大多数人从“设置”(Settings)应用或“控制面板”中的“(Control Panel)用户帐户(User Accounts)”部分编辑 Windows 10 用户帐户。但是,还有另一种方法可以让您访问有关 PC 上的用户和组以及他们拥有的权限的更详细信息。我们正在讨论使用具有相同名称的管理单元控制台管理本地用户和组。(Local Users and Groups)您可以从计算机管理(Computer Management)或直接运行其lusrmgr.msc文件来访问它。以下是在 Windows 10 PC 上查看和管理所有本地用户和组的方法:
重要提示:(IMPORTANT:) 本地用户和组 (lusrmgr.msc)(Local Users and Groups (lusrmgr.msc))仅在Windows 10 专业版(Pro)和企业(Enterprise)版中可用。它在Windows 10 (Windows 10) Home中找不到。
如何使用“本地用户和组”(lusrmgr.msc)在Windows 10中查找所有用户和组(Windows 10)
在 Windows 10 中,本地用户和组(Local Users and Groups)管理单元(也称为lusrmgr.msc)提供了查看系统上配置的所有用户和组的最佳方式。此工具向您显示“可见”用户帐户,以及系统上可用但默认禁用的所有隐藏用户帐户和组,例如管理员(Administrator)帐户。就是这样:
打开计算机管理(Open Computer Management)- 一种快速的方法是同时按键盘上的Win + X并从菜单中选择计算机管理。(Computer Management)
打开计算机管理
在计算机管理(Computer Management)中,选择左侧面板上的“本地用户和组” 。(“Local Users and Groups”)
计算机管理(Computer Management)中的本地用户和组(Groups)
打开本地用户和组(Local Users and Groups)的另一种方法是运行lusrmgr.msc命令。您可以从Run window (Win + R)、命令提示符(Command Prompt)或PowerShell执行此操作。
在 Windows 10 中运行 lusrmgr.msc
运行lusrmgr.msc命令直接打开本地用户和组(Local Users and Groups)控制台,而不将其加载到计算机管理(Computer Management)中。
lusrmgr.msc - 本地用户和组(Groups)
无论您选择如何打开本地用户和组 (lusrmgr.msc)(Local Users and Groups (lusrmgr.msc)),您都可以在此处找到在 Windows 10 计算机或设备上配置的所有用户帐户和组,它们分为两个文件夹:用户(Users )和组(Groups)。
如何使用“本地用户(Local Users)和组”(lusrmgr.msc)在Windows 10中查找和管理用户(Windows 10)
在“用户(Users)”文件夹中,您会看到 Windows 10 PC 上可用的所有用户帐户,包括隐藏或禁用的帐户。
lusrmgr.msc 显示的用户帐户列表
在每台Windows 10(Windows 10)计算机上找到哪些用户帐户?没有你想象的那么多。你有:
- 您在 Windows 10 PC 上创建的所有用户帐户
- 管理员- 由(Administrator)Windows 10创建的内置帐户,无论您是否使用它,由操作系统创建,用于管理目的
- DefaultAccount - 由Windows 10管理的用户帐户(Windows 10)
- 来宾(Guest)- 另一个内置帐户,可用于计算机或域上的来宾访问
- WDAGUtilityAccount - 由Windows 10中的(Windows 10)Windows Defender防病毒管理和使用,用于在沙盒/虚拟化环境中运行某些进程(如Microsoft Edge浏览器)。(Microsoft Edge)
提示:(TIP:)您还可以使用PowerShell或命令提示符(Command Prompt)查看所有用户帐户的列表。通过阅读本教程了解如何做到这一点:如何查看 Windows PC 或设备上存在的所有用户帐户(How to see all the user accounts that exist on your Windows PC or device)。
您可能已经注意到,本地用户和组(Local Users and Groups)显示的一些用户帐户的图标上有一个小箭头。小箭头表示用户帐户已被禁用,因此无法使用,即使它在您的 Windows 10 计算机上可用。
停用的用户用箭头标记
双击或双击用户帐户会打开一个“属性(Properties)”窗口,其中显示有关它的更多信息和不同的自定义选项。例如,您可以将其密码设置为过期、禁用帐户或更改其所属的用户组。如果您想了解有关每个可用选项的详细信息,我们将在本教程的第二部分介绍它们:创建新的 Windows 用户帐户和组,例如 IT 专业(Create new Windows user accounts and groups, like an IT Pro)人士。
用户帐户的属性
如何使用“本地用户(Local Users)和组”(lusrmgr.msc)在Windows 10中查找和管理用户组(Windows 10)
回到本地用户和组(Local Users and Groups)控制台(lusrmgr.msc),在组(Groups)文件夹中,您可以看到Windows 10计算机上所有可用的用户组。该列表很长,包括由Windows 10和第三方创建的用户组,例如驱动程序或虚拟化软件,它们需要隐藏的用户和组才能正常运行。
