Manage user access

Owned by Ryan Drescher
Last updated: Nov 20, 2023 by Nick Neal
5 min read
 Linux (Ubuntu)
 Allow user to log in via SSH

"sudo nano /etc/sssd/conf.d/access.conf"

  1. Using an account with 'sudo' privileges, edit the access.conf file located at the path above.
  2. To give a user access to log in, add their NetID to the 'simple_allow_users' line. If this line does not exist, you can create it. The list of users must be comma-separated.
  3. Restart the sssd service:  sudo systemctl restart sssd.service OR reboot the system.
 Provide 'sudo' (admin) priveleges to user

Use with caution. This will enable the user to make system-wide changes and should be reserved for users who have familiarity with a Linux command-line environment.

If the user is logged in, the user will need to log out and log back in again for the system to assign the privileges to their account.

"sudo usermod -aG sudo <netid>"

  1. Using  an account with 'sudo' privileges, run the above command, substituting in the user's netid


 Windows (10, 11, Server) on-domain
 Add RDP (Remote Desktop) access
 Command Line

1) On the remote computer, right-click on the start menu and click "Windows PowerShell (Admin)"


2) Copy in the following command, substituting in the user's Netid

Add-LocalGroupMember -Group "Remote Desktop Users" -Member "AD\<netid>"
 Provide Administrator rights to a user

Please submit a request to ischoolit@ot.syr.edu with the user's netid and we can configure this for you

 GUI

1) Click on the "Start" menu and then the gear icon in the left-hand menu, then open the "Settings" panel


2) In the search bar, type "Remote Desktop" and then click on the "Remote Desktop Settings" search result


3) In the "Remote Desktop" settings, first make sure the "Enable Remote Desktop" option is enabled. Then, click "Select users that can remotely access this PC"'


4) Click "Add" on the "Remote Desktop Users" window (1). Ensure the "Location" is set to "ad.syr.edu"(2), and then type the netid of the user (3)


5) Click "OK".

 Provide Administrator rights to a user

At this time, please submit a request to ischoolit@ot.syr.edu and we can configure this for you


 Windows (10, 11, Server) off-domain
 Create a local user account
 Command Line

1) On the remote computer, right-click on the start menu and click "Windows PowerShell (Admin)"


2) Copy in the following commands line by line, substituting in the user's Netid or "L-netid" to create an admin account (examples below)

Standard user:

$Password = Read-Host -AsSecureString

New-LocalUser -Name "<netid>" -FullName "Firstname Lastname" -Description "Standard user account for <netid> -Password $Password

Admin user:

$Password = Read-Host -AsSecureString

New-LocalUser -Name "<netid>" -FullName "Firstname Lastname" -Description "Admin user account for <netid> -Password $Password
 GUI

1) Click on the "Start" menu and then the gear icon in the left-hand menu, then open the "Settings" panel


2) Click on "Accounts" in the settings menu


3) Click on "Other users"


4) Click on "Add someone else to this PC"


5) Double-click into the "Users" location


6) Fill in the user's information, as shown below, using a temporary password and click "Create" when finished. To create an admin account, use the prefix "L-" before the netid (second image)

 Add RDP (Remote Desktop) access

NOTE: Only standard (non-administrator) accounts should be allowed interactive login privileges!


 Command Line

1) On the remote computer, right-click on the start menu and click "Windows PowerShell (Admin)"


2) Paste in the following command, substituting the local account name

Add-LocalGroupMember -Group "Remote Desktop Users" -Member "<netid>"
 GUI

1) From within the "lusrmgr" menu (Step #5 in the previous section), click into the "Groups" location in the tree and then double-click to open the "Remote Desktop Users" group


2) You'll see the users who currently have RDP access. Click "Add"


3) Type the user account in the "object name" box and click "OK"

 Provide Administrator rights to a user

A separate "l-netid" account should be created for this purpose, and the admin account cannot be provided direct remote desktop access

 Command Line

1) On the remote computer, right-click on the start menu and click "Windows PowerShell (Admin)"


2) Paste in the following command, substituting the "L-<netid>" account name

Add-LocalGroupMember -Group "Administrators" -Member "L-<netid>"
 GUI

1) Follow the "account-creation" steps above to create a new local user account ("l-netid")


2) From within the "lusrmgr" menu (Step #5 in the account creation guide), click into the "Groups" location in the tree and then double-click into the "Administrators" group


3) Type the "L-" user account in the "object name" box and click "OK"