information here. Keep it up.

Is it possible to use this command to create a user on another machine other than the one you’re actually on when machines are in a workgroup and not on a domain?

Hello Andrew, looking at the syntax the ‘net user’ command supports, I do not think that it can handle workgroup scenario. I would suggest you to try psexec tool by Microsoft.

This was very helpful. 🙂

I came across this article and wondered if maybe you could help. I created a local account for my son on my laptop but I cannot open it every time I try it says logging out. So I tried creating his account as set up in your article and it’s still doing the same I had windows 8 then 8.1 and now 10 and since I updated to 10 I have not been able to access his account I have deleted and added it several times each a different way with no success on any of them. Every thing is up to date and I even ran some kind of system check on it any advice?

In my laptop, I forget the password. How can I set a new user through cmd in safe mode and how I retrieve the data which has been saved in Old User.

I recently bought a laptop that automatically logs in on start up to the standard account, but also has an admin account. Log off and Switch Users don’t allow me to change accounts, it just logs right back in to the standard user account. Tried using runas /user:USername cmd to try and enable elevated privileges, but password is not being accepted. Any ideas?

How long until the commands that create a new domain user and the one that adds it to the domain admins group will take. Iam required to know but I dont have an access to a network to test it.

The commands should finish in few seconds.

Do you know if it is possible to create a small script that would create a standard user with the name taken from the PC-NAME?

I am thinking I would need to use the equivalent of grep for windows? I would need to check to see if there was a command to show computer name, maybe output it to a file and then pull the information from it?

Anyone come across anything like this?

Can you please assist. I was adding an new user on cmd and I did a mistake I only included the username not the password like this “net user (username) /ADD”. then when I try to log in it needs the password while I didn’t set it, and now I’m in trouble please help.

Can you please assist. I have been created a new user my leptop using cmd and I did not included the password like this ” net user ( username ) / ADD “. then when I try to log in to the user it needs password while I didn’t set it.

Does it create a account with admin permissions or standard account permissions…

Newly created user gets automatically deleted on restart, created in cmd access from advanced startup f8.
Is windows 8 very stupid, or am i doing anything wrong?

This works but when you add it in the administrators group. It wont be like a “real admin” account. When you launch cmd it wont start “as admin”

Test comment from Giri 1

Good afternoon! I’ve seen that it is possible to create a user for a certain domain by cmd, but wanted to know if you have how to enter the user soon in a domain group, is it possible?