Net Commands – Network Security Management

The NET Command is used to manage network security resources as follows:

View user account password and logon requirements (also displays the machine type – Server or workstation)
NET ACCOUNTS

View password and logon requirements for the network domain.
NET ACCOUNTS /DOMAIN

Set the number of minutes a user has before being forced to log off when the account expires or valid logon hours expire
NET ACCOUNTS /FORCELOGOFF:minutes /DOMAIN

Prevent forced logoff when user accounts expire
NET ACCOUNTS /FORCELOGOFF:NO /DOMAIN

Set the minimum number of characters for a password.
NET ACCOUNTS /MINPWLEN:C /DOMAIN
The range is 0-14 characters; the default is 6 characters.

Set the maximum number of days that a password is valid.
NET ACCOUNTS /MAXPWAGE:dd /DOMAIN
The range is 1-49710; the default is 90 days.

Set passwords to never expire.
NET ACCOUNTS /MAXPWAGE:UNLIMITED /DOMAIN

Set a minimum number of days that must pass before a user can change a password (default = 0)
NET ACCOUNTS /MINPWAGE:dd /DOMAIN

Require that new passwords be different from ‘x’ number of previous passwords
NET ACCOUNTS /UNIQUEPW:x /DOMAIN
The range for ‘x’ is 1-24

Synchoronise the user accounts database (PDC and BDC)
NET ACCOUNTS /SYNC /DOMAIN

View user account details
NET USER [/DOMAIN]

Add a user account.
NET USER username {password | *} /ADD [options] [/DOMAIN]

Modify a user account.
NET USER [username [password | *] [options]] [/DOMAIN]

Delete a username
NET USER username [/DELETE] [/DOMAIN]

Generate a random password:

NET USER administrator /random

Add a group
NET GROUP groupname /ADD [/COMMENT:”text”] [/DOMAIN]

Edit a group
NET GROUP [groupname [/COMMENT:”text”]] [/DOMAIN]

Delete a group
NET GROUP groupname /DELETE [/DOMAIN]

Add a user to a group
NET GROUP groupname username […] /ADD [/DOMAIN]

Delete a user from a group
NET GROUP groupname username […] /DELETE [/DOMAIN]

To View, Add or modify a local group replace GROUP in the commands above with LOCALGROUP.

Examples

Create a group

C:\> NET LOCALGROUP spud /add

Add to guests

C:\> NET LOCALGROUP guests spud /add

Then remove

C:\> NET LOCALGROUP guests spud /delete

C:\> NET LOCALGROUP spud /delete