on September 4, 2010
On Windows OS we can find the list of local user groups created on a system from Contorl Panel -> User Accounts. This information can be obtained from command line also using net command. Syntax is shown below.
net localgroup
Example: Running this command shows the following local groups on my system.
C:\>net localgroup Aliases for \\techblogger-pc ---------------------------------------------------------------------------- *Administrators *Backup Operators *Debugger Users *Guests *Network Configuration Operators *Power Users *Remote Desktop Users *Replicator *Users The command completed successfully.
How to list the users in a local group?
Use the below command to know the list of members of a group from command line.
net localgroup groupName
For example to get the list of all remote desktop users on a system we can run the below command.
net localgroup "Remote Desktop users"
How to find the list of all groups a user is member of?
You can run the below command to list the groups a user is member of. This command prints the details of the given user account. You can find the group membership information in the last two line of this command output.
net user userName
Example:
H:\>net user John User name John Full Name Comment User's comment Country code 000 (System Default) Account active Yes Account expires Never Password last set 12/2/2010 11:00 PM Password expires 4/1/2011 11:00 PM Password changeable 12/2/2010 11:00 PM Password required Yes User may change password Yes Workstations allowed All Logon script User profile Home directory Last logon Logon hours allowed All Local Group Memberships *Debugger Users *Users Global Group memberships *None
Related Posts:
Add user to group from windows command line
Remove user from group using windows command prompt
We use the command net localgroup to display and manage groups from the command prompt (CMD or PowerShell) in the Windows operating system.
Administrators can perform the following tasks using the net localgroup command:
- Add new groups to the local computer or domain.
- Remove existing groups from the local computer or domain.
- Add users and groups to the Windows groups.
- Remove users and groups from Windows groups.
Command options
| GroupName | Name of the group to be added or modified. If the group name includes spaces, enclose it in quotation marks. |
| /domain | Use this command switch to execute the net localgroup command on the Active Directory domain controller rather than on the local computer. |
| /add | Use this option to add new groups to the Windows system or add users to existing groups. |
| /delete | Use this option to delete groups or remove members from groups. |
| /comment:»text» | Adds a description to a Windows group. |
Notes
When operating in an Active Directory domain environment, always use the /domain command switch.
There is another Windows command, the net group, which has the same syntax as the net localgroup. The net group command creates global groups; the net localgroup command creates local groups.
In the CMD, you can get help by running the net help localgroup command.
Next, we will learn more about the net localgroup command by looking at several examples.
Display Information on Existing Windows Groups
We can use the net localgroup command to list groups and view detailed information about a particular group.
To get a list of groups on the local computer, type net localgroup and press Enter:
net localgroupTo do the same thing on an Active Directory domain controller, use the /domain command switch:
net localgroup /domainTo get detailed information about a group, type net localgroup followed by the group name. For example, to view the Administrators group, you will run the following command:
net localgroup Administrators
net localgroup /domain AdministratorsThe command lists the users in the Administrators group.
Add/Delete Groups
To add a new local group, use the following syntax, where GroupName is the name of the new group:
net localgroup /add GroupNameFor example, to create a group called sales, you will run the following command:
net localgroup /add salesTo remove a group from Windows, use the /delete option. For example, to remove an existing group called sales, you will run the following command:
net localgroup /delete salesAdd a description while creating the group:
net localgroup /add sales /comment:"This is Sales Group"Add a description to the existing group:
net localgroup sales /comment:"Sales group"Add (or Remove) User to the Groups
To add a user to a group, use the following syntax:
net localgroup /add GroupName UserNameThe following command adds user user1 to the sales group:
net localgroup /add sales user1You can add multiple users to a group at once:
net localgroup /add sales user1 user2To remove a user from a group, use the /delete option:
net localgroup /delete sales user1
net localgroup /delete sales user1 user2Examples
List all the local groups:
net localgroupAdd a new local group called sales:
net localgroup /add salesDelete sales group:
net localgroup /delete salesThis command lists the users in the Remote Desktop Users group:
net localgroup "Remote Desktop Users"The following command adds user user1 to the Remote Desktop Users group:
net localgroup /add "Remote Desktop Users" user1The following command removes user1 from the Remote Desktop Users group:
net localgroup /delete "Remote Desktop Users" user1What Next?
That brings the end to this tutorial. Next, you can learn the net user command, which is used to manage Windows users from the command prompt.
cmd Viewing user groups
Viewing user groups in the Windows Command Prompt (cmd) allows you to see the various groups that exist on your system, as well as which users are part of those groups. This is particularly useful for system administrators who need to manage permissions and access rights effectively. Below, I’ll explain how to view user groups in cmd, along with examples and expected outputs.
1. Viewing All User Groups
To view all user groups on your Windows system, you can use the net localgroup command.
Basic Syntax:
Example:
To list all local groups, simply enter:
Output:
Output Explanation:
- This command displays a list of all local groups on the computer. Groups like
Administrators,Guests, andUsersare commonly found on Windows systems.
2. Viewing Members of a Specific User Group
To view the members of a specific user group, you can use the net localgroup command followed by the group name.
Basic Syntax:
Example:
To view the members of the Administrators group, enter:
Output:
Output Explanation:
- This command lists all users that are members of the
Administratorsgroup. In this example,YourUsernameandAdministratorare shown as members.
3. Viewing Group Membership of a Specific User
To view which groups a specific user belongs to, you can use the net user command followed by the username.
Basic Syntax:
Example:
To view the group memberships of a user named YourUsername, enter:
Output:
Output Explanation:
- This command provides detailed information about the specified user, including their local group memberships (e.g.,
Usersin this case).
4. Summary
Viewing user groups in the Windows Command Prompt can be accomplished using commands like net localgroup to list all groups and net user to find group memberships for specific users. These commands are valuable for managing user access and permissions within a Windows environment, helping administrators ensure that users have appropriate rights based on their roles.
Native Auditing
Netwrix Auditor for Windows Server
Steps
- Open the PowerShell ISE → Connect to the computer from which you want to get a list of all local groups by running the following cmdlet and entering appropriate credentials:
Enter-PSSession computername -Credential Enterprise\T.Simpson
- Run the following script on each workstation from which you need to get a list of local groups, specifying the network path for export:
Get-LocalGroup | select name | Out-File \\fs1\shared\IT\scripts\localgroups.csv
- Open the file produced by the script in MS Excel.
Sample report:
- Run Netwrix Auditor → Navigate to «Reports» → Expand the «Windows Server» section → Go to «Windows Server – State-in-Time» → Select «Local Users and Groups» → Click «View».
- Set the «Type» filter to «Group».
- To save the report, click the «Export» button → Choose a format from the dropdown menu → Click «Save».
Sample report:
List Local Groups on Your Windows Servers in Couple Clicks
Monitoring local groups listings is essential to Microsoft Windows Server 2016 security. Sometimes Active Directory groups or user accounts are added to the local Administrators group or other privileged groups on a local machine so users can install the programs they need to do their jobs, connect to the workstation remotely, make backups and so on. While this approach reduces helpdesk workload, it significantly increases security risks on your systems by increasing the attack surface area and the risk of privilege abuse. By carefully monitoring the membership of local groups, you can reduce these risks.
If you have enough PowerShell knowledge and experience, you can create a script that lists all local groups, including the local Administrators group. By running this script periodically and comparing the result with your baselines, you can find out whether any rogue groups have been created. But this is not a very convenient way to achieve even that limited goal because you’ll have to run the script on each machine you are interested in and there is no way to get it from the number of servers with one script.
Netwrix Auditor for Windows Server makes it easy to review the list of all local groups and also see all the members of each group. Unlike manual scripting, Netwrix Auditor automatically retrieves this information from the number of servers and provides you with the list of local groups for each server in one click. Reviewing the report on a regular basis will help you establish your baseline and spot any deviations that violate your security policy.
Receive information about local groups on a regular basis right to your inbox by subscribing to the report and, thus, facilitating good IT housekeeping.
If you also need to track all user objects membership is these groups, navigate to how to get local group membership report page.
How to List Local Users and Groups In PowerShell
Windows users and groups are a way to manage access to resources on a computer. Users can be added to groups, and the permissions for the group can be set to allow or deny access to specific resources, such as files, folders, and system settings.
There are several built-in groups in Windows, such as the Administrators group, which has full control over the computer, and the Users group, which has limited access. You can also create custom groups and add users to them.
However, as a sys administrator, you will often be working in the terminal session, and managing users and groups from the terminal can be hugely beneficial.
In this post, you will learn how to list users and groups in Windows using Windows PowerShell.
List Windows Users in PowerShell using Get-LocalUser Cmdlet.
The Get-LocalUser cmdlet is a PowerShell cmdlet that retrieves the local user accounts on a computer. It returns a list of Microsoft.Management.Infrastructure.CimInstance objects that represent the local user accounts.
By default, the cmdlet returns all local user accounts on the computer. Example:
Get-LocalUserThis should return details of the available user accounts as:
Name Enabled Description
---- ------- -----------
admin True
Administrator False Built-in account for administering the computer/domain
DefaultAccount False A user account managed by the system.
Guest False Built-in account for guest access to the computer/domain
WDAGUtilityAccount False A user account managed and used by the system for Windows....You can also use the -Name parameter to specify a specific user account by name. For example, to get the local user account with the name “admin”, you can use the following command:
Get-LocalUser -Name "admin"Output:
Name Enabled Description
---- ------- -----------
admin TrueThe Get-LocalUser cmdlet has several other parameters that allow you to control the properties that are returned for each user account, such as FullName, Description, and PasswordLastSet. You can use these parameters to customize the output of the cmdlet.
For example, to list the names only of all local user accounts, you can use the following command:
Get-LocalUser | Select-Object NameOutput:
Name
----
admin
Administrator
DefaultAccount
Guest
WDAGUtilityAccountList Users in PowerShell Using net Command
You can also use the net command to list users and groups. To list all users, you can use the following command:
net userOutput:
User accounts for \\SERVER
-------------------------------------------------------------------------------
admin Administrator DefaultAccount
Guest WDAGUtilityAccount
The command completed successfully.List Users in PowerShell Using Get-WmiObject Cmdlet
You can also use the Get-WmiObject cmdlet to list users and groups. To list all users, you can use the following command:
Get-WmiObject -Class Win32_UserAccountOutput:
AccountType : 512
Caption : SERVER\admin
Domain : SERVER
SID : S-1-5-21-697903660-3891131852-320673488-1001
FullName :
Name : admin
AccountType : 512
Caption : SERVER\Administrator
Domain : SERVER
SID : S-1-5-21-697903660-3891131852-320673488-500
FullName :
Name : Administrator
AccountType : 512
Caption : SERVER\DefaultAccount
Domain : SERVER
SID : S-1-5-21-697903660-3891131852-320673488-503
FullName :
Name : DefaultAccount
AccountType : 512
Caption : SERVER\Guest
Domain : SERVER
SID : S-1-5-21-697903660-3891131852-320673488-501
FullName :
Name : Guest
AccountType : 512
Caption : SERVER\WDAGUtilityAccount
Domain : SERVER
SID : S-1-5-21-697903660-3891131852-320673488-504
FullName :
Name : WDAGUtilityAccountList Groups in PowerShell using Get-LocalGroup Cmdlet
The Get-LocalGroup cmdlet is a PowerShell cmdlet retrieves the local groups on a computer. It returns a list of Microsoft.Management.Infrastructure.CimInstance objects that represent the local groups.
Example:
Get-LocalGroupOutput:
Name Description
---- -----------
docker-users Users of Docker Desktop
Access Control Assistance Operators Members of this group can remotely query authorization..
Administrators Administrators have complete and unrestricted access...
Backup Operators Backup Operators can override security restrictions for..
Cryptographic Operators Members are authorized to perform cryptographic...
Device Owners Members of this group can change system-wide settings.
Distributed COM Users Members are allowed to launch, activate and use...
Event Log Readers Members of this group can read event logs from local...
