Add users to group windows

Windows provides command line utilities to manager user groups. In this post, learn how to use the command net localgroup to add user to a group from command prompt’

Add user to a group

Run the steps below –

  1. Open elevated command prompt
  2. Run the below command
    net localgroup group_name UserLoginName /add

    For example to add a user ‘John’ to administrators group, we can run the below command.

    net localgroup administrators John /add

Few more examples:

To add a domain user to local users group:

net localgroup users domainname\username /add

This command should be run when the computer is connected to the network. Otherwise you will get the below error.

H:\>net localgroup users domain\user /add
System error 1789 has occurred.
The trust relationship between this workstation and the primary domain failed.

To add a domain user to local administrator group:

net localgroup administrators domainname\username /add

To add a user to remote desktop users group:

net localgroup "Remote Desktop Users" UserLoginName  /add

To add a user to debugger  users group: 

net localgroup "Debugger users" UserLoginName /add

To add a user to Power users group: 

net localgroup "Power users" UserLoginName /add

This command works on all editions of Windows OS i.e Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows 7. In Vista and Windows 7, even if you run the above command from administrator login you may still get access denied error like below.

C:\> net localgroup administrators techblogger /add
System error 5 has occurred.
Access is denied.

The solution for this is to run the command from elevated administrator account. See How to open elevated administrator command prompt

When you run the ‘net localgroup’ command from elevated command prompt:

C:\>net localgroup administrators techblogger /add
The command completed successfully.

To list the users belonging to a particular group we can run the below command.

net localgroup group_name

For example to list all the users belonging to administrators group we need to run the below command.

net localgroup administrators

Related posts:

Add new user account
Delete user account

In Windows 10, you can add or remove a user account from a group to grant or revoke access to certain Windows features, file system folders, shared objects, and more. There are a number of ways to do it. Let’s review them.

Group accounts are used to manage privileges for multiple users. Global group accounts, for domain use, are created in Active Directory Users And Computers, while local group accounts, for local system use, are created in Local Users And Groups. Generally, group accounts are created to facilitate the management of similar types of users. The types of groups that can be created include the following:

  • Groups for departments within the organization: Generally, users who work in the same department need access to similar resources. Because of this, groups can be created that are organized by department, such as Business Development, Sales, Marketing, or Engineering.
  • Groups for users of specific applications: Often, users will need access to an application and resources related to the application. Application-specific groups can be created so that users get proper access to the necessary resources and application files.
  • Groups for roles within the organization: Groups could also be organized by the user’s role within the organization. For example, executives probably need access to different resources than supervisors and general users. Thus, by creating groups based on roles within the organization, proper access is given to the users that need it.

A local user group is created locally. These are the groups you can use directly on a Windows 10 computer without adding the computer to an Active Directory domain. Here is the list of groups typically available in Windows 10 out-of-the box.

  • Administrators
  • Backup Operators
  • Cryptographic Operators
  • Distributed COM Users
  • Event Log Readers
  • Guests
  • IIS_IUSRS
  • Network Configuration Operators
  • Performance Log Users
  • Performance Monitor Users
  • Power Users
  • Remote Desktop Users
  • Replicator
  • Users

To add a user account to a local group in Windows 10, you can use either MMC, the console tool net.exe, or PowerShell. Let’s see how it can be done.

To add users to a group in Windows 10, do the following.

  1. Press Win + R shortcut keys on your keyboard and type the following in the run box:
    lusrmgr.msc

    Windows 10 Run Lusrmgr MscThis will open the Local Users and Groups app.

  2. Click on Groups on the left.Local Users And Groups
  3. Double-click the group you want to add users to in the list of groups.Remote Deskop Users Group
  4. Click the Add button to add one or more users.
  5. Alternatively, you can click the Users folder on the left.
  6. Double-click on the user account on the right.Windows 10 Add User To Group
  7. Switch to the Member of tab and click on the Add button to select a group you want to add the user account to.Windows 10 Member Of Tab

Note: You can use Local Users and Groups snap-in if your Windows edition comes with this app. Otherwise, you can use one of the methods described below.

