How to create a local admin via Intune
ฝัง
- เผยแพร่เมื่อ 29 ธ.ค. 2024
- Take a look at how you can create a local admin via Intune.
On my demo I used a custom configuration profile with the 2 OMA-URI strings below:
./Device/Vendor/MSFT/Accounts/Users/Admin5/Password
./Device/Vendor/MSFT/Accounts/Users/Admin5/LocalUserGroup
I hope you enjoy and thanks for watching
Jackson Felden
Hi Jackson, it worked very well thank you for you video. Just one question do you know how to add one more thing "set password never expire" via intune?
Looking forward to hearing from you.
Thanks
Brilliant Video.
Loved it.
I'm glad you liked it, thanks for the feedback.
Thank you! Very helpful. Now just need to switch users that are Admin to Non-Local admins
Thanks for the feedback Rob
Thanks Jackson, excellent video, Appreciate the knowledge share... 🤝
Thanks for your feedback, very much appreciated
This was EXCELLENT! Thank you!
Thanks for the feedback, very much appreciated
Thank you for the video. Trying it out now, but, looks promising.
Great, good luck!!!
and thanks for watching :)
@@jacksonfeldencloudsecurity It worked. You saved the day with a remote user and I could not elevate the session in screenconnect with our 365 Admin. Luckily they were in endpoint manager and this worked. Thank you again
great video, just wanted to ask if we local admin password in the configuartion profile at a later stage will it update each of the machines thsat the local admin user is deployed?
Thanks Richard, most likely it will, but I haven't tested.
grat video! thanks for share!
Thanks for the feedback, I'm glad you find my content useful. Thanks for your support.
Thanks for details information. We have created the same & its working fine...but on portal its showing error i.e. -2016281112 (remediation failed). Can you help me on this.
Hey Jackson, this is exactly the video i've been looking for and thank you for sharing your knowledge! this works except it runs into an error, have you been able to solve it?
Amazing! Straight and to the point, just what I was looking for! I'm subscribed!
While user was created, do you know why the status might be "Error" and error code "-2016281112" for both the LUG and Password when I assign it to a group of Users for each of user's machines? Should it be assigned to devices instead?
Please let us know what are ways to create local administrator on Intune managed devices may be during autopilot etc it is possible to use Account protection section for creating local admin accounts, how to provide admin access for logged on users
Thank you! This was really helpful.
Could I ask how do you make the local admin password not expire?
Hi thanks for your video. Now how to remove this admin account ? Is there anyway to put an aad cloud account in local administrator group ?
I'm glad you liked it, thanks for the feedback.
To remove the user I did the following:
1 - I Unassigned the configuration policy to create my admin5
2 - I created a PowerShell script called "RemoveAdmin5.ps1" with the following line:
Remove-LocalUser -Name "Admin5"
3 - from "Endpoint Manager / Devices / Scripts" I assigned the RemoveAdmin5.ps1 to my devices
After some time Admin5 was removed from my devices
Thank you for sharing. Question. How can I delete this account. I can see when I have to give local admin access to a user/pc just to do something, but once done, I would like to delete this.
Thank you. But what about setting password never expires ?
Did you get the answer? I'm looking now how can I disabled changing password at first login.
@@timtursic387 no, i see a comment down that said is not posible with OMA URI. Strange becouse it could be so simple.
How would one accomplish this for MacOS that is enrolled in Intune?
Kindly share some other method to get local administrator access like provide local admin access to help desk for Autopilot provisioned machines
Thank you, like others here I am getting the 0x8 error. however, if i check the device I did see the account was created and i was able to login. something I noticed was if I looked at the member of that new admin account. it was not part of any member groups. I did add administrators as the group but was wondering about this. I would have thought it would of set that for you.
Thanks for that
I'm glad you find my content useful. Thanks for your support
Hi! Can I set this local account to lose data everytime when someone log out?
How about using Azure Local Admin role instead? No OMI to deploy. Need to configure Endpoint security to prompt to secure desktop credentials for standard and admin users. You can even use PIM, but it is not perfect. Target a user with a group and assign that group the Local Admin role. They will have admin on all devices in your Intune. Then you can remove/disable all Administrative accounts and use PIM for a more secure setup.
thats how I set it up and works great! the only problem I ran into is when you have to apply a fresh start command to an intune win10 device it fails because there's no local admin account enabled. To get around this I use the method in this video with a long complex password. This meets the need of OOBE and fresh start, and still allows me the ability using Azure elevated privileges to make changes as an azure admin
Thanks for the input Christopher and Brad. I created the video to solve the problem when a local admin is needed by 3rd party applications running on devices, but is always good to keep your eye for other options too.
How can you add user to remote desktop users group?
Hello Jackson, Thanks for your video! It helps me to create local admin but i'm having this error "ERROR CODE
0x87d1fde8" do you know how to remdiate it? it seems that local admin is working It just bothering to see error
Hey Jackson nice video, I've did exactly the same steps you've done in this video everything worked fine but when you look at the Profile assignment status you'll receive Error Instead of Succeeded!
Also how can I create the user with "Password Never Expires"
Did you get solution , I run same issue
@@mohamadzib825 just use a script and deploy the script to the devices... the OMA URI way wont make it NEVER EXPIRE.
Very thanks but i get setting error 0x87d1fde8. It has created the user and add it to local admin.
how to create admin account using this method but without the password?
Hi Jackson!
I need the password to be Never Expired.
I get error 0x8
please share the string here
how to hash the password?