Back to docs
Tools - ConfigurationUpdated: November 23, 2024

net user

Manage user accounts and view account information.

net user

Command: net user

Category: Configuration

Type: CMD

Purpose

Displays, creates, modifies, and deletes local user accounts on the computer. Use it to view user account details, create new users, change passwords, set account properties, and manage user accounts from the command line.

Quick Summary

Complete command-line user account management. View all local users, check account details, create or delete accounts, change passwords, enable or disable accounts, and configure account properties. Perfect for quick user management, scripting administrative tasks, and troubleshooting account issues.

How to Use

View all local users:

net user

View specific user details:

net user JohnDoe
net user Administrator

Create new user (requires admin):

net user JohnDoe MyPassword123 /add
net user JohnDoe * /add  (prompts for password securely)

Change user password (requires admin):

net user JohnDoe NewPassword123
net user JohnDoe *  (prompts for password)

Delete user (requires admin):

net user JohnDoe /delete

Enable/disable account (requires admin):

net user JohnDoe /active:yes
net user JohnDoe /active:no

Tips and Best Practices

  • Use * instead of typing password to avoid password showing in command history.
  • Check account details with net user username before making changes.
  • Disable accounts rather than deleting when possible (preserves SID and permissions).
  • Use /fullname to set display name: net user JohnDoe pass /add /fullname:"John Doe"
  • Document changes: save account info before and after modifications.
  • Standard users can view basic info; admin rights required to modify or see full details.

Common Use Cases

  • User management: Create, modify, or delete user accounts.
  • Password resets: Reset forgotten passwords (admin only).
  • Account auditing: Review user account settings and status.
  • Troubleshooting: Check if account is enabled, locked, or expired.
  • Automated setup: Script user account creation during deployment.
  • Security: Disable unused or compromised accounts quickly.

Prerequisites

  • Windows Command Prompt or PowerShell
  • No administrator rights required to view basic user list
  • Administrator rights required to view full details, create, modify, or delete accounts
  • Available on all Windows versions

Understanding User Details Output

Example output for net user JohnDoe:

User name                    JohnDoe
Full Name                    John Doe
Comment                      
User's comment               
Country/region code          000 (System Default)
Account active               Yes
Account expires              Never

Password last set            11/23/2024 10:30:00 AM
Password expires             Never
Password changeable          11/23/2024 10:30:00 AM
Password required            Yes
User may change password     Yes

Workstations allowed         All
Logon script                 
User profile                 
Home directory               
Last logon                   11/23/2024 8:00:00 AM

Logon hours allowed          All

Local Group Memberships      *Users                
Global Group memberships     *None

Creating User Accounts

Basic account creation:

net user NewUser MyPassword123 /add

Secure password entry (recommended):

net user NewUser * /add

Account with full name:

net user JDoe * /add /fullname:"Jane Doe"

Account with comment:

net user JDoe * /add /fullname:"Jane Doe" /comment:"Marketing Department"

Account that expires:

net user JDoe * /add /expires:12/31/2024

Account with no password expiration:

net user JDoe * /add /passwordreq:yes /expires:never

Modifying User Accounts

Change password:

net user JohnDoe NewPassword123
net user JohnDoe *  (secure prompt)

Change full name:

net user JohnDoe /fullname:"John Q. Doe"

Add comment:

net user JohnDoe /comment:"IT Department - System Administrator"

Enable account:

net user JohnDoe /active:yes

Disable account:

net user JohnDoe /active:no

Set password to never expire:

net user JohnDoe /expires:never

Set account expiration date:

net user JohnDoe /expires:12/31/2024

Require password change at next logon:

net user JohnDoe /logonpasswordchg:yes

Account Options and Flags

Password options:

  • /passwordreq:yes|no - Require or allow blank password
  • /passwordchg:yes|no - Allow user to change password
  • /expires:date|never - Account expiration date

Account status:

  • /active:yes|no - Enable or disable account
  • /logonpasswordchg:yes|no - Force password change at next logon

Advanced options:

  • /fullname:"Full Name" - Set display name
  • /comment:"Description" - Add account description
  • /homedir:path - Set home directory
  • /scriptpath:path - Set logon script path
  • /times:times|all - Set allowed logon hours
  • /workstations:names|* - Set allowed workstations

Deleting User Accounts

Delete user account:

net user JohnDoe /delete

Warning:

  • Deleting removes the account permanently
  • All files owned by the user remain but show as unknown SID
  • Group memberships and permissions are lost
  • Consider disabling instead: net user JohnDoe /active:no

Password Management

Change password (as admin):

net user JohnDoe NewPassword123

Change own password (standard user):

net user %USERNAME% * /domain

(Will prompt for old and new passwords)

Force password change at next logon:

net user JohnDoe /logonpasswordchg:yes

Set password to never expire:

wmic useraccount where "name='JohnDoe'" set PasswordExpires=false

Troubleshooting

  • "Access is denied" - Requires administrator rights for most operations; run Command Prompt as Administrator.
  • "The user name could not be found" - User doesn't exist; check spelling.
  • "The password does not meet the password policy requirements" - Password too simple; must meet complexity requirements.
  • "System error 5 has occurred" - Insufficient privileges; run as Administrator.
  • "The account is disabled" - Enable account: net user username /active:yes
  • Can't delete Administrator - Built-in Administrator can't be deleted, only disabled.

Account Status Checks

Check if account is enabled:

net user JohnDoe | find "Account active"

Check password expiration:

net user JohnDoe | find "Password expires"

Check last logon:

net user JohnDoe | find "Last logon"

Check group memberships:

net user JohnDoe | find "Group Memberships"

Working with Domain Accounts

View domain user (on domain-joined computer):

net user JohnDoe /domain

Change domain password:

net user JohnDoe * /domain

Note: Domain account management typically requires domain admin privileges.

Scripting Examples

Batch - create user and add to group:

@echo off
set USERNAME=NewUser
set FULLNAME=New User Account

echo Creating user %USERNAME%...
net user %USERNAME% * /add /fullname:"%FULLNAME%"

echo Adding to Remote Desktop Users group...
net localgroup "Remote Desktop Users" %USERNAME% /add

echo User %USERNAME% created successfully.

Batch - disable inactive accounts:

@echo off
REM Disable specific accounts
net user GuestUser /active:no
net user TempAccount /active:no
echo Inactive accounts disabled.

PowerShell alternatives (more powerful):

# List all local users
Get-LocalUser

# Create new user
New-LocalUser -Name "NewUser" -Password (ConvertTo-SecureString "Pass123!" -AsPlainText -Force) -FullName "New User"

# Disable user
Disable-LocalUser -Name "JohnDoe"

# Enable user
Enable-LocalUser -Name "JohnDoe"

# Remove user
Remove-LocalUser -Name "JohnDoe"

# Set password
Set-LocalUser -Name "JohnDoe" -Password (ConvertTo-SecureString "NewPass123!" -AsPlainText -Force)

Security Best Practices

Password policies:

  • Use strong passwords (mix of uppercase, lowercase, numbers, symbols)
  • Never type passwords directly in commands (shows in history)
  • Use * to prompt for password securely
  • Regularly review and rotate passwords

Account management:

  • Disable accounts rather than deleting (preserves audit trail)
  • Use descriptive comments to identify account purpose
  • Regularly audit user accounts and remove unused ones
  • Set expiration dates for temporary accounts
  • Require password changes for new accounts

Monitoring:

REM Save user list for comparison
net user > users-%date:/=-%.txt

Common Scenarios

Scenario 1: Create standard user with desktop shortcut

net user NewUser * /add /fullname:"New User"
net localgroup Users NewUser /add
echo User created. Add to appropriate groups as needed.

Scenario 2: Reset forgotten password

net user JohnDoe * 
echo Password reset for JohnDoe. User will be prompted to change at next logon.
net user JohnDoe /logonpasswordchg:yes

Scenario 3: Disable account for departed employee

net user FormerEmployee /active:no
echo Account disabled. Remove from groups if needed.

Scenario 4: Create temporary account with expiration

net user TempUser * /add /expires:12/31/2024
net localgroup Users TempUser /add
echo Temporary account created. Expires 12/31/2024.

Output to File for Documentation

Save all users:

net user > users-list.txt

Save specific user details:

net user JohnDoe > JohnDoe-details.txt

Create audit report:

@echo off
echo User Account Audit Report > user-audit.txt
echo Generated: %date% %time% >> user-audit.txt
echo. >> user-audit.txt

echo All Local Users: >> user-audit.txt
net user >> user-audit.txt
echo. >> user-audit.txt

echo Administrator Details: >> user-audit.txt
net user Administrator >> user-audit.txt

echo Report saved to user-audit.txt
  • net localgroup - Manage local groups and memberships
  • net accounts - View and modify account policies
  • net user /domain - Manage domain accounts
  • Get-LocalUser (PowerShell) - PowerShell user management
  • lusrmgr.msc - Local Users and Groups GUI (Pro editions)
  • compmgmt.msc - Computer Management console
  • whoami - Display current user information