Creating a local user on Windows Server from the command line is one of those tasks you'll do a hundred times. The GUI is fine for one user; CMD is faster for anything else — and it's the only option when you're stuck in a Server Core install or an RDP session over a slow link.
The short version
net user john.doe "StrongPass123!" /add
net localgroup Administrators john.doe /addThat's it. Two lines, user created, promoted to local admin. Below are the details.
Open an elevated CMD
Every command here needs an admin prompt. Hit Win + X → Terminal (Admin), or type cmd in Start, right-click, Run as administrator.
Create the user
net user <username> <password> /addExample:
net user john.doe "P@ssw0rd-With-Spaces!" /addQuotes are required if the password contains spaces or special shell characters (&, |, ^, etc.).
Prompt for password instead (safer)
If you don't want the password in your command history or in logs, use *:
net user john.doe * /addCMD will ask for the password interactively and hide the input.
Useful flags
| Flag | What it does |
|---|---|
/fullname:"John Doe" | Sets the display name |
/comment:"IT Admin" | Description shown in lusrmgr.msc |
/passwordchg:no | User cannot change password |
/passwordreq:yes | Require a password |
/expires:never | Account never expires |
/active:yes | Account is enabled |
/times:M-F,08:00-18:00 | Logon hours |
Full example:
net user backup.svc "R0t@te-Me!" /add /fullname:"Backup Service" /comment:"Veeam service account" /passwordchg:no /expires:neverPromote to Administrators
net localgroup Administrators john.doe /addSame syntax works for any local group — Remote Desktop Users, Backup Operators, etc.:
net localgroup "Remote Desktop Users" john.doe /addVerify
net user john.doeOutputs full user info: group memberships, last logon, password age, all flags.
Change or reset a password
Same net user command, just without /add:
net user john.doe "N3w-P@ssword!"Prompt instead of putting it on the command line (no shell history):
net user john.doe *Force the user to change it at next logon:
net user john.doe /logonpasswordchg:yesUnlock an account that got locked after too many failed logins:
net user john.doe /active:yesPowerShell version
$pw = Read-Host -AsSecureString "New password"
Set-LocalUser -Name "john.doe" -Password $pw
# force change at next logon
Set-LocalUser -Name "john.doe" -PasswordNeverExpires $false
net user john.doe /logonpasswordchg:yesReset the built-in Administrator password
Same syntax, but only works if you're already elevated as an admin. Locked out? See the utilman trick for offline recovery.
net user Administrator "N3w-Admin-PW!"Change your OWN password
As the logged-in user, skip the username:
REM you'll be prompted for old + new
net user /passwordOr on any recent Windows: Ctrl + Alt + End (in RDP) → Change password.
Delete / disable
REM disable (keeps account + SID)
net user john.doe /active:no
REM re-enable
net user john.doe /active:yes
REM hard delete
net user john.doe /deleteOne-liner with all the good defaults
net user admin.lukas "ChangeMe-Now!2026" /add /fullname:"Lukas (Admin)" /passwordchg:yes /expires:never && net localgroup Administrators admin.lukas /add && net localgroup "Remote Desktop Users" admin.lukas /addCreates the user, adds to local Administrators and Remote Desktop Users in one shot.
The PowerShell way (if you prefer)
$pw = Read-Host -AsSecureString "Password"
New-LocalUser -Name "john.doe" -Password $pw -FullName "John Doe" -Description "IT admin"
Add-LocalGroupMember -Group "Administrators" -Member "john.doe"PowerShell is cleaner and scriptable, but net user still works on every Windows box from XP to Server 2025 — it's the lowest common denominator.
Gotchas
- Password policy: if your server enforces complexity, a weak password silently fails with "The password does not meet the password policy requirements." Check
secpol.msc→ Account Policies. - Domain controllers:
net userwithout/domainhits the local SAM, which doesn't exist on a DC. UseNew-ADUser(RSAT / AD PowerShell) instead. - Username length: max 20 chars for compatibility. Avoid spaces. Use
first.lastorflast.
Related commands worth knowing
REM list all local users
net user
REM list members of a group
net localgroup Administrators
REM force password change on next logon
net user john.doe /logonpasswordchg:yesRelated guides
- Enable RDP on Windows Server — created a user? Grant them remote access next.
- Windows Server Initial Setup Checklist — user creation is step 6 of the full setup.
- Reset a Forgotten Windows Admin Password — locked out? Offline reset without reinstalling.
- Install FileZilla Server on Windows Server — need FTP access for that new user?
Bookmark this one. You'll use it more than you think.