Local Users and Groups MMC Snap-in - Enable or Disable

How to Enable or Disable the Local Users and Groups MMC Snap-in


   Information
This will show you how to enable or disable all users on the computer from being able to open and view the Local Users and Groups MMC snap-in window in Vista, Windows 7, and Windows 8.

   Note

You will need to be an administrator to open Local Users and Groups.

In Vista, the Local Users and Groups will only be available in the Business, Ultimate, and Enterpise editions.

In Windows 7, the Local Users and Groups will only be available in the Professional, Ultimate, and Enterpise editions.

In Windows RT, 8, and 8.1, the Local Users and Groups will only be available in the Pro and Enterpise editions.

   Tip
If you wanted to disable the Local Users and Groups MMC, then you should also disable the Computer Management MMC to prevent Local Users and Groups from being opened from within Computer Management.

Computer_Management2.jpg

EXAMPLE: Local Users and Groups MMC Snap-in Disabled
Example-1.jpg

Example-2.jpg




OPTION ONE

Enable or Disable Local Users and Groups using a REG File

1. To Enable Local Users and Groups MMC Snap-in
NOTE: This is the default setting of Not Configured. A) Click on the Download button below to download the file below.
Enable_Local_Users_and_Groups_MMC.reg

Download


B) Go to step 4.
2. To Explicitly Enable Local Users and Groups MMC Snap-in
NOTE: This is for if you have enabled the Restrict users to the explicitly permitted list of snap-ins option to only allow the MMC snap-ins with this setting set to open. A) Click on the Download button below to download the file below.
Explicitly_Enable_Local_Users_and_Groups_MMC.reg

Download


B) Go to step 4.
3. To Disable Local Users and Groups MMC Snap-in A) Click on the Download button below to download the file below.
Disable_Local_Users_and_Groups_MMC.reg

Download


4. Click on Save, and save the .reg file to the desktop.

5. Right click on the downloaded .reg file and click on Merge.

6. Click on Run, Yes, Yes, and OK when prompted.

7. If open, close and reopen Local Users and Groups (lusrmgr.msc) to see the change.

8. When done, you can delete the downloaded .reg file if you like.






OPTION TWO

Enable or Disable Local Users and Groups in Group Policy

1. Open the all users, specific users or groups, or all users except administrators Local Group Policy Editor for how you want this policy applied.

2. In the left pane, click on to expand User Configuration, Administrative Templates, Windows Components, Microsoft Mangement Console, and Restricted/Permitted snap-ins. (see screenshot below) GPEDIT-1.jpg
3. In the right pane, right click on Local Users and Groups and click on Edit. (See screenshot above)

4. To Enable Local Users and Groups MMC Snap-in A) Select (dot) either Not Configured. (see screenshot below step 7)
NOTE: This is the default setting.

B) Go to step 7.
5. To Explicitly Local Users and Groups MMC Snap-in A) Select (dot) either Enabled. (see screenshot below step 7)
NOTE: This is for if you have enabled the Restrict users to the explicitly permitted list of snap-ins option to only allow the MMC snap-ins with this setting set to open.

B) Go to step 7.
6. To Disable Local Users and Groups MMC Snap-in A) Select (dot) Disabled. (see screenshot below step 7)
7. Click on OK. (see screenshot below) GPEDIT-2.jpg
8. Close the Local Group Policy Editor window.

9. If open, close and reopen Local Users and Groups (lusrmgr.msc) to see the change.
That's it,
Shawn






Related Tutorials

 

Attachments

Last edited:
Click to expand...
seems to only aply to the account it's done int
I need to disable this for all accounts on the server but my own ?
 

My Computer My Computer

Computer Manufacturer/Model Number
Dell STUDIO XPS 435T/9000
OS
Windows 7 Home Premium 64bit
CPU
i7 960@3200
Motherboard
Dell 0X501H
Memory
DDR3 3 1GB chips
Graphics Card(s)
NVIDIA GeForce 310
Sound Card
Dell INTEGRATED 7.1
Monitor(s) Displays
dell 20inch
Hello amartin,

It should have been applied to all users on the local computer. I'm not sure about accounts on a server if they are not all local.
 

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self built custom
OS
64-bit Windows 11 Pro for Workstations
CPU
Intel i7-8700K OC'd to 5 GHz
Motherboard
ASUS ROG Maximus XI Formula Z390
Memory
64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz
Graphics Card(s)
ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
Sound Card
Integrated
Monitor(s) Displays
2 x Samsung Odyssey G7 27"
Screen Resolution
2560x1440
Hard Drives
1TB Samsung 990 PRO M.2,
4TB Samsung 990 PRO PRO M.2,
TerraMaster F8 SSD Plus NAS
PSU
Seasonic Prime Titanium 850W
Case
Thermaltake Core P3
Cooling
Corsair Hydro H115i
Keyboard
Logitech wireless K800
Mouse
Logitech MX Master 4
Internet Speed
2 Gb/s Download and 100 Mb/s Upload
Antivirus
Malwarebyte Anti-Malware Premium
Browser
Google Chrome
Other Info
Logitech Z625 speaker system,
Logitech BRIO 4K Pro webcam,
HP Color LaserJet Pro MFP M477fdn,
APC SMART-UPS RT 1000 XL - SURT1000XLI,
Galaxy S23 Plus phone
yea that's what I thought to
granted I am trying to use it in winserver 2012 not 2008
I did a search for this on google and it brot up this thread
 

My Computer My Computer

Computer Manufacturer/Model Number
Dell STUDIO XPS 435T/9000
OS
Windows 7 Home Premium 64bit
CPU
i7 960@3200
Motherboard
Dell 0X501H
Memory
DDR3 3 1GB chips
Graphics Card(s)
NVIDIA GeForce 310
Sound Card
Dell INTEGRATED 7.1
Monitor(s) Displays
dell 20inch
Odd. Are you doing this in Group Policy?
 

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self built custom
OS
64-bit Windows 11 Pro for Workstations
CPU
Intel i7-8700K OC'd to 5 GHz
Motherboard
ASUS ROG Maximus XI Formula Z390
Memory
64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz
Graphics Card(s)
ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
Sound Card
Integrated
Monitor(s) Displays
2 x Samsung Odyssey G7 27"
Screen Resolution
2560x1440
Hard Drives
1TB Samsung 990 PRO M.2,
4TB Samsung 990 PRO PRO M.2,
TerraMaster F8 SSD Plus NAS
PSU
Seasonic Prime Titanium 850W
Case
Thermaltake Core P3
Cooling
Corsair Hydro H115i
Keyboard
Logitech wireless K800
Mouse
Logitech MX Master 4
Internet Speed
2 Gb/s Download and 100 Mb/s Upload
Antivirus
Malwarebyte Anti-Malware Premium
Browser
Google Chrome
Other Info
Logitech Z625 speaker system,
Logitech BRIO 4K Pro webcam,
HP Color LaserJet Pro MFP M477fdn,
APC SMART-UPS RT 1000 XL - SURT1000XLI,
Galaxy S23 Plus phone
yes I load gpedit.msc and do it from there
then I have a test account and trie to load lusrmgr.msc in it
it loads
but wont load from my private account
 

My Computer My Computer

Computer Manufacturer/Model Number
Dell STUDIO XPS 435T/9000
OS
Windows 7 Home Premium 64bit
CPU
i7 960@3200
Motherboard
Dell 0X501H
Memory
DDR3 3 1GB chips
Graphics Card(s)
NVIDIA GeForce 310
Sound Card
Dell INTEGRATED 7.1
Monitor(s) Displays
dell 20inch
Hmm, I must admit that I'm not sure why it's not getting applied to all users if you used the all users except administrators option and no other users are in the administrators group.
 

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self built custom
OS
64-bit Windows 11 Pro for Workstations
CPU
Intel i7-8700K OC'd to 5 GHz
Motherboard
ASUS ROG Maximus XI Formula Z390
Memory
64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz
Graphics Card(s)
ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
Sound Card
Integrated
Monitor(s) Displays
2 x Samsung Odyssey G7 27"
Screen Resolution
2560x1440
Hard Drives
1TB Samsung 990 PRO M.2,
4TB Samsung 990 PRO PRO M.2,
TerraMaster F8 SSD Plus NAS
PSU
Seasonic Prime Titanium 850W
Case
Thermaltake Core P3
Cooling
Corsair Hydro H115i
Keyboard
Logitech wireless K800
Mouse
Logitech MX Master 4
Internet Speed
2 Gb/s Download and 100 Mb/s Upload
Antivirus
Malwarebyte Anti-Malware Premium
Browser
Google Chrome
Other Info
Logitech Z625 speaker system,
Logitech BRIO 4K Pro webcam,
HP Color LaserJet Pro MFP M477fdn,
APC SMART-UPS RT 1000 XL - SURT1000XLI,
Galaxy S23 Plus phone
O I need to aply this to admin class users
 

My Computer My Computer

Computer Manufacturer/Model Number
Dell STUDIO XPS 435T/9000
OS
Windows 7 Home Premium 64bit
CPU
i7 960@3200
Motherboard
Dell 0X501H
Memory
DDR3 3 1GB chips
Graphics Card(s)
NVIDIA GeForce 310
Sound Card
Dell INTEGRATED 7.1
Monitor(s) Displays
dell 20inch
You would only need to do that so that users (ex: your account) in the administrators group wouldn't be affected by the policy.
 