Add users to a group using the NET tool

  1. Open an elevated command prompt.
  2. Type the following command:
    net localgroup "Group" "User" /add

    Replace the Group portion with the actual group name. Provide the desired user account instead of the «User» portion. For example, Windows 10 Net Localgroup Add

  3. To remove a user from a group, execute the next command:
    net localgroup "Group" "User" /delete

    See the following screenshot:
    Windows 10 Net Localgroup Delete

Add users to a group using PowerShell

  1. Open PowerShell as Administrator. Tip: You can add «Open PowerShell As Administrator» context menu.
  2. Type or copy-paste the following command:
    Add-LocalGroupMember -Group "Group" -Member "User"

    Replace the Group portion with the actual group name. Provide the desired user account instead of the «User» portion.Windows 10 Add Localgroupmember

  3. To remove a user account from a group, use the cmdlet Remove-LocalGroupMember as follows.
    Remove-LocalGroupMember -Group "Group" -Member "User"

    Windows 10 Remove Localgroupmember

The Add-LocalGroupMember cmdlet adds users or groups to a local security group. All the rights and permissions that are assigned to a group are assigned to all members of that group.

The cmdlet Remove-LocalGroupMember removes members from a local group.

That’s it.

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won’t take a lot from you, but it will help us grow. Thanks for your support!

When you create a new account, that account is part of a group. If this is the first account after a clean OS installation, then that user account will be part of the Administrators group by default. If this is not the first account, it will be assigned to the Users group.

Regardless of which default groups, you can change which users are part of which groups. There are multiple methods to add them to a group, as well as remove them. Moreover, an account can be part of more than one user group.

This article discusses several methods to add a user account to any user group, and how to remove it as well.

Table of contents

  • Local vs Global Users and Groups
  • Purpose of User Groups
  • How to Add a User Account to a Group
    • From the Local Users and Groups/Computer Management Console
      • From the Users Folder
      • From the Groups Folder
    • From Command Prompt
    • From Windows PowerShell
  • Closing Words

Local vs Global Users and Groups

Local Users and Groups are the user accounts and then groups on a local PC whose privileges are only limited to that computer. Whereas Global Users and Groups are user accounts and groups whose rights and privileges are valid through a domain.

Global Users and Groups are created in the Active Directory Users and Computers on a Windows Server, which are defined for the entire domain. A global user account is usually part of a global user group that can be used to sign into any PC as long as it is part of the domain. However, a local user account can only be used to log into the same PC.

But what is the purpose of these groups?

Purpose of User Groups

Groups are used to define and manage the rights and privileges of the user accounts within them. You can add or remove a user account from a group to grant or revoke certain access, implement certain policies, define their roles, etc.

The following categories briefly describe the different types of groups usually created:

  • Groups to segregate different departments within an organization.
  • Groups to grant limited access to applications and tools.
  • Groups to assign certain roles to individual user accounts.

These types of groups are usually global groups that cover the entire organization’s work domain.

However, in the case of local groups, the following groups can be found by default on a Windows 10/11 PC right out of the box:

  • Access Control Assistance Operators
  • Administrators
  • Backup Operators
  • Cryptographic Operators
  • Device Owners
  • Distributed COM Users
  • Event Log Readers
  • Guests
  • Hyper-V Administrators
  • IIS_IUSRS
  • Network Configuration Operators
  • Performance Log Users
  • Performance Monitor Users
  • Power Users
  • Remote Desktop Users
  • Remote Management Users
  • Replicator
  • System Managed Accounts Group
  • Users

Each of the local user groups assigned different privileges to the user accounts inside of them.

Let us now discuss how to add a user account to a group.

How to Add a User Account to a Group

From the Local Users and Groups/Computer Management Console

Microsoft Management Consoles come preinstalled in Windows to control and manage the different OS components. 2 of these are the Local Users and Groups Console and the Computer Management Console. Both of these can be used to add a user to a group.

Before we proceed, let us inform you that these consoles have a folder where all users are listed, and another folder where the groups are listed. You can add a user account to a group from the users folder as well as through the groups folder.

