Microsoft

Using the Computer Management Console's Local Users and Groups snap-in in Windows Server 2003

Windows Server 2003's Local Users and Groups snap-in allows you to manage your environment by creating new objects, adding and removing objects, changing object attributes, and more.

Now that we've investigated the Windows Server 2003 Computer Management Console's Event Viewer and Shared Folders snap-ins, I will walk you through how to use Local Users and Groups. This snap-in is available in all versions of Windows 2000, Windows XP, Windows Server 2003, and Windows Vista.

The Local Users and Groups snap-in allows you to take the following actions on User and Group objects on the local Windows Server 2003 system:

  • View: List the existing Users and Groups available on the local system.
  • Add: Create new User and Group objects on the local system.
  • Edit: Change attributes of existing User and Group objects on the local system.
  • Delete: Remove User and Group objects from the local system.
Note: You can add domain User and Group objects to local Group objects on a Windows Server 2003 system. This Microsoft-recommended practice can help you manage your environment.

To view a listing of available groups on the local system from within the Computer Management Console, follow these steps:

  1. Expand the Local Users And Groups object.
  2. Select the Groups object in the left pane. A listing of available Groups will appear in the right pane of the console.
  3. To view a User object listing, simply highlight the Users object in the left pane of the console.

To add local Users:

  1. Select the User object.
  2. Right-click within the User list in the right pane and select New User.
  3. In the dialog box that appears, enter a Name and Username for the object and click Next.
  4. Specify and confirm a password for the User Account Object.
  5. On the Password screen, you will also need to configure the following options for the Accounts password:
  • User Must Change Password At Next Logon: This prompts the user to set a new password the next time they log on to the account.
  • User Cannot Change Password: The user cannot change the password for the account.
  • Password Never Expires: The password for this account will never expire.
  • Account Is Disabled: The account is not active and cannot be used to log on to Windows.
Note: If you select the User Must Change Password At Next Logon option, the User Cannot Change Password and Password Never Expires options become unavailable until after the next account logon.

  1. After selecting Password and other options as listed above, click the Create button to create the user account.
Creating local groups

The best way to create a group account from the Computer Management Console is by selecting the Groups object in the left pane and right-clicking the list in the right pane to select New Group. This will produce a dialog box asking you to enter a name and a description for the group. After you enter the name and description, click the Add button at the bottom of the dialog box in order to select members for the new group. When you have all of the members assigned, click OK in the selection box and then click Create in the New Group dialog box.

Editing and deleting local users and groups

To edit a user or group object, follow these steps:

  1. Select Users or Groups in the left pane of the Computer Management Console.
  2. Right-click the object you wish to edit.
  3. Select Properties from the context menu.
  4. Modify the necessary properties for the object, then click OK.

You can also edit a user or group object by double-clicking it in the existing list.

To delete an existing user or group object, follow these steps:

  1. Select Users or Groups in the left pane of the Computer Management Console.
  2. In the right pane of the console, right-click the User or Group object you wish to delete.
  3. Select Delete from the context menu. When asked if you are sure you wish to delete this object, select Yes.
Note: When accessing the Computer Management Console, you can connect remotely to other systems to view their resources. The remote systems must be running Windows 2000 or higher.

Next week, I will focus on the Computer Management Console's Device Manager snap-in.

Miss a Windows Server 2003 tip?

Check out the Windows Server 2003 archive, and catch up on the most useful tips from this newsletter.

Stay on top of the latest Windows Server 2003 tips and tricks with our free Windows Server newsletter, delivered each Wednesday. Automatically sign up today!

About Derek Schauland

Derek Schauland has been tinkering with Windows systems since 1997. He has supported Windows NT 4, worked phone support for an ISP, and is currently the IT Manager for a manufacturing company in Wisconsin.

Editor's Picks

Free Newsletters, In your Inbox