Local Account Management
These commands apply only to local user accounts, and are unlikely to influence Windows AD domain accounts.
All of the following commands are via command prompt
Creating New Users
net user /add [name] [password]
Creating new groups
net localgroup [Group Name] /add
Adding a user to a group
Net localgroup [Group Name] [User Name] /add
All of the above commands have a /delete option as well, however it is normally better to disable accounts rather than delete them. This can be accomplished with the following:
net user [Username] /active{yes|no}
Disabling default accounts
Important step
The built in Administrator and Guest accounts are often insecure, thus disabling them as follows would be desirable. This may be also done via AD group policy.
net Administrator /active:no
net Guest /active:no
However, it is important to replace the admin account with another admin of your own creation in order to prevent becoming locked out of the system. This can be accomplished by creating a user and adding them to the "Administrators" group as follows:
Net user /add NewAdmin $eCuR3P@S$W0rd
Net localgroup Administrators NewAdmin /add
This will add the user "NewAdmin" with password $eCuR3P@S$W0rd
and then put them in the Administrators group.
Changing default passwords
Important step
For a list of users use:
net user
From that list of users one can manually reset a password using
net user [username] [new password]