Take command-line control of group membership
People sometimes ask me why I like the command line so much. They say, "It's awfully retro, isn't it?" Nope, not at all. In fact, I'd argue that with the forthcoming releases of Windows Vista and Longhorn Server, the command line is experiencing a renaissance. I've been testing the early versions of Vista, which will appear in several forms by late 2006. Although the new OS includes an attractive set of under-the-hood features, the Aero GUI can get frustrating. It tends to hide features that I use often!
I was recently working on my test Vista machine and had spent most of a day trying to figure out a small number of basic tasks, such as finding the NIC Properties page. All these tasks were taking a long time to figure out. So, when I needed to add a local administrator account, I dreaded the prospect of embarking on another scavenger hunt through the Vista GUI. But then I remembered that although GUI paradigms come and go, the good old command line remains essentially the same. I opened up a command prompt and—drawing on circa-1985 knowledge—typed two lines:
net localgroup administrators rhonda /add
I wasn't surprised when I saw the message The command completed successfully. In a snap, I'd added my local administrator account.
GUIs can be intuitive, once you get the hang of them, but GUIs also change. You have to learn the command line only once. To further illustrate the beauty of the command line, I want to talk about Net Localgroup, a terrific tool for controlling local groups and group memberships.
A Walk Through the Syntax
Net Localgroup lets you manage local groups on member servers and workstations, or—if you're at a domain controller (DC)—on domain local groups. It lets you create and delete local groups, as well as add people to and remove people from the group. And, unlike some of the Net commands I've covered in the past few months, the syntax is pretty easy. In its simplest form,
gets you a list of the local groups on the local computer. To create or delete local groups, you use the /add and /delete options. For example, typing
net localgroup folks /add
creates a group called folks on the system you're working on. Also, adding /domain to the command tells Net Localgroup to contact a DC and create a domain local group on the domain. In case you're wondering, running
net localgroup <groupname>
while sitting at a DC also creates a domain local group.
You can use the /comment option to add a comment about a group, as in
"group I use to assign file permissions" /add
Of course, groups don't mean much unless users are in them. You can add or remove people by following the group's name with a username and either /add or /remove. For example,
net localgroup folks mary /add
would add a user named Mary to the folks group. Remeber, we're talking about local groups here. You could bring in domain accounts from any domain that you trust, either in NetBIOS domain name\username format or in username@UPN suffix format, as in
net localgroup folks firstname.lastname@example.org /add
To remove Mary, you'd just add the /remove option. Finally, to find out who belongs to a group, just type
net localgroup <groupname>
To conclude, let me offer one more reason why the command line is so pleasing. In Longhorn Server, Microsoft will offer two installation options: the regular version with the familiar GUI and Server Core, a somewhat more secure version of the server OS that lacks a GUI altogether and requires that you administer your systems from the command line. So, flex your command-typing fingers and start practicing.