Managing Local Users on Windows Server 2019

To view, edit, or add new local user accounts, open the local user management snap-in. This can be accessed quickly using the “Run” command (windows key +R), Start → Run. Then enter lusrmgr.msc.

It’s best practice to use standard user accounts as opposed to a privileged/administrative account for day to day access. Standard local users can leverage User Account Control, “UAC” prompts to input admin credentials where necessary. This limits your administrative user accounts exposure to attack and/or malware.

Creating a new local user:

To create a local user account, open local user management snap-in:

Start→ Run → lusrmgr.msc.

Select the Users folder from the left-hand navigation pane.

Select More Actions from the right-hand Action pane, then New User…

Once the new user dialog pops you can enter the relevant information for that user, i.e. First and Last name, etc.

If you select the option User must change password at next login, whatever password you enter at this point will become a temporary password, as they will be required to enter a new password when they first sign in.

Once you have entered all of the necessary information for your new user, hit Create.

To perform this action in Powershell (elevated) run the following command:

> New-LocalUser -Name "User03" -FullName "Third User" -Description "Description of this account."

*In the above command example Full Name and Description fields are not required.

Granting administrative rights to a user:

To create a local user account, open local user management snap-in:

Start→ Run → lusrmgr.msc.

Select the Users folder from the left-hand navigation pane.

Open the properties panel for the user you would like to modify (right-click → properties)

Select the “Member Of” tab, and then select “Add…“.

From this screen, you can either navigate to an existing group or enter the name of the group directly. Type Administrators , and hit Enter. Then hit Apply to submit your change.

Now, this user has Administrative rights.

To perform this action in Powershell (elevated) run the following command:

Add-LocalGroupMember -Group "Administrators" -Member "username"

Resetting a user’s password:

To reset a user’s password open the local user management snap-in:

Start→ Run → lusrmgr.msc.

Select the Users folder from the left-hand navigation pane.

Right-click on the user’s name and select Set Password.

Enter the user’s new password and select OK.

To perform this action in Powershell (elevated) run the following command:

$Password = Read-Host -AsSecureString
Set-LocalUser -Name "username" -Password $Password

Leave a Reply

Your email address will not be published. Required fields are marked *