By Laura Arrizza – Program Manager II | Microsoft Endpoint Manager – Intune
We are pleased to announce a new experience to configure local user group membership settings for Windows devices. Th...
Updated Dec 01, 2023
Version 11.0
Blog Post
4 MIN READ
New settings available to configure local user group membership in endpoint security
Hello! Intune_Support_Team
I would like to know if these problems have already been corrected in 2024?
I have the following scenario:
Before you perform the adjustments to prevent the user enrollment from being added as a local administrator on the device during sign-in to Microsoft Sign-in and also The Global Administrator role is added as a local administrator on the device during sign-in to Microsoft Sign-in this setting has been applied largely part of the organization's computers.
In the currently configured environment, there is Windows LAPS for the !tilocal user, but as I reported, some computers continue to allow "common users" to be administrators of the computer. This happens due to the old configuration.
I would like to keep only the LAPS Windows user that is !tilocal and remove everyone else.
Would just removing groups from option 2 and 3 solve my problem?