Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: User Accounts - Add or Remove from Groups



User Accounts - Add or Remove from Groups

How to Add or Remove User Accounts from Groups in Vista, Windows 7, and Windows 8
Published by Brink
11 Aug 2010
Published by

How to Add or Remove User Accounts from Groups in Vista, Windows 7, and Windows 8

information   Information
This will show you how to limit the ability of users to be able to perform certain actions by adding or removing their user accounts from being a member of groups and the group's default rights and permissions. Belonging to a local group gives a user the rights and abilities to perform various tasks on the local computer.

You can add local user accounts, domain user accounts, computer accounts, and group accounts to local groups.

You must be logged in as an administrator to be able to do this tutorial.

warning   Warning
Be sure to always have at least one user account that is a member of the Administrators group. You will lose access to everything that a standard user (Users group) cannot open if you do not.
Note   Note
The following table provides descriptions of the default groups that are located in the Groups folder. The table also lists the default user rights for each group. These user rights are assigned in the local security policy.

GroupDescriptionDefault user rights
  
Administrators
  
 Members of this group have full control of the computer, and they can assign user rights and access control permissions to users as necessary. The Administrator account is a default member of this group. When a computer is joined to a domain, the Domain Admins group is added to this group automatically. Because this group has full control of the computer, use caution when you add users to it.Adjust memory quotas for a process, Allow logon locally, Allow logon through Remote Desktop Services, Back up files and directories, Bypass traverse checking, Change the system time, Change the time zone, Create a page file, Create global objects, Create symbolic links, Debug programs, Force shutdown from a remote system, Impersonate a client after authentication, Increase scheduling priority, Load and unload device drivers, Log on as a batch job, Manage auditing and security log, Modify firmware environment variables, Perform volume maintenance tasks, Profile single process, Profile system performance, Remove computer from docking station, Restore files and directories, Shut down the system, Take ownership of files or other objects
  
Backup Operators
  
 Members of this group can back up and restore files on a computer, regardless of any permissions that protect those files. This is because the right to perform a backup takes precedence over all file permissions. Members of this group cannot change security settings.Access this computer from the network, Allow logon locally, Back up files and directories, Bypass traverse checking, Log on as a batch job, Restore files and directories, Shut down the system
  
Cryptographic Operators
  
 Members of this group are authorized to perform cryptographic operations.No default user rights
  
Distributed COM Users
  
 Members of this group are allowed to start, activate, and use DCOM objects on a computer.No default user rights
  
Guests
  
 Members of this group have a temporary profile created at log on, and when the member logs off, the profile is deleted. The Guest account (which is disabled by default) is also a default member of this group.No default user rights
  
IIS_IUSRS
  
 This is a built-in group that is used by Internet Information Services (IIS). No default user rights
  
Network Configuration Operators
  
 Members of this group can make changes to TCP/IP settings, and they can renew and release TCP/IP addresses. This group has no default members.No default user rights
  
Performance Log Users
  
 Members of this group can manage performance counters, logs, and alerts on a computer both locally and from remote clients without being a member of the Administrators group.No default user rights
  
Performance Monitor Users
  
 Members of this group can monitor performance counters on a computer locally and from remote clients without being a member of the Administrators group or the Performance Log Users groupsNo default user rights
  
Power Users
  
 By default, members of this group have no more user rights or permissions than a standard user account. The Power Users group in previous versions of Windows was designed to give users specific administrator rights and permissions to perform common system tasks. In this version of Windows, standard user accounts inherently have the ability to perform most common configuration tasks, such as changing time zones. For legacy applications that require the same Power User rights and permissions that were present in previous versions of Windows, administrators can apply a security template that enables the Power Users group to assume the same rights and permissions that were present in previous versions of Windows.No default user rights
  
Remote Desktop Users
  
 Members of this group can log on to the computer remotely.Allow logon through Remote Desktop Services
  
Replicator
  
 This group supports replication functions. The only member of the Replicator group should be a domain user account that is used to log on the Replicator services of a domain controller. Do not add user accounts of actual users to this group.No default user rights
  
Users (Standard user)
  