lusrmgr.msc 显示的Windows 10中的用户组列表
在大多数 Windows 10 电脑上,您至少应该有以下组:
- 访问控制辅助操作员(Access Control Assistance Operators)- 此组的成员可以在您的 Windows 10 计算机上运行远程查询以获取授权属性和权限。该组用于属于域的计算机,因此它主要对大公司的网络管理员有用。
- 管理员(Administrators)- 它包括在您的计算机上具有管理权限的所有用户帐户。管理员(Administrators)组不能被删除或重命名。
- 备份操作员(Backup Operators)– 有权使用备份和恢复等工具执行备份和恢复操作的用户帐户( Backup and Restore)。
- Cryptographic Operators – 有权使用BitLocker等工具加密或解密数据的用户帐户。
- 设备所有者(Device Owners)- Windows 10表示该组的成员可以更改系统范围的设置。但是,据我们所知,该组目前未在Windows 10中使用。
- 分布式 COM 对象(Distributed COM Objects)——这个用户组更难解释。它主要用于需要参与更复杂场景的用户帐户,例如网络上跨计算机的分布式计算。因此,它用于商业环境。
- 事件日志读取(Event Log Readers)器- 该组授予其成员读取Windows 10事件日志的权限,这些日志显示系统上发生的情况。
- 来宾(Guests)- 是无法在您的计算机上执行任何管理任务的常规用户帐户。它们只能用于轻型计算活动,例如浏览互联网或运行已安装的应用程序。他们无法对系统配置进行任何修改,也无法访问或修改其他用户的数据等。
- Hyper-V 管理员(Hyper-V Administrators)- 为其成员提供对Hyper-V中所有可用功能的无限制访问。
- IIS_IUSRS – 此组仅供您可以选择使用Windows 功能( Windows Features)面板安装的Internet 信息服务使用。(Internet Information Services )
- Network Configuration Operators – 该组授予其用户在(Network Configuration Operators)Windows 10中配置网络功能的权限。
- 性能日志用户和性能监视器用户(Performance Log Users & Performance Monitor Users)- 授予成员在Windows 10中执行高级日志记录和收集性能数据的权限。
- 高级用户(Power Users)- 此用户组在旧版本的Windows中用于为特定用户帐户提供有限的管理权限。它仍然存在于Windows 10中,但只是为了为旧的遗留应用程序提供向后兼容性。
- 远程桌面用户- 此用户组为其成员提供通过(Remote Desktop Users)远程桌面( the Remote Desktop)远程登录计算机的权限。
- Replicator – 此用户组用于网络域,它赋予其成员跨域进行文件复制所需的权限。
- System Managed Accounts Group - Windows 10操作系统管理该组的成员。
- 用户(Users)- 它包括在您的 Windows 10 计算机或设备上定义的标准用户帐户。其成员没有管理权限。他们只能运行已安装的应用程序,不能进行影响其他用户的系统更改。
在您的计算机上,您可能会发现由Windows 10功能、驱动程序或第三方应用程序安装的其他组。
双击或双击用户组会打开一个属性窗口,其中显示有关它的更多信息和几个选项。有关如何使用可用选项的分步指导,请阅读本教程的最后一部分:像 IT 专业人员一样创建新的 Windows 用户帐户和组(Create new Windows user accounts and groups like an IT Pro)。
Windows 10中(Windows 10)管理员(Administrators)组的属性
用户组的优点在于您可以使用它们为标准用户帐户提供额外的权限。例如,如果您创建的用户帐户是Users但不是Administrators的成员,则该用户无法远程连接到计算机。如果您使该用户帐户成为Remote Desktop Users的成员,则它可以远程连接。此原则适用于所有用户组。将用户帐户添加为成员,它会同时获得该用户组的权限和限制。
注意:(NOTE: )如果您查看 Windows 10 计算机或设备上列出的所有用户组,您可能会注意到定义为管理员的用户帐户并未同时列为其他组的成员。这是因为管理员已经有权在您的 Windows 10 计算机上执行所有操作,因此他们不需要成为特殊组的一部分来继承其权限。
警告:请勿更改标准 Windows 10 用户和组
您可能有删除Windows 10 PC 上的一些标准用户帐户和组的冲动。如果您尝试执行此类操作,您应该会从Windows 10收到有关可能出现的问题的警告。例如,如果您尝试删除管理员(Administrator)帐户,您会看到以下内容:
不应更改Windows 10中的默认用户和组
从Windows 10(Windows 10)中删除或更改标准用户帐户和组可能会使应用程序和系统功能出现故障。了解标准用户帐户、用户组和Windows 10功能之间的所有联系是很困难的。一个微小的更改可能会对许多功能产生意想不到的影响,并且可能会降低您的计算体验,因此我们强烈建议“Don’t touch the standard users and groups from Windows 10!”