  1. To begin, open either the Local Users and Groups Console or the Computer Management Console by typing either of the following in the Run Command box:

    For Local Users and Groups Console:

    lusrmgr.msc

    lusrmgr

    Open Local Users and Groups Console

    For Computer Management Console:

    compmgmt.msc

    compmgmt

    Open Computer Management Console
  2. Now you must choose whether you want to add a user account to a group from the Users folder or the Groups folder.

    • From the Users Folder

      1. Navigate to the following:

        From Local Users and Groups:

        Users

        From Computer Management:

        Local Users and Groups >> Users
      2. Here, double-click on the user account that you want to add to a group from the middle pane.

        Open user from Users folder

        Open user from Users folder
      3. From the Popup Properties window, switch to the Member of tab, then click Add.

        Add to group

        Add to group
      4. In the popup, type in the name of the user group and then click Check names.

        Check names

        Check names
      5. You will now see the Fully Qualified Domain Name (FQDN) of the user account. Once confirmed, click OK.

        Confirm complete group name

        Confirm complete group name
      6. Back in the Properties window, you will see that the user account is now a member of the new group. Click Apply and OK.

        Confirm 1

        Apply changes

      The account has been added to a group successfully.

      If you wish to remove this account from the group, simply click on the group in the Member of tab in the Properties window, then click Remove, and apply the changes.

      Remove account from group

      Remove account from group
    • From the Groups Folder

      1. Navigate to the following:

        From Local Users and Groups:

        Groups

        From Computer Management:

        Local Users and Groups >> Groups
      2. Here, double-click on the group you want to add the user to from the middle pane.

        Open group from Groups folder

        Open group from Groups folder
      3. From the Popup Properties window, click Add.

        Add new user

        Add new user
      4. Now enter the name of the user account you want to add and click Check names.

        Check name of account

        Check name of account
      5. You will now see the FQDN of the account. Click Ok.

        Confirm account name

        Confirm account name
      6. Now back in the Properties window, you will see that the user account has been added to the group. Click Apply and Ok to save the changes

        Apply changes

        Apply changes

      The account will now be added to the group.

      If you wish to remove an account, simply select the account and click Remove, then apply the changes.

      Remove account from group 2

      Remove account from group

From Command Prompt

If you prefer the Command Line Interface (CLI), here are the steps to add a user account to a group in Windows:

  1. Open Command Prompt with elevated privileges.

  2. Now use the following cmdlet to add a user account to a group while replacing Group and User with the name of the group you want to add the user to, and the user account name you want to add, respectively.

    net localgroup "Group" "User" /add

    User added successfully

    User added successfully

The user will now be added to the stated group.

You can also remove a user account from the group using the Command Prompt. Simply use the following cmdlet to do so while replacing Group and User as when adding the account to the group:

net localgroup "Group" "User" /delete

User removed successfully

User removed successfully

From Windows PowerShell

Perform these steps to add a user account to a group using Windows PowerShell:

  1. Launch PowerShell with administrative rights.

  2. Now use the following cmdlet to add a user account to a group while replacing “Group” and “User” with the name of the group you want to add the user to, and the user account name you want to add, respectively.

    Add-LocalGroupMember -Group "Group" -Member "User"

    User added successfully 2

    User added successfully

The user will now be added to the stated group.

You can also remove a user account from the group using PowerShell. Simply use the following cmdlet to do so while replacing “Group” and “User” as when adding the account to the group:

Remove-LocalGroupMember -Group "Group" -Member "User"

User removed successfully 2

User removed successfully

Closing Words

As we already mentioned, the groups define what roles and privileges each user within has. Groups can control whether a user is allowed access to any specific apps or tools, whether they are allowed to initiate Remote Desktop protocols, which shared folders they have access to and which are blocked, etc.

Therefore, regardless if a user account is local or global, we suggest that you add them to groups very carefully, and do not give them permissions more than they desire.


Download Article

An easy-to-follow guide to adding a user to a group on Windows computers


Download Article

This wikiHow teaches you how to add a new user to a user group on a Windows computer. Adding a user to a group will apply all the group settings and permissions to the added user account.

