Join us June 17–18 for a deep dive into Copilot Control System—live expert-led sessions and Q&A on data security, agent lifecycle, adoption, and more! Learn more >

Forum Discussion

Rob_Lam

Copper Contributor

Jul 30, 2024

LAPS Creation using Intune

Hi All I am trying to get Intune to create a Local Admin Account and I am using the method of adding OMA-URI Settings but for some reason the account is created but it's not adding to the a...

Intune

laps

micheleariis

Steel Contributor

Jul 31, 2024

Hi, it should be enough to add another configuration like the one below:

Name: Add user to Local administrator group
OMA-URI: ./Device/Vendor/MSFT/Accounts/Users/apexadmin/LocalUserGroup
Data type: Integer
Value: 2

Rob_Lam
Copper Contributor
Jul 31, 2024
yes but it doesn't.
It works on 1-2 machines but the rest just fails to add local admin group
- micheleariis
  Steel Contributor
  Jul 31, 2024
  If you create a script in powershell with the command below and deploy it via intune?
  
  Add-LocalGroupMember -Group Administrators -Member apexadmin
  
  Otherwise, if you have the licenses, you could use account-protection-policies
  
  https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-account-protection-policy
  - Rob_Lam
    Copper Contributor
    Aug 01, 2024
    We can't run Remediation because we are using business premium
    
    I copied this into notepad and saved it as create-localadmin.ps1
    
    net user apexadmin password123 /add
    Add-LocalGroupMember -Group Administrators -Member apexadmin
    
    However the script doesn't deploy to devices
    It says 0 devices deployed