Windows provides command line utilities to manager user groups. In this post, learn how to use the command net localgroup to add user to a group from command prompt’
Add user to a group
Run the steps below –
- Open elevated command prompt
- Run the below command
net localgroup group_name UserLoginName /add
For example to add a user ‘John’ to administrators group, we can run the below command.
net localgroup administrators John /add
Few more examples:
To add a domain user to local users group:
net localgroup users domainname\username /add
This command should be run when the computer is connected to the network. Otherwise you will get the below error.
H:\>net localgroup users domain\user /add System error 1789 has occurred. The trust relationship between this workstation and the primary domain failed.
To add a domain user to local administrator group:
net localgroup administrators domainname\username /add
To add a user to remote desktop users group:
net localgroup "Remote Desktop Users" UserLoginName /add
To add a user to debugger users group:
net localgroup "Debugger users" UserLoginName /add
To add a user to Power users group:
net localgroup "Power users" UserLoginName /add
This command works on all editions of Windows OS i.e Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows 7. In Vista and Windows 7, even if you run the above command from administrator login you may still get access denied error like below.
C:\> net localgroup administrators techblogger /add System error 5 has occurred. Access is denied.
The solution for this is to run the command from elevated administrator account. See How to open elevated administrator command prompt
When you run the ‘net localgroup’ command from elevated command prompt:
C:\>net localgroup administrators techblogger /add The command completed successfully.
To list the users belonging to a particular group we can run the below command.
net localgroup group_name
For example to list all the users belonging to administrators group we need to run the below command.
net localgroup administrators
Related posts:
Add new user account
Delete user account
How to add a group to another group?
you can use the same command to add a group also. For example, to add a domain group ‘Domain\users’ to local administrators group, the command is:
How can I add a user to a group remotely?
Using pstools, it is a good tools from Microsoft.
While this article is two years old – it still was the first hit when I searched and it got me where I needed to be. Another great tip is the syntax for doing a runas, because I needed to elevate a user's privileges to admin from within his account:
Good stuff.
awesome! I’ve been wanting to know how to do this forever. thanks so much. for some reason, MS has made it impossible to authenticate protected commands via the GUI. seriously frustrating! this makes it all better.
Is there a way to trough a password into the script for the admin account if it is known and generic
I tried the above stated process in the command prompt. Got to the point where it say’s “type in pass word” I start typing nothing happens. Curser does not move. Any suggestions. Windows 7 Ultimate system.
I think when you are entering a password in the command prompt the cursor does not move on purpose. You type in your password and press enter.
How to set password to never expire ?
You can run the below.
Is there any way to add a computer account into the local admin group on another machine via command line? Thanks.
I don’t think that’s possible. However, you can add a domain account to the local admin group of a computer.
You might be able to use telnet to get a CMD shell. However, that would assume that you already have creds with the machine to build the telnet connection. If it were any easier than that it would be a massive security vulnerability.
Net localgroup \$ /ADD
put the $ after the PC name and it works
Dude, thank you! On xp, the server service was not installed so couldn’t add via manage. User CtrlPnl gpf’s is broke (something about html app host error). In 3 seconds, you provided a way to fix that MS couldn’t with all their idiot wizards…
Hi Reue,
Yes you can add any users to other computers remotely using the pstools.
Hello,
I have a requirement something like this:
I need to create a user account on a remote server which should be a part of the local administrator group. How should i set password for this user account ?
Can any one help me please?
Thanks in advance,
Prashanth
Read this: Add new user account from command line
Using psexec tool, you can run the above command on a remote machine.
I changed the admin account’s rights to user account and now i have only two accounts with only USER rights, nothing with admin. When ever i change any application, it says ” Right Admin Password” and there only comes NO and therefore i am unable to enter Admin Passowrd. Also i m unable to open cmd.exe as Admin. Please Advise.
Reinstall Windows. You literally broke it. I’m curious as to what edition of Windows you have, as most won’t actually let you remove the last member from the Administrators account, to avoid your very issue. For future reference, there’s really no good reason to ever make Administrator a mere User :P
how can I add multiple domain users into local administrator group together with the single line command?
You can specify as many users as you want, in the same command mentioned above.
For example, to add three users :
I don’t have access to the administrator account, but I do have access to my son’s
Standard Account. Please help.
I am trying to add a service account to a local group but it fails. Is there syntax for that? I’ve tried many variations but no go. See below:
net localgroup “Event Log Readers” “NT Authority\Network Service (S-1-5-20)” /add
Hi Chris,
I am trying the exact same thing ,to add network services to Adminstrators of Local Users and Groups .Did you find the solution.Please let me know.
Thank You
Hi buddy I found the solution.Let me know if you still need it:-P
Hello Kiran,
Please add the solution here for the benefit of others. Thanks.
