Forum Discussion

ksclifton's avatar
ksclifton
Copper Contributor
May 13, 2022

Local Admin Password expiration

Hello,

I am working on trying to run a script to change the local admin password to not expire. In the early stages of Intune, I setup a local admin account and failed to set the password to expire, now when they are coming back I have to change the password. I know there is a work around to login to the device as myself and run the script $Set-LocalUser -Name admin -PasswordNeverExpires 1 . I have attempted to run the same script through Endpoint as a test and receiving failed as it's status. Is this a possible script to run, and what needs to be added to the script if so.

 

Thank you

  • You need to check the "Run script in 64-bit PowerShell Host" as the localgroup*/localuser* cmdlets are only available on a 64-bit PowerShell, otherwise it will fail. 👍
  • ksclifton's avatar
    ksclifton
    Copper Contributor
    I am new to this and just now found that I need enable Microsoft Intune PowerShell. I will work on this first.
    • ksclifton's avatar
      ksclifton
      Copper Contributor
      I don't mean the normal PowerShell, yes that is installed on both devices, while reviewing the learn MEM book, it talks about enabling Microsoft Intune PowerShell, that doesn't seem to be an option, when I ran the powershell-intune-samples-master off github, my credentials were not high enough in other areas of Azure for it to work. My question is, do I have to somehow enable Microsoft Intune Powershell, to run powershell scripts in Intune. When I took the course it was never covered that any special steps were needed to run scripts on devices through Endpoint.
      • Powershell has modules that can be installed so you can managed Microsoft Intune with it. As example you can use powershell to deploy device configurations and conditional access to your tenant.
        When using proactive remediations it doesn't need it...(or your powershell script needs that module for some specific operations) but the example I gave you it doesn't need anything special....
  • For future reference: Reviewing this thread. The original script proposed is the correct script. Set-LocalUser -Name admin -PasswordNeverExpires 1. Remove the "$" and it will work fine. The second script will set ALL accounts to not expire on the machine; get-localuser | Set-localUser -PasswordNeverExpires:$True. Otherwise, as stated set to 64 bit and call it a day.

Resources