Adding an account from the command line. Adding accounts. Additional parameters of the Net User command

In addition to the above methods, user accounts can be created, modified and deleted using the command line. To do this, you need to perform the following actions:

    Run the command line on behalf of the administrator;

    For creating account with help command line Use the command net User..

The Net User command is used to add users, set passwords, disable accounts, setting parameters and delete accounts. When executing a command without command-line parameters, a list of users' accounts present on the computer is displayed. Information about user accounts are stored in user account database.

Sample team:

net User / Add / Passwordreq: Yes / Times: Monday-Friday, 9 am-6pm / FullName: "NEW User"

Used parameters:

/ Add - This parameter indicates that you need to create a new account;

/ passwordreq - This parameter is responsible for the first input to the system, the user has changed its password;

/ Times. - This parameter determines how many times the user is allowed to log in. Here you can specify both single days and entire ranges (for example SA or M-F). To specify the time, it is allowed both 24-hour format and a 12-hour format;

/ FullName. - This parameter is identical to the Full Name field when creating a user with previous ways.

    2. Creating user accounts for computers in the domain

      3. In the Windows Server Server Operating System in the Active Directory Domain, user accounts can be created six ways:

    Creating users using accessories "Active Directory - Users and Computers"

    Creating users using the Net User command line

    Import users using the CSVDE command

    Import users using the LDIFDE command

    Creating users C. using windows PowerShell

    Creating users using VBScript

Conclusion. Briefly reviewed questions about user accounts. A user account is an entry that contains the information necessary to identify the user when connected to the system, as well as information for authorization and accounting. Methods for creating local user accounts and domain users were considered. Real exercises and tasks are considered in laboratory work number 3 and on practical lesson №2.

Lecture 4. File protection and shared folders.

File System Permissions when accessing resources

File protection and shared folders

The topic of information protection today is popular, more than ever. IT professionals draw knowledge from everywhere: from special articles in the magazine and even from daily newsletters e-mail. Most of the technical means protect the organization's resources from foreign intervention.

But often it is necessary to divide access to information within the enterprise itself. Just imagine what problems may occur if all employees will have access to personal entries of their colleagues.

The NTFS file system in Windows and its powers for shared folders are specifically designed to protect the contents of the folders. general access both internal and external leaks. Consider how to competently assign NTFS authority and manage access to shared folders and files.

File Access Control

Most users are postponing files in open access for some employees of their company. To do this, it is necessary: \u200b\u200b1. To click on the right button on the folder with the files to which you need to provide access. 2. From the Output menu, select Sharing and Security (Sharing and Security). 3. In the Folder Properties dialog box, go to the Sharing tab and select Share This Folder command (Open sharing

1. Enter the folder name in the Share Name column. 2. Optionally, you can add a few explanatory words to the Count COMMENT (description). 3. Click OK.

It must be remembered that the powers specified by default provide access to the contents of the directories to all users (group all). Therefore, they must be limited.

Also, in order to assign different powers for different users, you must disable the default Windows Simple File Sharing option: 1. Open windows Explorer Explorer. 2. Go to the Tools menu. 3. Select Folder Options (Folder Properties). 4. Click the View tab. 5. In the Advanced Settings window, remove the note from the Use Simple File Sharing (Recommended) parameter | Use simple sharing files (recommended). 6. Click OK.

In order to disable the resolution for all (EveryOne) and configure the access level for each user individually: 1. Right-click on the desired folder. 2. From the Outside Menu, select Sharing and Security (Sharing and Security). 3. Press the Permissions (Permissions) button. The Permissions For ... dialog box appears (permissions for ...)

Image B. Setting the access authority on the Share Permissions tab (permissions for the shared resource) Dialog box PERMISSIONS FOR ... (permissions for ...).

4. Select the EveryOne (all) object in the list of presented groups or users. 5. Press the Remove button. 6. Click on the Add button. The Select Users or Groups dialog box (Select: User or Group 7. In the ENTER THE OBJECT NAMES TO SELECT (Enter the names of the selected objects), select Users or groups for which you want to configure access authority, and click OK. 8. On the Group panel OR User Names Highlight objects for which access authority will be configured: You can enable or prohibit (ALLOW or DENY) Full access (Full Control), Reading (Change) and Change (READ) located in the Information folder. 9 . Click OK to make changes to force, and close the dialog box; Click OK to exit the folder properties window.

Powers full access (Full Control) Allow users or groups to read, change, delete and run the files contained in the folder. In addition, such users can create and delete new subfolders in this directory.

