Forum Discussion
Azure AD user in Windows 10 - local admin problem
Hi
Like I said, we do not have AAD Premium, EMS, Intune licenses. Those steps require EMS licenses or AAD Premium.
I was able to set the secondary login account as admin account. Login using this secondary account, go to Control Panel/User Accounts/User Accounts/Change your account type and use O365 admin account or the first account used to login to PC to go past UAC. This way you can upgrade user account as local admin.
Based on this link
https://community.spiceworks.com/topic/1580701-azure-ad-users-given-local-admin-permissions
it is not good idea to downgrade the first (O365)account used to login to PC as standard user.
Prefer to use O365 admin account or some other O365 account used as local admin account when login the first time to PC and add the actual user account to PC after this. This way normal users do not have local admin permissions and you dont have to downgrade user account permissions.
Have a look at this article: http://www.rebeladmin.com/2017/12/step-step-guide-add-additional-local-administrators-azure-ad-joined-devices/
Does it help?
I have add the user as a local admin but no luck. Any ideas?
- Harry Dubois
Sorry but I didnt understand. No luck in what? What are you trying to accomplish?- Problem is solved. We have added the user as local administrator in the Intune portal. Worked after 24 hours, maybe due to sync from Intune.
Hi
Like I said, we do not have AAD Premium, EMS, Intune licenses. Those steps require EMS licenses or AAD Premium.
I was able to set the secondary login account as admin account. Login using this secondary account, go to Control Panel/User Accounts/User Accounts/Change your account type and use O365 admin account or the first account used to login to PC to go past UAC. This way you can upgrade user account as local admin.
Based on this link
https://community.spiceworks.com/topic/1580701-azure-ad-users-given-local-admin-permissions
it is not good idea to downgrade the first (O365)account used to login to PC as standard user.
Prefer to use O365 admin account or some other O365 account used as local admin account when login the first time to PC and add the actual user account to PC after this. This way normal users do not have local admin permissions and you dont have to downgrade user account permissions.
YOOOO! This article helped me out a lot! I am a one-man show with 30+ employees and we just changed our domain. I had to create another account under the new domain, log out of the user with the old domain, and log in with the user with the new domain but had no local admin access. Just coming across this led me in the right direction. BIG UPS!
