Docs / Desktop Management / User Management

Endpoint User Management

ZEM Cloud allows you to manage local user accounts on enrolled endpoints remotely.

Viewing Local Users

To view local users on an endpoint:

  1. Open Endpoint Overview
  2. Click on the desired endpoint
  3. Scroll to the Local Users section

The user list displays:

  • Username - Account name
  • UID/SID - User identifier
  • Status - Account state (active, locked, logged in)
  • Last Login - Most recent login time (if available)

Adding a User

  1. Open the endpoint details
  2. Click Toolbox > User Management
  3. Click Add User
  4. Enter the username (must follow OS naming rules)
  5. Enter a temporary password
  6. Select whether to grant administrator privileges
  7. Click Create User

Username Requirements

  • Linux - Lowercase letters, numbers, underscores; must start with a letter
  • macOS - Similar to Linux; avoid spaces and special characters
  • Windows - Can include spaces; avoid special characters like /\:*?"<>|

Password Requirements

The temporary password should meet the endpoint's password policy. Users should be instructed to change their password on first login.

Removing a User

  1. Open the endpoint details
  2. Find the user in the Local Users list
  3. Click the Remove button (trash icon)
  4. Confirm the deletion

Protected Accounts

Certain accounts cannot be removed:

  • Linux - root, system accounts (UID < 1000)
  • macOS - root, system accounts
  • Windows - Administrator, Guest, DefaultAccount, WDAGUtilityAccount

Locking a User

Locking a user account prevents them from logging in while preserving their data.

  1. Open the endpoint details
  2. Find the user in the Local Users list
  3. Click the Lock button (padlock icon)
  4. Confirm the action

Locked accounts show a "Locked" status indicator.

Unlocking a User

  1. Open the endpoint details
  2. Find the locked user in the Local Users list
  3. Click the Unlock button
  4. Confirm the action

Logging Out a User

Force logout a currently logged-in user:

  1. Open the endpoint details
  2. Find the user showing "Logged In" status
  3. Click the Logout button
  4. Confirm the action

Platform Differences

Linux (Ubuntu, Debian, Arch, Fedora)

  • Uses `useradd`, `userdel`, `usermod` commands
  • Admin users added to `sudo` group
  • Home directories created in `/home/`

macOS

  • Uses `sysadminctl` and `dscl` commands
  • Admin users added to `admin` group
  • Home directories created in `/Users/`

Windows

  • Uses PowerShell cmdlets (`New-LocalUser`, `Remove-LocalUser`, etc.)
  • Admin users added to `Administrators` group
  • User profiles created in `C:\Users\`
  • Display names may differ from account names

Action Queue

User management actions are queued like other remote actions:

  • Actions execute when the endpoint next checks in (every 60 seconds)
  • View pending actions in the Action Queue
  • Actions can be cancelled before delivery

Audit Trail

All user management actions are logged in the Audit Log with:

  • Action type (add, remove, lock, unlock, logout)
  • Target user and endpoint
  • Administrator who performed the action
  • Timestamp and result