Forum Discussion
Configure Local Admins on Intune Hybrid joined devices, per device
Hi, I'm looking for a way to manage local administrators on the Windows Endpoint devices. These devices are currently in a hybrid joined configuration. We have a hand full of users that use VPN a...
Mr_Helaas,
Thanks for that.
- Always on VPN is on the roadmap, distant horizon, years away.
- Going to be using AutoPilot, scheduled for later this year.
- with regard to using PowerShell I tried to add my user to my machines Local admins and the lookup for my azure UPN fails on the lookup. I have tried an number of different ways to do the lookup but all fail, I suspect this is because of the Hybrid domain join.
Thanks for that.
- Always on VPN is on the roadmap, distant horizon, years away.
- Going to be using AutoPilot, scheduled for later this year.
- with regard to using PowerShell I tried to add my user to my machines Local admins and the lookup for my azure UPN fails on the lookup. I have tried an number of different ways to do the lookup but all fail, I suspect this is because of the Hybrid domain join.
Hi clubbing80s ,
I am not a PowerShell expert but did you already try this method to get the logged in users? This scripts will create for every logged in user a firewall rule for teams.
Source : https://docs.microsoft.com/en-us/microsoftteams/client-firewall-script
If the below code is working you can change the script and replace the firewall rule to local admin.
$users = Get-ChildItem (Join-Path -Path $env:SystemDrive -ChildPath 'Users') -Exclude 'Public', 'ADMINI~*'
if ($null -ne $users) {
foreach ($user in $users) {
$progPath = Join-Path -Path $user.FullName -ChildPath "AppData\Local\Microsoft\Teams\Current\Teams.exe"
if (Test-Path $progPath) {
if (-not (Get-NetFirewallApplicationFilter -Program $progPath -ErrorAction SilentlyContinue)) {
$ruleName = "Teams.exe for user $($user.Name)"
"UDP", "TCP" | ForEach-Object { New-NetFirewallRule -DisplayName $ruleName -Direction Inbound -Profile Domain -Program $progPath -Action Allow -Protocol $_ }
Clear-Variable ruleName
}
}
Clear-Variable progPath
}
}
Another option is to implement autopilot earlier. This is the easiest method in my opinion.
Kind regards,
rene