How to Manage Local Users and Groups using PowerShell

We can use the Local Users and Groups Management console (lusrmgr.msc) to manage local user accounts and security groups in all Windows Client OS. But this feature may not be available in the Windows Home edition and we have to either use a third-party app or PowerShell. In this post, we will explore how to manage local users and groups using PowerShell commands.

Summary

List Local User Accounts

Use the Get-LocalUser cmdlet to get the local user accounts or retrieve specific user details by the user’s name.

#List all the local user accounts
Get-LocalUser

Get an account by using its name

This command gets a user account named “TestUser01”.

Get-LocalUser -Name "TestUser01"

List Local Security Groups

We can use the Get-LocalGroup cmdlet to get local security groups. This command gets the default built-in groups and local security groups that are created by you or your admin.

#List all the local security groups
Get-LocalGroup

Find a group by using the group name

This command retrieves the Administrators group details.

Get-LocalGroup -Name "Administrators"

Create a New Local User Account

Use the New-LocalUser cmdlet to create a new local user account using PowerShell. The following command creates an account without a password.

New-LocalUser -Name "TestUser01" -Description "This is a test user account." -NoPassword

Create a user account with password

Use the below commands to read a password as user input, create a user account, and set the password for the account.

$Password = Read-Host -AsSecureString -Prompt "Enter password:"
#$Password = ConvertTo-SecureString "TU2P@ssw$rd123" -AsPlainText -Force 
New-LocalUser -Name "TestUser02" -Password $Password -FullName "Test User 02" -Description "This is a test user account #02"

Modify user account and Reset password

We can use the Set-LocalUser cmdlet to modify local user account properties such as Description, AccountExpires, AccountNeverExpires, and PasswordNeverExpires. This command can also reset the password of a local user account.

#Change a description
Set-LocalUser -Name "TestUser01" -Description "This is a test local user account 01."

Change the password on a user account

$Password = Read-Host -AsSecureString -Prompt "Enter new password:"
$UserAccount = Get-LocalUser -Name "TestUser01"
$UserAccount | Set-LocalUser -Password $Password

Set password never expires flag on a user account

Set-LocalUser -Name "TestUser01" -PasswordNeverExpires $True

Enable or Disable Local user account

Use the Enable-LocalUser cmdlet to enable a disabled user account and use the Disable-LocalUser cmdlet to disable the account. When a user account is disabled, the user cannot log on to the local machine.

Enable-LocalUser -Name "TestUser01" 

Disable User Account

Disable-LocalUser -Name "TestUser01"

Add members to a Local security group

We can use the Add-LocalGroupMember cmdlet to add users or groups as a member to a local security group.

Add-LocalGroupMember -Group "GroupName" -Member "UserName"

Add multiple users to a group

Add-LocalGroupMember -Group "GroupName" -Member "User1","User2"

Add a member to the Local Administrators group

Use the following command to add a user as a member of the local Administrators group.

Add-LocalGroupMember -Group "Administrators" -Member "AdminUser01"

Remove members from a Local security group

We can use the Remove-LocalGroupMember cmdlet to remove a member (user or group) from a local group.

Remove-LocalGroupMember -Group "GroupName" -Member "UserName"

Use the following command to remove multiple members from a group.

$Members = "AdminUser01", "AdminUser2"
Remove-LocalGroupMember -Group "TestAdminGroup" -Member $Members

Get members from a Local security group

The Get-LocalGroupMember cmdlet gets members from a local group. The below command gets all the members of the local Administrators group.

Get-LocalGroupMember -Group "Administrators"

For other Local user and group management cmdlets, see this page: Microsoft PowerShell LocalAccounts

Advertisement

Leave a Comment