Things You Should Know

  • Click «Manage» on «This PC» in File Explorer and expand the menu next to «System Tools.»
  • Click «Local Users and Groups» then click the «Groups» folder.
  • Right-click a user listed and select «Add to Group» then select the group.
  1. Image titled Add a User to a Group on Windows Step 1

    1

    Open your computer’s Start menu. The Start menu button looks like a Windows icon on your desktop taskbar.

  2. Image titled Add a User to a Group on Windows Step 2

    2

    Open the File Explorer from the Start menu. This will open a new window.

    • Alternatively, you can open any folder on your computer. This will open a File Explorer window.

    Advertisement

  3. Image titled Add a User to a Group on Windows Step 3

    3

    Right-click This PC on the left sidebar. Find your This PC directory on the left-hand side of the File Explorer window, and open the right-click menu.

  4. Image titled Add a User to a Group on Windows Step 4

    4

    Click Manage on the right-click menu. This will open the Computer Management application in a new window.

  5. Image titled Add a User to a Group on Windows Step 5

    5

    Click the

    Android 7 Expand Right

    icon next to System Tools. Find System Tools on the left sidebar of the Computer Management window, and expand the tabs under it.

    • If you see
      Android 7 Expand More

      next to System Tools, you can skip this step. This means your tabs are already expanded.

  6. Image titled Add a User to a Group on Windows Step 6

    6

    Click the

    Android 7 Expand Right

    icon next to Local Users and Groups. This will expand a list of folders under it.

  7. Image titled Add a User to a Group on Windows Step 7

    7

    Click the Groups folder under Local Users and Groups. This will display all your groups in the Computer Management window.

  8. Image titled Add a User to a Group on Windows Step 8

    8

    Right-click a group in the Groups folder. A drop-down menu will list your options.

  9. Image titled Add a User to a Group on Windows Step 9

    9

    Click Add to Group on the right-click menu. This will open the group properties in a new window.

  10. Image titled Add a User to a Group on Windows Step 10

    10

    Click the Add button in the Properties window. This will allow you to add new users to this group in a new window.

  11. Image titled Add a User to a Group on Windows Step 11

    11

    Enter a username in the «Enter the object names to select» box. Find the username of the user you want to add to this group, and enter it here.

  12. Image titled Add a User to a Group on Windows Step 12

    12

    Click the Check Names button next to the text box. This will find the specified username on your computer, and confirm the user’s folder directory.

  13. Image titled Add a User to a Group on Windows Step 13

    13

    Click the OK button. This will close the Select Users window. You will now see the newly added user’s username in the group properties window.

  14. Image titled Add a User to a Group on Windows Step 14

    14

    Click the Apply button. This will save and apply your group changes to your computer.

  15. Image titled Add a User to a Group on Windows Step 15

    15

    Restart your computer. Restarting will apply and activate your new user and group settings.

  16. Advertisement

Ask a Question

200 characters left

Include your email address to get a message when this question is answered.

Submit

Advertisement

Thanks for submitting a tip for review!

  • You have to be logged in to an administrator account in order to change user and group settings.

Advertisement

About This Article

Thanks to all authors for creating a page that has been read 25,157 times.

Is this article up to date?

In the Groups folder, located in the Local Users and Groups snap-in in the Microsoft Management Console (MMC), both the default local groups and the user-created local groups are displayed. Local default groups are automatically created when you install the operating system. Belonging to a local group gives the user rights and capabilities to perform various tasks on the local computer.

Local user accounts, domain user accounts, computer accounts, and group accounts can be added to local groups.

Learn how to add user to a group from windows command line. You need to run the below steps.

1. Open Command Line as Administrator

Right-click on the Start button (or the key combination WIN + X) and select Command Prompt (Administrator) in the menu that opens.

