Intune Account Protection, remove local admin

Copper Contributor

Hello folks,

I've encountered a issue while attempting to remove local administrators through Intune's Endpoint Security, under the Account Protection section.
My plan was to enforce this policy across different tenants, but I've run into a problem.

I applied this setting to three different tenants.
I received error messages in the report for the profile on two of them, while it was successfully applied on the third. The error details are as follows:

  • Setting: Group Configuration
  • Error Type: 2
  • Error Code: 65000

I checked if the Windows feature version might be related, but the issue persists even on the most recent versions. I also explored any differences between Windows Pro and Business editions.

  1. Has anyone else encountered this specific issue, and if so, how was it resolved?
  2. Are there known compatibility issues with certain Windows versions or editions that I might have overlooked?

    error.png

    Thank you in advance for your time and assistance.

 

2 Replies

@taffe1337 

 

Are you using the following configuration: 'Local user group membership' or are you using something else? So this configuration: https://techcommunity.microsoft.com/t5/intune-customer-success/new-settings-available-to-configure-l...

 

If this is the case, can you share more detail of the rules you are creating?

Hello! @SebastiaanSmits, sorry for my late answer, I hope i'm not to late. 

Skärmbild 2024-04-08 140040.png

This is how my setup looks like, I mark all the users I want it to apply on, then I assign it on a group were the users are included in. 

It has worked on some organisations. 

Thank you for any help!