Windows provides the “net user” command in order to manage user account from the command line interface of MS-DOS or PowerShell. The “net user” command generally used to change a user password where the current password will be reset into the specified new one. The “net user” command can be also used to change or reset domain user/active directory user password too.
“net user” Command Syntax
The “net user” command has the following simple syntax.
net user OPTION USERNAME PASSWORD
- OPTION is used to change or update domain user password. OPTION is optional.
- USERNAME is the username or login ID we wan to change or update password. USERNAME is required.
- PASSWORD is the new password which will be set for the specified USERNAME.
Change User Password
The most popular usage of the “net user” command is changing the user password by providing the username and password as a parameter to the “net user” command. In the following example, we will change the password of the user named “ismail” to “..3awCse^+!,,”. Even the username and password can be directly provided to the “net user” command using double quotes to prevent unexpected errors and make more secure execution. Also selecting a secure password is important and secure password selection is described below.
net user "ismail" "..3awCse^+!,,"
This way we can change the current user password from the MS-DOS or PowerShell command line interface. If we want to change another user password than the current user the Administrator privileges are required which can be provided by opening the MS-DOS or PowerShell command line interface with Administrator privielges like below.
Type New Password Interactively and Securely
A more secure way to update or set the specified user password is using the interactive way to provide password. If the password is provided as the “net user” command this can be stored in history or logs etc where the password can be readable. By providing the password interactively the password is not displayed on screen of command line. The * sign is used as the password part for the “net user” command which will input password interactively. In order to prevent mistyping password and the password is asked two times for matching them.
net user "ismail" *
The password is typed two times in the following steps.
Type a password for the user: Retype the password to confirm:
If the new password is set successfully the following message is printed as output. If there are errors that prevent the change or update of password different errors can be printed instead of the “The command completed successfully.” message. These errors are described below.
The command completed successfully.
Change Domain User Password
In most cases, the “net user” command is used to change local user passwords. But it also supports change of domain user passwords. In order to change domain user passwords with the “net user” the current system should be a domain computer and has access to the domain controller currently. The syntax and ways are the same to change or update the domain user password where the /domain option should be provided before or after the username and password.
net user /domain "ismail" "..3awCse^+!,,"
Like a local user password change the domain user password can be also changed in an interactive and more secure way. We will provides the * sign for interactive domain user password change. The password is typed two times to prevent errors and match new password.
net user /domain "ismail" *
Selecting Secure Password
Selecting secure password is very important as today. Especially simple or default passwords are actively hacked by attackers and creates big securtity problems. First of all change default passwords into different ones with a secure password. A secure password should meet some requirements like below.
- Use 14 characters at least.
- Use Uppercase letters.
- Use lowercase letters.
- Use numbers.
- Use special characters like !,+%; etc.
- Do not use common character sequences like 123456,abc etc.
“net user” Related Errors
While using the “net user” command some errors may occur. Below we will list some errors about the “net user” commands.
While changing the domain user password the system should access the domain controller via the network. If the domain controller is not accessible this will prevent the update or change of the domain user password and print “System error 1355 has occurred.” error like below.
System error 1355 has occurred. The specified domain either does not exist or could not be contacted.
While changing the local user password the current user password can changed without any privileges requirement because he is changing his own password. But if another user password is changed the current user should has Administrator privileges. If not the MS-DOS or PowerShell command line interface should be opened as Administrator. If non of these are complied the “Access Denied” error is retuned by the “net user” command.