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self built custom
OS
64-bit Windows 11 Pro for Workstations
CPU
Intel i7-8700K OC'd to 5 GHz
Motherboard
ASUS ROG Maximus XI Formula Z390
Memory
64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz
Graphics Card(s)
ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
Sound Card
Integrated
Monitor(s) Displays
2 x Samsung Odyssey G7 27"
Screen Resolution
2560x1440
Hard Drives
1TB Samsung 990 PRO M.2,
4TB Samsung 990 PRO PRO M.2,
TerraMaster F8 SSD Plus NAS
PSU
Seasonic Prime Titanium 850W
Case
Thermaltake Core P3
Cooling
Corsair Hydro H115i
Keyboard
Logitech wireless K800
Mouse
Logitech MX Master 4
Internet Speed
2 Gb/s Download and 100 Mb/s Upload
Antivirus
Malwarebyte Anti-Malware Premium
Browser
Google Chrome
Other Info
Logitech Z625 speaker system,
Logitech BRIO 4K Pro webcam,
HP Color LaserJet Pro MFP M477fdn,
APC SMART-UPS RT 1000 XL - SURT1000XLI,
Galaxy S23 Plus phone
not sure you understand
I want all the users except me to BE effected by it

I have some mistory admin user that wont behave and I need to stop him
but I don't know who it is
 

My Computer My Computer

Computer Manufacturer/Model Number
Dell STUDIO XPS 435T/9000
OS
Windows 7 Home Premium 64bit
CPU
i7 960@3200
Motherboard
Dell 0X501H
Memory
DDR3 3 1GB chips
Graphics Card(s)
NVIDIA GeForce 310
Sound Card
Dell INTEGRATED 7.1
Monitor(s) Displays
dell 20inch
Ah, I see. Sorry.

The problem is since he is an administrator, he will have the user rights be able to just undo anything you set anyways. :(
 

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self built custom
OS
64-bit Windows 11 Pro for Workstations
CPU
Intel i7-8700K OC'd to 5 GHz
Motherboard
ASUS ROG Maximus XI Formula Z390
Memory
64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz
Graphics Card(s)
ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
Sound Card
Integrated
Monitor(s) Displays
2 x Samsung Odyssey G7 27"
Screen Resolution
2560x1440
Hard Drives
1TB Samsung 990 PRO M.2,
4TB Samsung 990 PRO PRO M.2,
TerraMaster F8 SSD Plus NAS
PSU
Seasonic Prime Titanium 850W
Case
Thermaltake Core P3
Cooling
Corsair Hydro H115i
Keyboard
Logitech wireless K800
Mouse
Logitech MX Master 4
Internet Speed
2 Gb/s Download and 100 Mb/s Upload
Antivirus
Malwarebyte Anti-Malware Premium
Browser
Google Chrome
Other Info
Logitech Z625 speaker system,
Logitech BRIO 4K Pro webcam,
HP Color LaserJet Pro MFP M477fdn,
APC SMART-UPS RT 1000 XL - SURT1000XLI,
Galaxy S23 Plus phone
yea I know
hoping he wont know how to hehehe

what logs do we look for to tell who is tampering with the drives
delete format

sorry wrong thread 9simaler problem)

I know what logs to look for when it comes to account tampering
 

My Computer My Computer

Computer Manufacturer/Model Number
Dell STUDIO XPS 435T/9000
OS
Windows 7 Home Premium 64bit
CPU
i7 960@3200
Motherboard
Dell 0X501H
Memory
DDR3 3 1GB chips
Graphics Card(s)
NVIDIA GeForce 310
Sound Card
Dell INTEGRATED 7.1
Monitor(s) Displays
dell 20inch
You must log in or register to reply here.

Similar threads

How to Enable or Disable Tab Groups Auto Create in Microsoft Edge
Replies
0
Views
1K
Brink
Brink
How to Enable or Disable Tab Groups Collapse in Microsoft Edge
Replies
0
Views
2K
Brink
Brink
How do a reload a missing MMC Snap-In ?
Replies
1
Views
3K
SIW2
SIW2
How to Name or Rename Tab Group in Microsoft Edge
Replies
0
Views
1K
Brink
Brink
How to Add Tab to New or Existing Group in Microsoft Edge
Replies
0
Views
723
Brink
Brink
Back
Top