Accounts CSP
The table below shows the applicability of Windows:
Edition | Windows 10 | Windows 11 |
---|---|---|
Home | No | No |
Pro | Yes | Yes |
Windows SE | No | Yes |
Business | Yes | Yes |
Enterprise | Yes | Yes |
Education | Yes | Yes |
The Accounts configuration service provider (CSP) is used by the enterprise (1) to rename a device, (2) to create a new local Windows account and join it to a local user group. This CSP was added in Windows 10, version 1803, and later.
The following syntax shows the Accounts configuration service provider in tree format.
./Device/Vendor/MSFT
Accounts
----Domain
--------ComputerName
----Users
--------UserName
------------Password
------------LocalUserGroup
./Device/Vendor/MSFT/Accounts Root node.
Domain Interior node for the account domain information.
Domain/ComputerName This node specifies the DNS hostname for a device. This setting can be managed remotely, but this remote management isn't supported for devices hybrid joined to Microsoft Entra ID and an on-premises Active directory. The server must explicitly reboot the device for this value to take effect. A couple of macros can be embedded within the value for dynamic substitution. Using any of these macros will limit the new name to 15 characters.
Available naming macros:
Macro | Description | Example | Generated Name |
---|---|---|---|
%RAND:#% |
Generates the specified number (# ) of random digits. |
Test%RAND:6% |
Test123456 |
%SERIAL% |
Generates the serial number derived from the device. If the serial number causes the new name to exceed the 15 character limit, the serial number will be truncated from the beginning of the sequence. | Test-Device-%SERIAL% |
Test-Device-456 |
Note
If you use these naming macros, a unique name isn't guaranteed. The generated name may still be duplicated. To reduce the likelihood of a duplicated device name, use %RAND:#%
with a large number. With the understanding that the maximum device name is 15 characters.
Supported operation is Add.
Note
For desktop PCs on supported versions of Windows 10 or later, use the Ext/Microsoft/DNSComputerName node in DevDetail CSP.
Users Interior node for the user account information.
Users/UserName This node specifies the username for a new local user account. This setting can be managed remotely.
Important
The username is limited to 20 characters.
Users/UserName/Password This node specifies the password for a new local user account. This setting can be managed remotely.
Supported operation is Add. GET operation isn't supported. This setting will report as failed when deployed from Intune.
Important
This string needs to meet the current password policy requirements.
Escape any special characters in the string. For example,
Character | Escape sequence |
---|---|
< |
< |
> |
> |
& |
& |
Users/UserName/LocalUserGroup This optional node specifies the local user group that a local user account should be joined to. If the node isn't set, the new local user account is joined just to the Standard Users group. Set the value to 2 for Administrators group. This setting can be managed remotely.
Supported operation is Add.