Forum Discussion
Configure Local Admins on Intune Hybrid joined devices, per device
Hi clubbing80s
did you already look at an always on vpn based on device authentication?
Another option is setup an autopilot profile and make the user local admin during enrollment.
And you can also create a PowerShell script that makes your user a local admin
kind regards,
rene
Thanks for that.
- Always on VPN is on the roadmap, distant horizon, years away.
- Going to be using AutoPilot, scheduled for later this year.
- with regard to using PowerShell I tried to add my user to my machines Local admins and the lookup for my azure UPN fails on the lookup. I have tried an number of different ways to do the lookup but all fail, I suspect this is because of the Hybrid domain join.
Hi clubbing80s ,
I am not a PowerShell expert but did you already try this method to get the logged in users? This scripts will create for every logged in user a firewall rule for teams.
Source : https://docs.microsoft.com/en-us/microsoftteams/client-firewall-script
If the below code is working you can change the script and replace the firewall rule to local admin.
$users = Get-ChildItem (Join-Path -Path $env:SystemDrive -ChildPath 'Users') -Exclude 'Public', 'ADMINI~*' if ($null -ne $users) { foreach ($user in $users) { $progPath = Join-Path -Path $user.FullName -ChildPath "AppData\Local\Microsoft\Teams\Current\Teams.exe" if (Test-Path $progPath) { if (-not (Get-NetFirewallApplicationFilter -Program $progPath -ErrorAction SilentlyContinue)) { $ruleName = "Teams.exe for user $($user.Name)" "UDP", "TCP" | ForEach-Object { New-NetFirewallRule -DisplayName $ruleName -Direction Inbound -Profile Domain -Program $progPath -Action Allow -Protocol $_ } Clear-Variable ruleName } } Clear-Variable progPath } }
Another option is to implement autopilot earlier. This is the easiest method in my opinion.Kind regards,
rene