Without fail during a JumpCloud onboarding or discovery call, the behavior of the JumpCloud agent comes up as a key topic in conversation – specifically how existing local account takeover occurs using the JumpCloud agent.
Understanding the nitty gritty details of this core agent behavior sticks out as one of the most critical concepts for new admins to grasp to have a successful implementation and roll out of the JumpCloud platform.
So how does local account takeover work?
When binding a JumpCloud user to a JumpCloud system, the JumpCloud agent makes a binary decision regarding if it should take over an existing local account or create a new local account on the target system.
This decision is based on a lookup the agent does where it compares the username of the JumpCloud user being bound to the machine to the usernames of the existing local accounts on the system.
One one side of the coin, If the username of the JumpCloud user matches the username of an existing local account, the JumpCloud agent takes over this local account and updates the password to the current password of the JumpCloud user.
On the other side, If no account with a matching username exists on the system, the JumpCloud agent creates a new local account and does not interact with any other accounts on the system.
Applying this to real-world IT scenarios, admins don’t always have the luxury of an environment where a naming convention has been used and followed since day one that allows them to easily use the agent to take over local accounts.
We’ve all seen or stepped into ‘wild west IT environments’ where there was no concept of a standard naming convention used for account creation and local accounts on machines exist with usernames like ‘Dwight’ and ‘Mike’.
These admins come to JumpCloud with expectations that the platform will help them tame their current ‘wild west IT environment’ and condense this chaos into a pristine directory with standardization and control.
The JumpCloud Sysprep application was created to help these admins reach “Directory Valhalla”.
Introducing The JumpCloud Sysprep Application
This utility can be used to update the existing local usernames of Windows systems to match the username naming convention used for JumpCloud users.
This must occur prior to any user to system associations are made in the JumpCloud admin console.
This will ensure that when the admins associate their JumpCloud users to their JumpCloud systems account takeover occurs and their end-users aren’t submitting tickets to the helpdesk asking why a ‘new account’ has shown up on their system.
The utility can also be used to update the hostname of systems and install the JumpCloud agent, drastically reducing the time it takes to onboard machines into JumpCloud.
Follow this link to the full documentation for the JumpCloud Sysprep application.
Check out this YouTube video of the JumpCloud Sysprep application in action.