Working with Net User

The Net User command on page 142 of Windows Command-Line Administration Instant Reference seems to have generated a bit of confusion. The /Add command line switch is straightforward; /LogonPasswordChg isn’t. For one thing, the /LogonPasswordChg command line switch doesn’t appear to be documented, even in Windows 7. Here’s the help provided with Net User now:

NetUser01

As you can see, not even a mention for /LogonPasswordChg. Microsoft doesn’t help matters. For example, if you look at the “How to Use the Net User Command” Knowledge Base article, you won’t find any mention of this command line switch. While writing the book, I had found a tantalizing clue at Manage XP and Vista Users Using DOS Commands and decided to try it on Windows 7 as well. The command works fine when used correctly in Windows 7.

However, here is where the plot thickens. It seems that the command line switch doesn’t work in Windows XP. When you execute the command shown on page 142 you get an error message reading something like, “The option /LOGONPASSWORDCHG:YES is unknown.” Somewhere between Windows XP and Vista, Microsoft added the /LogPasswordChg command line switch to Net User and then didn’t tell anyone about it. Consequently, the command shown on page 142 won’t work under Windows XP.

There is another problem that occurs when using the /LogonPasswordChg command line switch. If the account currently has the Password Never Expires option checked as shown here:

NetUser03

the command appears to succeed, but doesn’t change anything. In order to make the command work properly, you must first set the password to expire using the WMIC Path Win32_UserAccount Where Name=’UserName’ Set PasswordExpires=True command. So, the sequence to set an existing account to force a password change during the next logon is like this:

NetUser04

When you execute these two commands, you’ll see the user account settings to change to appear like this:

NetUser05

which means the user must change the password during the next logon.

So, why does the command on page 142 work without this extra step? In this case you’re adding a new user and the Password Never Expires option is disabled by default. Creating the combined command works fine because there is nothing to hinder it with a new account. Please let me know if you encounter any problems with this particular command at John@JohnMuellerBooks.com.

 

Author: John

John Mueller is a freelance author and technical editor. He has writing in his blood, having produced 99 books and over 600 articles to date. The topics range from networking to artificial intelligence and from database management to heads-down programming. Some of his current books include a Web security book, discussions of how to manage big data using data science, a Windows command -line reference, and a book that shows how to build your own custom PC. His technical editing skills have helped over more than 67 authors refine the content of their manuscripts. John has provided technical editing services to both Data Based Advisor and Coast Compute magazines. He has also contributed articles to magazines such as Software Quality Connection, DevSource, InformIT, SQL Server Professional, Visual C++ Developer, Hard Core Visual Basic, asp.netPRO, Software Test and Performance, and Visual Basic Developer. Be sure to read John’s blog at http://blog.johnmuellerbooks.com/. When John isn’t working at the computer, you can find him outside in the garden, cutting wood, or generally enjoying nature. John also likes making wine and knitting. When not occupied with anything else, he makes glycerin soap and candles, which comes in handy for gift baskets. You can reach John on the Internet at John@JohnMuellerBooks.com. John is also setting up a website at http://www.johnmuellerbooks.com/. Feel free to take a look and make suggestions on how he can improve it.