Autopilot prevent users creating local account via OOBE

%3CLINGO-SUB%20id%3D%22lingo-sub-1365195%22%20slang%3D%22en-US%22%3EAutopilot%20prevent%20users%20creating%20local%20account%20via%20OOBE%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1365195%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EHi%2C%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EMy%20Autopilot%20deployment%20profiles%20has%3A%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EHide%20change%20account%20options%20%3D%20Hide%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CIMG%20src%3D%22https%3A%2F%2Fi.imgur.com%2FByJVV8J.jpg%22%20border%3D%220%22%20%2F%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EDevice%20Restrictions%20has%3A%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3ERequires%20users%20to%20connect%20to%20a%20network%20during%20device%20setup%20%3D%20Require%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CIMG%20src%3D%22https%3A%2F%2Fi.imgur.com%2F1WbGlox.jpg%22%20border%3D%220%22%20%2F%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EIn%20OOBE%20on%20the%20%22%3CSTRONG%3ELets%20connect%20you%20to%20a%20network%3C%2FSTRONG%3E%22%20part%20it%20has%20an%20option%20%22%3CSTRONG%3EI%20dont%20have%20internet%3C%2FSTRONG%3E%22%20which%20upon%20clicking%20displays%20another%20screen%20which%20displays%20two%20options%3CBR%20%2F%3E%22%3CSTRONG%3EConnect%20now%3C%2FSTRONG%3E%22%20-%20clicking%20this%20will%20take%20back%20to%20the%20%22%3CSTRONG%3ELets%20connect%20you%20to%20a%20network%3C%2FSTRONG%3E%22%20screen%3CBR%20%2F%3E%22%3CSTRONG%3EContinue%20with%20the%20limited%20setup%3C%2FSTRONG%3E%22%20-%20clicking%20this%20will%20display%20%22%3CSTRONG%3ESign%20in%20with%20Microsoft%3C%2FSTRONG%3E%22%20where%20user%20can%20create%20local%20account.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3EIs%20there%20any%20way%20to%20prevent%20user%20from%20creating%20local%20account%20or%20sign-in%20with%20Microsoft%20account%20%3F%20We%20only%20want%20the%20user%20to%20logon%20with%20the%20corporate%20account.%3C%2FP%3E%3CP%3E%3CIMG%20src%3D%22https%3A%2F%2Fi.imgur.com%2FP9UXp3Y.jpg%22%20border%3D%220%22%20%2F%3E%3CIMG%20src%3D%22https%3A%2F%2Fi.imgur.com%2FEuaFgbM.jpg%22%20border%3D%220%22%20%2F%3E%3CIMG%20src%3D%22https%3A%2F%2Fi.imgur.com%2FRfEWnQp.jpg%22%20border%3D%220%22%20%2F%3E%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3EAny%20help%20on%20this%20will%20be%20much%20appreciated%2C%20thank%20you.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1365195%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1365872%22%20slang%3D%22en-US%22%3ERe%3A%20Autopilot%20prevent%20users%20creating%20local%20account%20via%20OOBE%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1365872%22%20slang%3D%22en-US%22%3E%3CP%3EHI%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F103721%22%20target%3D%22_blank%22%3E%40Abinash%20RGS%20ICT%20-%20Hotmail%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIntune%20has%20no%20way%20to%20apply%20the%20enrollment%20profile%20that%20you%20assigned%20if%20the%20pc%20is%20not%20connecting%20to%20the%20internet.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20can't%20suppress%20the%20Admin%20prompt%20without%20the%20enrollment%20profile%2C%20which%20needs%20the%20internet%20to%20get%20applied.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20this%20helps!%3C%2FP%3E%3CP%3EMoe%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1369626%22%20slang%3D%22en-US%22%3ERe%3A%20Autopilot%20prevent%20users%20creating%20local%20account%20via%20OOBE%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1369626%22%20slang%3D%22en-US%22%3E%3CP%3EHey%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F103721%22%20target%3D%22_blank%22%3E%40Abinash%20RGS%20ICT%20-%20Hotmail%3C%2FA%3E%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Eplease%20read%20in%20addition%20Michael's%20blog%20post%20about%20these%20settings%20to%20fully%20understand%20them%3A%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ERequiring%20a%20network%20connection%20for%20the%20Windows%20Autopilot%20process%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Foofhours.com%2F2019%2F08%2F17%2Frequiring-a-network-connection-for-the-windows-autopilot-process%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Foofhours.com%2F2019%2F08%2F17%2Frequiring-a-network-connection-for-the-windows-autopilot-process%2F%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Ebest%2C%3CBR%20%2F%3EOliver%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1894534%22%20slang%3D%22en-US%22%3ERe%3A%20Autopilot%20prevent%20users%20creating%20local%20account%20via%20OOBE%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1894534%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F103721%22%20target%3D%22_blank%22%3E%40Abinash%20RGS%20ICT%20-%20Hotmail%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20think%20this%20can%20be%20achieved%20by%20using%20the%20unattend.xml%20which%20would%20be%20used%20when%20Auto%20Pilot%20profile%20is%20not%20downloaded.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi,
My Autopilot deployment profiles has:
Hide change account options = Hide

 

Device Restrictions has:
Requires users to connect to a network during device setup = Require

In OOBE on the "Lets connect you to a network" part it has an option "I dont have internet" which upon clicking displays another screen which displays two options
"Connect now" - clicking this will take back to the "Lets connect you to a network" screen
"Continue with the limited setup" - clicking this will display "Who's going to use this PC?" where user can create local account.

 

Is there any way to prevent user from creating local account  ? We only want the user to logon with the corporate account.

Any help on this will be much appreciated, thank you.

 

 

3 Replies

HI @Abinash RGS ICT - Hotmail 

 

Intune has no way to apply the enrollment profile that you assigned if the pc is not connecting to the internet.

 

You can't suppress the Admin prompt without the enrollment profile, which needs the internet to get applied.

 

Hope this helps!

Moe

 

 

Hey @Abinash RGS ICT - Hotmail,

 

please read in addition Michael's blog post about these settings to fully understand them: 

 

Requiring a network connection for the Windows Autopilot process

https://oofhours.com/2019/08/17/requiring-a-network-connection-for-the-windows-autopilot-process/

 

best,
Oliver

@Abinash RGS ICT - Hotmail 

 

I think this can be achieved by using the unattend.xml which would be used when Auto Pilot profile is not downloaded.