Forum Discussion
Conflict status after having 2 Local user group membership Policy
Hello,
I have an issue with applying two "Local User Group Membership" policies on a PC. The Intune policy report shows a conflict between having two "Local User Group Membership" policies despite having different configurations. For example, one is a Global Policy, which applies an admin privilege to all PCs, and the other one is more specific to a certain group, and it is just about giving remote access to the PCs on this group. So, my question is, why does Intune mark these two policies as a conflict of each other? If it is not possible to have two "Local User Group Membership" policies applying to the PC. Is there a way to have a global policy for admin users on the PC and one more private policy for remote user access using "Local User Group Membership"?
- ArtturiCopper ContributorI have the same issue using OMA-URI: ./Device/Vendor/MSFT/Policy/Config/LocalUsers
The OMA-URI is conflicting since it is already used once by another policy. It seems like the suggestion is to create one policy and then using AD/Entra groups to deal with the access rights. I was looking for another solution since I did not feel like applying a small needs group for all devices.
I haven't tested this but i think the config would need to look something like this:
<GroupConfiguration>
<accessgroup desc = "Local User group 1">
<group action = "U"/>
<add member = "Domain\Group1"/>
</accessgroup>
<accessgroup desc = "Local User group 2">
<group action = "U"/>
<add member = "Domain\Group2"/>
</accessgroup>
</GroupConfiguration> - NicklasOlsenIron ContributorHi Antony,
I have to understand it correctly.
You have two separate policies created in Intune, that are conflicting?
Can we see the configuration of the policies?- RobinWulzCopper ContributorI'm not OP but I have the same issue;
I have two policies, one to set the Local Administrators and the other one to set the local Remote Desktop Users. Both are set to "Add (Update)". But none of the both policies apply to the devices they are targeted to but instead report they are in conflict. The both policies do not target the same local group and both are set to Add/Update (not replace). Any hint why they are conflicting?- NicklasOlsenIron ContributorI assume it's targeted to the same set of devices? 🙂
- KateH85Copper Contributor
Antony1108
Maybe MS has fixed the bug as of 10/10/2024, but Update and Replace has worked for us.
Combining groups into the same policy.
- Update for Administrators- Replace for Remote Dekstop Users
- itwamanCopper Contributor
What doesn't work for us, is to target same device, same group with different policies, even using the "add/update" option, it generates conflict
- Newt_OthisCopper Contributor
Yeah - we're seeing the same thing too. Separate policies for different local groups targeting the same device results in a conflict.