How to Create and Manage User Accounts in Windows 11 Professional

User account management is fundamental to running a secure, well-organised Windows system — whether you are sharing a family computer, setting up machines for employees, or maintaining your own multi-environment setup. Windows 11 Professional provides extensive account management capabilities that go well beyond what Windows Home offers, including local account creation without a Microsoft account requirement, fine-grained access control, and Group Policy-based account management for multiple machines.

This guide covers every aspect of user account management in Windows 11 Pro: creating Microsoft and local accounts, setting account types, managing passwords and PINs, configuring account policies, using the Local Users and Groups manager, and leveraging Group Policy for consistent account management across multiple PCs.

Windows 11 Professional is available from GetRenewedTech for £18.99 — the edition you need for the advanced account management features covered in this guide.

Types of User Accounts in Windows 11

Windows 11 supports two distinct account types, each with two sub-types:

Microsoft Accounts

A Microsoft account uses your email address (Outlook, Hotmail, or any email) as the sign-in credential. The account syncs settings, themes, browser favourites (via Edge), and Microsoft app data across all devices where you sign in with that account. It also enables features like Find My Device, OneDrive integration, and Microsoft Store app purchases.

Local Accounts

A local account exists only on the specific computer. No data syncs to Microsoft’s servers, and the account works entirely offline. Local accounts were the default in Windows versions prior to Windows 8 and remain the preferred choice for privacy-conscious users, organisations that do not want to tie employee accounts to personal Microsoft credentials, and machines that are not connected to the internet.

Administrator vs Standard User

Both Microsoft and local accounts can be set to either Administrator or Standard user type:

• Administrator — Can install software, change system settings, create and delete user accounts, and access all files on the machine. User Account Control (UAC) prompts appear when admin-level changes are requested.
• Standard user — Can use installed software and change personal settings, but cannot install system-wide software, change system settings, or access other users’ files. Standard users need to provide an administrator’s password for elevated operations.

As a security best practice, use a Standard account for your day-to-day work and a separate Administrator account that you log into only when needed for system administration. This limits the damage that malware can do if it runs under your normal account.

Creating a New User Account via Settings

The simplest way to create a new account in Windows 11:

1. Open Settings → Accounts → Family & other users.
2. Under Other users, click Add account.
3. Windows asks for the new user’s Microsoft account email. If you want to create a local account instead, click I don’t have this person’s sign-in information.
4. On the next screen, click Add a user without a Microsoft account.
5. Enter a username, password, and three security questions (required for local accounts without a PIN).
6. Click Next to create the account.

The new account will appear in the Other users list as a Standard user. To change it to Administrator, click the account name in the list, click Change account type, select Administrator, and click OK.

Creating and Managing Accounts with Local Users and Groups

The Local Users and Groups console (available in Windows 11 Professional) provides more control than the Settings interface and is the preferred tool for system administrators.

1. Press Win + R, type lusrmgr.msc, and press Enter.
2. The console shows two folders: Users and Groups.

Creating a New Local User

1. Right-click the Users folder and select New User.
2. Fill in the username, full name (displayed on the login screen), description, and password.
3. Configure the password options:
   • User must change password at next logon — Forces the user to set their own password immediately. Recommended for new accounts.
   • User cannot change password — Prevents the user from changing their password. Useful for shared or kiosk accounts.
   • Password never expires — Disables the maximum password age policy for this account. Not recommended for security reasons.
   • Account is disabled — Creates the account but prevents it from being used. Useful for pre-creating accounts before a user arrives.
4. Click Create.

Adding a User to Groups

Group membership controls what the user can do. The most important built-in groups:

• Administrators — Full system access
• Users — Standard user access (all accounts are in this group by default)
• Guests — Very restricted access; suitable for temporary visitors
• Remote Desktop Users — Allows login via Remote Desktop without being an Administrator
• Power Users — Legacy group; has limited additional permissions over standard Users in Windows 11

To add a user to a group: right-click the group in the Groups folder, click Add to Group → Add, type the username, click Check Names, and click OK.

Using Command Prompt and PowerShell for Account Management

For scripted or bulk account management, the command line is far more efficient than the GUI.

