Export (0) Print
Expand All

SurfUser Tool

SurfUser is a command-line tool. To run SurfUser, you must open a Command Prompt window with elevated permissions. For more information about elevated Command Prompt windows, see the Windows 7 documentation.

By default, the SurfUser tool is located in the C:\Program Files (x86)\Microsoft Surface\v2.0\ folder.

This topic includes the following:

SurfUser Overview

The SurfUser tool assigns or updates the Surface mode account and its password and then assigns that password to the registry so that the auto logon process can run without error.

You might need to use the SurfUser tool in the following situations:

  • Your company's security policies require that you change default passwords or change all passwords periodically.

  • You want to log on a device made for Surface by using the SurfaceDefaultUser account to troubleshoot an application and you need to know the password.

  • You want to run the device in Surface mode by using a domain account (for example, to enable a Surface application to access protected network resources).

Running the SurfUser Tool

Do one of the following:

  • From an elevated Command Prompt window, browse to the %ProgramFiles% (x86)\Microsoft Surface\v2.0 folder, and then run SurfUser.exe with the appropriate syntax.

  • Within a script, include the full path of the SurfUser executable file (%ProgramFiles% (x86)\Microsoft Surface\v2.0\SurfUser.exe).

  • Add the full path of the SurfUser executable file (%ProgramFiles% (x86)\Microsoft Surface\v2.0\SurfUser.exe) to the %PATH% environment variable. Then, run SurfUser from any folder within an elevated Command Prompt window.

SurfUser General Syntax

The following sections show the syntax for running SurfUser. For examples about how to use SurfUser, see Sample SurfUser Scripts.

surfuser command [ parameter ]

  • command is assign, query, regen, reset, or update.

  • parameter is any parameter that a specific command requires.

assign

The assign command enables you to designate a different user account as the Surface mode account.

surfuser assign username { password | *}

  • username is the fully qualified user name of a valid local or domain user account. If username contains spaces, enclose the full name in quotation marks (for example "someone @example.com"). If you do not specify a domain name (or if you specify "." in the domain position), SurfUser assumes that the domain is the local computer.

  • password is the password that is associated with the username account. If the password contains spaces, enclose it in quotation marks (for example "%#63 8890!"). SurfUser assigns this password to the registry. If you specify an asterisk (*) instead of a password, SurfUser prompts you for a password and confirmation. When you use the assign command in a script, include the password (instead of *).

query

The query command displays the current Surface mode account name and determines whether the device made for Surface can use the account to automatically log on in Surface mode. This command can alert you to the following conditions:

  • There is no Surface-specific user account of the specified name. (The original SurfaceDefaultUser account or the specified renamed version of SurfaceDefaultUser does not exist in the registry.)

  • The password for the current Surface mode account is invalid.

  • The account name is a local administrator account or is a member of a local administrator group. (The SurfaceDefaultUser account is strictly a user account.)

  • The account is disabled.

  • The account is locked out.

  • The User must change the password at next logon property is set to True.

surfuser query

regen

ImportantImportant
If your networked devices made for Surface have been configured by using a single image, you must run the regen command to generate a unique password for each device's SurfaceDefaultUser account.

noteNote
This command affects only the SurfaceDefaultUser account.

The regen command generates a new, random, cryptographically strong password for the SurfaceDefaultUser account and assigns that password to the registry. If SurfaceDefaultUser is not the current Surface mode account and you want it to be the Surface mode account, use the reset command. If you do not know which user account is designated as the current Surface mode account, use the query command.

surfuser regen

reset

The reset command designates the Surface-provided SurfaceDefaultUser account as the current Surface mode account. To designate a user account other than SurfaceDefaultUser as the current Surface mode account, use the assign command.

surfuser reset

update

The update command saves the current Surface mode account password to the registry. If the Surface mode account password is changed for any reason, you must use the Surfuser tool with the update option to update the registry. Otherwise, you will receive an error message, and the device made for Surface will be unable to enter Surface mode.

Use the query command before the update command to verify the name of the current Surface mode account. Note that the update command does not change the current Surface mode account password. If you want to change a Surface mode account password, use the Windows User Accounts tool or the Net User command (in an elevated Command Prompt window).

surfuser update { password | *}

  • password is the password that you want to associate with the current Surface mode account. If the password contains spaces, enclose it in quotation marks (for example "%#63 8890!"). If you specify an asterisk (*), SurfUser prompts you for a password and confirmation. When you use the update command in a script, include the password (instead of *).

(no options)

If you type surfuser without options or parameters or with invalid options or parameters, SurfUser returns valid commands and a brief description of each.

surfuser

Did you find this information useful? Please send us your suggestions and comments.

© 2011 Microsoft Corporation. All rights reserved.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft