Homepage 5 How-to Articles 5 Adding Local Group Member on Windows Operating System

Adding Local Group Member on Windows Operating System

Manage remote endpoints, deploy software and patches with Action1 cloud RMM solution.

Sign up and use free on up to 50 endpoints with no functionality limits or expiration.

September 6, 2019

In the Groups folder, located in the Local Users and Groups snap-in in the Microsoft Management Console (MMC), both the default local groups and the user-created local groups are displayed. Local default groups are automatically created when you install the operating system. Belonging to a local group gives the user rights and capabilities to perform various tasks on the local computer.

Local user accounts, domain user accounts, computer accounts, and group accounts can be added to local groups.

Learn how to add user to a group from windows command line. You need to run the below steps.

1. Open Command Line as Administrator

Right-click on the Start button (or the key combination WIN + X) and select Command Prompt (Administrator) in the menu that opens.

Step 1 to Add Local Group Member is to Open Command Line as Administrator

2. Run This Command to Add User to Local Group

In command line type following code:

net localgroup group_name UserLoginName /add

For example to add a user ‘mouly’ to Finance group, we can run the below command:

net localgroup Finance mouly /add

Step 1 to Add Local Group Member is to Run This Command

3. Command to Add a Domain User to Local Users Group

In command prompt input this:

net localgroup users domainname\username /add

This command should be run when the computer is connected to the network. Otherwise you will get the below error.

H:\>net localgroup users domain\user /add

System error 1789 has occurred.

The trust relationship between this workstation and the primary domain failed.

4. Ways to Add User to Different Local Groups

To add a domain user to local administrator group:

net localgroup administrators domainname\username /add

To add a user to remote desktop users group:

net localgroup "Remote Desktop Users" UserLoginName /add

To add a user to debugger users group:

net localgroup "Debugger users" UserLoginName /add

To add a user to Power users group:

net localgroup "Power users" UserLoginName /add

5. To List the Users Belonging to a Particular Group

If you need to get a list of users belonging to a group we can run this command:

net localgroup group_name

Step 5 List the Users Belonging to a Particular Group

6. Manage Local Users and Groups Using Powershell

Recently, Microsoft has added a standard PowerShell module to Windows for managing local users and groups called Microsoft.PowerShell.LocalAccounts. Previously, this cmdlet had to be downloaded and imported separately into PowerShell. In Windows Server 2016 and Windows 10, the LocalAccounts module is now available by default, because It is included with PowerShell 5.1. In earlier versions of Windows, you must install the Windows Management Framework 5.1 to use the local account management module. The module includes 15 cmdlets. The full list of cmdlets in the LocalAccounts module can be displayed as follows:

Get-Command -Module Microsoft.PowerShell.LocalAccounts

Step 6 to Add Local Group Member is to Manage Local Users and Groups Using Powershell

  • Add-LocalGroupMember – add user to local group
  • Disable-LocalUser – disable local account
  • Enable-LocalUser – enable account (unlock)
  • Get-LocalGroup – get information about a local group
  • Get-LocalGroupMember – get a list of users in a local group
  • Get-LocalUser – get local user information
  • New-LocalGroup – create a new local group
  • New-LocalUser – create user
  • Remove-LocalGroup – remove group
  • Remove-LocalGroupMember – remove member from group
  • Remove-LocalUser – remove local user
  • Rename-LocalGroup – Rename Group
  • Rename-LocalUser – rename user
  • Set-LocalGroup – change group
  • Set-LocalUser – change user

Next, we consider several typical tasks for managing local users and groups on a computer with Windows 10 using PowerShell cmdlets that are part of the LocalAccounts module.

7. Managing Local Windows Users with Powershell

List the local Windows users on the computer:


Step 7 to Add Local Group Member is to Managing Local Windows Users with Powershell

As you can see, there are 7 local accounts on the computer, 3 of which are disabled (Enabled = False).

To display all the properties of a specific local account run:

Get-LocalUser -Name ‘root’ | Select-Object *

  • AccountExpires :
  • Description :
  • Enabled : True
  • FullName :
  • PasswordChangeableDate : 4/23/2018 11:23:48 PM
  • PasswordExpires :
  • UserMayChangePassword : True
  • PasswordRequired : False
  • PasswordLastSet : 4/22/2018 11:23:48 PM
  • LastLogon : 7/15/2018 9:04:32 PM
  • Name : root
  • SID : S-1-5-21-3650440056-3766451173-3310994491-1001
  • PrincipalSource : Local
  • ObjectClass : User

To get a specific user attribute, for example, the last time the password was changed, run:

Get-LocalUser -Name ‘root’ | Select-Object PasswordLastSet

Step 7 Get-LocalUser -Name ‘root’ | Select-Object PasswordLastSet

Create a new local user using the New-LocalUser cmdlet. This cmdlet allows you to create the following types of accounts:

  • Local Windows Accounts
  • Microsoft accounts
  • Azure AD accounts

When creating a user account using New-LocalUser, you cannot specify its password as an Open Password argument. Preliminarily, the password must be converted to a safe string by requesting a password online:

$UserPassword = Read-Host –AsSecureString

Or by entering the password directly in the PoSh console:

$UserPassword = ConvertTo-SecureString "Pa$$word!!" -AsPlainText -Force

New-LocalUser “SIvanov” -Password $UserPassword -FullName “Sergey Ivanov” -Description “Local Account remote local account”

To create a user in the AD domain, use the New-ADUser cmdlet.

To change the user’s password, use the Set-LocalUser command (we assume that you have already converted the new password to SecureString):

Set-LocalUser -Name sivanov -Password $UserPassword –Verbose

Step 7 Set-LocalUser -Name sivanov.png

To set the flag “Password never expires” (“Password never expired”), run:

Set-LocalUser -Name sivanov –PasswordNeverExpires $False

As you can see, you do not need to convert the UserAccountControl value, as when managing account properties in AD.

As you remember, you can log in to Windows 10 as Microsoft accounts. If you need to create a new user associated with a Microsoft account, run the following command (note that you do not need to specify an account password, because it is stored in Microsoft).

New-LocalUser -Name "MicrosoftAccount\[email protected]" -Description "This is Microsoft account"

To create a local account that is associated with your account in Azure AD (for example, you are using Office 365), run the command:

New-LocalUser -Name "AzureAD\[email protected]" -Description "This is AzureAD account"

To remove this local user, run:

Remove-LocalUser -Name sivanov -Verbose

8. Manage Windows Local Groups with Powershell

Now we will display a list of local groups on the computer:


Step 8 to Add Local Group Member is to Set-LocalUser -Name sivanov.png

Create a new group:

New-LocalGroup -Name 'RemoteSupport' -Description 'Remote Support Group'

Now we will add several local accounts and a group of local administrators to the new group:

Add-LocalGroupMember -Group 'RemoteSupport' -Member ('SIvanov','root', 'Administrators') –Verbose

If your computer is in a domain, you can add groups and domain accounts or groups to the local group. To do this, they must be specified in the format DomainName \ user2 or DomainName \ ’domain admins’.

You can also add a user to groups using the following pipeline (we will add a user to local administrators):

Get-Localuser -Name 'sivanov' | Add-LocalGroupMember -Group 'Administrators'

Let’s list the users in the local group:

Get-LocalGroupMember -Group 'RemoteSupport'

As you can see, we use only local accounts (PrincipalSource – Local). However, there may be domain accounts (domain), Microsoft accounts (MicrosoftAccount) and accounts from Azure (AzureAD)

Step 8 Get Local Group Member

To display the list of groups in which a particular user is a member, you will have to go through all the local groups on the computer:

  • foreach ($LocalGroup in Get-LocalGroup)
  • {
  • if (Get-LocalGroupMember $LocalGroup -Member 'sivanov' –ErrorAction SilentlyContinue)
  • {
  • $LocalGroup.Name
  • }
  • }

To remove a user from a group, run:

Remove-LocalGroupMember -Group 'RemoteSupport' –Member 'sivanov'

To manage local users on a remote computer, you must first connect to it via WinRM with Invoke-Command or Enter-PSSession cmdlets.

For example, we need to collect a list of accounts in a local group on remote computers:

  • $s = new-pssession -computer pc01,pc02,pc03
  • invoke-command -scriptblock {Get-LocalGroupMember -Group 'RemoteSupport'} -session $s -hidecomputername | select * -exclude RunspaceID | out-gridview -title "LocalAdmins"

Consider Using Action1 to Add Local Group Member if:

  • You need to perform an action on multiple computers simultaneously.
  • You have remote employees with computers not connected to your corporate network.

Action1 is a cloud-based platform for remote IT management and encompasses tools such as patch management, software deployment, remote desktop, software/hardware inventory, endpoint management and endpoint configuration reporting.

Related Articles

How To Delete User Profiles Remotely with PowerShell

When a user logs onto the computer for the first time (not via the network to access shared folders or printers), Windows creates a user profile. Among its contents are the NTUSER.DAT file (user profile settings), user-specific folders (My Documents, Desktop, etc.),...

About Action1 RMM

Action1 RMM is a cloud-based IT solution for remote monitoring and management, patching, and remote support.

Start your free two-week trial of Action1, or use RMM tools for free forever on 50 endpoints with no functionality limitations!


Submit a Comment

Your email address will not be published.

cloud patch management solutions action1

MSP Solution

Centralize endpoint management and boost efficiency of IT service delivery.

automated server patch management action compliance

Patch Management

Identify and deploy missing OS and third-party software updates.

cloud software deployment tools windows

Software Deployment

Distribute software and updates across managed endpoints.

software distribution tools software inventory action1

IT Asset Inventory

Keep a detailed inventory and manage hardware and software assets.

web client remote desktop

Remote Desktop

Support users via seamless remote desktop connection.

web based rdp client

Unattended Access

Provide administrative support and manage remote devices.

automated patch management action1

Endpoint Management

Run PowerShell, custom scripts, reboot computers and restart services.

API integrations action1


Integrate Action1 RMM to your IT ecosystem.

computer inventory tool for compliance

Reports and Alerts

Conduct endpoint security audits with comprehensive reporting.