NET USER Command – Manage User Accounts in Windows CMD

The NET USER command is a Windows Command Prompt utility that creates, modifies, and deletes local user accounts and displays user account information. Use NET USER to list accounts, NET USER username /add to create users, and NET USER username /delete to remove them—essential for system administration, scripting user provisioning, and troubleshooting access issues. Administrator privileges are required for most operations.

Whether you're a system administrator provisioning accounts for new employees, an IT professional resetting forgotten passwords, or a developer automating user setup in deployment scripts, NET USER provides full command-line control over local user accounts. The command supports password policies, account expiration, logon hours, and home directory configuration.

This comprehensive guide covers NET USER syntax, all parameters including /add, /delete, and password options, practical examples for common scenarios, security best practices, troubleshooting tips, and frequently asked questions. By the end, you'll confidently manage local user accounts from the command line.

What Is the NET USER Command?

The NET USER command is a built-in Windows utility for managing local user accounts. It displays user account information, creates new accounts, modifies existing accounts, and deletes accounts. NET USER works with local accounts on the computer; for domain accounts, use NET USER with the /domain option (on domain-joined systems) or Active Directory tools.

NET USER runs in Command Prompt (CMD) and requires Administrator privileges for creating, modifying, or deleting accounts. It is available in all Windows versions from Windows NT through Windows 11 and Windows Server. The command is scriptable and supports batch provisioning for multiple users.

NET USER vs Other User Management Tools

NET USER: Command-line; local accounts; scriptable; built-in
Computer Management: GUI; local users and groups; user-friendly
Active Directory Users and Computers: Domain accounts; enterprise management
PowerShell Get-LocalUser/New-LocalUser: Modern; object-oriented; preferred for scripts

Syntax

NET USER [username [password | *] [options]] [/domain]
NET USER username {password | *} /add [options] [/domain]
NET USER username [/delete] [/domain]
NET USER username [/active:{yes | no}]

Parameters

Parameter	Description
`username`	User account name (up to 20 characters)
`password`	Password for the account; use `*` to prompt
`/add`	Creates a new user account
`/delete`	Deletes a user account
`/domain`	Performs operation on domain (if domain-joined)
`/active:yes	no`
`/comment:"text"`	Account description (up to 48 characters)
`/fullname:"name"`	User's full name
`/expires:{date	never}`
`/passwordreq:{yes	no}`
`/passwordchg:{yes	no}`
`/homedir:path`	Home directory path
`/profilepath:path`	User profile path
`/scriptpath:path`	Logon script path
`/times:{times	all}`
`/workstations:{list	*}`

How to Use NET USER Command

List All User Accounts

Display all local user accounts:

NET USER

Output shows usernames for all local accounts. No Administrator rights needed for listing.

View Specific User Information

Display details for a specific user:

NET USER Administrator

Shows full name, comment, account active status, password requirements, and other settings.

Create a New User Account

Create a user with a password:

NET USER john P@ssw0rd123 /add

Use a strong password. For security, use * to be prompted:

NET USER john * /add

You'll be prompted to enter and confirm the password; it won't appear on screen.

Create User with Full Name and Comment

NET USER john P@ssw0rd123 /add /fullname:"John Smith" /comment:"Sales team"

Disable a User Account

Disable an account without deleting it:

NET USER john /active:no

Re-enable with /active:yes.

Delete a User Account

Remove a user account:

NET USER john /delete

This deletes the account and its profile. Use with caution.

Reset User Password

Change a user's password:

NET USER john NewP@ssw0rd456

Or prompt for password:

NET USER john *

Set Account Expiration

Create a temporary account that expires:

NET USER intern P@ssw0rd123 /add /expires:2026-12-31

Use /expires:never for no expiration (default).

Restrict Logon Hours

Allow logon only during business hours (e.g., M-F 9–5):

NET USER john P@ssw0rd123 /add /times:M-F,09:00-17:00

Use all to allow anytime: /times:all.

Common Use Cases

Create accounts for new employees – Use NET USER /add with full name and comment for quick provisioning.
Reset forgotten passwords – Use NET USER username * to prompt for a new password without exposing it.
Disable departing user accounts – Use /active:no to disable access while preserving data before deletion.
Script bulk user creation – Use NET USER in batch files or scripts for automated provisioning.
Create temporary/contractor accounts – Use /expires to set account expiration for short-term access.
Restrict logon times – Use /times for kiosk or shift workers who should only log on during specific hours.
Audit user accounts – Use NET USER to list accounts and NET USER username for details.
Troubleshoot logon issues – Check if account is active, expired, or locked with NET USER.
Configure home directories – Use /homedir for roaming profiles or network home drives.
Compliance and cleanup – Delete or disable orphaned accounts with /delete or /active:no.

Tips and Best Practices

Run as Administrator – Creating, modifying, or deleting accounts requires elevated privileges.
Use * for password input – Avoid putting passwords in command history: NET USER john * /add.
Use strong passwords – Follow organizational password policy; avoid simple or default passwords.
Document with /comment – Add descriptions: /comment:"IT contractor - Project X".
Set expiration for temp accounts – Use /expires for contractors and interns.
Disable before delete – Disable accounts first to verify no one needs access before deleting.
Backup before bulk changes – Export user list or backup system before mass modifications.
Use /fullname – Set full names for clarity in logs and user lists.
Test in non-production – Verify NET USER commands in a test environment first.
Combine with NET LOCALGROUP – Add users to groups after creation: NET LOCALGROUP Administrators john /add.