Thank you for this bunch of commands,
I have 2 questions:-How can I add all users in an Organisation unit into one group in Active directory ?
– & how can I add all users in Active Directory into a group?
1st make sure you have Remote Server Administration Tools (RSAT) add in features installed. Then click start – type cmd – hit Enter.
Type in commands below, replacing GROUP_NAME and OU_NAME with corresponding names (note that “‘ is double quote followed by apostrophe) then hit Enter and watch results:
for /f “tokens=*” %a in (‘dsquery ou -name “OU_NAME”‘) do for /f “tokens=*” %b in (‘dsquery group -name “GROUP_NAME”‘) do for /f “tokens=*” %c in (‘dsquery user %a -limit 0’) do dsmod group %b -addmbr %c
for /f “tokens=*” %b in (‘dsquery group -name “GROUP_NAME”‘) do for /f “tokens=*” %c in (‘dsquery user -limit 0’) do dsmod group %b -addmbr %c
I do not have the administrator password eeven i do not want to reset because there are many apllications using this password.
Is there are any way to create a new user with admin previleges into domain and works like a administrator clone. So i can log in with this new user and work like administrator.
Is i boot and using “repair” option i need to have the admin password…
Is there are any way i can add a new user using another software?
Thanks
AFAIK, That’s not possible. Otherwise anyone would be able to easily create an admin account and get complete access to the system. I think you should try to reset the password, you may need it at any point in future.
how can i open administrator account or super administrator account from user account when i cannot open cmd as administrator?
You can’t. That’s the point of Administrators. If you don’t have credentials as an Admin it’s probably because you were never meant to. Allowing you to do so would defeat the purpose.
That said, there is a workaround involving running a cmd prompt basically as SYSTEM, but honestly, I’m not about to disseminate information on how to defeat security protocols. Sorry. It’s an ethics thing.
C:\Windows\System32>net localgroup administrators All /add
System error 5 has occurred.
Access is denied.
how i can fix it
and i do not know password admin
(canot do this)
elow is the procedure to open elevated administrator command window on a Vista or Windows 7 machine.
Click on Start button
Search for command program by typing cmd.exe in the search box.
Right click on the cmd.exe entry shown under the Programs in start menu
Select ‘Run as administrator’
Click on ‘continue’ if user account control asks for confirmation.
The above steps will open a command prompt wvith elevated privileges.
There is an easier way if you want to use command prompt often. Search cmd.exe in from start and then right click and choose “Open file location”, once there in Windows Explorer you can right click on the actual file (cmd.exe) and “Send to” “Make Desktop Shortcut”. Next go to your desktop, right click on the shortcut, go to properties, advanced, check “Run as Administrator”. From here on out this shortcut will run as an Administrator. (For further use, pin the shortcut to taskbar or start menu.
Hello all!
I am trying to get a user prompt for net localgroup Administrators /add \%u% to pop up while the batch file is running, I have tried adding Set /P after /add , is there something I’m missing to make it do this?
Worked perfectly for me, thank you. For the life of me the pc would not allow me to add a domain account to the local admin group, just wouldn’t work. Tried this from the command prompt and instant success. Thank you again!
Doesn’t work. “The trust relationship between this machine and the primary domain failed.”
Hi there, I accidentally turn my admin user into a standard user one. How do I change it back because when ever I try to download something my computer says that I don’t have permission. Thanks. ( I have Windows 7 )
Hi Guys
I sort of have the same issue. I have a domain user DOMAIN\User on a laptop, but the user was never added to Local Admin. So this user cant make any changes. I have tried to log on as local admin, but still cant add the user to the group. It’s like the user does not exist.
So how do I add a non local user, to local admin?
Thanks
Windows 7 Professional 64
please help me how to add users to a specific client pc?
While this article is six years old – it still was the first hit when I searched and it got me where I needed to be.
Hi,
what if I want to add a user to multiple groups?
Thanks in advance
Is there a command prompt for how to clone an existing user security groups to another new user?
I ran this net localgroup administrators domainname\username /add
and worked for me, using windows 10 pro. Thank you so much! Was the only way to put my user inside administrators group.
Very Informative webpage, thanks for the information, am going to check tomorrow when in work to see if can help with enabling a locked down user start a program that needs administrative abilities, but once program started the administer priviledges need removing, I thin your info will solve my problem so thanks if it does, if it doesnt I’ll leave another comment with HELP!!
Bob_Smith
If you get the Trust Relationship error make sure the “netlogon” service is running on the workstation. You’ll see this a lot in when trying to update group policies as well.
Hi
Really well laid out article with no “Look what I know” fluff. Thank you and we will add the advise as go to resource!
how can I add domain group to local administrator group on server 2019 ?
net localgroup testgroup domain\domaingroup /add
does not work: The global user or group account does not exist:
Thanks