USERS AND GROUPS IN WINDOWS

First Principle

A User and a Group are different things.

Think of a college.

Students

Manoj
Rahul
Priya

These are people.

Groups

Students
Faculty
Principal

These are roles.

A person can belong to one or more groups.

Example:

Manoj
└── Students

Principal
└── Faculty
└── Management

Windows works exactly the same way.

Windows Internal Structure

When you create:

manoj

Windows only creates an identity.

At this point Windows knows:

User Name = manoj
SID = S-1-5-21-xxxx...

SID = Security Identifier.

Internally Windows doesn't really care about the name.

It identifies users by SID.

Why Groups Exist

Imagine Windows had 1000 users.

Without groups Microsoft would have to store permissions separately for every user.

Example:

Manoj -> Can install software
Rahul -> Can install software
Priya -> Can install software
John -> Can install software

That's inefficient.

Instead:

Administrators
    ├── Manoj
    ├── Rahul
    ├── Priya
    └── John

Now Windows says:

Anyone inside Administrators
gets these permissions.

Much easier.

Common Windows Groups

Run:

net localgroup

You'll see many groups.

The important ones are:

Administrators

Most powerful group.

Members can:

✅ Install software

✅ Create users

✅ Delete users

✅ Access all files

✅ Change passwords

✅ Install drivers

✅ Change system settings

Example:

Administrators
├── Administrator
└── thriv

Users

Default group.

Almost everyone belongs here.

Can:

✅ Use apps

✅ Browse internet

✅ Save files

Cannot:

❌ Create users

❌ Install drivers

❌ Change system security

Guests

Temporary users.

Very limited access.

Example:

Someone borrows your laptop.

You don't want them accessing your files.

Create Guest account.

Remote Desktop Users

Can log into the computer remotely.

Example:

Remote Desktop Users
└── Manoj

Now Manoj can connect using Remote Desktop.

What Happens During Login?

Suppose:

User = manoj

Windows checks:

Which groups does manoj belong to?

Maybe:

manoj
├── Users
└── Administrators

Windows loads permissions from both groups.

Result:

manoj gets admin rights
Permission Calculation

Suppose:

Administrators

has:

Install Software
Delete Users
Change Settings

And:

Users

has:

Run Programs
Save Files

If Manoj belongs to both:

manoj
├── Users
└── Administrators

Then Manoj gets:

Run Programs
Save Files
Install Software
Delete Users
Change Settings

Windows combines permissions.

Real Example From Your Laptop

Earlier:

net localgroup Administrators

showed:

Administrator
thriv

Meaning:

thriv
└── Administrators

Therefore:

thriv can:
- create users
- delete users
- install software

But:

manoj

was not in that group.

So:

manoj
└── Users

Only normal permissions.

Adding User to Group

This command:

net localgroup Administrators manoj /add

does NOT create a new user.

It simply changes:

Before:

manoj
└── Users

After:

manoj
├── Users
└── Administrators

Now Manoj becomes admin.

Removing User From Group

This command:

net localgroup Administrators manoj /delete

changes:

Before:

manoj
├── Users
└── Administrators

After:

manoj
└── Users

Admin powers gone.

Important Concept: UAC (User Account Control)

You might have noticed:

Even when you're an Administrator, Windows still asks:

Do you want to allow this app to make changes?

Why?

Because Windows doesn't want malware to get full admin power automatically.

So even Admin users run with limited rights initially.

When you click:

Run as Administrator

Windows temporarily gives full admin privileges.

Linux Comparison (Useful for Backend Engineers)

Since you're learning Django and servers:

Windows:

User
↓
Group
↓
Permissions

Linux:

User
↓
Group
↓
Permissions

Exactly the same concept.

Example:

sudo

in Linux is very similar to:

Run as Administrator

in Windows.