Guests Guests have the same access as members of the Users group
Hyper-V Administrators Members of this group have complete and unrestricted...
IIS_IUSRS Built-in group used by Internet Information Services.
Network Configuration Operators Members in this group can have some administrative...
Performance Log Users Members of this group may schedule logging of performance
Performance Monitor Users Members of this group can access performance counter data
Power Users Power Users are included for backwards compatibility and.
Remote Desktop Users Members in this group are granted the right to logon...
Remote Management Users Members of this group can access WMI resources over...
Replicator Supports file replication in a domain
System Managed Accounts Group Members of this group are managed by the system.
Users Users are prevented from making accidental or...You can also use the -Name parameter to specify a specific group by name. For example, to get the local group with the name “Administrators”, you can use the following command:
Get-LocalGroup -Name "Power Users"Output:
Name Description
---- -----------
Power Users Power Users are included for backwards compatibility and possess limited administrative powersThe Get-LocalGroup cmdlet has several other parameters that allow you to control the properties that are returned for each group, such as Description, GroupType, and SID. You can use these parameters to customize the output of the cmdlet.
For example, to list the names of all local groups, you can use the following command:
Get-LocalGroup | Select-Object NameOutput:
Name
----
docker-users
Access Control Assistance Operators
Administrators
Backup Operators
Cryptographic Operators
Device Owners
Distributed COM Users
Event Log Readers
Guests
Hyper-V Administrators
IIS_IUSRS
Network Configuration Operators
Performance Log Users
Performance Monitor Users
Power Users
Remote Desktop Users
Remote Management Users
Replicator
System Managed Accounts Group
UsersList Groups in PowerShell Using Get-WmiObject Cmdlet
We can also list local groups using the Get-WmiObject cmdlet as shown:
Get-WmiObject -Class Win32_GroupOutput:
Caption Domain Name SID
------- ------ ---- ---
SERVER\Access Control Assistance Operators SERVER Access Control Assistance Operators S-1-5-32-579
SERVER\Administrators SERVER Administrators S-1-5-32-544
SERVER\Backup Operators SERVER Backup Operators S-1-5-32-551
SERVER\Cryptographic Operators SERVER Cryptographic Operators S-1-5-32-569
SERVER\Device Owners SERVER Device Owners S-1-5-32-583
SERVER\Distributed COM Users SERVER Distributed COM Users S-1-5-32-562
SERVER\Event Log Readers SERVER Event Log Readers S-1-5-32-573
SERVER\Guests SERVER Guests S-1-5-32-546
SERVER\Hyper-V Administrators SERVER Hyper-V Administrators S-1-5-32-578
SERVER\IIS_IUSRS SERVER IIS_IUSRS S-1-5-32-568
SERVER\Network Configuration Operators SERVER Network Configuration Operators S-1-5-32-556
SERVER\Performance Log Users SERVER Performance Log Users S-1-5-32-559
SERVER\Performance Monitor Users SERVER Performance Monitor Users S-1-5-32-558
SERVER\Power Users SERVER Power Users S-1-5-32-547
SERVER\Remote Desktop Users SERVER Remote Desktop Users S-1-5-32-555
SERVER\Remote Management Users SERVER Remote Management Users S-1-5-32-580
SERVER\Replicator SERVER Replicator S-1-5-32-552
SERVER\System Managed Accounts Group SERVER System Managed Accounts Group S-1-5-32-581
SERVER\Users SERVER Users S-1-5-32-545
SERVER\docker-users SERVER docker-users S-1-5-21-697903660-3891131852-320673488-1002List Local Groups in PowerShell Using net Command
We can also list local groups using the net command as shown:
net localgroupOutput:
Aliases for \\SERVER
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Administrators
*Backup Operators
*Cryptographic Operators
*Device Owners
*Distributed COM Users
*docker-users
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Power Users
*Remote Desktop Users
*Remote Management Users
*Replicator
*System Managed Accounts Group
*Users
The command completed successfully.Conclusion
In this tutorial, you discovered various methods to get a list of all local users and groups on a Windows system using PowerShell.
We hope you enjoyed this tutorial; leave us a comment below and share!!