Local User Management

Kaseya Automation Team
Kaseya Automation Team USMember, Kaseya Certified CHOCOLATE MILK
edited January 24 in Solutions

Product Name: Local User Management

Description : This is a suite of agent procedure to create or delete local users, as well as add local users to local groups.
When creating the user accounts, ensure the password follows the complexity rules.
In the procedure that does not prompt for a username a password, you will need to edit the two GetVariables commands (Lines 2 and 3) with the correct username and password to set.

Instructions :

  • Upload the procedures (xml file) with the Import Folder/Procedure tool in the Agent Procedures module under Schedule/Create 
«13

Comments

  • Jon Anderson
    Jon Anderson Member
    edited July 2018
    I have a client with 3 computers in a workgroup. Will this allow me to set up local admin credentials on these computers? 
  • Kaseya Automation Team
    Kaseya Automation Team USMember, Kaseya Certified CHOCOLATE MILK
    edited July 2018

    @Jon, Yes it should. You need to make sure to add the users you create to the Administrator group. 

  • Jon Anderson
    Jon Anderson Member
    edited July 2018

    thanks! I'll give it a try.

  • Todd McCullough
    edited November 2019

    I've used this to add domain users on DCs, but can't seem to figure out how to add a domain user AND add to domain admins. That doable with this procedure? If not, any tips? Thx.

  • Tarik
    Tarik Member
    edited August 2020

    We are looking for a best way to lock the machine when the user gets offboarded.

    I wonder if we can perform this one from Kaseya,by locking the machine using Bitcloker.If yes please feel free to advise us on this one.


  • Mike DeArmond
    Mike DeArmond Member
    edited August 2020

    @Tarik

    What I do to secure a machine during off boarding is to run a script that first blocks USB drives, then disables all user accounts and then reboots the machine. 

  • Tarik
    Tarik Member
    edited August 2020

    Hi @mike
    Thank you so much for your feedback.

    can you please share the script if possible ?taking on consideration that our machines enrolled into intune and Jamf.

  • Mike DeArmond
    Mike DeArmond Member
    edited August 2020

    There is no attachment tool =(

  • Tarik
    Tarik Member
    edited August 2020

    Its will be so appreciated if you can use the hyperlink option ^^

  • Mike DeArmond
    Mike DeArmond Member
    edited August 2020

    Give me an email address to share a drop box link

  • Tarik
    Tarik Member
    edited August 2020

    here my email address :  [email protected]

    Thank you so much.

  • Mike DeArmond
    Mike DeArmond Member
    edited August 2020

    Just sent!

  • mark
    mark Member CHOCOLATE MILK
    edited October 2020
    How can this be executed without writing credentials to the local agentmon.log
  • Brent Jones
    Brent Jones Member CHOCOLATE MILK
    edited October 2020
    Mark - i've asked the same question before and was told the only way is thru a powershell script (or another language) that runs from a file passed to the local machine, invoked, then deleted after use. There just isn't a way to turn off the agent logging.  If someone has a powershell script that works well for them, I'd be greatful if you posted here.
  • Heath Perrine
    Heath Perrine Member
    edited November 2020
    Anyone have any additional insight as this would be great to have given everyone is currently working from home.
  • Mike DeArmond
    Mike DeArmond Member
    edited November 2020

    Heath Perrine what are you looking for specifically?

  • Heath Perrine
    Heath Perrine Member
    edited November 2020

    We are looking to run a procedure against laptops where we have a terminated employee that still has one of our laptops.  We would like to lock them out/disable all accounts on the machine and shut it down.

    I have run into a few issues trying to lock out all local accounts manually through cmd and was hoping someone had a procedure that they would be willing to share.

    We want to retain the data within the profile as well.

    Thank you in advance!

  • Mike DeArmond
    Mike DeArmond Member
    edited November 2020

    If you give me an email address I will add you to a drop box share where I have a procedure that Blocks USB drives, Disables all local accounts then reboots the machine. 

  • Oscar Carmona
    Oscar Carmona Member
    edited November 2020

    @Mike can you send me that to [email protected] pls :) 

  • Mike DeArmond
    Mike DeArmond Member
    edited November 2020

    Yes give me a bit I have to export those

  • M. Janssen
    M. Janssen Member CHOCOLATE MILK
    edited November 2020

    @Mike can you send that to [email protected] too pls :) 

  • Andrew Streetman
    Andrew Streetman Member CHOCOLATE MILK
    edited November 2020

    Mike, thanks for the offer! 

    [email protected]

  • Colin Edwards
    Colin Edwards Member
    edited November 2020

    Please send to [email protected] 

    Appreciated

  • Mike DeArmond
    Mike DeArmond Member
    edited November 2020

    @Oscar just shared them =)

  • Mike Brouillette
    edited November 2020

    Mike...sounds like a very useful script.  If you could include me, that would be great.  [email protected]

  • Mike DeArmond
    Mike DeArmond Member
    edited November 2020

    @Mike Brouillette @ M Janssen I should have gotten both of you now =)

  • Mike DeArmond
    Mike DeArmond Member
    edited November 2020

    @Mike Brouillette @ M Janssen I should have gotten both of you now =)

  • M. Janssen
    M. Janssen Member CHOCOLATE MILK
    edited November 2020

    Yes...already imported. Browsing through the procedure now! Tnx!

  • Mike DeArmond
    Mike DeArmond Member
    edited November 2020

    @Colin, @Andrew Just got you folks too! 

  • Heath Perrine
    Heath Perrine Member
    edited November 2020

    Mike are you able to send over to me as well [email protected]