When you remove access to a Windows device from a user in JumpCloud, JumpCloud disables, rather than deletes that user. As a result, all user account information and files are preserved, allowing you to re-enable the user if necessary. However, this creates a complication in Windows where disabled users no longer appear at the login screen or in netplwiz.
The version of Windows licensing you have determines the method you need to use to re-enable disabled users. Check your Operating System Version and License Version for your Windows devices before proceeding.
To see how to re-enable macOS users, see Re-enable a Disabled User Account on macOS.
Prerequisites:
- Must have local administrator access on the device
Re-enable a User from the Local Users and Groups Manager
To re-enable a disabled user from the Local Users and Groups Manager:
- Log in to the Windows device with a local administrator account.
- In the start bar, or via Run, enter lusrmgr.msc. The Local Users & Groups Manager tool opens in Windows.
- Go to the Users folder and find the disabled user. Disabled users appear with a down arrow next to their account.
- Right-click the disabled user, then select Properties.
- Clear Account is disabled.
- Next, go to User Properties > Member Of.
- Click Add…
- In the next menu, enter “Users”, then click Check Names.
- Click OK to add the User to the Local Users Group.
- Click Apply to save the settings.
- Click OK to close the window.
The user should now appear as active and be a member of the Users group. When you log out of your admin account, you should now see the user account on the Login screen.
The password for the newly re-enabled account is the last used password before the account was disabled.
Re-enable a User from the Command-Line Interface
You can re-enable users from the CLI if you have remote scripting capabilities and a local administrator account.
To re-enable a user from the CLI:
- Log in to the Windows device with a local administrator account.
- Open PowerShell as Administrator.
- To list all local users on the Windows device, run the following command: Get-LocalUser
- To re-enable the user account is currently disabled, run the following command: Enable-LocalUser -Name “Username_goes_here”
If the command runs successfully, you don't receive any results.
- To show the accounts with Enabled set to $true, run the following command: Get-LocalUser
- To add the newly re-enabled user to the Local Users group, run the following command: Add-LocalGroupMember – Group “Users” -Member “Username_goes_here”
If the command runs successfully, you won't receive any results.
- To verify that the user has been successfully added to the Local Users group, run the following command: Get-LocalGroupMember – Group “Members”
The account should now appear on the Windows login screen.
The password for the newly re-enabled account is the last used password before the account was disabled.
You should also be able to see the user in the netplwiz.