Windows CLI: Net User

gjacobse

Working with some command line this week I had a PC which lost the Domain trust. After gaining access to the system and dropping it from the domain I had to use the SC command line to force the local admin account so that I could re-sign in.

While looking at this I started looking at the net user command and wondered what else I could do with it.

I have set this command on a test system

net user testNTGtest Cyk4^g3B /add /passwordreq:yes  /fullname:"userTest"

But when I try to sign with this account I am unable to do so, even though the command completed successfully.

There is no mention of any other steps,.. am I missing something?

Dashrender

You'd probably be better off learning about PowerShell commands instead of the older net commands. Not saying net isn't useful, but considering how much more powerful PS is, it's a better place to start.

New-LocalUser

scottalanmiller

Agreed, go with PowerShell.

gjacobse

@dashrender @scottalanmiller

Yea,.. been trying some of that too... with about as much success.

gjacobse

@gjacobse said in Windows CLI: Net User:

@dashrender @scottalanmiller

Yea,.. been trying some of that too... with about as much success.

I.e.: None

Dashrender

Are you using a admin level command prompt or powershell shell?

gjacobse

@dashrender said in Windows CLI: Net User:

Are you using a admin level command prompt or powershell shell?

Neither-

Command line via ScreenConnect

Dashrender

@gjacobse said in Windows CLI: Net User:

@dashrender said in Windows CLI: Net User:

Are you using a admin level command prompt or powershell shell?

Neither-

Command line via ScreenConnect

Well considering that ScreenConnect is an admin tool - I would HOPE that it is running those commands at an admin village level, but really have no clue.

Are you initiating PowerShell when you try to run a PS script?

JaredBusch

@dashrender said in Windows CLI: Net User:

@gjacobse said in Windows CLI: Net User:

@dashrender said in Windows CLI: Net User:

Are you using a admin level command prompt or powershell shell?

Neither-

Command line via ScreenConnect

Well considering that ScreenConnect is an admin tool - I would HOPE that it is running those commands at an admin village level, but really have no clue.

Yes it runs in the context of the service which has admin rights by default.

Mike Davis

I haven't tried it, but it seems like running powershell through screenconnect command line would be problematic at best. I'm not even sure how you would change the execution policy to let you call scripts.

Mike Davis

@gjacobse said in Windows CLI: Net User:

But when I try to sign with this account I am unable to do so, even though the command completed successfully.

Usually the next thing I do after creating a local user like that is add it to the right local group.

Then when logging in, make sure you're using .\testNTGuser
so that it's not looking for a domain account with that name.

gjacobse

@mike-davis said in Windows CLI: Net User:

I haven't tried it, but it seems like running powershell through screenconnect command line would be problematic at best. I'm not even sure how you would change the execution policy to let you call scripts.

Running the command via SC CLI seemed to work perfectly. Just can't sign on.

gjacobse

@mike-davis said in Windows CLI: Net User:

@gjacobse said in Windows CLI: Net User:

But when I try to sign with this account I am unable to do so, even though the command completed successfully.

Usually the next thing I do after creating a local user like that is add it to the right local group.

Then when logging in, make sure you're using .\testNTGuser
so that it's not looking for a domain account with that name.

Right,.. has to be added to the Admin group, and yes the .\ added for local access.

Dashrender

@gjacobse said in Windows CLI: Net User:

@mike-davis said in Windows CLI: Net User:

I haven't tried it, but it seems like running powershell through screenconnect command line would be problematic at best. I'm not even sure how you would change the execution policy to let you call scripts.

Running the command via SC CLI seemed to work perfectly. Just can't sign on.

Have you tried running the same command from a normal command prompt on the system?
Could this be a UAC thing? i.e. the command is run in the system context, but like being logged in as a local admin, launching a command prompt is not the same as right click, run as admin command prompt.

black3dynamite

Try enabling the account.
net user testNTGtest /active:yes

gjacobse

Thanks for bring this back up - been tied up with testing it,.. succeeding, and getting into other things.

It ~may~ have been the password I used. I reset it to a more simple one, and it worked fine as

net user testNTGtest s0m3p@s$ /add /passwordreq:yes  /fullname:"userTest"

wrx7m

I am currently using this script (and deploying via GPO startup script) to create a local admin account that will, shortly thereafter, be administered by LAPS -

net user "Company Admin" passwordgoeshere /add /passwordreq:yes /fullname:"Company Admin"
net localgroup Administrators "Company Admin" /add

dbeato

@gjacobse It is the password you are using, you need to put passwords with special characters in command prompt with ' ' such as:\

net user testNTGtest 's0m3p@s$' /add /passwordreq:yes /fullname:"userTest"