CMD Add user to the group. Adding accounts. Work in "Local Users and Groups"
In addition to the above methods, user accounts can be created, modified and deleted using the command line. To do this, you need to perform the following actions:
Run the command line on behalf of the administrator;
To create an account with help command line Use the command net User..
The Net User command is used to add users, set passwords, disable accounts, setting parameters and delete accounts. When executing a command without command-line parameters, a list of users' accounts present on the computer is displayed. Information about user accounts are stored in user account database.
Sample team:
net User / Add / Passwordreq: Yes / Times: Monday-Friday, 9 am-6pm / FullName: "NEW User"
Used parameters:
/ Add - This parameter indicates that you need to create a new account;
/ passwordreq - This parameter is responsible for the first input to the system, the user has changed its password;
/ Times. - This parameter determines how many times the user is allowed to log in. Here you can specify both single days and entire ranges (for example SA or M-F). To specify the time, it is allowed both 24-hour format and a 12-hour format;
/ FullName. - This parameter is identical to the Full Name field when creating a user with previous ways.
Creating user accounts for computers in the domain
In the Windows Server Server Operating System in the Active Directory Domain, user accounts can be created six ways:
Creating users using accessories "Active Directory - Users and Computers"
Creating users using the Net User command line
Import users using the CSVDE command
Import users using the LDIFDE command
Creating users C. using windows PowerShell
Creating users using VBScript
Conclusion. Briefly reviewed questions about user accounts. A user account is an entry that contains the information necessary to identify the user when connected to the system, as well as information for authorization and accounting. Methods for creating local user accounts and domain users were considered. Real exercises and tasks are considered in laboratory work number 3 and on practical lesson №2.
Lecture 4. File protection and shared folders.
File System Permissions when accessing resources
File protection and shared folders
The topic of information protection today is popular, more than ever. IT professionals draw knowledge from everywhere: from special articles in the magazine and even from daily newsletters e-mail. Most of the technical means protect the organization's resources from foreign intervention.
But often it is necessary to divide access to information within the enterprise itself. Just imagine what problems may occur if all employees will have access to personal entries of their colleagues.
The NTFS file system in Windows and its powers for shared folders are specifically designed to protect the contents of the folders. general access both internal and external leaks. Consider how to competently assign NTFS authority and manage access to shared folders and files.
File Access Control
Most users are postponing files in open access for some employees of their company. For this you need: 1. Close right-click On the folder with files to which you need to provide access. 2. From the Output menu, select Sharing and Security (Sharing and Security). 3. In the Folder Properties dialog box, go to the Sharing tab and select Share This Folder command (Open sharing
1. Enter the folder name in the Share Name column. 2. Optionally, you can add a few explanatory words to the Count COMMENT (description). 3. Click OK.
It must be remembered that the powers specified by default provide access to the contents of the directories to all users (group all). Therefore, they must be limited.
Also, in order to assign different powers for different users, you must disable the default Windows Simple File Sharing option: 1. Open windows Explorer Explorer. 2. Go to the Tools menu. 3. Select Folder Options (Folder Properties). 4. Click the View tab. 5. In the Advanced Settings window, remove the note from the Use Simple File Sharing (Recommended) parameter | Use simple sharing files (recommended). 6. Click OK.
In order to disable the resolution for all (EveryOne) and configure the access level for each user individually: 1. Right-click on the desired folder. 2. From the Outside Menu, select Sharing and Security (Sharing and Security). 3. Press the Permissions (Permissions) button. The Permissions For ... dialog box appears (permissions for ...)
Image B. Setting the access authority on the Share Permissions tab (permissions for the shared resource) Dialog box PERMISSIONS FOR ... (permissions for ...).
4. Select the EveryOne (all) object in the list of presented groups or users. 5. Press the Remove button. 6. Click on the Add button. The Select Users or Groups dialog box (Select: User or Group 7. In the ENTER THE OBJECT NAMES TO SELECT (Enter the names of the selected objects), select Users or groups for which you want to configure access authority, and click OK. 8. On the Group panel OR User Names Highlight objects for which access authority will be configured: You can enable or prohibit (ALLOW or DENY) Full access (Full Control), Reading (Change) and Change (READ) located in the Information folder. 9 . Click OK to make changes to force, and close the dialog box; Click OK to exit the folder properties window.
Powers full access (Full Control) Allow users or groups to read, change, delete and run the files contained in the folder. In addition, such users can create and delete new subfolders in this directory.
Users who have the right to change information in the folder (Change) can view and change the files in the directory, create their files and folders in it and run the programs located in it to execute.
