Forum Discussion

avantormobility1's avatar
avantormobility1
Copper Contributor
Oct 21, 2020
Solved

Surface Hub 2s Local Admin Account Password Auto Resets after 24 hours

Hello, we recently enrolled four Surface Hub 2s through Microsoft Intune following the Microsoft instructions here (https://docs.microsoft.com/en-us/surface-hub/surface-hub-2s-manage-intune).

 

We set default Teams policy and timeout polices per the instructions.


The issue that we are running into is seemingly every night, the Local Admin account on the Surface Hub locks out and gives wrong password. We cannot enter the Settings after and basically have to end up wiping the device. 

 

Would there be a policy or setting on our side that would be causing the Surface Hub Local Admin account reset/change nightly?

 

Thank you,

  • cezarcretu's avatar
    cezarcretu
    Oct 21, 2020

    Hello avantormobility1,

     

    If the device was configured with a local account, this should not be touched. The policies that you screenshot should not affect this. However, there might be others that target this device. If so, I would start there, especially if this happened right after you enrolled the device in Intune.

    It's also a good idea to BMR the device using a new image if this is not the first time this has happened. 

    If all fails, please open a ticket with support

     

    Thank you,

    Cezar

2 Replies

  • msconfig87's avatar
    msconfig87
    Copper Contributor
    Nov 10, 2020

    avantormobility1I learned the hard way that configuring a local account via PPKG file will cause the account to RESET after 42 days:

     

    My workaround was to create a custom SyncML profile sneaking in another local account with another password and give admin access. At least I could manage the 30 deployed hubs then agian.

    USERNAMEHERE must be replaced and PASSWORDHERE as well

     

    SyncML:

    <Add>
  <CmdID>7e0a7095-fec6-4653-8914-e41d2f572f29</CmdID>
  <Item>
    <Target>
        <LocURI>./Device/Vendor/MSFT/Accounts/Users/USERNAMEHERE/Password</LocURI>
      </Target>
    <Meta>
      <Format xmlns="syncml:metinf">chr</Format>
      <Type>text/plain</Type>
    </Meta>
    <Data>PASSWORDHERE</Data>
  </Item>
</Add>
<Add>
  <CmdID>f54e0243-264c-4eb4-b703-6eca409a1f89</CmdID>
  <Item>
    <Target>
        <LocURI>./Device/Vendor/MSFT/Accounts/Users/USERNAMEHERE/LocalUserGroup</LocURI>
      </Target>
    <Meta>
      <Format xmlns="syncml:metinf">int</Format>
      <Type>text/plain</Type>
    </Meta>
    <Data>2</Data>
  </Item>
</Add>

     

  • cezarcretu's avatar
    cezarcretu
    Icon for Microsoft rankMicrosoft
    Oct 21, 2020

    Hello avantormobility1,

     

    If the device was configured with a local account, this should not be touched. The policies that you screenshot should not affect this. However, there might be others that target this device. If so, I would start there, especially if this happened right after you enrolled the device in Intune.

    It's also a good idea to BMR the device using a new image if this is not the first time this has happened. 

    If all fails, please open a ticket with support

     

    Thank you,

    Cezar

Resources