Step 1 to Add Local Group Member is to Open Command Line as Administrator

2. Run This Command to Add User to Local Group

In command line type following code:

net localgroup group_name UserLoginName /add

For example to add a user ‘mouly’ to Finance group, we can run the below command:

net localgroup Finance mouly /add

Step 1 to Add Local Group Member is to Run This Command

3. Command to Add a Domain User to Local Users Group

In command prompt input this:

net localgroup users domainname\username /add

This command should be run when the computer is connected to the network. Otherwise, you will get the below error.

H:\>net localgroup users domain\user /add

System error 1789 has occurred.

The trust relationship between this workstation and the primary domain failed.

4. Ways to Add User to Different Local Groups

To add a domain user to local administrator group:

net localgroup administrators domainname\username /add

To add a user to remote desktop users group:

net localgroup “Remote Desktop Users” UserLoginName /add

To add a user to debugger users group:

net localgroup “Debugger users” UserLoginName /add

To add a user to Power users group:

net localgroup “Power users” UserLoginName /add

5. To List the Users Belonging to a Particular Group

If you need to get a list of users belonging to a group we can run this command:

net localgroup group_name

Step 5 List the Users Belonging to a Particular Group

6. Manage Local Users and Groups Using Powershell

Recently, Microsoft has added a standard PowerShell module to Windows for managing local users and groups called Microsoft.PowerShell.LocalAccounts. Previously, this cmdlet had to be downloaded and imported separately into PowerShell. In Windows Server 2016 and Windows 10, the LocalAccounts module is now available by default, because It is included with PowerShell 5.1. In earlier versions of Windows, you must install the Windows Management Framework 5.1 to use the local account management module. The module includes 15 cmdlets. The full list of cmdlets in the LocalAccounts module can be displayed as follows:

Get-Command -Module Microsoft.PowerShell.LocalAccounts

Step 6 to Add Local Group Member is to Manage Local Users and Groups Using Powershell

  • Add-LocalGroupMember add user to local group
  • Disable-LocalUser disable local account
  • Enable-LocalUser enable account (unlock)
  • Get-LocalGroup get information about a local group
  • Get-LocalGroupMember get a list of users in a local group
  • Get-LocalUser get local user information
  • New-LocalGroup create a new local group
  • New-LocalUser create user
  • Remove-LocalGroup remove group
  • Remove-LocalGroupMember remove member from group
  • Remove-LocalUser remove local user
  • Rename-LocalGroup Rename Group
  • Rename-LocalUser rename user
  • Set-LocalGroup change group
  • Set-LocalUser change user

Next, we consider several typical tasks for managing local users and groups on a computer with Windows 10 using PowerShell cmdlets that are part of the LocalAccounts module.

7. Managing Local Windows Users with Powershell

List the local Windows users on the computer:

Get-LocalUser

Step 7 to Add Local Group Member is to Managing Local Windows Users with Powershell

As you can see, there are 7 local accounts on the computer, 3 of which are disabled (Enabled = False).

To display all the properties of a specific local account run:

Get-LocalUser -Name ‘root’ | Select-Object *

  • AccountExpires :
  • Description :
  • Enabled : True
  • FullName :
  • PasswordChangeableDate : 4/23/2018 11:23:48 PM
  • PasswordExpires :
  • UserMayChangePassword : True
  • PasswordRequired : False
  • PasswordLastSet : 4/22/2018 11:23:48 PM
  • LastLogon : 7/15/2018 9:04:32 PM
  • Name : root
  • SID : S-1-5-21-3650440056-3766451173-3310994491-1001
  • PrincipalSource : Local
  • ObjectClass : User

To get a specific user attribute, for example, the last time the password was changed, run:

Get-LocalUser -Name ‘root’ | Select-Object PasswordLastSet

Step 7 Get-LocalUser -Name ‘root’ | Select-Object PasswordLastSet

Create a new local user using the New-LocalUser cmdlet. This cmdlet allows you to create the following types of accounts:

  • Local Windows Accounts
  • Microsoft accounts
  • Azure AD accounts

When creating a user account using New-LocalUser, you cannot specify its password as an Open Password argument. Preliminarily, the password must be converted to a safe string by requesting a password online:

$UserPassword = Read-Host –AsSecureString

Or by entering the password directly in the PoSh console:

$UserPassword = ConvertTo-SecureString “Pa$$word!!” -AsPlainText -Force

New-LocalUser “SIvanov” -Password $UserPassword -FullName “Sergey Ivanov” -Description “Local Account remote local account”

To create a user in the AD domain, use the New-ADUser cmdlet.