Users who have the right to change information in the folder (Change) can view and change the files in the directory, create their files and folders in it and run the programs located in it to execute.

Users and groups endowed with reading information (READ) are allowed only to view the files stored in the directory and run programs. For information on windows disks XP formatted into file nTFS system, You can install additional powers. NTFS authority (permits file System NTFS) NTFS authority in windows Environment Provide an additional set of parameters that can be configured for each individual file or folder. First you need to make sure that Windows settings allow you to work with the NTFS file system: 1. Click Start. 2. Select Run (Run). 3. Enter the COMPMGMT.MSC line and click OK. Computer Management Console opens. 4. Go to the Disk Management object on the Storage tab in order to find out what type of file system is used on each disk. If the disk or one of its partitions is not formatted in NTFS, it can be fixed if you enter Convert X: / FS: NTFS, putting instead of x letter necessary disc or partition. The convert command will change the current disk file system on NTFS, without destroying the data stored on it. However, before starting the team for execution it is better to do backup Disk content. To configure NTFS permissions: 1. Click on the desired file or folder. 2. FROM context menu Select Properties. 3. Click the Security tab. 4. Using the ADD / Remove buttons, add or delete users and groups for which you want to configure NTFS access to access. 5. Select the desired object from the GROUP OR User Names window and assign / prohibit powers by setting or removing the corresponding marks in the Permissions For (Permissions for) window, as shown in the image D. 6. Click OK to save changes.

Picture of D. NTFS authority has a large number of customizable parameters compared to the common access service.

Note that by default subdirectories inherit the properties of their root directory. In order to change this, click on the Advanced button on the Security tab of the Properties dialog box (Properties). Types of NTFS-Powers: Full Control (full access) - Allows users and groups to perform any operations with the folder content, including viewing files and subdirectories, launch application files, managing the list of folder folder, read and run executable files, changing the attributes of files and folders, create new files, add data to files, delete files and subdirectories, as well as changing the powers of access to files and folders. Modify (change) - Allows users and groups to view files and subdirectories, run executable application files, manage the list of the folder's contents, view the folder parameters, change the attributes of folders and files, create new files and subdirectors, add data to files and delete files. READ & EXECUTE (reading and execution) - Allows users and groups to view the list of files and subdirectories, run executable application files, view the contents of the files, as well as change the attributes of files and folders. LIST FOLDER CONTENTS (Folder List) - Allows users and groups to navigate catalogs, work with a list of contents folder, as well as view the attributes of files and folders. Read (reading) - Allows users and groups to view the contents of the folder, read the files and view the attributes of files and folders. Write - Allows users and groups to change the attributes of files and folders, create new folders and files, as well as change and complement the contents of the files. To determine the final powers of a particular user, deduct from NTFS permits provided to him directly (or as a member of the Group), all individual prohibitions (or the prohibitions that he received as a member of the group). For example, if the user has received full access (Full Control) to this folder, but at the same time is a member of the group for which full access is prohibited, then it will not have full access rights. If the user's access level is limited to read & execute (read and execution) and List Folder Contents (folder list) in one group, and at the same time it is prohibited access at the List Folder Contents level (list of folder content), then as a result of it NTFS authority will be limited only to the READ & EXECUTE level (read and execution). For this reason, the administrator should be prohibited with extreme caution, since the prohibited functions have priority before allowed for the same user or group. Windows XP is equipped with a convenient utility to confirm the current user permissions or groups: 1. Open the properties dialog box of the desired file or folder (Properties). 2. Click the Security tab. 3. Click the Advanced button (optional). The Advanced Security Settings For dialog box opens. 4. Click the Effective PERMISSIONS tab. (Image E) 5. Press the SELECT button. 6. The Select User OR GROUP dialog box opens (Select: User or Group). 7. In the ENTER THE OBJECT NAME TO SELECT (Enter the names of the selected objects), enter the name of the user or group whose authority must be confirmed, and click OK. 8. The Advanced Security Settings for (Advanced Security Options ...) dialog box will display the final set of NTFS authority for the selected user or group.

Image E. Effective Permissions tab (valid) helps to easily determine what authority a user or group actually possesses.

Combination of NTFS-permissions with general access authority

To determine the final powers of a user, compare the total authority of shared access with the final NTFS permissions. Remember that access restrictions will dominate the permissions.

For example, if the final NTFS user access rights are limited to the read and execute level, and the total access rights - the level of Full Control (full access), the system will not provide this user with valid full access rights, and chooses the top priority level, In this case, this is an NTFS permission to read and execute.

It is always necessary to remember that the final restrictions in rights prevail over the final permissions. This is a very important point that is easily forgotten, after which it delivers a lot of trouble. Therefore, carefully calculate the relationships of prohibitions and permissions of the authority of NTFS and shared access.

Version in English: techrepublic.com.com

Copying the article is permitted only if the explicit hyperlink is guided by the WinBlog.ru website, as the source of the Russian-language version. )

Visitors to this site are not rarely interested in how to create a new user in Windows 7. Most often such a need arises when more than one person works on one computer. Files and shortcuts of programs of different users begin to be confused on the desktop, and it inevitably creates a lot of inconvenience. In this article, we will tell you how to create a new user in Windows 7 and solve this problem forever.

In order to create a new user you need to open the Start menu and go to the control panel. If you want to create a new user in Windows 8, then use our article about.

So, after you opened the control panel, go to "Add and delete accounts" section.

After that, you will find a list of accounts that have already been added to your operating system. If you have not added anything before, there should be only two users here: the main user (which you created when) and user guest. To add a new user in Windows 7, click on the Create Account link.

All after clicking on the "Account Creation" button new user will be created. Note that if you select the type of account "Normal User", the user using such an account cannot install new programs or make changes to the settings. operating system.

How to create a new user entry in Windows 7 via the command line

You can also create a new user via the command line. In order to create a new Windows 7 user through the command line, you must first start with the administrator rights. How we were already told in one of the articles.

After that, in the command prompt, enter the command:

  • nET User username password user / add

For example, in order to add a user with a nickname Mike and password 123123 you must enter Net User Mike 123123 / Add.

After entering such a command, a new user will be created. But, by default, it will be the usual user (not by the administrator). In order to make this user by the administrator, you must enter another command:

  • nET Localgroup Administrators user_name / Add

For example, in order to make the user Mike administrator, we need to enter a command nET Localgroup administrators Mike / Add.

All seems to add a new user in Windows 7 using the command line is not much more complicated than adding a user through the control panel.

Net User - User Account Management

Command Net User. intended for add, edit or view User accounts on computers. When executing a command in the command prompt without parameters, the list of accounts is displayed. windows userspresent on the computer (this command also works well in Windows 10). User account information is stored in the Windows database.

Net User command syntax

net User [username [Password | *] [parameters]]

net User username (password | *) / Add [Parameters]

net User username , where

  • username - Specifies the name of the user's account, which you can add, delete, edit or view. The name may have a length of up to 20 characters.
  • password - assigns or changing the user password. Enter the asterisk (*) to output invitations to enter the password. When entering the keyboard, the password characters are not displayed on the screen.
  • / Domain. - Performs an operation on the main controller for this computer domain.
  • parameters - Specifies the command line parameter for the command.
  • nET HELP team - Displays the help for the specified NET command.
  • / Delete -Delete a user account.

Additional parameters of the Net User command

  • / Active: (YES | NO) -Activates or deactivates account. If the account is not activated, the user cannot access the server. By default, the account is activated.
  • / Comment: "Text" -Allows you to add a description of the user account (maximum 48 characters). The description text is quoted.
  • / Countrycode: NNN -Uses the country code specified for the operating system, to implement the relevant linguistic files when the user references and error messages are displayed. The value of 0 corresponds to the country code used by default.
  • / EXPIRES: (Date | Never) -Date of the expiration date of the account. The NEVER value corresponds to an unlimited period. The date is indicated in mm / DD / GG or DD / MM / GG, depending on the country's code. A month can be indicated by numbers, completely or in abbreviated form (three letters). The year may indicate two four digits. Date elements are separated by slash (/) without spaces.
  • / FullName: "Name" -The full name of the user (in contrast to the user's account name). The name is indicated in quotes.
  • / Homedir: Path -Specifies the path to the user's home directory. The specified place must exist.
  • / Passwordchg: (YES | NO) -Specifies whether the user can change its password (by default).
  • / Passwordreq: (Yes | No) -Specifies whether the user account should have a password (must be default).
  • / PROFILEPATH [: Path] -Specifies the path to the user login profile.
  • / scriptpath: path -The path to the script used by the user to log in.
  • / Times: (Time | All) -Time to log in. The time parameter is indicated in the format of the day [-Den] [, day [-Den]], an hour [-th] [, hour [-hour]], and an increment equals 1 hour. The name of the week days may be indicated in whole or in abbreviated form. The clock may be indicated in the 12th or 24-hour representation. For a 12-hour view, the designations are AM, PM, A.M. or p.m. All value corresponds to the lack of restrictions on the login time, and the empty value indicates a complete ban on the login. The values \u200b\u200bof the days of the week and time are separated by the comma; Several records for the days of the week and time values \u200b\u200bare separated by a comma point.
  • / Usercomment: "Text" -Allows the administrator to add or change the comment to the account.
  • / Workstations: (_name_name [, ...] | *) -Allows you to specify up to 8 computers from which the user can enter the network. If the / WorkSTATIONS parameter does not specify a list of computers or the value is *, the user can enter the network from any computer.

