Local Group Functions

A local group is a set of users who share common permissions in the security database. A local group can have members that are either users or global groups (global groups can contain only users). The local group functions control members of local groups in a way that can only be used locally on the system on which the local group is defined. On a Windows NT Workstation or a Windows NT non-DC server, you can use only a local group defined on that system. On a Windows NT Domain Controller, a local group defined on the Primary Domain Controller is replicated to all other domain controllers in the domain; as such, you can use such a local group on any domain controller in the domain.The local group functions create or delete local groups, and review or adjust the memberships of local groups. The local group functions are:

NetLocalGroupAdd
NetLocalGroupAddMembers
NetLocalGroupDel
NetLocalGroupDelMember
NetLocalGroupDelMembers
NetLocalGroupEnum
NetLocalGroupGetInfo
NetLocalGroupGetMembers
NetLocalGroupSetInfo
NetLocalGroupSetMembers

A member can be added to a local group by specifying the security identifier (SID) of the member. The LookupAccountName function can be used to translate a member account name to a SID.

To create a local group, an application calls NetLocalGroupAdd, supplying a local group name. Initially, the local group has no members. To assign members to the local group, call NetLocalGroupSetMembers. To add a member to an existing local group, call NetLocalGroupAddMembers. To set general information about the local group, call NetLocalGroupSetInfo.

The NetLocalGroupDelMember function deletes a specified member from a local group, and NetLocalGroupDel disbands a local group, deleting all existing members of the local group first.

Three local group functions retrieve information about the local groups on a server: NetLocalGroupEnum produces a list of all local groups; NetLocalGroupGetMembers lists all members of a specified local group; and NetLocalGroupGetInfo returns general information about the local group.

Group account information is available at three levels:

LOCALGROUP_INFO_0
LOCALGROUP_INFO_1

LOCALGROUP_INFO_1002

Members of a local group can be identified at four information levels:

LOCALGROUP_MEMBERS_INFO_0
LOCALGROUP_MEMBERS_INFO_1

LOCALGROUP_MEMBERS_INFO_2

LOCALGROUP_MEMBERS_INFO_3

The users that belong to a local group can be obtained at one information level:

LOCALGROUP_USERS_INFO_0

For NetLocalGroupSetInfo, parmnum values refer to the members of the LOCALGROUP_INFO structure as follows. These values are used when indicating an error in a specific parameter through parm_err.

parmnum value Member in group_info structure
LOCALGROUP_NAME_PARMNUM lgrpi_name
LOCALGROUP_COMMENT_PARMNUM lgrpi_comment