To change the user’s password, use the Set-LocalUser command (we assume that you have already converted the new password to SecureString):

Set-LocalUser -Name sivanov -Password $UserPassword –Verbose

Step 7 Set-LocalUser -Name sivanov.png

To set the flag “Password never expires” (“Password never expired”), run:

Set-LocalUser -Name sivanov –PasswordNeverExpires $False

As you can see, you do not need to convert the UserAccountControl value, as when managing account properties in AD.

As you remember, you can log in to Windows 10 as Microsoft accounts. If you need to create a new user associated with a Microsoft account, run the following command (note that you do not need to specify an account password, because it is stored in Microsoft).

New-LocalUser -Name “MicrosoftAccount\S[email protected]” -Description “This is Microsoft account”

To create a local account that is associated with your account in Azure AD (for example, you are using Office 365), run the command:

New-LocalUser -Name “AzureAD\[email protected]” -Description “This is AzureAD account”

To remove this local user, run:

Remove-LocalUser -Name sivanov -Verbose

8. Manage Windows Local Groups with Powershell

Now we will display a list of local groups on the computer:

Get-LocalGroup

Step 8 to Add Local Group Member is to Set-LocalUser -Name sivanov.png

Create a new group:

New-LocalGroup -Name 'RemoteSupport' -Description 'Remote Support Group'

Now we will add several local accounts and a group of local administrators to the new group:

Add-LocalGroupMember -Group 'RemoteSupport' -Member ('SIvanov','root', 'Administrators') –Verbose

If your computer is in a domain, you can add groups and domain accounts or groups to the local group. To do this, they must be specified in the format DomainName \ user2 or DomainName \ ’domain admins’.

You can also add a user to groups using the following pipeline (we will add a user to local administrators):

Get-Localuser -Name 'sivanov' | Add-LocalGroupMember -Group 'Administrators'

Let’s list the users in the local group:

Get-LocalGroupMember -Group 'RemoteSupport'

As you can see, we use only local accounts (PrincipalSource – Local). However, there may be domain accounts (domain), Microsoft accounts (MicrosoftAccount) and accounts from Azure (AzureAD)

Step 8 Get Local Group Member

To display the list of groups in which a particular user is a member, you will have to go through all the local groups on the computer:

  • foreach ($LocalGroup in Get-LocalGroup)
  • {
  • if (Get-LocalGroupMember $LocalGroup -Member 'sivanov' –ErrorAction SilentlyContinue)
  • {
  • $LocalGroup.Name
  • }
  • }

To remove a user from a group, run:

Remove-LocalGroupMember -Group 'RemoteSupport' –Member 'sivanov'

To manage local users on a remote computer, you must first connect to it via WinRM with Invoke-Command or Enter-PSSession cmdlets.

For example, we need to collect a list of accounts in a local group on remote computers:

  • $s = new-pssession -computer pc01,pc02,pc03
  • invoke-command -scriptblock {Get-LocalGroupMember -Group 'RemoteSupport'} -session $s -hidecomputername | select * -exclude RunspaceID | out-gridview -title “LocalAdmins”

Consider Using Action1 to Add Local Group Member if:

  • You need to perform an action on multiple computers simultaneously.
  • You have remote employees with computers not connected to your corporate network.

Action1 is a cloud-based platform for remote IT management and encompasses tools such as patch management, software deployment, remote desktop, software/hardware inventory, endpoint management and endpoint configuration reporting.

  • Adguard vpn скачать бесплатно с вечным ключом для windows
  • Adl windows com что это
  • Adguard vpn для windows отзывы
  • Add git to path windows 10
  • Adjustment program epson l3100 l3101 l3110 l3111 l3150 l3151 скачать бесплатно для windows