Here is a certificate of a remarkable NET program, more precisely, to work with users: Net User. Sometimes, for example, you need to activate a guest account or administrator in Windows 10 on the client PC. Then short and convenient to memorize Windows net User Guest / Active: Yes It may be more convenient to other ways:
Syntax of this command:
Net User.
[user_name [Password | *] [parameters]]
user_name (password | *) / add [Parameters]
Username
Username
The NET User command allows you to create and change user accounts on computers. When executing a command without parameters, a list of user accounts is displayed. this computer. User Account Information is stored in the user account database.
- username - The name of the user account you want to add, delete, change or view. The length of the user account name must not exceed 20 characters.
- password - Assigns or edits the user account password. The password length should not be less than the minimum permissible value defined by the / minpwlen parameter Net Accounts. In addition, the password length should not exceed 14 characters.
- * - Displays invitations to enter the password. When entering a password at this prompt, it is not displayed on the screen.
- / Domain. - The operation is performed on the controller of the current domain.
- / Add - Adds a user account to the user account database.
- / Delete. - Deletes the user account from the account database
- users.
Description of parameters:
- / Active: (YES | NO) - activates or deactivates account. If the account is inactive, the user will not be able to consult the server. Default value: Yes (Account Active).
- / COMMENT: "Text"- Allows you to add a description of the user account. The text must be enclosed in quotes.
- / Countrycode: NNN - Uses the country code of the operating system to enable the relevant linguistic files when the user help and error messages are displayed. The value "0" corresponds to the default country code.
- / EXPIRES: (Date | NEVER)- Date of the expiration date of the account. The NEVER value corresponds to an unlimited account validity period. The expiration date of the account should be indicated in mm / DD / Gg (GG) format. The month is indicated by the number or title (full or shortened to three letters). The year is indicated by two or four digits. To split the date items, a slash (/) without spaces is used.
- / FullName: "Name" - The full name of the user (in contrast to the account name). The name must be enclosed in quotes.
- / Homedir: Path- path to the user's home directory. This path must already exist.
- / Passwordchg: (YES | NO) - Indicates whether the user can change its password. Default value: Yes (Password change is possible).
- / Passwordreq: (YES | NO) - Indicates whether the user account must necessarily have a password. Default value: Yes (Password is required).
- / LOGONPASSWORDCHG: (YES | NO) - Indicates whether the user should change its password when you next log in. Default value: NO (Password Change Not Required).
- / PROFILEPATH [: Path]- Specifies the path to the user login profile.
- / Scriptpath: path - The path to the user login scenario.
- / Times: (Time | All) - Login clock. The TIMES parameter value should be set in the format of the day [-Delen] [, day [-Den]], time [-New] [, time [-Mond]], and the time increment interval is 1 hour. The names of the week of the week can be indicated completely or abbreviated. The clock is set in 12 or 24-hour format. For a 12-hour format, AM, PM, A.M. is used. or p.m. The value of ALL meets the lack of restrictions on the login time, and the empty value indicates a complete ban on the input. The values \u200b\u200bof the days of the week and time are separated by the comma. Several records for the days of the week and time values \u200b\u200bare separated by a comma point.
- / Usercomment: "Text"- Allows the administrator to add or change the user comment for the account.
- / Workstations: (computer name [, ...] | *) - Allows you to specify up to 8 computers from which the user can enter the network. If the / Workstations parameter is not specified or set to *, the user will be able to enter the network from any computer.
Net User Team Examples
- net User -Displays a list of all users of this computer.
- net User Kyrych. - Displays information about the user "Kyrych".
- net User. kyrych. / Add / Times: Mon-Fri, 08: 00-17: 00 / FullName: " kyrych." - Adds a Kyrych user account with the full name of the user and the right to connect from 8 to 17 hours from Monday to Friday.
- net User. kyrych. / Delete. - Deletes the Kyrych account.
- net User. kyrych. / Active: NO - Disables the account.
- Forward
Add a comment
Long ago passed those times when windows installation We had to use the boot diskette. If it were not for experiments with reinstalling Windows (I remember the delight from installing Millenium instead of 98) and the frequent use of CMD and its utilities, then the desire to learn something more, something that lies beyond the edge, rushing into oblivion.
As a rule, at that time the main functionality (I also remember the book on computer science bought) was the use of standard utilities, such as other times, and perhaps even the middle class schoolboy will be able to easily overtake teachers in computer science, if the teacher has no Internet, and The schoolboy has, plus, there is a huge desire to know something new. To the great regret, often you have to see these schoolchildren on TV, in the news with a loud name "Schoolchildren stole 5,000 dollars with electronic wallets" or something like that.