您是否使用 lusrmgr.msc 来管理 Windows 10 计算机上的本地用户和组?
我们希望您喜欢本教程。如果您有什么要添加到我们的指南中,或者如果您对使用lusrmgr.msc(lusrmgr.msc)管理用户帐户和组有任何疑问,请在下面的评论中告诉我们。
How to manage local users and groups in Windows 10 using lusrmgr.msc -
Most people edit Windows 10 user accounts from the Settings app or the User Accounts section found in the Control Panel. However, there’s another way that gives you access to much more detailed information about the users and groups on your PC and the permissions they have. We’re talking about managing Local Users and Groups using the snap-in console that bears the same name. You can access it from Computer Management or by running its lusrmgr.msc file directly. Here’s how to see and manage all the local users and groups on your Windows 10 PC:
IMPORTANT: Local Users and Groups (lusrmgr.msc) is available only in Windows 10 Pro and Enterprise. It’s not found in Windows 10 Home.
How to find all users and groups in Windows 10 using “Local Users and Groups” (lusrmgr.msc)
In Windows 10, the Local Users and Groups snap-in, also known as lusrmgr.msc, offers the best way to see all the users and groups configured on the system. This tool shows you the “visible” user accounts, as well as all the hidden user accounts and groups that are available on the system but are disabled by default, such as the Administrator account. Here’s how:
Open Computer Management - a quick way to do it is to simultaneously press Win + X on your keyboard and select Computer Management from the menu.
Open Computer Management
In Computer Management, select “Local Users and Groups” on the left panel.
Local Users and Groups in Computer Management
An alternative way to open Local Users and Groups is to run the lusrmgr.msc command. You can do it from the Run window (Win + R), Command Prompt, or PowerShell.
Run lusrmgr.msc in Windows 10
Running the lusrmgr.msc command opens the Local Users and Groups console directly, without loading it in Computer Management.
lusrmgr.msc - Local Users and Groups
Regardless of how you chose to open Local Users and Groups (lusrmgr.msc), this is where you find all the user accounts and groups that are configured on your Windows 10 computer or device, split into two folders: Users and Groups.
How to find and manage users in Windows 10 with “Local Users and Groups” (lusrmgr.msc)
In the Users folder, you see all the user accounts available on your Windows 10 PC, including accounts that are hidden or disabled.
List of user accounts shown by lusrmgr.msc
What are the user accounts found on every Windows 10 computer? There are not as many as you might think. You have:
- All the user accounts you have created on your Windows 10 PC
- Administrator - a built-in account created by Windows 10 even if you use it or not, made by the operating system for administration purposes
- DefaultAccount - a user account that’s managed by Windows 10
- Guest - another built-in account that can be used for guest access on the computer or domain
- WDAGUtilityAccount - managed and used by the Windows Defender antivirus in Windows 10 for running certain processes (like the Microsoft Edge browser) in sandboxed/virtualized environments.
TIP: You can also view a list of all user accounts with PowerShell or Command Prompt. Find out how to do that by reading this tutorial: How to see all the user accounts that exist on your Windows PC or device.
As you might have noticed, some of the user accounts shown by Local Users and Groups have a small arrow on their icons. The little arrow signals that a user account is disabled and thus can’t be used, even if it is available on your Windows 10 computer.
Deactivated users are marked by arrows
Double-clicking or double-tapping on a user account opens a Properties window that displays more information about it and different customization options. For instance, you can set its password to expire, disable the account, or change the user groups to which it belongs. If you want detailed information about every option available, we covered them in the second part of this tutorial: Create new Windows user accounts and groups, like an IT Pro.