Users and groups endowed with reading information (READ) are allowed only to view the files stored in the directory and run programs. For information on windows disks XP formatted into file nTFS system, You can install additional powers. NTFS authority (permits file System NTFS) NTFS authority in windows Environment Provide an additional set of parameters that can be configured for each individual file or folder. First you need to make sure that Windows settings allow you to work with the NTFS file system: 1. Click Start. 2. Select Run (Run). 3. Enter the COMPMGMT.MSC line and click OK. Computer Management Console opens. 4. Go to the Disk Management object on the Storage tab in order to find out what type of file system is used on each disk. If the disk or one of its partitions is not formatted in NTFS, it can be fixed if you enter Convert X: / FS: NTFS, putting instead of x letter necessary disc or partition. The convert command will change the current disk file system on NTFS, without destroying the data stored on it. However, before starting the team for execution it is better to do backup Disk content. To configure NTFS permissions: 1. Click on the desired file or folder. 2. From the context menu, select Properties. 3. Click the Security tab. 4. Using the ADD / Remove buttons, add or delete users and groups for which you want to configure NTFS access to access. 5. Select the desired object from the GROUP OR User Names window and assign / prohibit powers by setting or removing the corresponding marks in the Permissions For (Permissions for) window, as shown in the image D. 6. Click OK to save changes.
Picture of D. NTFS authority has a large number of customizable parameters compared to the common access service.
Note that by default subdirectories inherit the properties of their root directory. In order to change this, click on the Advanced button on the Security tab of the Properties dialog box (Properties). Types of NTFS-Powers: Full Control (full access) - Allows users and groups to perform any operations with the folder content, including viewing files and subdirectories, launch application files, managing the list of folder folder, read and run executable files, changing the attributes of files and folders, create new files, add data to files, delete files and subdirectories, as well as changing the powers of access to files and folders. Modify (change) - Allows users and groups to view files and subdirectories, run executable application files, manage the list of the folder's contents, view the folder parameters, change the attributes of folders and files, create new files and subdirectors, add data to files and delete files. READ & EXECUTE (reading and execution) - Allows users and groups to view the list of files and subdirectories, run executable application files, view the contents of the files, as well as change the attributes of files and folders. LIST FOLDER CONTENTS (Folder List) - Allows users and groups to navigate catalogs, work with a list of contents folder, as well as view the attributes of files and folders. Read (reading) - Allows users and groups to view the contents of the folder, read the files and view the attributes of files and folders. Write - Allows users and groups to change the attributes of files and folders, create new folders and files, as well as change and complement the contents of the files. To determine the final powers of a particular user, deduct from NTFS permits provided to him directly (or as a member of the Group), all individual prohibitions (or the prohibitions that he received as a member of the group). For example, if the user has received full access (Full Control) to this folder, but at the same time is a member of the group for which full access is prohibited, then it will not have full access rights. If the user's access level is limited to read & execute (read and execution) and List Folder Contents (folder list) in one group, and at the same time it is prohibited access at the List Folder Contents level (list of folder content), then as a result of it NTFS authority will be limited only to the READ & EXECUTE level (read and execution). For this reason, the administrator should be prohibited with extreme caution, since the prohibited functions have priority before allowed for the same user or group. Windows XP is equipped with a convenient utility to confirm the current user permissions or groups: 1. Open the properties dialog box of the desired file or folder (Properties). 2. Click the Security tab. 3. Click the Advanced button (optional). The Advanced Security Settings For dialog box opens. 4. Click the Effective PERMISSIONS tab. (Image E) 5. Press the SELECT button. 6. The Select User OR GROUP dialog box opens (Select: User or Group). 7. In the ENTER THE OBJECT NAME TO SELECT (Enter the names of the selected objects), enter the name of the user or group whose authority must be confirmed, and click OK. 8. The Advanced Security Settings for (Advanced Security Options ...) dialog box will display the final set of NTFS authority for the selected user or group.
Image E. Effective Permissions tab (valid) helps to easily determine what authority a user or group actually possesses.
Combination of NTFS-permissions with general access authority
To determine the final powers of a user, compare the total authority of shared access with the final NTFS permissions. Remember that access restrictions will dominate the permissions.
For example, if the final NTFS user access rights are limited to the read and execute level, and the total access rights - the level of Full Control (full access), the system will not provide this user with valid full access rights, and chooses the top priority level, In this case, this is an NTFS permission to read and execute.
It is always necessary to remember that the final restrictions in rights prevail over the final permissions. This is a very important point that is easily forgotten, after which it delivers a lot of trouble. Therefore, carefully calculate the relationships of prohibitions and permissions of the authority of NTFS and shared access.
Version in English: techrepublic.com.com
Copying the article is permitted only if the explicit hyperlink is guided by the WinBlog.ru website, as the source of the Russian-language version. )
In this article we will look at the most common Tasks related S. local accounts Users OS. Windows, namely we:
- Create local account User. [ Three versatile methods 2 in GUI., 1 in Cmd]
- Consider shift/password task Local account.
- Add a user group.[ In general, you may need to make a user in any Other groupAdministrators local administrator]
Also, we will simultaneously consider not so important, but the options falling into our attention.
All material presented in this article tested on OS. Windows 10. and Windows Server 2016 .
Working with a local account in Windows
1. - Work in "Local Users and Groups"
", Perform actions -> Go to " Perform"[ Win + R. ] -> Fit - lusrmgr.msc -\u003eClick " OK". (Fig.1.1)
Fig.1.1 - Run - Lusrmgr.msc
1.1. - Creating a local account
Window opens - "". (Fig.1.2)
In the middle we see a list of users existing in system.
In order to create local user, on the left right-click on the section " Users"And in the drop-down menu choose -" ".
Fig.1.2 - local users and groups. Window opens - "". (Fig.1.3)
Standard procedure for adding a user .. We enter what we want .. In my case, I create a user named - firstdeer. .
- User: Firstdeer.
- Full name:firstdeer.
- Description:you can not enter. [ ]
- Password:default Minimum Password Length 0 signs [how in Windows 10.and in Windows Server 2016], Therefore, if necessary, you can not enter the password. [ What is not recommended by working with Windows Server 2016.... Safety is all things ... ]
Pay attention to the tick - " Require a password change in the next log in", by default she includedif you create a user for yourself, then for convenience it would be better turn off. If you remove this tick, check the ticks will be active:
- The password is not limited. [By default, password validity period - 42 day, if necessary, it can be changed in group policies ]
Also pay attention to the tick - " Disable account". - Existing in the system account may be disabled, If she disabledthen with her it is impossible will be authorizein system. [ For example, in Windows 10. default disabled Standard accounts - " Administrator"And" the guest"]
After making all the data -> Click - " Create" -> All information entered will disappear -> click " Close".
Fig.1.3 - new user. All, account created, can login With it in the system.
1.2. - change / set password account
Attention!!! This way of changing the password should be used only if the user forgot your password and no disk with password archive
In order to Change/Set a password User Account, you need to list the user's list, find the desired user -> Click on it right mouse button -> Select an item from the drop-down menu " Set a password". (Fig.1.4)
delete your account[ Choosing " Delete"]
Fig.1.4 - Local users and groups. Opens warning ↓(Fig.1.5):
Password reset can lead to irreversible losses of information For this user account. For security Windows Protects Some information, forbieving access to it when resetting the user password.
This command should be used., if only user forgot your password and no disk with password archive. If there is such a disk, then it should be used to install a new password.
If the user knows the password and wants to change it, you should press the keys Ctrl + Alt + Delete and click the button " Change Password".
Click " Proceed".
Fig.1.5 - Installing a password for the user. In the next window We enter and Reaffirm new password, as well as pay attention to a warning(Fig.1.6):
A little about password complexity,for general development.
Password complexity is regulated group Policy - "Password must meet the requirements of complexity", by default, this policy in Windows 10. turned off, and in Windows Server 2016. Included, on this in Windows 10. You can set any password, and in Windows Server 2016.we'll have to come up with a password not less than 6 charactersthat does not contain a user account name or parts of a full username longer than two standing signs, as well as the signs of three of the four categories listed below:
- Latin capital letters [ from a to z ]
- Latin lowercase letters [ from a to z ]
- Numbers [ from 0 to 9 ]
- Different from letters and numbers signs [ for example,!, $, #,% ]
It is strange that the system when creation local user does not look at the presence group Policy, and when change password existing The user is watching ...
If you click the button " OK", the following will happen:
This Accountimmediately Lost accessto all of their own encrypted Files saved passwordsand personal security certificates.
Click - " OK".
Fig.1.6 - Installing a password for the user. Everything! Password changed!
1.3. - Adding a user to the Administrators group
in any Other groupBut we will look at adding a user to the group " Administrators", thereby make our user local administrator".
Start.
In the window - "", we see our, just created, user. (Fig.1.7)
Click on the user right mouse button -> go to " Properties".
Fig.1.7 - local users and groups. In the window " Properties"On the tab" General"You can edit the data of an existing user, such as" Full name"And" Description". (Fig.1.8)
Also, if necessary, you can put ticks:
- Require a change password when you next log in.
- Disable password change by the user.
