Adding local Windows accounts

Before you enable local account management on your Windows computers, add the local users and groups in Access Manager.

Note:   If you first enable local account management with the enforce option and if you have any existing local accounts on that system but not defined in a zone, then the service will remove those local users during the next synchronization. Built-in local Windows accounts are not removed.

To add a local Windows user:

  1. In Access Manager, navigate to either a zone or a Windows computer and go to Windows Data
  2. Right -click Local Users and select Add User to Zone or Add User, depending on where you're adding the user.
  3. Enter the user name and click OK.
  4. Specify the attributes for the local Windows user:

    • Full name: The first and last name of the new local Windows user.

    • Description: A description of the user.

    • State: Specify one of the following:

      • Enable: Set the state to Enable for a local Windows account that is in use.
      • Disable: Set the state to Disable for a local Windows account that is not in use.
      • Remove: If you've chosen not to enforce local account management, mark the user as Remove and the service will remove the user at the next synchronization interval.

        Note:   The service will not remove any built-in local Windows accounts, even if you mark it as Remove in Access Manager.

    • Password options: If desired, select any of the following:

      • User must change password at next logon: The service will force the local Windows user to change the account password the next time that the user logs in to the computer. Note that this option applies only to new accounts.

      • User cannot change password: The user won't be able to change the password.

      • Password never expires: The user's password will never expire.

  5. Click OK to save your changes.

    The new user will be available on the affected systems after the next local account synchronization.

 

To add a local Windows group:

  1. In Access Manager, navigate to either a zone or a Windows computer and go to Windows Data
    1. Right -click Local Groups and select Add Group to Zone or Add Group, depending on where you're adding the group.
    2. Enter the group name and click OK.
  2. Specify the attributes for the local Windows group:

    • Description: Enter a description of your choice.
    • Members: Click Add to launch the Add Members dialog. In a comma-separated list, type the names of the users who will be in the group.

      Note that Access Manager does not check the validity of the user names that you provide. You should ensure that all of the names that you provide are local Windows user names that currently exist.

    • State: Specify either Enable or Remove.

      • Enable: Set the state to Enable for a local Windows account that is in use.

      • Remove: If you've chosen not to enforce local account management, mark the group as Remove and the service will remove the group at the next synchronization interval.

  3. Click OK to save your changes.

    The new group will be available on the affected systems after the next local account synchronization.