Forum Discussion
Intune LAPS custom Admin account not enabled
Hello,
I have configured a policy in Intune to enable a custom admin account to an Intune Windows 11 device group, in order not to have the primary user as admin.
However, the policy never creates the custom account as it says.
Is there something else to check, besides enabling Intune → Endpoint security → Account protection → MyLAPSPolicy > Edit Configuration and enable settings in: Automatic Account Management Enabled
Automatic Account Management Enable Account
Automatic Account Management Randomize Name
Automatic Account Management Target
Best regards
K
2 Replies
Hi Costasppc, how are you creating that custom admin account?
Have you tried creating the admin account using inTune through a policy and making that account an admin?
Hi there.
Make sure you apply it to the the supporting Win version.
https://learn.microsoft.com/en-us/intune/intune-service/protect/windows-laps-overview
"Can Windows LAPS create local admin accounts based on the administrator account name that’s configured using LAPS policy?
Note
When you use manual account management mode or Windows LAPS on devices running Windows 11 version 23H2 or earlier, specifying an account name that doesn't exist on the device has no effect and doesn't generate an error.
"
That could be the issue.
Cheers!