- The password is not limited.
- Disable account.
We have already discussed it in the previous paragraph ...
Fig.1.8 - Properties - common. Go to the tab " Group membership". (Fig.1.9)
If you need to make your user local administrator, here you need to add it to the group " Administrators".
Click - " Add".
Fig.1.9 - properties - membership in groups. 
Fig.1.10 - Choice: Groups. -> Click " Search" -> We see a list of all local groups -> Choose " Administrators" -> Click " OK". (Fig.1.11)
Fig.1.11 - Choice: Groups. Here also - Click " OK". (Fig.1.12)
Fig.1.12 - Choice: Groups. In order to change " Group membership"Effective need relogged in system.
1.4. - Moved account
In the window " Properties"On the tab" Profile", you can do Movered account. (Fig.1.13)
Suppose we have file Server [a shared folder ] from IP address - 10.0.0.25 profile and home folder User - firstdeer. stored on this server.
- Profile way to whcih - \\\\ 10.0.0.25 \\ Users \\ Firstdeer
- Domestic catalog way to whcih -
[ Personally, I tested with existing folders on server. ]
There is nothing complicated, just insert the path and click - " OK".
Fig.1.13 - a moving account. On this with a snap "" [ lusrmgr.msc. ] we finish.
2. - Work in "User Accounts"
In order to open the snap " User accounts", Perform actions -> Go to B. "Run" -\u003eFit - control UserPasswords2 -\u003eClick " OK"(Fig.2.1)
Fig.2.1 - Run - Control UserPasswords2 2.1. - Creating a local account
Window opens - " User accounts". (Fig.2.2)
To add new local user Click the button - " Add".
Also note that here you can delete your account[by selecting an account and clicking -> "Delete"] , we don't need it now, but just keep in mind.
Fig.2.2 - user accounts. Window opens - " Adding a user"(Fig.2.3)
Standard procedure for adding a user .. We enter what we want .. and click - " Further".
Fig.2.3 - Adding a user. In the next window, just click " Ready". (Fig.2.4)
Fig.2.4 - Adding a user. Now in the window " User accounts", ours will appear, just created account, with her already you can login in system.
2.2. - Change / Creating a password account
IN " User accounts", if necessary, you can change/create User. password.
Choose user -> Click " Change password". (Fig.2.5)
Fig.2.5 - User Accounts - Change Password. In the opened window - " password change", we enter and reaffirm new password User -> Click " OK". (Fig.2.6)
Fig.2.6 - Enter and confirm the password. 2.3. - Adding a user to the Administrators group
As mentioned at the beginning of the article - "... you may need to make a user in any Other groupBut we will look at adding a user to the group " Administrators", thereby make our user local administrator".
Start.
Choose user -> Go to " Properties". (Fig.2.7)
Fig.2.7 - user accounts - properties. In the properties on the tab " General", (Fig.2.8) We can change:
- Username:firstdeer.
- Full name:firstdeer.
- Description:you can not enter. [ it is only necessary, in order not to get confused in the huge list of accounts ]
Fig.2.8 - User Properties - General. In the properties on the tab " Group membership", you can specify access levelprovided to this user. [ Make a user to the group ] (Fig.2.9)
Make it ordinary User., Administrator PC, or specify Other access level [ Guests, users of the remote desktop ... ]
How we remember we were going to do our user local administrator, so we have two ways:
- or switch radio button on - " Administrator"
- either switch to - " Other"And choose the group you need, in our case -" Administrators"
And click " OK".
Fig.2.9 - user properties - group membership. In order to change " Group membership"Effective need relogged in system.
On this with " User accounts"[ control UserPasswords2. ] we finish.
Working with a local account in Windows
To begin with, we need to run command Line with Administrator RightsTo do this, follow the steps. -> Go to B. "Run" -\u003eFit - cmd -\u003eClick on the keyboard keyboard shortcut "Ctrl"+"Shift."+"ENTER". Everything! Establish.
3. - Command Net User
Here we will consider work only with local accounts.
Team net User. Designed to manage accounts users. For complete output certificates Use the team:
Net User. / Help.
Syntax of this command:
net User [User [Password | * ] [parameters]]
nET User user (password | *) / Add [Parameters]
net User.
net User.
net User.
3.1. - output of the list of existing accounts in the system
To see list, existing in the system User Accounts, you need to enter a command - net User. Without parameters (Fig.3.1):
Net User. 
Fig.3.1 - Displays the command - Net User.
As we see in my system there are three accounts:
- DefaultAccount.
