How To Create and Manage User Accounts Programmatically (119671)


The information in this article applies to:

  • Microsoft Win32 Software Development Kit (SDK) for Windows NT
This article was previously published under Q119671

SUMMARY

Windows NT and the Windows NT Advanced Server use the same APIs that Microsoft LAN Manager uses to create and maintain user- and group-account information. For example, to create a new global group, use NetGroupAdd(). To create a new user, use NetUserAdd(). To add the user to the global group, use NetGroupAddUser(). Local groups are created by using NetLocalGroupAdd() and members are added to local groups by using NetLocalGroupAddMember().

MORE INFORMATION

The APIs NetGroupAdd(), NetUserAdd(), NetGroupAddUser(), NetLocalGroupAdd(), and NetLocalGroupAddMember() require access at the administrator or accounts-operator level to run successfully. Windows NT includes the following built-in groups:
  • Administrators
  • Power Users
  • Users
  • Guests
Members of the Administrators group can fully administer user accounts; only Administrators can assign user rights and access privileges for resources. Members of the Power Users group can create accounts only in the Power Users, Users, and Guests groups; they can also maintain and delete the accounts they create. However, a Power User can neither change nor delete an account in these groups if the account was created by someone else. A member of the Users group can create, maintain, and delete accounts in local groups that he or she has created. Guests can neither create nor delete accounts.

REFERENCES

In the Win32 SDK, version 3.1, the documentation for the ported LAN Manager APIs is available in the file LMAPI.HLP on the SDK CD. In the installed Win32 SDK, version 3.5, the ported LAN Manager APIs are documented in the Help file "Win32 API Reference".
Modification Type:MinorLast Reviewed:6/29/2004
Keywords:kbAPI kbhowto kbnetwork KB119671
©2004 Microsoft Corporation. All rights reserved.