Perhaps every users personal computer With the Windows operating system, at least once created an account, or saw how it was done. And, perhaps, many are proud that they have an account with administrator rights, well, if they also put a password ... then, perhaps, feel the king. If, when using the control panel, everything is quite simple - created a new unit, made a choice of the "administrator" type, installed the password and everything, you can easily go to bed. However, if you try to do the same thing, that is,, then there will be many unexpected and interesting moments. And so, in order to add or delete the user from the command line, the command is applied net.usewhich is used in conjunction with such parameters:
| Net User Newuser New Pass / Active: No / Add |
It will not be displayed during system boot and even in the "User Accounts" applete.
If you run the Net User command without parameters, you can see that besides the user, the creation of which was made from the command line, there is, and ... accounting the recording administrator and guest. Unfortunately, this team does not show what is activated, and which is not. It is worth remembering that the built-in system accounting_caps of the administrator and the guest cannot be deleted by the team net.user. Administrator / delete.. You can only turn off:
| Net User Guest / Active: No Net User Administrator / Active: NO |
It is worth remembering that these accounts may have other names (Administrator, Admin ...). And now the most interesting thing, if you are a happy owner of XP, well, for example SP3 (I suppose it also depends on the assembly), then when installing the operating system, the registration_apission "Administrator" remains on, more, it is not displayed when logging in. On the Internet there is a video under the loud name "We go around the administrator password", so here, when entering the system (when the welcome window appears) it was enough to introduce a combination Ctrl + Alt + Del (twice), in the window that appears, enter Administrator and ENTER, you will be in the system and also with the administrator rights! It is clear that if the account does not have a password, and active, then nothing bothers to get into the middle. For curious, you can open the control panel / administration / computer management and similarly to see which accounts are and what are active. But, if you are a happy seven winner, then the trick with Ctrl + Alt + Del will no longer pass, as the administrator is disabled.
But, creating a user from the command line Through the Net User utility, it will automatically enroll in the group of users that is not good, especially if we want to create our dark divids under this account.
And so, the next team net.localgroup. Allows you to view the group available in the system and add a new user from CMD (command line) to one or another group. Following similar actionsWe will see that the groups are not two as expected (administrators and guests), but much more.
Okay, add newuser to the Administrators group:
It is worth paying attention to the seven, there is sometimes a very annoying UAC mechanism - accounting of accounts. When you try to install something or change in the system, it offers the option to allow or not. Sometimes this mechanism does not allow you to install the game or software package (it is necessary to remember that some work only in the event that the user is creating from the command line if you run it on the name of the administrator), in this case, you can try to activate the administrator's built-in system recording and already Under it, make the necessary actions. BUT!!! After, it is necessary to disable it or again, or put a password, away from sin.
In addition to the above methods, user accounts can be created, modified and deleted using the command line. To do this, you need to perform the following actions:
Launch command line on behalf of the administrator;
To create an account using the command line, use the command net User..
The Net User command is used to add users, set passwords, disable accounts, setting parameters and delete accounts. When executing a command without command-line parameters, a list of users' accounts present on the computer is displayed. Information about user accounts are stored in user account database.
Sample team:
net User / Add / Passwordreq: Yes / Times: Monday-Friday, 9 am-6pm / FullName: "NEW User"
Used parameters:
/ Add - This parameter indicates that you need to create a new account;
/ passwordreq - This parameter is responsible for the first input to the system, the user has changed its password;
/ Times. - This parameter determines how many times the user is allowed to log in. Here you can specify both single days and entire ranges (for example SA or M-F). To specify the time, it is allowed both 24-hour format and a 12-hour format;
/ FullName. - This parameter is identical to the Full Name field when creating a user with previous ways.
Creating user accounts for computers in the domain
In server operating room windows system Server B. domain Active Directory user accounts can be created six ways:
Creating users using accessories "Active Directory - Users and Computers"
Creating users using the Net User command line
Import users using the CSVDE command
Import users using the LDIFDE command
Creating users C. using windows PowerShell
Creating users using VBScript
Conclusion. Briefly reviewed questions about user accounts. A user account is an entry that contains the information necessary to identify the user when connected to the system, as well as information for authorization and accounting. Methods for creating local user accounts and domain users were considered. Real exercises and tasks are discussed in laboratory work number 3 and in practical lesson No. 2.
Lecture 4. File protection and shared folders.