Properties of a user account
How to find and manage user groups in Windows 10 with “Local Users and Groups” (lusrmgr.msc)
Going back to the Local Users and Groups console (lusrmgr.msc), in the Groups folder, you get to see all the user groups available on your Windows 10 computer. The list is long and includes user groups that were created both by Windows 10 and third parties, such as drivers or virtualization software, which need hidden users and groups to function correctly.
List of user groups in Windows 10 shown by lusrmgr.msc
On most Windows 10 PCs, you should have at least the following groups:
- Access Control Assistance Operators - members of this group can run remote queries for authorization attributes and permissions on your Windows 10 computer. This group is used on computers that are part of domains, so it’s mainly useful for network administrators in large companies.
- Administrators – it includes all the user accounts with administrative permissions on your computer. The Administrators group can’t be deleted or renamed.
- Backup Operators – user accounts with permissions to perform backup and restore operations, using tools like Backup and Restore.
- Cryptographic Operators – user accounts with permissions to encrypt or decrypt data, using tools such as BitLocker.
- Device Owners - Windows 10 says that the members of this group can change system-wide settings. However, as far as we know, this group is not currently used in Windows 10.
- Distributed COM Objects – this user group is harder to explain. It is used mostly for user accounts that need to participate in more complex scenarios, such as distributed computing across computers on a network. Therefore it is used in business environments.
- Event Log Readers – this group gives permissions to its members to read Windows 10 event logs that show what is happening on the system.
- Guests – are regular user accounts that cannot perform any administrative tasks on your computer. They can be used only for light computing activities such as browsing the internet or running the installed applications. They are not able to perform any modifications to the system’s configuration, to access or modify another user’s data, etc.
- Hyper-V Administrators - gives its members unrestricted access to all the features available in Hyper-V.
- IIS_IUSRS – this group is used only by the Internet Information Services you may choose to install using the Windows Features panel.
- Network Configuration Operators – this group gives its users permission to configure networking features in Windows 10.
- Performance Log Users & Performance Monitor Users – members are given permissions to perform advanced logging in Windows 10 and collect performance data.
- Power Users – this user group was used in older versions of Windows to provide limited administrative permissions to specific user accounts. It is still present in Windows 10 but only to provide backward compatibility for old legacy applications.
- Remote Desktop Users – this user group provides its members with permissions to logon remotely to the computer via the Remote Desktop.
- Replicator – this user group is used in network domains, and it gives its members the permissions required to do file replication across the domains.
- System Managed Accounts Group - the Windows 10 operating system manages the members of this group.
- Users – it includes the standard user accounts defined on your Windows 10 computer or device. Its members do not have administrative permissions. They can only run installed applications and cannot make system changes that affect other users.
On your computer, you might find other groups installed by Windows 10 features, drivers, or third-party applications.
Double-clicking or double-tapping on a user group opens a properties window that displays more information about it and several options. For step-by-step guidance on how to work with the available options, read the last part of this tutorial: Create new Windows user accounts and groups like an IT Pro.
Properties of the Administrators group in Windows 10
What’s great about user groups is that you can use them to give additional permissions to standard user accounts. For example, if you create a user account that is a member of Users but not Administrators, that user can’t connect remotely to the computer. If you make that user account a member of Remote Desktop Users, it can connect remotely. This principle applies to all user groups. Add a user account as a member, and it receives both the permissions and restrictions of that user group.
NOTE: If you look at all the user groups listed on your Windows 10 computer or device, you will likely notice that the user accounts defined as administrators are not also listed as members of the other groups. That’s because administrators already have permission to do everything on your Windows 10 computer, so they don’t need to be part of a special group to inherit its permissions.
Warning: Don’t change the standard Windows 10 users and groups
You may feel the urge to delete some of the standard user accounts and groups found on your Windows 10 PC. If you try to do something like that, you should get a warning from Windows 10 about the likely issues that will arise. For example, this is what you see if you try to delete the Administrator account:
Default users and groups from Windows 10 should not be altered
Deleting or changing standard user accounts and groups from Windows 10 can make apps and system features to malfunction. Understanding all the connections between standard user accounts, user groups, and Windows 10 features is difficult. One minor change can have unexpected effects on many features and may deteriorate your computing experience, so our strong recommendation is “Don’t touch the standard users and groups from Windows 10!”
Do you use lusrmgr.msc to manage local users and groups on your Windows 10 computers?
We hope you have enjoyed this tutorial. If you have anything to add to our guide, or if you have questions about managing user accounts and groups with lusrmgr.msc, let us know in the comments below.
