Flex Your Fingers with Net Localgroup

Take command-line control of group membership

People sometimes ask me why I like the command line so much. They say, "It's awfully retro, isn't it?" Nope, not at all. In fact, I'd argue that with the forthcoming releases of Windows Vista and Longhorn Server, the command line is experiencing a renaissance. I've been testing the early versions of Vista, which will appear in several forms by late 2006. Although the new OS includes an attractive set of under-the-hood features, the Aero GUI can get frustrating. It tends to hide features that I use often!

I was recently working on my test Vista machine and had spent most of a day trying to figure out a small number of basic tasks, such as finding the NIC Properties page. All these tasks were taking a long time to figure out. So, when I needed to add a local administrator account, I dreaded the prospect of embarking on another scavenger hunt through the Vista GUI. But then I remembered that although GUI paradigms come and go, the good old command line remains essentially the same. I opened up a command prompt and—drawing on circa-1985 knowledge—typed two lines:

net user rhonda swordfish /add 
net localgroup administrators rhonda /add 

I wasn't surprised when I saw the message The command completed successfully. In a snap, I'd added my local administrator account.

GUIs can be intuitive, once you get the hang of them, but GUIs also change. You have to learn the command line only once. To further illustrate the beauty of the command line, I want to talk about Net Localgroup, a terrific tool for controlling local groups and group memberships.

A Walk Through the Syntax
Net Localgroup lets you manage local groups on member servers and workstations, or—if you're at a domain controller (DC)—on domain local groups. It lets you create and delete local groups, as well as add people to and remove people from the group. And, unlike some of the Net commands I've covered in the past few months, the syntax is pretty easy. In its simplest form,

net localgroup

gets you a list of the local groups on the local computer. To create or delete local groups, you use the /add and /delete options. For example, typing

net localgroup folks /add 

creates a group called folks on the system you're working on. Also, adding /domain to the command tells Net Localgroup to contact a DC and create a domain local group on the domain. In case you're wondering, running

net localgroup <groupname> 

while sitting at a DC also creates a domain local group.

You can use the /comment option to add a comment about a group, as in

net localgroup folks /comment:
"group I use to assign file permissions" /add 

Of course, groups don't mean much unless users are in them. You can add or remove people by following the group's name with a username and either /add or /remove. For example,

net localgroup folks mary /add 

would add a user named Mary to the folks group. Remeber, we're talking about local groups here. You could bring in domain accounts from any domain that you trust, either in NetBIOS domain name\username format or in [email protected] suffix format, as in

net localgroup folks bigfirm\mary /add 
net localgroup folks [email protected] /add 

To remove Mary, you'd just add the /remove option. Finally, to find out who belongs to a group, just type

net localgroup <groupname> 

Command-Line Future
To conclude, let me offer one more reason why the command line is so pleasing. In Longhorn Server, Microsoft will offer two installation options: the regular version with the familiar GUI and Server Core, a somewhat more secure version of the server OS that lacks a GUI altogether and requires that you administer your systems from the command line. So, flex your command-typing fingers and start practicing.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.