Most IST Linux servers are joined to the university's Active Directory domain, allowing users to log in with their SU NetID and password. To manage users on your system, use the 'sssd.conf' file as described below.
| Expand |
|---|
|
| Expand |
|---|
| title | Allow user to log in via SSH |
|---|
| "sudo nano /etc/sssd/ |
|
...
...
an account with 'sudo' privileges, edit the
|
|
...
access.conf file located at the path above. To give a user access to log in, add their NetID to the 'simple_allow_users' line. If this line does not exist, you can create it. The list of users must be comma-separated. Restart the sssd service: sudo systemctl restart sssd.service OR reboot the system.
|
|
...
| Provide 'sudo' (admin) priveleges to user |
| | Note |
|---|
Use with caution. This will enable the user to make system-wide changes and should be reserved for users who have familiarity with a Linux command-line environment. |
| Info |
|---|
If the user is logged in, the user will need to log out and log back in again for the system to assign the privileges to their account. |
"sudo usermod -aG sudo <netid>"Using an account with 'sudo' privileges, run the above command, substituting in the user's netid
|
|
| Expand |
|---|
| title | Windows (10, 11, Server) on-domain |
|---|
|
| Expand |
|---|
| title | Add RDP (Remote Desktop) access |
|---|
| | Expand |
|---|
| 1) On the remote computer, right-click on the start menu and click "Windows PowerShell (Admin)"  Image Added
2) Copy in the following command, substituting in the user's Netid | Code Block |
|---|
| Add-LocalGroupMember -Group "Remote Desktop Users" -Member "AD\<netid>" |
| Expand |
|---|
| title | Provide Administrator rights to a user |
|---|
| Please submit a request to ischoolit@ot.syr.edu with the user's netid and we can configure this for you |
|
| Expand |
|---|
| 1) Click on the "Start" menu and then the gear icon in the left-hand menu, then open the "Settings" panel  Image Added
2) In the search bar, type "Remote Desktop" and then click on the "Remote Desktop Settings" search result  Image Added
3) In the "Remote Desktop" settings, first make sure the "Enable Remote Desktop" option is enabled. Then, click "Select users that can remotely access this PC"'  Image Added
4) Click "Add" on the "Remote Desktop Users" window (1). Ensure the "Location" is set to "ad.syr.edu"(2), and then type the netid of the user (3)  Image Added
5) Click "OK". |
|
| Expand |
|---|
| title | Provide Administrator rights to a user |
|---|
| At this time, please submit a request to ischoolit@ot.syr.edu and we can configure this for you |
|
| Expand |
|---|
| title | Windows (10, 11, Server) off-domain |
|---|
|
| Expand |
|---|
| title | Create a local user account |
|---|
| | Expand |
|---|
| 1) On the remote computer, right-click on the start menu and click "Windows PowerShell (Admin)" Image Added
2) Copy in the following commands line by line, substituting in the user's Netid or "L-netid" to create an admin account (examples below) Standard user: | Code Block |
|---|
| $Password = Read-Host -AsSecureString
New-LocalUser -Name "<netid>" -FullName "Firstname Lastname" -Description "Standard user account for <netid> -Password $Password |
Admin user: | Code Block |
|---|
| $Password = Read-Host -AsSecureString
New-LocalUser -Name "<netid>" -FullName "Firstname Lastname" -Description "Admin user account for <netid> -Password $Password |
|
| Expand |
|---|
| 1) Click on the "Start" menu and then the gear icon in the left-hand menu, then open the "Settings" panel Image Added
2) Click on "Accounts" in the settings menu  Image Added
3) Click on "Other users"  Image Added
4) Click on "Add someone else to this PC"  Image Added
5) Double-click into the "Users" location  Image Added
6) Fill in the user's information, as shown below, using a temporary password and click "Create" when finished. To create an admin account, use the prefix "L-" before the netid (second image)  Image Added Image Added |
|
| Expand |
|---|
| title | Add RDP (Remote Desktop) access |
|---|
| | Note |
|---|
NOTE: Only standard (non-administrator) accounts should be allowed interactive login privileges! |
| Expand |
|---|
| 1) On the remote computer, right-click on the start menu and click "Windows PowerShell (Admin)" Image Added
2) Paste in the following command, substituting the local account name | Code Block |
|---|
| Add-LocalGroupMember -Group "Remote Desktop Users" -Member "<netid>" |
|
| Expand |
|---|
| 1) From within the "lusrmgr" menu (Step #5 in the previous section), click into the "Groups" location in the tree and then double-click to open the "Remote Desktop Users" group  Image Added
2) You'll see the users who currently have RDP access. Click "Add"  Image Added
3) Type the user account in the "object name" box and click "OK"  Image Added |
|
| Expand |
|---|
| title | Provide Administrator rights to a user |
|---|
| | Note |
|---|
A separate "l-netid" account should be created for this purpose, and the admin account cannot be provided direct remote desktop access |
| Expand |
|---|
| 1) On the remote computer, right-click on the start menu and click "Windows PowerShell (Admin)" Image Added
2) Paste in the following command, substituting the "L-<netid>" account name | Code Block |
|---|
| Add-LocalGroupMember -Group "Administrators" -Member "L-<netid>" |
|
| Expand |
|---|
| 1) Follow the "account-creation" steps above to create a new local user account ("l-netid") Image Added
2) From within the "lusrmgr" menu (Step #5 in the account creation guide), click into the "Groups" location in the tree and then double-click into the "Administrators" group  Image Added
3) Type the "L-" user account in the "object name" box and click "OK"  Image Added |
|
|