- Administrator
- the guest
3.2. - Creating / Deleting Accounts
/ Add - In order to create User account without passwordTake advantage of the team:
Net User. USER / Add
In order to create User account with password:
Net User. USER PASSWORD / Add
If necessaryto the command you can add parameters describedin the next paragraph -.
The command may look something like this: [ immediately with the specified full name, description, time for the entrance to the system I. prohibiting switter change User. ] :
Net User. User Password / Add / FullName:"FULL NAME" / Comment: "Description" / Times: Mon-Fri, 09: 00-18: 00 / Passwordchg: no
In my case, I create a user - firstdeer. , with password - pA $$ W0RD.. (Fig.3.2):
Net User. firstdeer.
pA $$ W0RD.
/ Add
Fig.3.2 - Creating a password account with a password on the command line.
/ Del. - Delete User account:
Net User. USER / Del.
3.3. - Change accounting records
For changes in parameters In the account, use the command:
Net User. USER Parameter1 Parameter2 ... Parameter5
Come Description of parameterswell and teams for copy-paste:
/ FullName: "Full_In" - Add full name:
Net User. User / FullName:"FULL NAME"
/ COMMENT: "Description" - Add descriptionaccount:
Net User. User / Comment:"DESCRIPTION"
/ expires :( never | DATE ) - Specify validityscientist:
Value NEVER - unlimited time actions.
Net User. USER / EXPIRES: NEVER
Value DATE - Note datesto which will be active Account. Date is indicated in format DD.MM.YG. . Year may indicate four [ 2019] or two [ 19] numbers. Date elements are separated by a point [ .] or slash [ /] without spaces.
Net User. USER / Expires:DD.MM.YG.
/ passwordchg :( yES | no) - Allow/Banuser. changeits own password.
Allow User. change its own password [ default - Allowed ] :
Net User. USER / passwordchg:yes
Banuser. changeits own password:
Net User. USER / passwordchg:no.
/ passwordreq :( yES | no) - Should/Should not User account have a password [As a result of my testing ... In short, this parameter does not work... the user is not invited to set the password if it is not, and if it is, the user will be able to remove it ] :
User account must have a password:
Net User. USER / passwordreq:yes
User account should not have a password:
Net User. USER / passwordreq:no.
/ Countrycode: NNN. - Specify country code for operating system.[ Specifies language files Which country to use when displaying user references and error messages ] :
As this parameter works, I did not understand. I tried to specify a bunch of different codes and in response constantly received a mistake - " ... an invalid value has been introduced". What code does you need to specify? I don't know ... please tell me in comments.
Value 000 - The code of the country used by default.
Value NNN. - The country code you want to specify.
Net User. USER / Countrycode: NNN
/ Active :( no | yes) - Turn off/Enable Account. Default, just created account - active [Included ] .
Turn off[do not active ] It can be commanded by the team:
Net User. USER / Active:no.
Enable [make active ] :
Net User. USER / Active:yes
/ Times :( all. | Time) - Note To log in to the system.
Value all. - no restriction At the time of logging in.
Net User. USER / Times:all.
Value TIME - NoteMore details how time you will understand in the examples below ↓
Example 1: Allowed user. Log in only S. monday by friday, from 9 am before 6 p.m:
Net User. USER / Times: Mon-Fri, 09: 00-18: 00
Example 2: Allowed user. Authorizes only B. monday and thursday, from 9 am before 6 p.m:
Net User. USER / Times: Mon, Thu, 09: 00-18: 00
You can specify for every day your time interval, then records [ Day, temporary_zerome ; Day, temporary_zerome ] Should be divided point with comma [;]
Example 3: Allowed user. Authorizes only B. monday - from 9 am before 6 p.m, and B. thursday from 12 o'Clock in the noon before 9 pm:
Net User. USER / Times: Mon, 09: 00-18: 00; Thu, 12: 00-21: 00
Two parameters:
/ Homedir: " WAY " - Indicates path to the home catalog User.
/ PROFILEPATH: " WAY " - Indicates path to the entrance profile to the user system.
3.4. - View account properties
To view properties Account Take advantage of the command:
Net User. USER
In my case, I look properties User - firstdeer.(Fig.3.3):
Net User. firstdeer.
Fig.3.3 - view your account properties.
3.5. - change / set password account
In order to change or set a password User Account Take advantage of the command (Fig. 4.4):
Net User. USER *
In my case, I i change the password User - firstdeer.. (Fig.3.3):
Net User. firstdeer.
*
Fig.3.4 - Changing a password account.
3.6. - Moved account
Suppose we have file Server [a shared folder ] from IP address - 10.0.0.25and we need to do so that profile and home folder User - firstdeer. stored on this server.
