cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Local Admin Password expiration

ksclifton
Copper Contributor

‎May 13 2022 02:48 PM

‎May 13 2022 02:48 PM

Local Admin Password expiration

Hello,

I am working on trying to run a script to change the local admin password to not expire. In the early stages of Intune, I setup a local admin account and failed to set the password to expire, now when they are coming back I have to change the password. I know there is a work around to login to the device as myself and run the script $Set-LocalUser -Name admin -PasswordNeverExpires 1 . I have attempted to run the same script through Endpoint as a test and receiving failed as it's status. Is this a possible script to run, and what needs to be added to the script if so.

 

Thank you

13.4K Views
0 Likes
10 Replies
Reply
10 Replies
ksclifton

‎May 13 2022 06:42 PM

‎May 13 2022 06:42 PM

Re: Local Admin Password expiration

I am new to this and just now found that I need enable Microsoft Intune PowerShell. I will work on this first.
0 Likes
Reply
Rudy_Ooms_MVP

‎May 13 2022 11:14 PM

‎May 13 2022 11:14 PM

Re: Local Admin Password expiration

Hi

You indeed need PowerShell... but normally powershell is installed by default on the device :)

get-localuser | Set-localUser -PasswordNeverExpires:$True

https://call4cloud.nl/2020/03/remove-all-local-admins/
0 Likes
Reply
ksclifton

‎May 14 2022 05:47 AM

‎May 14 2022 05:47 AM

Re: Local Admin Password expiration

I don't mean the normal PowerShell, yes that is installed on both devices, while reviewing the learn MEM book, it talks about enabling Microsoft Intune PowerShell, that doesn't seem to be an option, when I ran the powershell-intune-samples-master off github, my credentials were not high enough in other areas of Azure for it to work. My question is, do I have to somehow enable Microsoft Intune Powershell, to run powershell scripts in Intune. When I took the course it was never covered that any special steps were needed to run scripts on devices through Endpoint.
0 Likes
Reply
Rudy_Ooms_MVP

‎May 14 2022 05:59 AM

‎May 14 2022 05:59 AM

Re: Local Admin Password expiration

Powershell has modules that can be installed so you can managed Microsoft Intune with it. As example you can use powershell to deploy device configurations and conditional access to your tenant.
When using proactive remediations it doesn't need it...(or your powershell script needs that module for some specific operations) but the example I gave you it doesn't need anything special....
0 Likes
Reply
ksclifton

‎May 14 2022 07:13 AM

‎May 14 2022 07:13 AM

Re: Local Admin Password expiration

@Rudy_Ooms_MVP 

 

Thank you for the replay, I took the script you gave and put it into PowerShell ISE and saved the .ps1 file.

ksclifton_0-1652536925680.png

Added to scrips in Endpoint.

ksclifton_1-1652537003298.png

When the script would run, I received

ksclifton_2-1652537074186.png

I am assuming, I missed something. The local "admin" account password is still not set to not expire.

I test the PowerShell on the test device and it ran correctly. 

0 Likes
Reply
Rudy_Ooms_MVP

‎May 14 2022 07:16 AM

‎May 14 2022 07:16 AM

Re: Local Admin Password expiration

@ksclifton 

did you test it with a new enrolled device or an existing device ?

0 Likes
Reply
ksclifton

‎May 14 2022 07:18 AM

‎May 14 2022 07:18 AM

Re: Local Admin Password expiration

The device is an existing device.
0 Likes
Reply
best response confirmed by ksclifton (Copper Contributor)
Oliver Kieselbach

‎May 16 2022 07:09 AM

‎May 16 2022 07:09 AM

Solution

Re: Local Admin Password expiration

You need to check the "Run script in 64-bit PowerShell Host" as the localgroup*/localuser* cmdlets are only available on a 64-bit PowerShell, otherwise it will fail. :thumbs_up:
0 Likes
Reply
ksclifton

‎May 29 2022 12:13 PM

‎May 29 2022 12:13 PM

Re: Local Admin Password expiration

Thank you! Someone before gave me incorrect information when they said that putting it in 64-bit mode was unnecessary.
0 Likes
Reply
ExodusIntegrityServices

‎Nov 07 2022 06:19 AM

‎Nov 07 2022 06:19 AM

Re: Local Admin Password expiration

For future reference: Reviewing this thread. The original script proposed is the correct script. Set-LocalUser -Name admin -PasswordNeverExpires 1. Remove the "$" and it will work fine. The second script will set ALL accounts to not expire on the machine; get-localuser | Set-localUser -PasswordNeverExpires:$True. Otherwise, as stated set to 64 bit and call it a day.
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by ksclifton (Copper Contributor)
Oliver Kieselbach

‎May 16 2022 07:09 AM

‎May 16 2022 07:09 AM

Solution

Re: Local Admin Password expiration

You need to check the "Run script in 64-bit PowerShell Host" as the localgroup*/localuser* cmdlets are only available on a 64-bit PowerShell, otherwise it will fail. :thumbs_up:

View solution in original post

0 Likes
Reply