In order for the JumpCloud Agent to perform an account takeover, the JumpCloud username must match the local account username on a device.
Prerequisites:
- Before changing an existing user, make sure you have read and understand the considerations noted in Naming Conventions for Users.
Considerations:
- Windows will not rename the home directory, but security permissions will be updated to the new username.
- Any applications that may have depended on the old username may not be updated by the User Account wizard. Be sure to test any applications before making production changes.
- See Microsoft’s Renaming a User Account Does Not Automatically Change the Profile Path.
Changing Username in Windows
To change a username in Windows:
- Log into the system using an administrator account that is not the account being renamed. From a command line or PowerShell, run the User Accounts Management wizard:
PS C:\Users\Administrator> netplwiz
- Select the user, then click Properties.
- Change the User name value to match the Username in the JumpCloud directory.
- Click OK and restart the system.
Changing Username with Commands
You can also use JumpCloud Commands to change the name of a local account on a device.
- This is a sample command and it’s recommend you test it first on a demo device before deploying to a production device.
- Ensure to replace the values in the sample command with your existing device username $oldName and new username $newName values.
To change a username with JumpCloud Commands:
- Create a new command in the JumpCloud Admin Portal. See Creating a Command Manually to learn more.
- Configure the command with the following settings:
- For Type, select Windows. Select Windows PowerShell.
- Enter the following in the Command field:
# Define the old and new account names
$oldName = "Test_Account"
$newName = "Test Account"
# Check if the script is running with administrative privileges
if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
# Relaunch the script with elevated privileges
$newProcess = Start-Process powershell -ArgumentList "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs -PassThru
# Wait for the elevated process to complete
$newProcess.WaitForExit()
exit
}
# Rename the local user account silently
Rename-LocalUser -Name $oldName -NewName $newName
- Go to the Devices tab and select the device that you need to rename the user account.
- Save the command and run it manually.
- After the command runs, go to the Results tab. A successful command result displays Success.