- Profile will be stored in the folder on the server full wayto whcih - \\\\ 10.0.0.25 \\ Users \\ Firstdeer
- Domestic catalog Our user will be a folder on the server full wayto whcih - \\\\ 10.0.0.25 \\ UsersFolder \\ FirstDeer
[ Personally, I tested with existing folders on server. ]
In order to realize the conceived, we will need two parameters:
/ Homedir: " WAY " - Indicates path to the home catalog User.
/ PROFILEPATH: " WAY " - Indicates path to the entrance profile to the user system.
You for copyPasta team:
Net User. USER / PROFILEPATH:"WAY " / Homedir:"WAY "
And in my case the command will look like this:
Net User. firstdeer. / PROFILEPATH:"\\\\ 10.0.0.25 \\ Users \\ Firstdeer" / Homedir:"\\\\ 10.0.0.25 \\ UsersFolder \\ FirstDeer"
3.7. - Adding a user to the Administrators group
First of all you need to see Accurate group name, this is done using the display command all local groups - NET Localgroup
NET Localgroup
This action is mandatory, since group name Maybe like on russian and by english Language I. team for russian language will not work in English and vice versa : C.
And so I see that the name of the groups I have in Russian, and the group you need is called - " Administrators". (Fig.3.5)
Fig.3.5 - List of local groups. Now you need see members This groups [Who is in the list ] . (Fig.3.6)
NET Localgroup " Administrators"
As we see in the group " Administrators"One account number is" Administrator".
Fig.3.6 - View members of the local group. Now you need Add OUR user in groupTo do this, use the team:
NET Localgroup " Name group " "USER " / Add
In order to delete the user from the group:
NET Localgroup " Name group " "USER " / Del.
In my case, I add a local user - firstdeer. Group Administrators(Fig.3.7):
NET Localgroup " Administrators" "firstdeer.
" / Add
Fig.3.7 - Adding a user to the group.
NET Localgroup " Administrators"
Fig.3.8 - View members of the local group.
All OK!Our user in groupand is local administrator. In order to Changeentered into force User.need to Relogged in the system.
How we did the same in PowerShell -
Good time, readers. Today, once again I had to climb the search for the help of the help. Often you have to help windows users directly from the user account, and at hand it does not turn out tools other than the built-in Windows command line cmd.exe.. When working under limited, the accounting record often has to do some task with Increased administrator rights. cmd.for these tasks, the most appropriate tool is not to enter a multiply password of the administrator, just once run the command line on behalf of the administrator and perform the necessary actions launch the necessary teamsI will describe below:
appwiz.cpl- The installing and deleting of programms
certmgr.msc.- Certificates
ciadv.msc. - Indexing service
cliconfg.- SQL Network Client Program
clipBRD.- Clipboard
cOMPMGMT.MSC. - Computer Management
dCOMCNFG.- Control Console DCOM components
ddeshare- Shared DDE resources (not working on Win7)
desk.cpl- Screen properties
devmgmt.msc. - Device Manager
dfrg.msc. - Defragmentation of discs
diskmgmt.msc. - Disc management
drwtsn32. - Dr.Watson.
dxdiag - Diagnostics Service DirectX
eudcedit.- Personal Symbols Editor
eventvwr.msc. - View events
firewall.cpl- Windows Firewall Settings
gpedit.msc. - Group Policy
iExpress.- IExpress (I do not know what it is)
fsmgmt.msc - Common folders
fSquirt.- Bluetooth file transfer wizard
chkdsk.- Verification of discs (usually starts with parameters letter_Disk: / F / X / R)
control Printers. - Printers and faxes - not always starts
control Admintools. - Computer Administration - Not always starts
control Schedtasks. - assigned tasks (scheduler)
control UserPasswords2 -Managing Accounts
cOMPMGMT.MSC. - Computer Management ( cOMPMGMT.MSC / Computer \u003d PC - remote control Computer PC)
lusrmgr.msc. - Local users and groups
mMC.- creating your snap
mRT.EXE. - removal of malicious programs
msconfig- Setting up the system (auto start, service, etc.)
mSTSC.- Connect to the remote desktop
nCPA.cpl - Network connections
ntmsmgr.msc. - Removable zoom
ntmsoprq.msc. - Requests for removable RAM operators (for XP)
odbcp32.cpl - Data source administrator
perfmon.msc. - Performance
regedit.- Registry editor
rsop.msc. - Further policy
secpol.msc. - Local parameters security ( Local politics security)
services.msc. - Services
sFC / SCANNOW. - Restoration system files
sigverif- Check file signatures
sNDVOL. - Volume control
sysdm.cpl- Properties of the system
sYSEDIT -System file editor (I do not know what it is)
sYSKEY -Protection of database of accounts
taskmgr. - Task Manager
utilman.Service Program Manager
verifierDriver check manager
wmimgmt.msc. - WMI Management Infrastructure
This list is mostly GUI "Obligations. Below in a separate list, there are console commands.
