Forum Discussion

Wesoley's avatar
Wesoley
Copper Contributor
Apr 06, 2022

Rename built-in local admin and change password

I'm trying to rename the local built-in admin account and change the password using the following

Devices > Windows > Create custom profile > 

OMA-URI 

/Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount
The account is renamed fine. However, on trying to set the password: ./Device/Vendor/MSFT/Accounts/Users/localadmin/Password  I get the error code -2016281112 which I believe Rudy talked about here https://call4cloud.nl/2021/12/i-kill-remediation-errors/ 
However, I'm not able to login with the user and password. If I create a new account instead of renaming the existing one, I'm able to login fine. Any tips on how to resolve this corner case?
  • So far as i know: yes… we created our own laps (powershell) to change those passwords. Leanlaps was the creation of that idea
  • Hi as responded on reddit:
    https://www.reddit.com/r/Intune/comments/txkdyf/rename_builtin_admin_account_and_set_password/

    Hi,

    I noticed you also reached out in a comment.. Looking at what you are trying to do and the CSP. It looks like you can only change the administrator account name with it... but I don't see anything mentioned a password change?

    Could you still login with the password that was configured for the old account? Could you also check if that account is disabled?
    • Wesoley's avatar
      Wesoley
      Copper Contributor

      Yes, I can still login with the password for the old account. No, the account is not disabled. Btw, I apologize for the double/triple posting. I should clarify - set password. 

      Is it that the ./Device/Vendor/MSFT/Accounts/Users/localadmin/Password will only set a password for a newly created account and not an existing one?

      • So far as i know: yes… we created our own laps (powershell) to change those passwords. Leanlaps was the creation of that idea

Resources