You can script your user and group chores by taking advantage of the NET USER and NET LOCALGROUP
commands. These commands enable you to add users, change passwords,
modify accounts, add users to groups, and remove users from groups. Note
that you must run these commands under the Administrator account, so
first follow these steps to open a command prompt session:
1. | Select Start, All Programs, Accessories.
|
2. | Right-click Command Prompt, and then click Run As Administrator.
|
3. | Enter your User Account Control credentials.
|
The NET USER Command
You use the NET USER
command to add users, set account passwords, disable accounts, set
account options (such as the times of day the user is allowed to log
on), and remove accounts. For local users, the NET USER command has the following syntax:
NET USER [username [password | * | /RANDOM] [/ADD] [/DELETE] [options]]
username | The name of the user you want to add or work with. If you run NET USER with only the name of an existing user, the command displays the user’s account data. |
password | The password you want to assign to the user. If you use *, Windows 7 prompts you for the password; if you use the /RANDOM
switch, Windows 7 assigns a random password (containing eight
characters, consisting of a random mix of letters, numbers, and
symbols), and then displays the password on the console. |
/ADD | Creates a new user account. |
/DELETE | Deletes the specified user account. |
options | These are optional switches you can append to the command: |
| /ACTIVE:{YES | NO} | | Specifies whether the account is active or disabled. |
| /EXPIRES:{date
| NEVER} | | The date (expressed in the system’s Short Date format) on which the account expires. |
| /HOMEDIR:path | | The home folder for the user, which should be a subfolder within %SystemDrive%\Users (make sure that the folder exists). |
| /PASSWORDCHG:{YES | NO} | | Specifies whether the user is allowed to change his password. |
| /PASSWORDREQ:{YES | NO} | | Specifies whether the user is required to have a password. |
/PROFILEPATH:path | The folder that contains the user’s profile. |
/SCRIPTPATH:path | The folder that contains the user’s logon script. |
/TIMES:{times
| ALL} | Specifies the times that the user is allowed to log on to the system. Use single days or day ranges (for example, Sa or M-F). For times, use 24-hour notation or 12-hour notation with am or pm. Separate the day and time with a comma, and separate day/time combinations with semicolons. Here are some examples:M-F,9am-5pm M,W,F,08:00-13:00 Sa,12pm-6pm;Su,1pm-5pm
|
Caution
If you use the /RANDOM switch to create a random password, make a note of the new password so that you can communicate it to the new user.
Note, too, that if you execute NET USER without any parameters, it displays a list of the local user accounts.
Tip
If you want to force a
user to log off when his logon hours expire, open the Group Policy
Editor and select Computer Configuration, Windows Settings, Security
Settings, Local Policies, Security Options. In the Network Security
category, enable the Force Logoff When Logon Hours Expire policy.
The NET LOCALGROUP Command
You use the NET LOCALGROUP command to add users to and remove users from a specified security group. NET LOCALGROUP has the following syntax:
NET LOCALGROUP [group name1 [name2 ...] {/ADD | /DELETE}
group | This is the name of the security group with which you want to work. |
name1
[name2
...] | One or more usernames that you want to add or delete, separated by spaces. |
/ADD | Adds the user or users to the group. |
/DELETE | Removes the user or users from the group. |