Also launch applications in the control panel with administrator rights, you can right-click at the same time holding the SHIFT key. And select the launch on behalf. (Runas ...) (relevant for Win XP).
List of console teams:
nBTstat -a PC. - username working for remote machine PC
nET Localgroup Group User / Add - Add to Group GROUP, User User
nET Localgroup Group User. / Delete. - Delete the user from the group
net Send PC "Text""- Send message to PC computer
net Sessions- a list of users
nET Session / Delete- Closes all network sessions
nET USE L: \\\\ computer name \\ folder \\ - Connect the network disk L: folder on a remote computer
net User Name / Active: NO - Block the user
net User Name / Active: Yes - Unlock the user
net User Name / Domain - Information about the user domain
nET User Name / Add - Add user
nET USER Name / Delete- Delete the user
netstat -a. - list of all connections to the computer
rEG Add - add a parameter to the registry
rEG COMPARE. - Compare registry parts.
rEG Copy. - copies from one section to another
rEG DELETE. - deletes the specified parameter or section
rEG Export - export part of the registry
rEG Import - Accordingly, importing part of the registry
reg Load. - loads the selected part of the registry
rEG Query. - Displays the values \u200b\u200bof the specified registry branch
reg Restore. - Restores the selected part of the registry from the file
rEG SAVE - Saves the selected part of the registry
rEG UNLOAD. - Unloads the selected part of the registry
shutdown. - Turn off the computer, you can turn off the other remotely.
SystemInfo / s Machine - will show a lot of useful about remote machine
Long ago passed those times when windows installation We had to use the boot diskette. If it were not for experiments with reinstalling Windows (I remember delight from installing Millenium instead of 98) and frequent use CMD and its utilities, then the desire to learn something more, something that lies beyond the edge, would have rushed into oblivion.
As a rule, at that time the main functionality (I also remember the book on computer science bought) was the use of standard utilities, such as other times, and perhaps even the middle class schoolboy will be able to easily overtake teachers in computer science, if the teacher has no Internet, and The schoolboy has, plus, there is a huge desire to know something new. To the great regret, often you have to see these schoolchildren on TV, in the news with a loud name "Schoolchildren stole 5,000 dollars with electronic wallets" or something like that.
Perhaps every users personal computer With operating room windows system At least once created an account, or saw how it was done. And, perhaps, many are proud that they have an account with administrator rights, well, if they also put a password ... then, perhaps, feel the king. If, when using the control panel, everything is quite simple - created a new unit, made a choice of the "administrator" type, installed the password and everything, you can easily go to bed. However, if you try to do the same, that is, there will be many unexpected and interesting moments before our gaze. And so, in order to add or delete the user from the command line, the command is applied net.usewhich is used in conjunction with such parameters:
| Net User Newuser New Pass / Active: No / Add |
It will not be displayed during system boot and even in the "User Accounts" applete.
If you run the Net User command without parameters, you can see that besides the user, the creation of which was made from the command line, there is, and ... accounting the recording administrator and guest. Unfortunately, this team does not show what is activated, and which is not. It is worth remembering that the built-in system accounting_caps of the administrator and the guest cannot be deleted by the team net.user. Administrator / delete.. You can only turn off:
| Net User Guest / Active: No Net User Administrator / Active: NO |
It is worth remembering that these accounts may have other names (Administrator, Admin ...). And now the most interesting thing, if you are a happy owner of XP, well, for example SP3 (I suppose it also depends on the assembly), then when installing the operating system, the registration_apission "Administrator" remains on, more, it is not displayed when logging in. On the Internet there is a video under the loud name "We go around the administrator password", so here, when entering the system (when the welcome window appears) it was enough to introduce a combination Ctrl + Alt + Del (twice), in the window that appears, enter Administrator and ENTER, you will be in the system and also with the administrator rights! It is clear that if the account does not have a password, and active, then nothing bothers to get into the middle. For curious, you can open the control panel / administration / computer management and similarly to see which accounts are and what are active. But, if you are a happy seven winner, then the trick with Ctrl + Alt + Del will no longer pass, as the administrator is disabled.
But, creating a user from the command line Through the Net User utility, it will automatically enroll in the group of users that is not good, especially if we want to create our dark divids under this account.