 Members of this group can perform common tasks, such as running applications, using local and network printers, and locking the computer. Members of this group cannot share directories or create local printers. By default, the Domain Users, Authenticated Users, and Interactive groups are members of this group. Therefore, any user account that is created in the domain becomes a member of this group.Access this computer from the network, Allow logon locally, Bypass traverse checking, Change the time zone, Increase a process working set, Remove the computer from a docking station, Shut down the system
  
Offer Remote Assistance Helpers
  
 Members of this group can offer Remote Assistance to the users of this computer.No default user rights





OPTION ONE
Through "Users" Folder in Local Users and Groups
1. Open Local Users and Groups, and click on the Users folder in the left pane. (see screenshot below)
User Accounts - Add or Remove from Groups-lusmgr-1.jpg
2. In the middle pane, double click on a user account name that you want to add or remove a user from being a member of groups. (see screenshot above)

3. To Remove a User Account from being a Member of a Group
A) Click on the Member Of tab. (see screenshot below)
Name:  LUSMGR-2_Remove.jpg
Views: 11152
Size:  44.1 KB
B) Select (highlight) the group(s) that you want to remove the user from being a member of, and click on the Remove button. (see screenshot above)
NOTE: You can press and hold the CTRL key to select more than one listed group.

C) When finished, click on OK. (see screenshot below)
Name:  LUSMGR-3-Remove.jpg
Views: 10982
Size:  42.5 KB
4. To Add a User Account to be a Member of a Group
A) Click on the Member Of tab, and click on the Add button. (see screenshot below)
Name:  LUSMGR-4_Add.jpg
Views: 10979
Size:  42.1 KB
B) Click on the Advanced button. (see screenshot below)
Name:  LUSMGR-5_Add.jpg
Views: 10947
Size:  35.2 KB
C) Click on the Find Now button. (see screenshot below)
Name:  LUSMGR-6_Add.jpg
Views: 10959
Size:  56.0 KB
D) In the bottom pane under Search results, select the group(s) that you want to add the user account to be a member of and click on OK. (see screenshot below)
NOTE: You can press and hold the CTRL key to select more than one listed group
Name:  LUSMGR-7_Add.jpg
Views: 10995
Size:  98.1 KB
E) Click on OK. (see screenshot below)
Name:  LUSMGR-8_Add.jpg
Views: 10904
Size:  38.0 KB
F) When finished, click on OK. (see screenshot below)
Name:  LUSMGR-9_Add.jpg
Views: 10883
Size:  43.4 KB
5. When finished, close the Local Users and Groups window. (see screenshot below step 1)



OPTION TWO
Through "Groups" Folder in Local Users and Groups
1. Open Local Users and Groups, and click on the Groups folder in the left pane. (see screenshot below)
User Accounts - Add or Remove from Groups-groups-1.jpg
2. In the middle pane, double click on a group that you want to add or remove a user account from being a member of. (see screenshot above)

3. To Remove a User Account from being a Member of a Group
A) Select (highlight) the user account name(s) that you want to remove the from being a member of this group, and click on the Remove button. (see screenshot below)
NOTE: You can press and hold the CTRL key to select more than one listed group.
Name:  Groups_remove-1.jpg
Views: 10871
Size:  53.8 KB
B) When finished, click on OK. (see screenshot below)
Name:  Groups_remove-2.jpg
Views: 10839
Size:  52.3 KB
4. To Add a User Account to be a Member of a Group
A) Click on the Add button. (see screenshot below)
Name:  Groups_add-1.jpg
Views: 10840
Size:  53.9 KB
B) Click on the Advanced button. (see screenshot below)
Name:  Groups_add-2.jpg
Views: 10812
Size:  36.3 KB
C) Click on the Find Now button. (see screenshot below)
Name:  Groups_add-3.jpg
Views: 10811
Size:  54.1 KB
D) In the bottom pane under Search results, select the user account name(s) that you want to add to be a member of this group and click on OK. (see screenshot below)
NOTE: You can press and hold the CTRL key to select more than one listed user account.
User Accounts - Add or Remove from Groups-groups_add-4.jpg
E) Click on OK. (see screenshot below)
Name:  Groups_add-5.jpg
Views: 10790
Size:  39.5 KB
F) When finished, click on OK. (see screenshot below)
Name:  Groups_add-6.jpg
Views: 10779
Size:  54.4 KB
5. When finished, close the Local Users and Groups window. (see screenshot below step 1)



OPTION THREE
Using an Elevated Command Prompt
1. Open an elevated command prompt.

2. To Add a User Account to be a Member of a Group
A) In the elevated command prompt, type the command below and press Enter. (see screenshot below)

Note   Note
You would substitute the items in red in the command below with this:

GroupName = The actual name of the group.

ComputerName = The computer name or domain name that the user account is located on within quotes.

UserName = The actual name of the user account.

net localgroup "GroupName" ComputerName\UserName /add

For example: If I wanted to add the user account named Standard to be a member of the Administrators group on my computer named Brink-PC, I would type the command below and press Enter.

net localgroup "Administrators" Brink-PC\Standard /add

Name:  CMD-add.jpg
Views: 10941
Size:  39.1 KB
B) Go to step 4.
3. To Remove a User Account from being a Member of a Group
A) In the elevated command prompt, type the command below and press Enter. (see screenshot below)

Note   Note
You would substitute the items in red in the command below with this:

GroupName = The actual name of the group.

ComputerName = The computer name or domain name that the user account is located on within quotes.

UserName = The actual name of the user account.

net localgroup "GroupName" ComputerName\UserName /delete

For example: If I wanted to remove the user account named Standard from being a member of the Administrators group on my computer named Brink-PC, I would type the command below and press Enter.

net localgroup "Administrators" Brink-PC\Standard /delete
Name:  CMD-remove.jpg
Views: 10824
Size:  39.3 KB
B) Go to step 4.
4. When finished, close the elevated command prompt.
That's it,
Shawn






Related Tutorials

.

11 Dec 2011   #1
Brink
Microsoft MVP

64-bit Windows 8.1 Enterprise
 
 

The tutorial has been updated by adding OPTION THREE to be able to add or remove users from or to groups in a elevated command prompt no matter what edition of Windows 7 you have installed.

My System SpecsSystem Spec
.

10 Jun 2013   #2
rovopio

windows 7 home premium 64bit
 
 

Dear Shawn, hi how are you? this is KP.

I have a simple question, but i apologize in advance that the explanation would be quite long. Yesterday I found out I have a lock icon on My Documents folder. I was looking for a way to remove the icons, and then I found this post (which is exactly my case).

How to remove lock icon over my folder

I shared to homegroup and then unshared My Docs folder and the inheritance isn't restored. I followed that post and all is well.

However, before I found that post, I followed this instruction first, Remove Lock Icon from An Article
I will put the images from that article here, (apologies for hotlinking i will remove it soon)








I want to remove the Computer-Name\Users account. Im using windows 7 Home Premium, now I'm stuck with 2 user account because i followed the above tutorial, Computer-Name\Administrators and Computer-Name\Users. I wanted to delete the Computer-Name\Users, may i ask how to delete that with Win 7 home premium? (since i cant go to lusrmgr.msc)

sidenote: I've tried net localgroup "Users" Computer-Name\Users /delete, but i still cant delete it "there is no such global user or group:Computer-Name\Users"

thank you in advance for your continued help to my Qs about win 7. here's a virtual beer :beer:


KP!
My System SpecsSystem Spec
10 Jun 2013   #3
Brink
Microsoft MVP

64-bit Windows 8.1 Enterprise
 
 

Hello KP,

I'm doing fine thank you. I hope you are as well.

If your "C:\Users\(user-name)\My Documents" folder no longer has inheritable permissions from your users folder, then go through the steps below to restore them. Afterwards, please post screenshots showing your security and permission settings of your My Documents folder to see what we're working with the rest.
  1. Right click on your "C:\Users\(user-name)\My Documents" folder, and click on Properties.
  2. Click on Security tab, and click on Advanced button.
  3. In Permissions tab, click on Change Permissions button.
    User Accounts - Add or Remove from Groups-inheritable_permissions-1.jpg
  4. Check both options, and click on OK.
    Name:  inheritable_permissions-2.jpg
Views: 10551
Size:  88.6 KB
  5. Click on Yes, and OK your way out until finished.
    Name:  inheritable_permissions-3.jpg
Views: 10529
Size:  30.8 KB


My System SpecsSystem Spec
10 Jun 2013   #4
rovopio

windows 7 home premium 64bit
 
 

hi brink, tq for your help as always!!

regarding lock icon, yes i've managed to removed the lock icon from My Docs before posting yesterday, i followed someone's post on this thread on sevenforums How to remove lock icon over my folder
it's basically the same instruction as you've just posted and my inheritable permissions are fine now.

however, before i found that tutorial,... i followed this tutorial from howtogeek Remove the Lock Icon from a Folder in Windows 7








and since i did that, now i have...

Authenticated User
System
Administrators (Kungfu\Administrator)
and Users (Kungfu\Users)

on my security. i want to delete the Users that i got from following that tutorial >_<. i cant access lusrmgr.msc and i tried net localgroup "Users" Computer-Name\Users /delete to no avail.

What should I do to delete Users? I prefer my Group to return to Authenticated Users, System, and Admin like before.

cheers,

KP!
My System SpecsSystem Spec
10 Jun 2013   #5
Brink
Microsoft MVP

64-bit Windows 8.1 Enterprise
 
 

KP,

What you are wanting is to add or remove users and groups for access permission of a specific file, while the tutorial is for having user accounts added or removed to/from groups instead.

While in properties, are you able to click on Edit in Security tab, select Users (Kungfu\Users) group, and click on the Remove button, and on OK twice to remove that group?

Permissions - Allow or Deny Users and Groups
My System SpecsSystem Spec
10 Jun 2013   #6
rovopio

windows 7 home premium 64bit
 
 

brink,
tq for the fast response.

There is a misunderstanding here. Idk how to say it in a concise manner, so apologies for having to bear with me. I suck at explaning but I hope after this long post, it clears it all.

Yes, what i wanted is to remove Users (Kungfu\Users) completely, not only from My Docs.


so... Users (Kungfu\Users) was created because i followed the howtogeek tutorial. So previously I only have Authenticated Users SYSTEM and Administrators (Kungfu\Administrators) on every folder. Like this...,




Now in every folder i have, i.e. my Work folder, play folder, random folder, etc, I have those three Accounts, and Users (Kungfu\Users). Like this...



If I click Edit Remove on security tab as you suggested, it only removed that Users (Kungfu\Users) on that specific folder. I want to remove that (Kungfu\Users) group completely that I accidentally created.

-----------------------
ps1: I copy-pasted the images repeatedly because I am aware that I am lacking in explaining department (as evident by this exchange), and I assume that copy-pasting the picture would provide context.

ps2: I wrote about My Docs Lock initially as a context on how I ended up inadvertently created the Users (Kungfu\Users) and how at this point, I want to delete that User group completely.

ps3: So... no hard feeling and its not like I'm not following your explanation or anything, I just suck at explaining.
(Your 1st reply steps, I did that before I posted my first post. Your second reply steps, I didnt do that because I want to remove Users Kungfu\Users completely).
So.. I sort of sucks at explaining. Can't put that on bold enough. lol


Thank you for being generous as always btw. Hope this long post clears the misunderstanding.


Cheers,

KP
My System SpecsSystem Spec
10 Jun 2013   #7
Brink
Microsoft MVP

64-bit Windows 8.1 Enterprise
 
 

KP,

No worries.

Is "Kungfu" your computer name?

If so, you may have added it to the permissions list of the folder, but you didn't create it. It shows as Kungfu/Users for (Computer name)/"Users" group.

You cannot delete the actual "Users" group as it's part of Windows and is needed to allow members of the users group access to files, folders, etc....

You'll have to manually remove "Users" from any folder that you do not want to allow user accounts that are members of the "Users" group access to. Be very careful to make sure that either your user account or the "Administrators" group is listed in the permissions of the folder. If not, then you will block yourself access to it when you remove "Users".

Permissions - Allow or Deny Users and Groups
My System SpecsSystem Spec
Comment

 User Accounts - Add or Remove from Groups




Tutorial Tools



Similar help and support threads for2: User Accounts - Add or Remove from Groups
Windows 7 Tutorial Category
[W7] User management on Family PC - Admin and user groups Installation & Setup
Solved Does an Upgrade Installation retain User Accounts and Groups? Installation & Setup
Solved Custom user groups Win7 Pro...is it possible? General Discussion
User Rights Assignment - Add or Remove Users and Groups Tutorials
How to remove programs in standard user accounts? General Discussion
what user groups am I in? General Discussion
User Accounts / Manage Accounts Blank General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 04:52 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33