26 lines
1.6 KiB
Markdown
26 lines
1.6 KiB
Markdown
---
|
|
name: reference_gururmm_user_manager
|
|
description: GuruRMM has a built-in per-agent User Manager (endpoint local/domain/AAD users) — use it, not raw PowerShell
|
|
metadata:
|
|
type: reference
|
|
---
|
|
|
|
GuruRMM has a **built-in per-agent User Manager tab** (Users + Groups) for managing the
|
|
*endpoint's* Windows accounts — do NOT hand-roll `Set-ADAccountPassword`/`net user` via `/rmm`
|
|
PowerShell for routine user ops.
|
|
|
|
- UI: agent detail → **User Manager** tab (`dashboard/src/components/UserManagerTab.tsx`).
|
|
- API: `GET /api/agents/{id}/users` (inventory: users, groups, `domain_join_type`, `domain_name`,
|
|
`m365_tenant_id`, **`is_dc`**, `last_collected`), `POST /api/agents/{id}/users/refresh`,
|
|
`POST /api/agents/{id}/users/action` body `{username, action, value?, new_password?, group_name?}`.
|
|
- Actions: `reset_password`, `set_enabled` (enable/disable), `set_password_never_expires`,
|
|
`add_to_group`, `remove_from_group`.
|
|
- **Scope gate:** local accounts always manageable; **domain accounts manageable only when the agent
|
|
IS a DC** (`is_dc` true) — on a non-DC member they show "Managed in AD" (read-only). AAD accounts
|
|
show "Managed in Azure" (read-only). So to reset a domain user, target a DC agent.
|
|
- Advantage over raw PowerShell: structured action keeps the password out of the RMM command
|
|
history (raw `Set-ADAccountPassword` leaks the plaintext into `command_text`).
|
|
|
|
(Distinct from SPEC-027 / `usersApi` = GuruRMM's OWN dashboard login accounts — different thing.)
|
|
Correction logged 2026-06-29 after I wrongly claimed no built-in action existed. See [[reference_resource_map]].
|