And so, the next team net.localgroup. Allows you to view the group available in the system and add a new user from CMD (command line) to one or another group. Having done similar actions, we will see that the groups are not two as it was assumed (administrators and guests), but much more.
Okay, add newuser to the Administrators group:
It is worth paying attention to the seven, there is sometimes a very annoying UAC mechanism - accounting of accounts. When you try to install something or change in the system, it offers the option to allow or not. Sometimes this mechanism does not allow you to install the game or software package (It is worth remembering that some work only in the case, for example, creating a user from the command line if you run it on the name of the administrator), in this case, you can try to activate the built-in system recording of the administrator and already under it to make the necessary actions. BUT!!! After, it is necessary to disable it or again, or put a password, away from sin.
Here is a certificate of great net. program, more precisely, when working with users: Net User. Sometimes, for example, you need to activate a guest account or administrator in Windows 10 on the client PC. Then short and convenient to memorize Windows net User Guest / Active: Yes It may be more convenient to other ways:
Syntax of this command:
Net User.
[user_name [Password | *] [parameters]]
user_name (password | *) / add [Parameters]
Username
Username
The NET User command allows you to create and change user accounts on computers. When executing a command without parameters, a list of user accounts is displayed. this computer. User Account Information is stored in the user account database.
- username - The name of the user account you want to add, delete, change or view. The length of the user account name must not exceed 20 characters.
- password - Assigns or edits the user account password. The length of the password should not be less than the minimum allowable value determined by the / minpwlen parameter net commands Accounts. In addition, the password length should not exceed 14 characters.
- * - Displays invitations to enter the password. When entering a password at this prompt, it is not displayed on the screen.
- / Domain. - The operation is performed on the controller of the current domain.
- / Add. - Adds a user account to the user account database.
- / Delete. - Deletes the user account from the account database
- users.
Description of parameters:
- / Active: (YES | NO) - activates or deactivates account. If the account is inactive, the user will not be able to consult the server. Default value: Yes (Account Active).
- / COMMENT: "Text"- Allows you to add a description of the user account. The text must be enclosed in quotes.
- / Countrycode: NNN - Uses the country code of the operating system to enable the relevant linguistic files when the user help and error messages are displayed. The value "0" corresponds to the default country code.
- / EXPIRES: (Date | NEVER)- Date of the expiration date of the account. The NEVER value corresponds to an unlimited account validity period. The expiration date of the account should be indicated in mm / DD / Gg (GG) format. The month is indicated by the number or title (full or shortened to three letters). The year is indicated by two or four digits. To split the date items, a slash (/) without spaces is used.
- / FullName: "Name" - The full name of the user (in contrast to the account name). The name must be enclosed in quotes.
- / Homedir: Path- path to the user's home directory. This path must already exist.
- / Passwordchg: (YES | NO) - Indicates whether the user can change its password. Default value: Yes (Password change is possible).
- / Passwordreq: (YES | NO) - Indicates whether the user account must necessarily have a password. Default value: Yes (Password is required).
- / LOGONPASSWORDCHG: (YES | NO) - Indicates whether the user should change its password when you next log in. Default value: NO (Password Change Not Required).
- / PROFILEPATH [: Path]- Specifies the path to the user login profile.
- / Scriptpath: path - The path to the user login scenario.
- / Times: (Time | All) - Login clock. The TIMES parameter value should be set in the format of the day [-Delen] [, day [-Den]], time [-New] [, time [-Mond]], and the time increment interval is 1 hour. The names of the week of the week can be indicated completely or abbreviated. The clock is set in 12 or 24-hour format. For a 12-hour format, AM, PM, A.M. is used. or p.m. The value of ALL meets the lack of restrictions on the login time, and the empty value indicates a complete ban on the input. The values \u200b\u200bof the days of the week and time are separated by the comma. Several records for the days of the week and time values \u200b\u200bare separated by a comma point.
- / Usercomment: "Text"- Allows the administrator to add or change the user comment for the account.
- / Workstations: (computer name [, ...] | *) - Allows you to specify up to 8 computers from which the user can enter the network. If the / Workstations parameter is not specified or set to *, the user will be able to enter the network from any computer.
Net User Team Examples
- net User -Displays a list of all users of this computer.
- net User Kyrych. - Displays information about the user "Kyrych".
- net User. kyrych. / Add / Times: Mon-Fri, 08: 00-17: 00 / FullName: " kyrych." - Adds a Kyrych user account with the full name of the user and the right to connect from 8 to 17 hours from Monday to Friday.
- net User. kyrych. / Delete. - Deletes the Kyrych account.
- net User. kyrych. / Active: NO - Disables the account.
- Forward