Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

🏠 Back to Blog

net.exe Cheatsheet

Built-in Windows command-line tool for managing network resources, users, groups, and services. Useful when you cannot transfer tools to a target.

Password Policy / Account Info

View Domain Password Policy

net accounts
net accounts /domain

Key fields: minimum password length, lockout threshold, lockout duration, lockout observation window, password history, max/min password age.

User Commands

List Domain Users

net user /domain

Query Specific User

net user jsmith /domain

Add Local User

net user newuser Password123! /add

Add Domain User (Requires Admin)

net user newuser Password123! /add /domain

Delete User

net user olduser /del
net user olduser /del /domain

Change Password

net user jsmith NewPass123! /domain

Group Commands

List Domain Groups

net group /domain

List Group Members

net group "Domain Admins" /domain

Add User to Group

net group "Domain Admins" jsmith /add /domain

List Local Groups

net localgroup

List Local Group Members

net localgroup Administrators

Add User to Local Group

net localgroup Administrators jsmith /add

Share Commands

List Shares on Remote Host

net view \\host

List All Shares on Domain

net view /domain

Map a Share

net use Z: \\host\share

Map with Credentials

net use Z: \\host\share /user:DOMAIN\user Password123

Disconnect a Share

net use Z: /delete

Null Session

Establish Null Session

net use \\DC01\ipc$ "" /u:""

Common Errors

Error CodeMeaning
1331Account is disabled
1326Incorrect username or password
1909Account is locked out

Service Commands

List Services

net start

Start / Stop Service

net start <service>
net stop <service>

Session / Connection Info

View Active Sessions

net session

View Current Connections

net use

Time Commands

Query Time on Remote Host

net time \\dc01

Sync Time

net time \\dc01 /set

Domain Computer and DC Enumeration

List Domain Computers

net group "domain computers" /domain

List Domain Controllers

net group "Domain Controllers" /domain

List Domain Admin Members

net group "Domain Admins" /domain

View Domain Shares

net view /all /domain

View All Shares on a Host

net view \\computer /ALL

Evasion

Use net1 to Avoid Detection

net1 executes the same functions as net but may bypass string-based EDR detection rules:

net1 user /domain
net1 group /domain
net1 accounts /domain

Tips

  • Always available on Windows — no need to transfer tools
  • /domain flag targets the domain instead of the local machine
  • net accounts is the quickest way to check password policy when on a Windows host
  • Combine with net view and net use for lateral movement
  • net.exe commands are commonly monitored by EDR — use net1 as an alternative
  • Consider dsquery for LDAP-based queries when net is being monitored