File System Permissions when accessing resources
File protection and shared folders
The topic of information protection today is popular, more than ever. IT professionals draw knowledge from everywhere: from special articles in the magazine and even from daily newsletters e-mail. Most of the technical means protect the organization's resources from foreign intervention.
But often it is necessary to divide access to information within the enterprise itself. Just imagine what problems may occur if all employees will have access to personal entries of their colleagues.
The NTFS file system in Windows and its powers for shared folders are specifically designed to protect the contents of the folders. general access both internal and external leaks. Consider how to competently assign NTFS authority and manage access to shared folders and files.
File Access Control
Most users are postponing files in open access for some employees of their company. To do this, it is necessary: \u200b\u200b1. To click on the right button on the folder with the files to which you need to provide access. 2. From the Output menu, select Sharing and Security (Sharing and Security). 3. In the Folder Properties dialog box, go to the Sharing tab and select Share This Folder command (Open sharing
1. Enter the folder name in the Share Name column. 2. Optionally, you can add a few explanatory words to the Count COMMENT (description). 3. Click OK.
It must be remembered that the powers specified by default provide access to the contents of the directories to all users (group all). Therefore, they must be limited.
Also, in order to assign different powers for different users, you must disable the default Windows Simple File Sharing option: 1. Open windows Explorer Explorer. 2. Go to the Tools menu. 3. Select Folder Options (Folder Properties). 4. Click the View tab. 5. In the Advanced Settings window, remove the note from the Use Simple File Sharing (Recommended) parameter | Use simple sharing files (recommended). 6. Click OK.
In order to disable the resolution for all (EveryOne) and configure the access level for each user individually: 1. Right-click on the desired folder. 2. From the Outside Menu, select Sharing and Security (Sharing and Security). 3. Press the Permissions (Permissions) button. The Permissions For ... dialog box appears (permissions for ...)
Image B. Setting the access authority on the Share Permissions tab (permissions for the shared resource) Dialog box PERMISSIONS FOR ... (permissions for ...).
4. Select the EveryOne (all) object in the list of presented groups or users. 5. Press the Remove button. 6. Click on the Add button. The Select Users or Groups dialog box (Select: User or Group 7. In the ENTER THE OBJECT NAMES TO SELECT (Enter the names of the selected objects), select Users or groups for which you want to configure access authority, and click OK. 8. On the Group panel OR User Names Highlight objects for which access authority will be configured: You can enable or prohibit (ALLOW or DENY) Full access (Full Control), Reading (Change) and Change (READ) located in the Information folder. 9 . Click OK to make changes to force, and close the dialog box; Click OK to exit the folder properties window.
Powers full access (Full Control) Allow users or groups to read, change, delete and run the files contained in the folder. In addition, such users can create and delete new subfolders in this directory.
Users who have the right to change information in the folder (Change) can view and change the files in the directory, create their files and folders in it and run the programs located in it to execute.
Users and groups endowed with reading information (READ) are allowed only to view the files stored in the directory and run programs. For information on windows disks XP formatted into file nTFS system, You can install additional powers. NTFS authority (permits file System NTFS) NTFS authority in windows Environment Provide an additional set of parameters that can be configured for each individual file or folder. First you need to make sure that Windows settings allow you to work with the NTFS file system: 1. Click Start. 2. Select Run (Run). 3. Enter the COMPMGMT.MSC line and click OK. Computer Management Console opens. 4. Go to the Disk Management object on the Storage tab in order to find out what type of file system is used on each disk. If the disk or one of its partitions is not formatted in NTFS, it can be fixed if you enter Convert X: / FS: NTFS, putting instead of x letter necessary disc or partition. The convert command will change the current disk file system on NTFS, without destroying the data stored on it. However, before starting the team for execution it is better to do backup Disk content. To configure NTFS permissions: 1. Click on the desired file or folder. 2. From the context menu, select Properties. 3. Click the Security tab. 4. Using the ADD / Remove buttons, add or delete users and groups for which you want to configure NTFS access to access. 5. Select the desired object from the GROUP OR User Names window and assign / prohibit powers by setting or removing the corresponding marks in the Permissions For (Permissions for) window, as shown in the image D. 6. Click OK to save changes.
Picture of D. NTFS authority has a large number of customizable parameters compared to the common access service.