Net User Team Examples

  • To display the list of all users of this computer, the command serves: net user;
  • To display information about the user "PETR" is the following command: net User Petr;
  • To add a PETR user account with the full name of the user and the right to connect from 8 to 17 hours from Monday to Friday, the following command is used: net User Petr / Add / Times: Mon-Fri, 08: 00-17: 00 / FullName: "Petr".
  • To delete an account, you must enter the command: net User Petr / Delete;
  • For disconnection account must be entered the command: net User Petr / Active: NO.

Video - Working with Net Used Utility

Long ago passed those times when windows installation We had to use the boot diskette. If it were not for experiments with reinstalling Windows (I remember delight from installing Millenium instead of 98) and frequent use CMD and its utilities, then the desire to learn something more, something that lies beyond the edge, would have rushed into oblivion.

As a rule, at that time the main functionality (I also remember the book on computer science bought) was the use of standard utilities, such as other times, and perhaps even the middle class schoolboy will be able to easily overtake teachers in computer science, if the teacher has no Internet, and The schoolboy has, plus, there is a huge desire to know something new. To the great regret, often you have to see these schoolchildren on TV, in the news with a loud name "Schoolchildren stole 5,000 dollars with electronic wallets" or something like that.

Perhaps every users personal computer With operating room windows system At least once created an account, or saw how it was done. And, perhaps, many are proud that they have an account with administrator rights, well, if they also put a password ... then, perhaps, feel the king. If, when using the control panel, everything is quite simple - created a new unit, made a choice of the "administrator" type, installed the password and everything, you can easily go to bed. However, if you try to do the same, that is, there will be many unexpected and interesting moments before our gaze. And so, in order to add or delete the user from the command line, the command is applied net.usewhich is used in conjunction with such parameters:

Net User Newuser New Pass / Active: No / Add

It will not be displayed during system boot and even in the "User Accounts" applete.

If you run the Net User command without parameters, you can see that besides the user, the creation of which was made from the command line, there is, and ... accounting the recording administrator and guest. Unfortunately, this team does not show what is activated, and which is not. It is worth remembering that the built-in system accounting_caps of the administrator and the guest cannot be deleted by the team net.user. Administrator / delete.. You can only turn off:

Net User Guest / Active: No Net User Administrator / Active: NO



It is worth remembering that these accounts may have other names (Administrator, Admin ...). And now the most interesting thing, if you are a happy owner of XP, well, for example SP3 (I suppose it also depends on the assembly), then when installing the operating system, the registration_apission "Administrator" remains on, more, it is not displayed when logging in. On the Internet there is a video under the loud name "We go around the administrator password", so here, when entering the system (when the welcome window appears) it was enough to introduce a combination Ctrl + Alt + Del (twice), in the window that appears, enter Administrator and ENTER, you will be in the system and also with the administrator rights! It is clear that if the account does not have a password, and active, then nothing bothers to get into the middle. For curious, you can open the control panel / administration / computer management and similarly to see which accounts are and what are active. But, if you are a happy seven winner, then the trick with Ctrl + Alt + Del will no longer pass, as the administrator is disabled.

But, creating a user from the command line Through the Net User utility, it will automatically enroll in the group of users that is not good, especially if we want to create our dark divids under this account.

And so, the next team net.localgroup. Allows you to view the group available in the system and add a new user from CMD (command line) to one or another group. Having done similar actions, we will see that the groups are not two as it was assumed (administrators and guests), but much more.

Okay, add newuser to the Administrators group:

It is worth paying attention to the seven, there is sometimes a very annoying UAC mechanism - accounting of accounts. When you try to install something or change in the system, it offers the option to allow or not. Sometimes this mechanism does not allow you to install the game or software package (It is worth remembering that some work only in the case, for example, creating a user from the command line if you run it on the name of the administrator), in this case, you can try to activate the built-in system recording of the administrator and already under it to make the necessary actions. BUT!!! After, it is necessary to disable it or again, or put a password, away from sin.

