Only members of the Administrators group can manage users and groups. When creating a new group, the group name must be unique on the local computer and cannot be the same as a local username on the computer.
You should make the group name descriptive, and wherever possible, you should include a description of the new group’s function. Group names can have up to 256 characters in length and include alphanumeric characters, including spaces, but the backslash (\) character is not allowed.
To create a new group, follow these steps:
- Right-click Start and select Computer Management.
- Open the Local Users and Groups console.
- Right-click the Groups folder and select New Group from the context menu.
- In the New Group dialog, enter the group name. (Optionally, you can enter a description for this group.)
- To add group members, select the Add button.
- In the Select Users dialog, type the username, then select OK.
- In the New Group dialog, you will see that the user has been added to the group.
- To create the new group, select the Create button.
To delete a group from the Local Users and Groups console in Computer Management, right-click the group name and choose Delete from the context menu. You will see a warning that deleting a group cannot be undone, and you should select the Yes button to confirm the deletion of the group. When a group is deleted, all permissions assignments specified for the group will be lost.
Special identity groups
Several special identity groups (sometimes known as special groups) are used by the system or by administrators for resource allocation. Membership in special groups is automatic, based on criteria, and you cannot manage special groups through the Local Users and Groups console. Table 2-3 describes the special identity groups built into Windows 11.
TABLE 2-3 Built-in Special Identity Groups
| Special identity group | Description |
| Anonymous Logon | When a user accesses the computer through an anonymous logon, such as via special accounts created for anonymous access to Windows 11 services, they become members of the Anonymous Logon group. |
| Authenticated Users | This is a useful group because it includes all users who access Windows 11 using a valid username and password. |
| Batch | This group includes users who log on as batch job operators to run a batch job. |
| Creator Owner | The creator owner is the account that created or took ownership of an object, such as a file, folder, printer, or print job. Members of the Creator Owner group have special administrator-level permissions to the resources over which they have ownership. |
| Dialup | This group includes users who log on to the network from a dial-up connection. |
| Everyone | This group includes anyone accessing the computer, including all users—Guest accounts and all users within a domain or trusted domains. Members of the Anonymous Logon group are not included in the Everyone group. |
| Interactive | This group includes all users who use the computer’s resources locally and those who are not using the computer’s resources remotely via a network connection. |
| Network | This group includes users who access the computer’s resources over a network connection. |
| Service | This group includes users who sign in as a user account used to run a service. |
| System | When Windows 11 needs to access internal functions, it can perform actions as a system user. The process accessed by the operating system becomes a member of the System group. |
| Terminal Server User | This group includes users who log on through Terminal Server applications. |