Creating an Account via Command Prompt

net user NewUserName SecurePassword123! /add
net user NewUserName /fullname:"New User Full Name"
net localgroup Administrators NewUserName /add

PowerShell Account Management

# Create a new local user
$Password = ConvertTo-SecureString "SecureP@ssword!" -AsPlainText -Force
New-LocalUser -Name "JaneDoe" -Password $Password -FullName "Jane Doe" -Description "Finance department"

# Add to Administrators group
Add-LocalGroupMember -Group "Administrators" -Member "JaneDoe"

# List all local users
Get-LocalUser | Format-Table Name, Enabled, PasswordLastSet, LastLogon

# Disable an account
Disable-LocalUser -Name "OldEmployee"

# Remove an account
Remove-LocalUser -Name "OldEmployee"

Managing Account Passwords and Security

Password Policies via Local Security Policy

On Windows 11 Professional, open the Local Security Policy editor (secpol.msc) to enforce password requirements:

1. Navigate to Security Settings → Account Policies → Password Policy.
2. Configure:
   • Minimum password length: 12 characters is a reasonable minimum for 2026
   • Password must meet complexity requirements: Enables requirement for uppercase, lowercase, numbers, and symbols
   • Maximum password age: How many days before Windows requires a password change (0 = never)
   • Minimum password age: Prevents users from cycling through passwords rapidly to return to a favourite old password
   • Enforce password history: Remembers previous passwords to prevent reuse

Account Lockout Policy

Under Security Settings → Account Policies → Account Lockout Policy, configure:

• Account lockout threshold: Lock the account after N failed login attempts (5-10 is typical)
• Account lockout duration: How long the account remains locked (set to 0 to require administrator to manually unlock)
• Reset account lockout counter after: Time window for counting failed attempts

These policies significantly reduce the risk of brute-force attacks on local accounts.

User Account Control (UAC) Settings

User Account Control prompts you before applications make changes that require administrator access. The default setting (Notify when apps try to make changes) strikes a good balance. To adjust:

1. Press Win + S and search for User Account Control settings.
2. The slider offers four levels from Always notify (most secure) to Never notify (least secure, not recommended).

For a standard user running as an administrator, the second-highest setting is appropriate. If you have created a separate standard user account for daily use (as recommended), you may prefer the highest setting to ensure you are always aware of elevation requests.

Managing Sign-In Options

Beyond passwords, Windows 11 supports several sign-in methods. Configure them at Settings → Accounts → Sign-in options:

• Windows Hello Face: Facial recognition using an IR camera (requires compatible hardware)
• Windows Hello Fingerprint: Fingerprint reader authentication (requires compatible hardware)
• Windows Hello PIN: A numeric or alphanumeric PIN tied to this specific device (more secure than it sounds — the PIN only works on this machine and requires a TPM chip)
• Security key: Physical FIDO2 hardware key (YubiKey and similar)
• Password: Traditional password authentication
• Picture password: Draw gestures on a photo

For the most secure setup, use Windows Hello PIN or biometrics as the primary sign-in method, backed by a strong password for recovery.

Switching Between Users

Windows 11 supports Fast User Switching, which lets you switch between accounts without logging out. The currently running applications of the first user stay open in the background:

• Click the Start button and select the user icon at the bottom, then choose Switch user or click another account name.
• Press Win + L to lock the screen, then click Switch user on the lock screen.
• Press Ctrl + Alt + Del and select Switch user.

Best Practices for Account Management

• Never use the built-in Administrator account for daily work. This account has no UAC prompts and provides unrestricted access — reserve it for emergency recovery only and keep it disabled in normal operation.
• Disable unused accounts. If an employee leaves or a testing account is no longer needed, disable it immediately rather than leaving it active.
• Use the Guest account sparingly. The built-in Guest account is disabled by default in Windows 11 and should generally stay that way. If you need temporary access for a visitor, create a new limited account and delete it afterwards.
• Audit accounts regularly. Run Get-LocalUser in PowerShell periodically to review all accounts on the machine. Investigate any accounts you do not recognise.
• Keep a recovery option. Always maintain at least one Administrator account with a known password as a fallback in case other accounts are locked out or forgotten.

Conclusion

Windows 11 Professional’s account management tools give you the control to run a genuinely secure multi-user environment — from simple family sharing scenarios through to consistent policy-based management across a small business fleet. The combination of the Settings UI for quick changes, the Local Users and Groups console for detailed control, Local Security Policy for enforced password rules, and PowerShell for scripted management covers every scenario you are likely to encounter.

Invest ten minutes in setting up your accounts correctly from the start — separate user and admin accounts, appropriate password policies, and disabled default accounts — and you will avoid the most common causes of both security incidents and administrative headaches. Get Windows 11 Professional from GetRenewedTech for just £18.99.