net-user

net-user

The Windows NET USER command wrapped in JavaScript

Background

NET USER is a sub-command of the NET command line tool that is provided for shell-based management of user accounts on Windows. If a username is specified, and no change switches are used, it's roughly equivalent to using

getent passwd <username>

on Unix/Linux, or

id -P <username>

on macOS, then displaying formatted results. The output may not contain everything you could possibly want, but there's a lot.

Query Only

The Windows command NET USER also allows administrators to create, change, and delete user accounts. The current version of this module does not provide an interface for that; it only retrieves information.

Caveat: Privilege and Permission

If you try to use this module from an under-privileged account on a system that has been security-hardened, you may see something like the following:

The command prompt has been disabled by your administrator.

Press any key to continue . . .

... or you may see nothing, because the callback is never called. This means that the child process spawned by the module has been killed, and so you won't be able to get any results.

Install

C:\Users\myUser>npm install net-user

Usage

var netUser = require('net-user')

API

netUser.list(callback)

Fetches the list of usernames for all accounts on the system, and passes it back through the callback function.

• callback: {Function}
  • error: {Error | null}
  • data: {Array} array of strings, if no error

netUser.get(name, callback)

Fetches the account information of the named user, and passes it back through the callback function.

• name: {string} The username.
  If not given, or it does not conform to Windows account naming rules, an assertion will be thrown.
• callback: {Function}
  • error: {Error | null} if any command error other than "No such user".
  • data: {Object | null}
    If name matches an account on the system, this is an object containing all properties listed in the Field Mapping table below.
    If name is not known by the system, this is null.

netUser.getAll(callback)

Fetches the account information of every user known by the system, and passes it back through the callback function.

• callback: {Function}
  • error: {Error | null}
  • dataList: {Array} in which each element is an object containing all properties listed in the Field Mapping table below.

netUser.netUser([name,] callback)

Deprecated - use get() or list() instead.
If name supplied, becomes alias for netUser.get(name, callback).
If no name given, becomes alias for netUser.list(callback).

netUser.netUsers(callback)

Deprecated. Alias for netUser.list(callback).

netUser.usernames(callback)

Deprecated. Alias for netUser.list(callback).

Field Mapping

| `netUser()` result property  |  type   | `NET USER` output label
|------------------------------|---------|---------------------------|
  `user_name`                  | string  | `User name`
  `full_name`                  | string  | `Full Name`
  `comment`                    | string  | `Comment`
  `usr_comment`                | string  | `User's comment`
  `country_code`               | string  | `Country code`
  `acct_active`                | boolean | `Account active`
  `acct_expires`               | Date    | `Account expires`
  `password_set`               | Date    | `Password last set`
  `password_expires`           | Date    | `Password expires`
  `password_changeable`        | Date    | `Password changeable`
  `password_required`          | boolean | `Password required`
  `password_can_change`        | boolean | `User may change password`
  `workstations`               | Array   | `Workstations allowed`
  `script_path`                | string  | `Logon script`
  `profile`                    | string  | `User profile`
  `home_dir`                   | string  | `Home directory`
  `last_logon`                 | Date    | `Last logon`
  `logon_hours`                | Array   | `Logon hours allowed`
  `local_groups`               | Array   | `Local Group Memberships`
  `global_groups`              | Array   | `Global Group memberships`

Notes per Field

user_name
This will be the same as the username argument given to get(). Never empty!

full_name
comment
usr_comment
If the corresponding account field is not set, the object property will be set to undefined.

country_code
A three-digit string, or null. Refer to Microsoft documentation for the country code mapping.
If the corresponding account field is not set, the object property usually gets set to '000' (the corresponding value in the NET USER output is 000 (System Default)).
The string (null) has been seen for this in NET USER output; in that case, this field is set to null.

acct_expires
password_set
password_expires
password_changeable
last_logon
Any of the Date-type fields can be set to null; that corresponds to Never in the NET USER output.

password_set
The timestamp when the password was last successfully set.

password_changeable
Not a flag (see password_can_change for that). This is the timestamp when the password was last found to be changeable. (It's not clear how this is different from password_set, and the values of the two fields have always been seen to be the same in my tests.)

workstations
If the value is null, it means the associated user is allowed to log on from any workstation in the local domain. (The corresponding value in the NET USER output is All.) Otherwise the field value will be an array of workstation names, possibly none.

script_path
profile
home_dir
Like the other string fields above, the value of these fields may be (and usually are) undefined; but that doesn't mean there's no profile or home directory associated with the username. It only means that the creator of the account did not deviate from the default. If you're invested in identifying the default root location of one of these items, then it's up to you to find it. That's not impossible, but it varies by Windows version.
Good luck, Jim.

logon_hours
If the value is null, it means there are no restrictions on when the associated user is allowed to be logged on. (The corresponding value in the NET USER output is All.) Otherwise the field value will be an array of strings specifying timespans, possibly none.

local_groups
global_groups
The value is an array of group names, possibly none.
Those who wish to use the elements of these arrays, heed this warning:
Sometimes the group names are truncated in NET USER output.
If the user account that you query is a member of more than two groups, and if even one of the groups has an especially long name, you will probably have this problem.
A Windows group name can have up to 256 characters. The display space set aside for the values in NET USER output is 44 columns, regardless of the number of columns configured for the terminal window. More than one group name can be displayed per line; if the first group name on a line is short, and there are more group names, the next group name is displayed on the same line, even if it's too long too fit in the remaining space. Furthermore, group names are never wrapped to the next line. Result: truncation. This is odd, because line wrapping is applied to a set of names in another field of NET USER output (Workstations allowed), and no name is truncated there.

License: MIT