Note that by default subdirectories inherit the properties of their root directory. In order to change this, click on the Advanced button on the Security tab of the Properties dialog box (Properties). Types of NTFS-Powers: Full Control (full access) - Allows users and groups to perform any operations with the folder content, including viewing files and subdirectories, launch application files, managing the list of folder folder, read and run executable files, changing the attributes of files and folders, create new files, add data to files, delete files and subdirectories, as well as changing the powers of access to files and folders. Modify (change) - Allows users and groups to view files and subdirectories, run executable application files, manage the list of the folder's contents, view the folder parameters, change the attributes of folders and files, create new files and subdirectors, add data to files and delete files. READ & EXECUTE (reading and execution) - Allows users and groups to view the list of files and subdirectories, run executable application files, view the contents of the files, as well as change the attributes of files and folders. LIST FOLDER CONTENTS (Folder List) - Allows users and groups to navigate catalogs, work with a list of contents folder, as well as view the attributes of files and folders. Read (reading) - Allows users and groups to view the contents of the folder, read the files and view the attributes of files and folders. Write - Allows users and groups to change the attributes of files and folders, create new folders and files, as well as change and complement the contents of the files. To determine the final powers of a particular user, deduct from NTFS permits provided to him directly (or as a member of the Group), all individual prohibitions (or the prohibitions that he received as a member of the group). For example, if the user has received full access (Full Control) to this folder, but at the same time is a member of the group for which full access is prohibited, then it will not have full access rights. If the user's access level is limited to read & execute (read and execution) and List Folder Contents (folder list) in one group, and at the same time it is prohibited access at the List Folder Contents level (list of folder content), then as a result of it NTFS authority will be limited only to the READ & EXECUTE level (read and execution). For this reason, the administrator should be prohibited with extreme caution, since the prohibited functions have priority before allowed for the same user or group. Windows XP is equipped with a convenient utility to confirm the current user permissions or groups: 1. Open the properties dialog box of the desired file or folder (Properties). 2. Click the Security tab. 3. Click the Advanced button (optional). The Advanced Security Settings For dialog box opens. 4. Click the Effective PERMISSIONS tab. (Image E) 5. Press the SELECT button. 6. The Select User OR GROUP dialog box opens (Select: User or Group). 7. In the ENTER THE OBJECT NAME TO SELECT (Enter the names of the selected objects), enter the name of the user or group whose authority must be confirmed, and click OK. 8. The Advanced Security Settings for (Advanced Security Options ...) dialog box will display the final set of NTFS authority for the selected user or group.
Image E. Effective Permissions tab (valid) helps to easily determine what authority a user or group actually possesses.
Combination of NTFS-permissions with general access authority
To determine the final powers of a user, compare the total authority of shared access with the final NTFS permissions. Remember that access restrictions will dominate the permissions.
For example, if the final NTFS user access rights are limited to the read and execute level, and the total access rights - the level of Full Control (full access), the system will not provide this user with valid full access rights, and chooses the top priority level, In this case, this is an NTFS permission to read and execute.
It is always necessary to remember that the final restrictions in rights prevail over the final permissions. This is a very important point that is easily forgotten, after which it delivers a lot of trouble. Therefore, carefully calculate the relationships of prohibitions and permissions of the authority of NTFS and shared access.
Version in English: techrepublic.com.com
Copying the article is permitted only if the explicit hyperlink is guided by the WinBlog.ru website, as the source of the Russian-language version. )
Visitors to this site are not rarely interested in how to create a new user in Windows 7. Most often such a need arises when more than one person works on one computer. Files and shortcuts of programs of different users begin to be confused on the desktop, and it inevitably creates a lot of inconvenience. In this article, we will tell you how to create a new user in Windows 7 and solve this problem forever.
In order to create a new user you need to open the Start menu and go to the control panel. If you want to create a new user in Windows 8, then use our article about.
So, after you opened the control panel, go to "Add and delete accounts" section.
After that you will find a list of accounts that have already been added to your operating system. If you have not added anything before, there should be only two users here: the main user (which you created when) and user guest. To add a new user in Windows 7, click on the Create Account link.
All, after clicking on the "Account Change" button, the new user will be created. Please note if you select the type of account "Normal User", the user using such an account cannot install new programs or make changes to the operating system settings.
How to create a new user entry in Windows 7 via the command line
You can also create a new user via the command line. In order to create a new Windows 7 user through the command line, you must first start with the administrator rights. How we were already told in one of the articles.
After that, in the command prompt, enter the command:
- nET User username password user / add
For example, in order to add a user with a nickname Mike and password 123123 you must enter Net User Mike 123123 / Add.
After entering such a command, a new user will be created. But, by default it will ordinary user (not by the administrator). In order to make this user by the administrator, you must enter another command:
- nET Localgroup Administrators user_name / Add
For example, in order to make the user Mike administrator, we need to enter a command nET Localgroup administrators Mike / Add.
