May 25 2023 07:44 AM
Hi all,
I have set a policy to create a local admin which is erroring out on intune:
However the account logs in and is part of the admin group.
Any ideas why it is erroring out?
May 25 2023 02:07 PM
May 26 2023 05:05 AM
Thank you! I have a script to enable built in password which works on device as admin but via intune it doesnt is there something easy why? @rahuljindal-MVP
$Username = "Administrator"
$Password = "my password" # Set your desired password
# Enable the built-in Administrator account
Enable-LocalUser -Name $Username
# Set the password for the Administrator account
$SecurePassword = ConvertTo-SecureString -String $Password -AsPlainText -Force
Set-LocalUser -Name $Username -Password $SecurePassword
# Verify the Administrator account
Get-LocalUser $Username
May 26 2023 06:20 AM
May 26 2023 07:00 AM
May 26 2023 07:01 AM
May 26 2023 07:07 AM
May 29 2023 11:09 AM
Aug 09 2023 08:43 AM
How do I find the official release on the known bug? Where did you see this as I need this information for a project I'm working on.
Thanks!
Mark
Aug 09 2023 10:37 AM
Aug 09 2023 10:58 AM
LocalUserGroup [./Device/Vendor/MSFT/Accounts/Users/localadmin/LocalUserGroup]
and
Password [./Device/Vendor/MSFT/Accounts/Users/localadmin/Password]
Same old standard as everyone uses. Same result. This works, but the report shows it failed in intune.
Aug 09 2023 12:18 PM
Aug 09 2023 01:44 PM - edited Aug 09 2023 01:45 PM
Yep. We're not implementing LAPS at this time. We're directed to stay with the local managed password. I noticed the title of this thread was "Local admin account creation error" and @AB21805 stated perfectly what the result is, namely, that the process works but Intune reports an error.
At that point @rahuljindal-MVP commented that it was a "Known bug related to the CSP. GET function not supported so the compliance is never reported as success. But the local admin account will apply."
So, my question was, where did he see documentation of this "Known Bug" from Microsoft. I'd like to provide this to our Stakeholders so they can be confident that this is in fact a known bug.
Aug 09 2023 10:48 PM - edited Aug 09 2023 10:49 PM
If those stakeholders can read the documentation 🙂 ... I am explaining "the why" on my own blog about this error
https://call4cloud.nl/2021/12/i-kill-remediation-errors/
So looking at the Users/UserName/Password. It is telling us that the supported operation is Add and the GET operation is not supported. Also to add... in my opinion its not a bug, its just how it was designed.... Otherwise we could use the csp to fetch passwords?
And the link to the official ms doc mentioning it
https://learn.microsoft.com/en-us/windows/client-management/mdm/accounts-csp
Aug 10 2023 07:44 AM
Sep 22 2023 02:33 PM