What is a User Group in Windows?
Windows offers a useful feature called user groups, so to make it easier for users to manage permissions and other user accounts.
Managing user accounts is one of your primary tasks as a Microsoft Windows administrator.
The permissions and privileges you assign to user and group accounts determine which actions users can perform, as well as which computer systems and resources they can access.
A group accounts is really just a collection of user accounts. Rights and permissions are assigned to a group, and then those rights and permissions are granted to any account that’s a member of the group. Group membership can determine a user’s access to files, folders, and even system settings.
- Local groups - are the user groups that exist on your Windows computer or device. They are defined locally and can be managed from the Local Users And Groups tool. These are the user groups that home users work with and the ones that we’re going to talk about in this tutorial.
- Security groups - have security descriptors associated with them. Security groups are used in Windows domains with Active Directory.
- Distribution groups - are useful for distributing e-mails for users that belong to domains with Active Directory.
The Security groups and the Distribution groups are user groups that are used in business environments and company networks. System administrators utilize groups to limit user access to features of the operating system which they shouldn't modify or set different levels of access for the applications that are available on the company's network.
User groups are an important security feature that is aimed primarily at simplifying the management of a large number of users permissions and privileges on the system and network.
The strength of user groups resides in the fact that they offer a centralized way of managing multiple user permissions without having the need to configure each account separately.
When a user group receives access to a certain resource, all the user accounts that are part of that group receive access to the resource in question. Note that although you can and must use a user account to log in to a Windows computer or device, you cannot use a user group to log in.
There are many types of user groups that exist, by default, on all Windows computers. Here are the most important and useful of them:
- Administrators: the users from this group have full control of the Windows computer and everything on it, including other user accounts.
- Backup Operators: user accounts from this group can backup and restore files on the Windows computer, regardless of the permissions of those files.
- Guests: users from this group have temporary profiles set when they log on, which are automatically deleted when they log out.
- Power Users: can do almost everything administrators can, including creating other user accounts or even deleting them. However, they cannot change the settings for the Administrators group.
- Users: are the standard user accounts. They are the users who can do all the common things people do on their computers, like browsing the internet, using the apps installed, access the files on the computer or printing. However, standard users cannot do things like creating other user accounts, they cannot install applications on the computer, and they cannot install a printer on the computer.
By default, the only users who are allowed to make changes to user groups are the ones who belong to the Administrators or the Power Users groups.
You can manage Windows group accounts by logging into the right user account.
Open the Computer Management tool by pressing Windows + R keys to open Run box and type Compmgmt.msc, click OK button.
From Computer Management tool, click Local Users and Groups > Groups.
Note: Computer Management tool available only in some Windows editions: Windows 7 Professional, Ultimate and Enterprise, Windows 8.1 Pro and Enterprise, and Windows 10 Pro and Enterprise.
There is also Net LocalGroup command, which can be use to manage group accounts.
Open the Command Prompt by clicking Start Menu --> All Programs --> Accessories, right-click on Command Prompt, and open it as an administrator. In Windows Vista and later versions of Window operating systems type cmd.exe into Start Screen or Start Menu, right-click on Cmd.exe, and open it as an administrator.
Type following command and press Enter key to view list of group accounts.
Type following command and press Enter key to view the help document of Net LocalGroup command.
Net Help Localgroup
To find out what user groups a user account is part of, execute following command.
Above command will list all the user accounts on Windows.
Execute following command for any user account that you want to learn which group acounts this user account member of.
Net User FreeBooter
Type following command and press Enter key to view the help document of Net User command.
Net Help User
Group Accounts are a powerful feature that can be very useful when you have computers that are used by a two or more people. It saves you a lot of time and effort when managing multiple user accounts and provides a centralized way of doing it.