net localgroup $GROUP — show members of local group $GROUP (try with Administrators!)
net localgroup $GROUP $USER /add — add a member to a local group (useful targets are Administrators, Backup Operators, and Remote Management Users)
net share — list all current shares (including some that are just control processes)
Note that Windows allows for duplicate domain and local users; this is why users get prefixed by the domain or local machine name. Comparing the output of whoami and hostname will reveal if you’re logged in with a local or domain account.
Remember that net group $GROUP /domain doesn’t show which domain groups are members of $GROUP, and thus will miss domain admins whose membership is controlled by a nested group. The only way to retrieve a full list of users in a domain group is to use PowerShell.
How to manipulate users and groups at the Windows command line using net
Windows’ net command can be used to manipulate user and group information (iff you already have admin/SYSTEM privileges!). For example:
# Change a user's password#net user $USERNAME $PASSWORD# Add a user to a domain#net user $USERNAME /add /domain# Make a user a domain admin#net group "Domain Admins" $USERNAME /add /domain