Manage the membership of local groups on Windows devices – Manage identity and compliance

Azure AD Join during OOBE, Microsoft MD-102 Exam, Monitor device compliance, Thought experiment answers Manage the membership of local groups on Windows devices – Manage identity and compliance
Lourdes Nunez 05/09/2022 0 Comments

There are numerous built-in groups with Windows 11 that provide an easy way for users to be granted the same permissions and rights as other group members. Assigning permissions to groups is usually more efficient than applying them to individual users.

You use the Computer Management console or, if you are an administrator, you can create a custom Microsoft Management Console (MMC) and add the Local Users and Groups snap-in as shown in Figure 2-19 to create and manage local groups.

FIGURE 2-19 Windows 11 Local Users and Groups snap-in

In Figure 2-19, you can see the default built-in local groups (such as Administrators and Device Owners) and a description for each. These built-in groups already have the necessary associated permissions to accomplish specific administration or management tasks.

If you select the Users or Administrators groups, you should see members you recognize. Members of Administrators have complete and unrestricted access to the computer, whereas members of Users cannot make accidental or intentional system-wide changes, but they can run most applications that have already been installed on a device.

Built-in local groups

You can add your own groups, change group membership, rename groups, and delete groups (although you cannot remove built-in groups). However, it is best practice to use the built-in groups wherever possible because these already have the appropriate permissions and are familiar to other administrators.

In Table 2-2, you saw that Administrators group members have full permissions and privileges on a Windows 11 device. A member of the Administrators local group can perform many administrative functions, including the following:

  • Access any data on the computer
  • Assign and manage user rights
  • Back up and restore all data
  • Configure audit policies
  • Configure password policies
  • Configure services
  • Create administrative accounts
  • Create administrative shares
  • Increase and manage disk quotas
  • Install and configure hardware device drivers
  • Install applications that modify the Windows system files
  • Install the operating system
  • Install Windows updates, service packs, and hotfixes
  • Manage disk properties, including formatting hard drives
  • Manage security logs
  • Modify groups and accounts that other users have created
  • Modify systemwide environment variables
  • Perform a system restore
  • Re-enable locked-out and disabled user accounts
  • Remotely access the registry
  • Remotely shut down the system
  • Stop or start any service
  • Upgrade the operating system

Leave a Reply

Your email address will not be published. Required fields are marked *