Creating local admin users on Windows devices

Managing user permissions is a critical aspect of device security and control in enterprise environments. In certain scenarios, it’s necessary to create local administrator accounts on Windows devices—for example, to allow IT staff to perform maintenance, deploy software, or troubleshoot issues without relying on domain credentials.

With Applivery, you can automate the creation of local admin users across your fleet through policy configuration. This ensures consistent access control, simplifies device management, and reduces the risk of manual errors.

Using the Accounts CSP through Applivery’s Custom Policies configuration, you can deploy OMA-URI–based policies to create a local user and assign them administrator rights.

Step 1 - User creation #

Once in the Applivery dashboard, head to the Device Management section and select Policies (1). Choose the policy where you want to create an admin user.

Next, in the left-hand menu, select + Add configuration (2), search for Custom Policies (3), and then click + Add Value to create the new configuration.

custom-policies

Use the following OMA-URI to create a new local user account:

  • OMA-URI: ./Device/Vendor/MSFT/Accounts/Users/<username>/Password.

    <userAdmin> represents the local username—replace it with the desired name for the new user account.

  • Format: String (chr).
  • Value: This value sets the password for the local account—replace it with the password you want to assign.

user-account-creation

Step 2 - Make the user administrator #

To make the newly created user a local administrator, apply this OMA-URI:

  • OMA-URI: ./Device/Vendor/MSFT/Accounts/Users/<username>/LocalUserGroup.
  • Format: Integer (int).
  • Value: 2 (this value describes the local administrators group).
local-user-group
Updated on setembro 11, 2025
Was this article helpful?

On this page