Subscribe Us

header ads

Microsoft Windows File System: Practicle of User and Group Mangement

Arjun Singh June 07, 2025

In our previous post, we explored the foundational concepts of the Windows file system and user structure. Now, it's time to get hands-on. In this part of our series, we shift focus to the practical side of managing Microsoft Windows users, groups, and permissions. From creating local accounts and setting up groups to applying real-world permission rules and mastering access control, this guide will walk you through actionable steps to manage your system securely and efficiently. Whether you're a beginner or brushing up your skills, this is where theory meets practice.

A. Creating a New User Account

Using the Settings App (GUI):

  1. Open Settings: Press Win + I to open the Settings app.
  2. Navigate to Accounts: Click on Accounts.
  3. Access Family & Other Users: Select Family & other users from the sidebar.
  4. Add a New User:
    • Click on Add someone else to this PC.
    • If the user has a Microsoft account, enter their email address.
    • To create a local account, click on I don't have this person's sign-in information, then select Add a user without a Microsoft account.
    • Enter the desired username and password, then click Next.

Note: This process allows you to create either a Microsoft account-linked user or a local user account.

Using Command Prompt (CMD):

  1. Open Command Prompt as Administrator:
    • Press Win + X and select Command Prompt (Admin) or Windows Terminal (Admin).
  2. Create a New User: 
    net user username password /add

    Replace username with the desired username and password with the desired password.

    Example:

    net user JohnDoe P@ssw0rd123 /add

Note: This command creates a new local user account named JohnDoe with the specified password.

B. Changing a User's Account Type

Using the Settings App (GUI):

  1. Open Settings: Press Win + I.
  2. Navigate to Accounts.
  3. Access Family & Other Users.
  4. Change Account Type:
    • Click on the user account you wish to modify.
    • Click on Change account type.
    • Choose between Standard User and Administrator, then click OK.

Note: Assigning administrative rights grants the user full control over the system, so proceed with caution.

Using Command Prompt (CMD):

  1. Open Command Prompt as Administrator.
  2. Add User to Administrators Group: 
    net localgroup Administrators username /add

    Replace username with the user's name.

    Example:

    net localgroup Administrators JohnDoe /add

Note: This command adds JohnDoe to the local Administrators group, granting administrative privileges.

2. Managing Groups

A. Creating a New Group

Using Local Users and Groups (GUI):

  1. Open Run Dialog: Press Win + R, type lusrmgr.msc, and press Enter.
  2. Navigate to Groups: In the left pane, click on Groups.
  3. Create New Group:
    • Right-click on an empty area in the right pane and select New Group.
    • Enter the group name and description.
    • Click Create, then Close.

Note: The lusrmgr.msc console is not available in Windows Home editions.

Using Command Prompt (CMD):

  1. Open Command Prompt as Administrator.
  2. Create New Group: 
    net localgroup GroupName /add

    Replace GroupName with the desired group name.

    Example:

    net localgroup Developers /add

Note: This command creates a new local group named Developers.

B. Adding a User to a Group

Using Local Users and Groups (GUI):

  1. Open Run Dialog: Press Win + R, type lusrmgr.msc, and press Enter.
  2. Navigate to Groups: Click on Groups in the left pane.
  3. Add User to Group:
    • Double-click on the desired group.
    • Click Add.
    • Enter the username and click Check Names.
    • Click OK, then Apply, and OK again.

Using Command Prompt (CMD):

  1. Open Command Prompt as Administrator.
  2. Add User to Group: 
    net localgroup GroupName username /add

    Replace GroupName with the group name and username with the user's name.

    Example:

    net localgroup Developers JohnDoe /add

Note: This command adds JohnDoe to the Developers group.

3. Managing Permissions

A. Understanding NTFS Permissions

NTFS (New Technology File System) permissions control access to files and folders. The primary permissions include:

  • Full Control: Allows users to read, write, modify, and delete files and folders.
  • Modify: Allows users to read, write, and delete files and folders.
  • Read & Execute: Allows users to view and run executable files.
  • List Folder Contents: Allows users to view the contents of a folder.
  • Read: Allows users to view files and subfolders.
  • Write: Allows users to add files and subfolders.

Note: Permissions can be set for individual users or groups, and they can be inherited from parent folders.

B. Setting Permissions Using File Explorer (GUI):

  1. Right-Click on File/Folder: Navigate to the desired file or folder, right-click on it, and select Properties.
  2. Access Security Tab: Click on the Security tab.
  3. Edit Permissions:
    • Click on Edit.
    • Select the user or group you want to modify.
    • Check or uncheck the permissions as needed.
    • Click Apply, then OK.

Note: If the user or group is not listed, click Add to include them.

C. Setting Permissions Using Command Prompt (CMD):

  1. Open Command Prompt as Administrator.
  2. Use the icacls Command:
    3. icacls "path" /grant username:permissions

    Replace path with the full path to the file or folder, username with the user's name, and permissions with the desired permission level.

    Example:

    icacls "C:\Projects" /grant JohnDoe:(OI)(CI)F

    Explanation:

    • (OI) and (CI) apply permissions to subfolders and files.
    • F stands for Full Control.

Note: The icacls command is a powerful tool for managing NTFS permissions via the command line.

Tags:

Post a Comment

0 Comments