Troubleshooting Common Issues

"Access is denied"

Problem: NET USER fails with access denied.

Cause: Insufficient privileges; Administrator rights required for /add, /delete, /active, and password changes.

Solution: Run Command Prompt as Administrator. Right-click cmd.exe → Run as administrator.

Prevention: Use an account with Administrator privileges for user management.

"The password does not meet the password policy requirements"

Problem: Password rejected when creating or changing account.

Cause: Password doesn't meet complexity requirements (length, complexity, history).

Solution: Use a password that meets policy: typically 8+ characters, mix of upper/lower/numbers/symbols. Check local policy with net accounts.

Prevention: Know your organization's password policy before scripting.

"The user name could not be found"

Problem: NET USER reports user not found when modifying or deleting.

Cause: Username typo, or user is a domain account (local NET USER manages local accounts only).

Solution: Verify spelling. Use NET USER to list local accounts. For domain users, use /domain if appropriate or AD tools.

Prevention: Double-check usernames; use NET USER to list before operations.

"System error 5" or "Access Denied" on Domain

Problem: NET USER /domain fails.

Cause: Domain operations require domain admin or delegated rights; may not apply on workgroup computers.

Solution: Ensure computer is domain-joined. Use domain admin account. For workgroup, use NET USER without /domain.

Prevention: Understand domain vs. local account scope.

Related Commands

NET LOCALGROUP – Manage Groups

NET LOCALGROUP adds users to local groups (e.g., Administrators). Use after creating a user to grant permissions.

Example:

NET LOCALGROUP Administrators john /add

When to use: Grant admin rights, add to custom groups.

WHOAMI – Current User

WHOAMI displays the current user and group memberships. Use to verify context before running NET USER.

Example:

WHOAMI

When to use: Verify you're running as the correct account.

RUNAS – Run as Different User

RUNAS runs programs as another user. Use to test accounts created with NET USER.

Example:

RUNAS /user:john cmd

When to use: Testing new accounts, running as different user.

NET ACCOUNTS – Password Policy

NET ACCOUNTS displays or modifies password and logon requirements for the system.

Example:

NET ACCOUNTS

When to use: Checking password policy before creating users.

Frequently Asked Questions

What does the NET USER command do?

NET USER creates, modifies, deletes, and displays local user accounts. It can set passwords, full names, expiration, logon hours, and other account properties. Administrator rights are required for most operations.

How do I create a new user with NET USER?

Use NET USER username password /add. For a secure prompt: NET USER username * /add. Add options like /fullname:"Name" and /comment:"Description" as needed.

How do I reset a user password with NET USER?

Use NET USER username newpassword or NET USER username * to be prompted for the new password. Requires Administrator privileges.

How do I list all user accounts?

Run NET USER without arguments to list all local user account names. Use NET USER username for detailed information on a specific user.

How do I delete a user account?

Use NET USER username /delete. This removes the account and typically the user profile. Run as Administrator.

How do I disable a user account without deleting it?

Use NET USER username /active:no. The account remains but cannot log on. Re-enable with /active:yes.

Can NET USER manage domain accounts?

NET USER with /domain can perform some operations on domain accounts when run from a domain-joined computer with appropriate rights. For full domain management, use Active Directory tools.

What does the * mean in NET USER password?

The * prompts you to enter the password interactively. The password is not displayed or stored in command history—more secure than typing it in the command.

How do I set account expiration with NET USER?

Use /expires:YYYY-MM-DD when creating or modifying: NET USER intern pass /add /expires:2026-12-31. Use /expires:never for no expiration.

How do I restrict when a user can log on?

Use /times: NET USER john pass /add /times:M-F,09:00-17:00. Format: day range, start-end. Use all for no restriction.

Why does NET USER say access is denied?

NET USER requires Administrator privileges for creating, modifying, deleting, and password changes. Run Command Prompt as Administrator.

How do I add a user to the Administrators group?

First create the user with NET USER, then add to the group: NET LOCALGROUP Administrators username /add. Both require Administrator rights.

Quick Reference Card

Command	Purpose	Example
`NET USER`	List all users	View accounts
`NET USER username`	View user details	Check account info
`NET USER user pass /add`	Create user	Add new account
`NET USER user * /add`	Create with prompt	Secure password entry
`NET USER user /delete`	Delete user	Remove account
`NET USER user /active:no`	Disable account	Block logon
`NET USER user newpass`	Reset password	Change password
`NET USER user pass /add /expires:date`	Temp account	Set expiration

Try NET USER Command Now

Explore user management in our Windows Command Simulator. For group management, see NET LOCALGROUP and RUNAS. Browse the full Commands Reference for more Windows CMD utilities.

Summary

The NET USER command manages local user accounts from the command line—creating, modifying, deleting, and displaying account information. Use /add for new users, /delete to remove, /active to enable or disable, and various options for passwords, expiration, and logon restrictions. Always run as Administrator for write operations, and prefer * for password input to avoid exposing passwords. Combine with NET LOCALGROUP to assign users to groups for complete account provisioning.