User Account Management
The User Account Management job helps admins to add user accounts on Windows devices remotely. Creating multiple user accounts on a device ensures each user has their own login experience. Users can then customize their device settings without affecting other users.
To create a user account, follow these steps:
1. Login to the SureMDM Console.
2. Navigate to Jobs > New Job > Windows > User Account Management.
3. Configure the following settings and click OK.
| Settings | Description |
|---|---|
| Job Name | Enter the required job name. |
| Action Type | Select the action type for managing user accounts. i. Create User ii. Delete User iii. Modify Permissions iv. Change User Password v. Time-Based Access Control vi. Account Activation/Deactivation vi. Rename Built-in Accounts |
Following are the Action Type options:
i. Create Users: Use this option to create users:
| Options | Description |
|---|---|
| Account Type | a. Administrator - Provide the user with admin privileges. b. Standard - Users can only modify their settings. |
| User Name | Enter the user name. |
| Full Name | Enter the User’s Full name. |
| Password | Enter the password of the account. |
| Password Hint | Enter the password hint to help the user remember the account password. |
| Allow User to Change Password | Enable this option to allow users to change their password. |
| Force Password Change | Enabling this option will force the users to set a new password using the default password set. |
| Time-Based Access Control | Enable this option to implement the user’s access control based on a specified time parameter. |
- To manage logon hours for existing users, please create a new job with the action type “Time-Based Access Control”.
- Specify when user access to the device begins/ends. Logon hours specified in the time-based access control adhere to the device’s local time and Logon attempts during unspecified schedules will be restricted.
- When creating Time-based access for newly created users, choose an hour ahead of their creation time for optimal working conditions.
ii. Delete Users: Delete selected users:
| Options | Description |
|---|---|
| User Name | Enter the user name. |
Ensure to enter the correct username. Deletion of the user account is ignored if the user does not exist.
iii. Modify Permissions: Modify the permissions of an existing user from Admin to Standard and vice versa:
| Options | Description |
|---|---|
| Modify Permission Of | Specify which users should have their permissions modified. i. Selected User ii. Primary User iii. Currently Logged-in User iv. All SureIDP Users Except v. All Local Users Except |
| User Name | Enter the User Name. |
| Change User Type From | Select user Type From: Select one of the following options: a. Administrator to Standard - Changes the user privileges from Admin to Standard. Provide the user with admin privileges. b. Standard to Administrator- Changes the user privileges from Standard to Admin. Provide the user with admin privileges. |
- Ensure to enter the correct username. User access level will be changed as per the selection and remains unchanged if the username does not exist on the devices.
- The primary users will be identified as those who performed the Entra Join during enrollment into SureMDM via Entra-based enrollments or as SureIDP users who enrolled the device. The 'Device User Name' column displays this information for each device.
- Details of the currently logged-in user can be found in the 'Last Logged In User' column on the device grid. The displayed information reflects the most recently fetched data. To get updated information for a specific device, a device refresh can be performed.
- This feature is supported on the Windows devices with the SureMDM Agent version >= 6.09.0
iv. Change User Password: Enter the username without spaces, and use + button to add multiple usernames if needed:
| Options | Description |
|---|---|
| User Name | Enter the user name. |
| Password | Enter the password of the account. |
| Confirm Password | Re-enter the password to verify. |
| Allow User to Change Password | Enable this option to allow users to change their password. |
| Force Password Change | Enabling this option will force the user to set a new password using the default password set. |
Ensure to enter the correct username. Change of Password for the user account is ignored if the user does not exist.
v. Time Based Access Control: Enable this option to implement user’s access control based on a specified time parameter:
| Options | Description |
|---|---|
| User Name | Enter the user name. |
| Start Time | Specify when user access to the device begins. Logon attempts before this time will be restricted. |
| End Time | Specify when user access to the device ends. Logon attempts after this time will be restricted. |
| Repeat | Select applicable days for access control. |
| Add Schedule | Select this option to schedule the Time Based Access Control. |
- Specify when user access to the device begins/ends. Logon hours specified in the time-based access control adhere to the device’s local time and Logon attempts during unspecified schedule will be restricted.
- Ensure to enter the correct username when configuring logon hours for users. Time-Based Access Control settings will be ignored if the specified user does not exist.
vi. Account Activation/Deactivation: Select this action to manage user accounts.
| Options | Description |
|---|---|
| User Name | Enter the user name. |
| Select Action | Select one of the following options: a. Enable User - Enables the user account(s) disabled on the device. b. Disable User - Disables the user account(s) active on the device. |
vii. Rename Built-in Accounts: Select this action to Rename Built-in Windows Accounts like Administrator and Guest accounts. | Options | Description | | --- | --- | | User Name | Enter the user name. | | Select Built-in Account | Select one of the following options:
4. Once done, click Save to save the changes. The newly created job will be listed in the Jobs List section.
5. Click Apply to launch the Apply Job/Profile To Device prompt.
6. In the Apply Job/Profile To Device prompt, select the job and click Apply.