Automate and simplify network and administrative tasks

The NET commands in Windows NT are a set of networking and administrative commands that are useful to the administrator and of interest to the beginner investigating how NT works. With an understanding of the NET commands, you can simplify NT systems maintenance, especially when you use them in batch files. In this article, I'll show some of the more useful NET commands and suggest uses for them.

What Are the NET Commands?
You run the NET commands from a command prompt or from within a batch file, and they perform network and administrative tasks. Typical tasks include establishing network connections, adding users and computers to a domain, and starting and stopping network services.

One of the first uses that most people find for the NET command is during an over-the-network installation of NT or some other software. Typically, you connect to the server using the DOS client software and establish a connection to the server. Then you use the NET USE command to map a network drive that contains the source files for your new operating system. If you've created a share called i386 that has the source code, the syntax is

net use M: \\server\i386

to map the shared i386 directory on the server to the M: drive on the local computer. The next step is to switch to the M: drive and run the install or setup program.

Where Can I Find a List of NET Commands?
The first place to look for a list of NET commands is the command prompt from which you will run them. Type

net /?

to show the list of commands in Screen 1, page 214. To get more detailed help for a specific command, type

net help

For example, to learn the correct syntax for the NET COMPUTER command, type

net help computer

A second place to look for a list of these commands is Windows NT Help--not Books Online, just the ordinary Help option on the Start menu. Choose the Find tab in the Help dialog box, and search on "net." Display the topic Commands Index for a listing similar to Screen 2, page 214. Be sure to search on net in lowercase, because you will see a different set of topics if you search on "Net."

Network Connections
As I mentioned earlier, you map a network drive with the NET USE command. You can put such a command into a logon script, ensuring that all users connect to the server with the same drive letter--something many network applications require. On its own, NET USE will list your existing connections. Follow the command with /del or /delete to drop the connection or /Persistent:yes to ensure that the connection is rebuilt when you log on again.

You can do the same thing with printers when you have DOS or Windows 3.1 programs that do not recognize network printers. The syntax is similar, except that this time, you use

net use lpt2: \\server1\HPLJ5

to map the network printer to a printer port that the DOS program understands. Now your DOS program can send its output to LPT2 and not even realize that it is talking to a network printer.

User and Group Accounts
You can add users and groups to a domain using NET commands. The NET USER command adds usernames, passwords, and other settings to the accounts database. The NET GROUP command adds global groups, and NET LOCAL GROUP adds local groups.

You can even add users to the groups you create and obtain lists of group memberships. In fact, you can use this feature to move users from one domain to another. (If you've worked with NT, you know that to migrate users from one domain to another, there is no easy way short of deleting thousands of users from one domain and entering them again in another domain.) NET USER lets you add users and, when you use it with no parameters, provides a list of users. The same rule applies to NET LOCALGROUP and NET GROUP. Suppose that you want to move everyone in the Engineering global group to another domain. The procedure is

1. Run the NET GROUP Engineering command to get a list of users, as Screen 3 shows.

2. Redirect this listing to a text file.

net group engineering >eng.txt

3. Using your favorite word processor, reformat the information to a batch file that contains the NET USE commands to add these users to the new domain. The batch file needs to contain one line per user and looks like:

net user \[password\] /add/domain

4. Reformat the batch file to also contain the NET GROUP command to add the users to the Engineering group. This batch file needs to contain a line

net group engineering /add

for each user, but you can put multiple names on one line if you want.

5. Run the batch files on the new domain.

Run the NET GROUP and NET LOCAL GROUP commands on any other global and local groups to obtain a list of members, again redirecting the output to a text file. Convert these text files to batch files that will add the appropriate groups, and place the newly added users into them. Don't worry about usernames that are not part of Engineering. The new domain will not recognize them and will ignore them.

Finally, run the original batch file that added the Engineering users to the new domain. But this time, run it on the original domain and change the /add switch to /del. This command will remove the users from the original domain. If you want, you can remove any groups that you no longer need.

This approach has a few potential pitfalls. For example, you will encounter an error if you are trying to add a user with a name that already exists on the domain. If you do not spot the error, you might add the wrong user to a group. However, this approach works just fine if your original domain has outgrown the estimated number of users. You simply add a new domain and populate it with users from the original domain. Because the new domain is empty, you won't encounter conflicts when moving usernames.

Security is another issue. The new accounts will not have passwords unless you assign them in the batch file. And although the added users should have passwords that adhere to the minimum password-length policy, I was able to add user accounts with blank passwords and log on using these accounts with no restrictions. Even when I specified in the NET USE command that a password was required, I was still able to log on to a new account with no password, and I wasn't prompted to change the password. In fact, the one option I could not find was to force the user to change the password at the next logon, which is the default when you add a user through the User Manager interface.

Security Policy Settings
Now that you have added all those users, NET ACCOUNTS will let you modify the password and logon requirements for all the accounts in your accounts database, changing settings for minimum password length and password expiration. You can even use NET ACCOUNTS to force a synchronization of accounts, with the command

net accounts /sync

Run this command from a Primary Domain Controller (PDC) to synchronize all the Backup Domain Controllers (BDCs) with the PDC. If you run it from a BDC, you synchronize only that one server with the PDC.

Server Configuration and Control
You can display and configure the settings for a service with the NET CONFIG command, and start, pause, and stop a service with the NET START, NET PAUSE, and NET STOP commands followed by the service name. You can configure the server service and the workstation service with the NET CONFIG SERVER or NET CONFIG WORKSTATION command. You can stop services such as SQL Server (which runs as a service) by adding the name of the service to the appropriate NET command:

net stop MSSQLServer

And of course, you can do the same to any NT service, including the browser, the server service, and the net logon service.

Batch Files
Because you run all these commands from the command prompt, you can combine them into batch files. You can run the batch file interactively or at a scheduled time using NT's built-in AT command. (For more information on using the AT command to schedule jobs, see Windows NT Help or type

at /?

at the command prompt for a list of parameters.)

I showed you some examples for adding users and groups to a domain. Other possible uses include stopping services at night or before scheduled maintenance operations, such as backups or disk defragmenting. Once the scheduled operation is complete, you can restart the services.

A Quick Help Message Lookup
Suppose users call you and say that they just ran into an operating system error, and they have the error number but not much more information. If they are running NT, you can quickly get a short explanation of the error. Type

net helpmsg

For example, NET HELPMSG 2182 will tell you that you are trying to start a service that is already running. OK, so this command doesn't produce a comprehensive message database, but it's available on the system if you need it.

Synchronize Your Clocks
Systems administrators often use the NET TIME command to synchronize the time on servers, and sometimes on client workstations, around the network. Keeping the time synchronized is important for applications such as Systems Management Server (SMS) and for tasks such as scheduled backups of user files.

You can include the NET TIME command in a user's login script, to make sure that the user's computer is always synchronized with the server. The syntax is

net time //server_name /set /y

to synchronize the clock of the local computer with that of the server you specify. And yes, it works even across time zones.

Back to Basics
You can do so much with NET commands. Try them out on your network, and see how you can use them to automate and simplify tasks. (For more useful NET commands, see Mark Minasi, "Knowing the Angles of NetBIOS Suffixes," February 1997, and "Inside a NetBIOS Name Resolution," March 1997.) In these days of browser interfaces and wizards, people forget plain old command line utilities and batch files. They typify an older generation of software: programs that did only one thing but did it well and did it fast. Command line utilities have a place, even in a modern operating system.