Here is a certificate of great net. program, more precisely, when working with users: Net User. Sometimes, for example, you need to activate a guest account or administrator in Windows 10 on the client PC. Then short and convenient to memorize Windows net User Guest / Active: Yes It may be more convenient to other ways:

Syntax of this command:

Net User.
[user_name [Password | *] [parameters]]
user_name (password | *) / add [Parameters]
Username
Username

The NET User command allows you to create and change user accounts on computers. When executing a command without parameters, a list of user accounts of this computer is displayed. User Account Information is stored in the user account database.

  • username - The name of the user account you want to add, delete, change or view. The length of the user account name must not exceed 20 characters.
  • password - Assigns or edits the user account password. The length of the password should not be less than the minimum allowable value determined by the / minpwlen parameter net commands Accounts. In addition, the password length should not exceed 14 characters.
  • * - Displays invitations to enter the password. When entering a password at this prompt, it is not displayed on the screen.
  • / Domain. - The operation is performed on the controller of the current domain.
  • / Add. - Adds a user account to the user account database.
  • / Delete. - Deletes the user account from the account database
  • users.

Description of parameters:

  • / Active: (YES | NO) - activates or deactivates account. If the account is inactive, the user will not be able to consult the server. Default value: Yes (Account Active).
  • / COMMENT: "Text"- Allows you to add a description of the user account. The text must be enclosed in quotes.
  • / Countrycode: NNN - Uses the country code of the operating system to enable the relevant linguistic files when the user help and error messages are displayed. The value "0" corresponds to the default country code.
  • / EXPIRES: (Date | NEVER)- Date of the expiration date of the account. The NEVER value corresponds to an unlimited account validity period. The expiration date of the account should be indicated in mm / DD / Gg (GG) format. The month is indicated by the number or title (full or shortened to three letters). The year is indicated by two or four digits. To split the date items, a slash (/) without spaces is used.
  • / FullName: "Name" - The full name of the user (in contrast to the account name). The name must be enclosed in quotes.
  • / Homedir: Path- path to the user's home directory. This path must already exist.
  • / Passwordchg: (YES | NO) - Indicates whether the user can change its password. Default value: Yes (Password change is possible).
  • / Passwordreq: (YES | NO) - Indicates whether the user account must necessarily have a password. Default value: Yes (Password is required).
  • / LOGONPASSWORDCHG: (YES | NO) - Indicates whether the user should change its password when you next log in. Default value: NO (Password Change Not Required).
  • / PROFILEPATH [: Path]- Specifies the path to the user login profile.
  • / Scriptpath: path - The path to the user login scenario.
  • / Times: (Time | All) - Login clock. The TIMES parameter value should be set in the format of the day [-Delen] [, day [-Den]], time [-New] [, time [-Mond]], and the time increment interval is 1 hour. The names of the week of the week can be indicated completely or abbreviated. The clock is set in 12 or 24-hour format. For a 12-hour format, AM, PM, A.M. is used. or p.m. The value of ALL meets the lack of restrictions on the login time, and the empty value indicates a complete ban on the input. The values \u200b\u200bof the days of the week and time are separated by the comma. Several records for the days of the week and time values \u200b\u200bare separated by a comma point.
  • / Usercomment: "Text"- Allows the administrator to add or change the user comment for the account.
  • / Workstations: (computer name [, ...] | *) - Allows you to specify up to 8 computers from which the user can enter the network. If the / Workstations parameter is not specified or set to *, the user will be able to enter the network from any computer.

Net User Team Examples

  • net User -Displays a list of all users of this computer.
  • net User Kyrych. - Displays information about the user "Kyrych".
  • net User. kyrych. / Add / Times: Mon-Fri, 08: 00-17: 00 / FullName: " kyrych." - Adds a Kyrych user account with the full name of the user and the right to connect from 8 to 17 hours from Monday to Friday.
  • net User. kyrych. / Delete. - Deletes the Kyrych account.
  • net User. kyrych. / Active: NO - Disables the account.
  • Forward

Add a comment


New articles:

  • NOT Turns on Network Detection in Windows 7/8/2008/2012
  • Error: This Application Failed to Start Because It Could Not Find OR Load The Qt Fatform Plugin "Windows".
  • Configuring automatic restart of workflows RPHOST.exe server 1C 8.3
  • How to reduce transaction log size (.ldf) in MS SQL 2008/20012

    MS SQL as any decent industrial database, along with the database, logs transaction logs that allow you to roll back the condition ...