Managing Active Directory Local Users and Groups
Local User Management deals with creating, managing, and securing user and group accounts that are stored locally on a Windows computer. Local user accounts are specific to a computer. Local Users and Groups is a part of the collection of tools that an administrator can use to manage single local computers as well as remote computers. Administrators can set permissions and rights on a local user account or group account on that computer, thereby controlling access to files and folders.
Mục Lục
Local User Accounts
The Users folder in the Local Users and Groups MMC snap-in displays all the default user accounts and the ones created by users with administrative privileges. The default user accounts in the Local Users and Groups utility are the administrator account and the guest account.
The Administrator account has full control of the computer and can assign user rights and access control permissions to users as needed. It is used only for tasks that require administrative credentials and has to be secured with a strong password. This account is disabled by default.
The guest account is used by people who do not have an account on that computer. The administrator and guest accounts are disabled by default.
Local Groups
The Groups folder in the Local Users and Groups MMC snap-in displays all the default local groups and the ones created by administrators or users with administrative privileges. Local groups can hold administrator accounts, local user accounts, domain user accounts, computer accounts, guest accounts, remote desktop user accounts, etc.
Management of Local Users and Groups
Unlike users and groups created in Active Directory or on Internet websites, local user accounts and groups operate on a single Windows client and cannot be moved between computers. A local user can be used for the following on a Windows client:
- Authentication and control
- Assignment of rights or permissions
- Management of resource access
A local group is a set of one or more accounts managed on a single client, consisting of local and/or Active Directory users. Local groups can also be used to manage access or assign rights and permissions to several users at once, depending on business needs or user requirements. A local group can have many members and a user account can be a member of many groups.
Local user and group management
Opening Local Users and Groups Manager
The following are some ways to open the Local Users and Groups Manager:
Method 1: Through RUN command
- Go to Start → Run.
- Type lusrmgr.msc and hit ENTER.
Method 2: Through the Computer Manager
- Go to Start. Type Computer Management and hit ENTER.
- In the left pane of the Computer Management window, click Local Users and Groups.
Creating a Local User Account
The following steps illustrate how to create a local user account:
- Open Local Users and Groups.
- Right-click Users and click New User.
- Type in the User name, Full name, and a Description. Check or uncheck the password requirements.
- Click Create and Close.
Resetting Password for a Local User Account
The following steps illustrate how to reset a local user account:
- Open Local Users and Groups.
- Right-click the required user account, and click Set Password. Click Proceed.
- Type the new password in the New password and Confirm password fields. Click OK.
Resetting password of a local user
Deleting a Local User Account
The following steps illustrate how to delete a local user account:
- Open Local Users and Groups.
- In the left pane, click System Tools → Local Users and Groups. Right-click the required user account, and click Delete.
Creating a Local Group
The following steps illustrate how to create a local user account:
- Open Local Users and Groups.
- Right-click Groups and click New Group.
- Type in the Group Name and a Description.
- Click Add to add members to this group. Specify the name of the user or group or computer to be added.
- Click Create and Close.
Creating a new local users group
Deleting a Local Group
The following steps illustrate how to create a local user account:
- Open Local Users and Groups.
- Under Groups, right-click on the required group, and click Delete.
People also read
Active Directory User Object: An Introduction
Authenticating and authorizing objects in AD
How to locate Active Directory Objects