Event details
Have yet to be able to find a successful process/script/etc for removing local admin privileges from aad joined or hybrid devices for the corporate users. Examples: Bob is a new employee, we ship him a laptop new in the box. No autopilot, just a new one off the shelf with Win 11 pro. Bob has the necessary 365 licenses, he goes thru the OOBE with his 365 credentials, It makes him an administrator, seems to be no easy way to remove that from him.
Dave, on the other hand, Dave has been around a bit, his laptop is 2 years old, we are only starting to roll out intune, Dave logs into his laptop with a local account, it was upgraded from win10 to win 11 pro but he uses a local account, then accesses work/school via the usual apps and browsers, but, Dave is the only administrator account and his system is AAD Registered. How do we easily make Dave a local user and not an admin anymore? There is a catch, Neither Dave nor Bob are in the office, they work from home (remote employees).
Joe_Lurie
Microsoft
MicrosoftRichR-VPS Have you tried the Endpoint security > Account protection blade to create a Local user group membership policy?
- Joe_Lurie Yes, after participating here I found some ways to do it yet it adds more problems than it solves for remote users or travelling users. They cannot do simple things like add a local printer. Apparently, no one prints to paper anymore or companies spend silly amounts of money on universal printing or 3rd party solutions for users who occasionally need a couple of pages printed or to use a scanner/MFP device at home, at the hotel, conference etc... Makes no sense. Yes installing drivers etc should require elevation etc no issue with that however, I should not have to make them open tickets with IT all the time to do what users perceive as simple 2 minute operations. The cost of them being idle and IT having to get involved is not worth the trouble. added security of having admin removed from them is wonderful but practical implementation of it seems a ways off for us sadly.