Forum Discussion
Solved
creating a local account when using ONLY intune no AD link
Hi all! Was wondering if you can help I want to create a policy or rule to create a local admin account on devices when enrolled to intune. I cant seem to find anything: Is this som...
Hi AB21805,
use any of the community LAPS solutions out there as mentioned for Admin Password Management or if you are fine with additional AAD groups in the local Administrators group for example, you should have a look at the new 20H1 Policy CSP "LocalUsersAndGroups". This CSP will not create a user for you but as mentioned you can add AAD groups for example to local groups.
Have a look here: https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-localusersandgroups#localusersandgroups-policies
best,
Oliver
You can achieve this using the Accounts CSP and a custom OMA-URI:
https://docs.microsoft.com/en-us/windows/client-management/mdm/accounts-csp
Michael Niehaus has a good blog about it and why you may not want to:
https://oofhours.com/2020/05/07/you-can-use-intune-to-create-a-local-admin-account-but-that-doesnt-mean-its-a-good-idea
Or try something like Serverless LAPS:
https://www.srdn.io/2018/09/serverless-laps-powered-by-microsoft-intune-azure-functions-and-azure-key-vault
https://docs.microsoft.com/en-us/windows/client-management/mdm/accounts-csp
Michael Niehaus has a good blog about it and why you may not want to:
https://oofhours.com/2020/05/07/you-can-use-intune-to-create-a-local-admin-account-but-that-doesnt-mean-its-a-good-idea
Or try something like Serverless LAPS:
https://www.srdn.io/2018/09/serverless-laps-powered-by-microsoft-intune-azure-functions-and-azure-key-vault