• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 8454
  • Last Modified:

net user username /passwordreq:yes

Experts,
I am issuing the command "net user user1 /passwordreq:yes" while logged in as local admin. When I log out and try to log in as user1, I am not prompted for a password. What am I not understanding about this command?

This box is an xp pro sp3 workstation (not in a domain).

Thanks,
0
fyrfyter
Asked:
fyrfyter
  • 7
  • 4
  • 3
1 Solution
 
Premkumar YogeswaranCommented:
Hi,

use the comment let below

net user user1 P@ssw0rd /add /passwordreq:yes

Refer link below
http://retrohack.com/net-user-command-reference-and-examples/
http://support.microsoft.com/kb/251394

Regards,
Prem




0
 
Steve KnightIT ConsultancyCommented:
or just set a password from the gui ctrl-alt-delete or security icon in start menu for the user.... Sounds like it just doesnt have a  password?

Steve
0
 
fyrfyterAuthor Commented:
premglitz,
Thanks, but I know how to add a password to an account.

Dragon-it,
The account does not have a password. I purposely removed it to test the "net user username /passwordreq:yes" command before I deploy it in a lockdown script, but it doesn't seem to work the way I expected. I would think that if an account doesn't have a password, and then you run this command, you would be forced to create one. But that is not what is happening. I can simply log in as user1 without a password, even after issuing this command. Not sure what the point of the command is if you can just log on without a password. I am just trying to understand what this command actually does.

Thanks,
1
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Steve KnightIT ConsultancyCommented:
Well as I see it ... it makes a password required, BUT it doesn't force the user to change one if already set or not... and if you do make them change it if the minimum password length security setting "MinPwdLen" is set to 0... then they can change it back to a 0 length one again.

You can set the password to be changed on the next logon with something like this in VBScript:

Username="administrator"
Set oUser = GetObject("WinNT://./" & username & ",user")
  oUser.Put "PasswordExpired", 1

' Unset &H0020 which is "password not required"
  oUser.Put "userFlags", oUser.Get("UserFlags") AND &HFFFFDF

oUser.SetInfo

and then set the registry key for minimum password length to something >0
See http://support.microsoft.com/kb/555540
0
 
Premkumar YogeswaranCommented:
Hi,

To add the password for the local account its very simple..

use below command

net user user1 P@ssw0rd

or

net user user1 * (enter)
now it will prompt to type the password.

Any questions, please let me know.

Regards,
Prem
0
 
Steve KnightIT ConsultancyCommented:
Prem.... see http:#36974829
0
 
Premkumar YogeswaranCommented:
@ Dragon-it: got it...

Hi fyrfyter,

Hope your workstation is in work group, if it is Domain, then the domain policy wont allow the system to craete the blank password locally

I am not sure why the passwordreq switch i not workin in net user command.

i could suggest 2 options.

1: Edit the group policy in the system:
To open group policy:
RUN - > gpedit.msc

GroupPolicyObject [ComputerName] Policy > Computer Configuration > Windows Settings > Security Settings / password policy
Here change the minimum password length to 8
so it will require minimum password length.
so empty password not allowed

To secure, you can enable teh "password must meeet complexity requirements"

2. You can change the registry settings to add the password mandatory.

Setting up the Minimum Password Length:
 
You can set the minimum password length in Windows XP also. Navigate to the following registry key:
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network
 
Create a new REG_BINARY (Binary Value) MinPwdLen and set the minimum password length.

http://support.microsoft.com/kb/555540

Regards,
Prem



0
 
Steve KnightIT ConsultancyCommented:
password rerquired does work.... But the password length required is 0... So the empty password is seen as rerquired.

Prem what you say there is what i already said and what is in the MS article I linked to


Steve
0
 
fyrfyterAuthor Commented:
Prem, Steve, thank you, these are all good work arounds. How ever, I am not looking for a work around. I am simply trying to understand why this command is not working as expected. Admittedly, this problem is one of perception (mine) and not a technical problem with the machine.

Prem, I stated in the initial question that this computer is not in a domain. And Steve is correct that he already pointed out a link to changing the local group policy.

Steve, you were correct in assuming that the MinPwdLen was set to 0. Setting that to require a password of any length (say 8 for example) and forcing user1 to change his password requires user1 to choose a password of at least 8 characters, regardless of whether the passwordreq flag is set to yes or no. Nor can user1 simply remove his password from the user account applet while the passwordreq flag is set to no.

So the question remains; what exactly is this command for? It doesn't seem to have an effect on whether a user account must use a password or not. Is it just an obsolete appendage from days of old?
0
 
Steve KnightIT ConsultancyCommented:
Well frankly I don't know.  I've never used it.  I suspect it is a hang over from NT days, possibly even Win9x, though then you could just cancel the login box anyway...

Even MS current documentation says it makes the user require a password for current OS's... http://technet.microsoft.com/en-us/library/cc771865(WS.10).aspx ... but not sure what that means when the password could be blank!

The MinPwdLen being 0 is default for desktop OS and is the normal way of ensuring a password is set, or more commonly of course in a business environment a domain and therefore the domain policy sets the requirements.

So sorry I can't give you a direct answer.  It seems MS don't really know either.
0
 
Steve KnightIT ConsultancyCommented:
Actually that last document points to net accounts command for setting password length actually too.... shows how much I use local accounts.  99% or more of my work is in single or multi-domain AD environments and before that NT domains and NetWare servers so not much call for local password policies.
0
 
fyrfyterAuthor Commented:
Thanks Steve, I am going to leave this question open for a few days to see if anybody else wants to chime in.
0
 
fyrfyterAuthor Commented:
Awarding points because while it was not an answer, it was an honest effort. Thanks Dragon-it!
0
 
Steve KnightIT ConsultancyCommented:
Well thanks to you too for an interesting question!
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 7
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now