Adding new users & groups in windows

3

May 20, 2015 by Kenneth Fisher

I do a lot of testing with security in SQL Server. And of course to do a thorough job of it I need not just SQL Server logins but Windows logins. And that means I need to be able to create and delete windows users and groups. I could do this with the GUI, but first of all I’m a command line kind of guy and second if I’m creating a dozen or more users at once then the GUI is just too slow.

Now I’m moving a little bit outside my normal comfort zone here. I’m not a windows guy. I’m a SQL guy. I did however manage to find just the commands I needed. And in the interest of documenting them for myself (that being one of the great benefits of blogging) here they are:

  • Add a new user
    NET USER "NewUser" "NewPassword" /ADD
  • Remove a user
    NET USER "NewUser" /DELETE
  • List group membership of a user. Note: this also returns a lot of other information about the user.
    NET USER "NewUser"
  • Add a new local windows group
    NET LOCALGROUP "NewGroup" /ADD
  • Remove a local windows group
    NET LOCALGROUP "NewGroup" /DELETE
  • Add a user to a local windows group
    NET LOCALGROUP "NewGroup" "NewUser" /ADD
  • Remove a user from a local windows group
    NET LOCALGROUP "NewGroup" "NewUser" /DELETE
  • List members of a local windows group
    NET LOCALGROUP "NewGroup"

If you just open a command shell and run these you will get the following error even if your user is a member of the admin group.

System error 5 has occurred.

Access is denied.

In order to avoid this error you need to run the command shell as administrator. If you hold down the shift key and right click on the shortcut you will get a much longer menu then you normally see. And near the top is the option Run as administrator.

NetUser

Select that option and you will open the command shell in such a way that these commands will work. Of course this does assume that you are a member of the administrators group.

3 thoughts on “Adding new users & groups in windows

  1. […] (Part 2 of 3) Using CLR to replace xp_cmdshell for specific tasks First thoughts on DataZen Adding new users & groups in windows DevOps and the DBA SSIS Checkpoints Source control: Using Visual Studio Online in SSMS Thoughts On […]

  2. […] two posts have been setup for this one. If you are unsure what NET USER and NET LOCALGROUP are read Adding new user and groups in windows and if you are unsure what I mean by a default database read Default […]

  3. […] already set up windows users for myself but you can use the commands here to create your […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,135 other followers

Follow me on Twitter

ToadWorld Pro of the Month November 2013
%d bloggers like this: