Every single Windows device has a built-in local administrator account. It's required, can’t be deleted, and, given its high privileges, has full access to the device. This local admin account is pro...
Updated Apr 28, 2023
Version 2.0
Blog Post
Built-in Local Admin Account - enable or create new local admin?
We are currently testing WinLAPS in Intune. Pushed out successfully to some test devices, can view admin pw & rotate etc. Looks good…
However, by default the built-in 'Administrator' account is disabled in our organisation (as is usual). All our devices are in Autopilot, MDM Intune managed, HAAD-joined. We expected (hoped) that Intune > Endpoint Security > Account Protection Policy... would enable the built-in admin account if a specified account was not given, eg:
Or, when a specified account is given, it’d be awesome to have a further toggle that fired off a ‘create local user’ config and assigned it the admin group.
Has anyone else seen this, and if so... did you create a new local admin account, or start enabling the built-in account?
Cheers, thanks for any help/advice/experience!! 👍
Keith