All seems to add a new user in Windows 7 using the command line is not much more complicated than adding a user through the control panel.
Good time, readers. Today, once again I had to climb the search for the help of the help. Often you have to help windows users directly from the user account, and at hand it does not turn out tools other than the built-in Windows command line cmd.exe.. When working under limited, the accounting record often has to do some task with Increased administrator rights. cmd.for these tasks, the most appropriate tool is not to enter a multiply password of the administrator, just once run the command line on behalf of the administrator and perform the necessary actions launch the necessary teamsI will describe below:
appwiz.cpl- The installing and deleting of programms
certmgr.msc.- Certificates
ciadv.msc. - Indexing service
cliconfg.- SQL Network Client Program
clipBRD.- Clipboard
cOMPMGMT.MSC. - Computer Management
dCOMCNFG.- Control Console DCOM components
ddeshare.- Shared DDE resources (not working on Win7)
desk.cpl- Screen properties
devmgmt.msc. - Device Manager
dfrg.msc. - Defragmentation of discs
diskmgmt.msc. - Disc management
drwtsn32. - Dr.Watson.
dxdiag - Diagnostics Service DirectX
eudcedit.- Personal Symbols Editor
eventvwr.msc. - View events
firewall.cpl- Windows Firewall Settings
gpedit.msc. - Group Policy
iExpress.- IExpress (I do not know what it is)
fsmgmt.msc - Common folders
fSquirt.- Bluetooth file transfer wizard
chkdsk.- Verification of discs (usually starts with parameters letter_Disk: / F / X / R)
control Printers. - Printers and faxes - not always starts
control Admintools. - Computer Administration - Not always starts
control Schedtasks - assigned tasks (scheduler)
control UserPasswords2 -Managing Accounts
cOMPMGMT.MSC. - Computer Management ( cOMPMGMT.MSC / Computer \u003d PC - remote control Computer PC)
lusrmgr.msc. - Local users and groups
mMC.- creating your snap
mRT.EXE. - removal of malicious programs
msconfig- Setting up the system (auto start, service, etc.)
mSTSC.- Connect to the remote desktop
nCPA.cpl - Network connections
ntmsmgr.msc. - Removable zoom
ntmsoprq.msc. - Requests for removable RAM operators (for XP)
odbcp32.cpl - Data source administrator
perfmon.msc. - Performance
regedit.- Registry editor
rsop.msc. - Further policy
secpol.msc. - Local security parameters ( Local politics security)
services.msc. - Services
sFC / SCANNOW. - Restoration system files
sigverif- Check file signature
sNDVOL - Volume control
sysdm.cpl- Properties of the system
sYSEDIT -System file editor (I do not know what it is)
sYSKEY -Protection of database of accounts
taskmgr. - Task Manager
utilman.Service Program Manager
verifierDriver check manager
wmimgmt.msc. - WMI Management Infrastructure
This list is mostly GUI "Obligations. Below in a separate list, there are console commands.
Also launch applications in the control panel with administrator rights, you can right-click at the same time holding the SHIFT key. And select the launch on behalf. (Runas ...) (relevant for Win XP).
List of console teams:
nBTstat -a PC. - username working for remote machine PC
nET Localgroup Group User / Add - Add to Group GROUP, User User
nET Localgroup Group User. / Delete. - Delete the user from the group
net Send PC "Text""- Send message to PC computer
net Sessions- a list of users
nET Session / Delete- Closes all network sessions
nET USE L: \\\\ computer name \\ folder \\ - Connect the network disk L: folder on a remote computer
net User Name / Active: NO - Block the user
net User Name / Active: Yes - Unlock the user
net User Name / Domain - Information about the user domain
nET User Name / Add - Add user
nET USER Name / Delete- Delete the user
netstat -a. - list of all connections to the computer
rEG Add - add a parameter to the registry
rEG COMPARE. - Compare registry parts.
rEG Copy - copies from one section to another
rEG DELETE. - Removes specified parameter or section
rEG Export - export part of the registry
rEG Import - Accordingly, importing part of the registry
reg Load. - loads the selected part of the registry
rEG Query. - Displays the values \u200b\u200bof the specified registry branch
reg Restore. - Restores the selected part of the registry from the file
rEG SAVE - Saves the selected part of the registry
rEG UNLOAD. - Unloads the selected part of the registry
shutdown. - Turn off the computer, you can turn off the other remotely.
SystemInfo / s Machine - will show a lot of useful about remote machine
