Permissions in Intune

%3CLINGO-SUB%20id%3D%22lingo-sub-1619273%22%20slang%3D%22en-US%22%3EPermissions%20in%20Intune%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1619273%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3EWe%20need%20to%20let%20Standard%20users%20in%20our%20organization%20to%20be%20able%20to%20do%20disk%20cleanup.%20I%20mean%20the%20system%20files...%20Right%20now%20they%20need%20elevation%20(admin%20password).%20Is%20there%20any%20Roles%20beside%20Global%20Admin%20that%20can%20do%20the%20task%3F%3C%2FP%3E%3CP%3EThanks%20in%20advance.%3C%2FP%3E%3CP%3EKevin%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1619273%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1621782%22%20slang%3D%22en-US%22%3ERe%3A%20Permissions%20in%20Intune%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1621782%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F774792%22%20target%3D%22_blank%22%3E%40Kevin30%3C%2FA%3E%26nbsp%3B%20This%20is%20possible%20if%20you%20create%20a%20new%20configuration%20profile%20and%20then%20assign%20it%20to%20those%20devices%20and%20users%2C%20there%20is%20also%20some%20limitation%20and%20recently%20more%20updates%2Fupgrades%20are%20coming%20to%20Microsoft%20Endpoint%20Manager%2C%20Also%20sometimes%20it%20is%20possible%20by%20doing%20some%20PowerShell%20as%20well%20which%20is%20now%20fully%20supported%20for%20Intune.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%20that%20can%20be%20done%20with%20some%20of%20the%20third%20party%20solutions%20which%20is%20Policy%20Pak.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1623023%22%20slang%3D%22en-US%22%3ERe%3A%20Permissions%20in%20Intune%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1623023%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F181929%22%20target%3D%22_blank%22%3E%40Pervaiz%20Dostiyar%3C%2FA%3E%26nbsp%3BThank%20you%20Pervaiz%2C%20could%20you%20explain%20or%20provide%20links%20for%20making%20%3CEM%3E%22%3C%2FEM%3E%3CSPAN%3E%3CEM%3Econfiguration%20profile%22%3C%2FEM%3E%20as%20you%20mentioned%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20tried%20some%20PowerShell%26nbsp%3Bscripts%20that%20I%20found%20in%20the%20internet%20but%20none%20of%20them%20worked%20completely%26nbsp%3Bto%20be%20deployed%20by%20Intune.%20if%20you%20have%20tried%20any%20and%20found%20working%2C%20I%20appreciate%26nbsp%3Bif%20you%20can%20share%20those%20also.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1623414%22%20slang%3D%22en-US%22%3ERe%3A%20Permissions%20in%20Intune%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1623414%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F774792%22%20target%3D%22_blank%22%3E%40Kevin30%3C%2FA%3EI%20have%20not%20applied%20this%20specific%20rule%20but%20other%20policies%20are%20possible%20and%20we%20do%20have%20some%20in%20place%20that%20is%20implemented%20and%20working%20fine%20it%20is%20like%20kind%20of%20group%20policies%20that%20work%20on%20Intune%20%2F%20MDM%2C%20as%20I%20did%20say%20at%20the%20start%20it%20is%20limited%20so%20not%20all%20the%20functions%20will%20be%20working%20today%20but%20surely%20it%20will%20get%20updated%20sooner%20and%20a%20day%20will%20come%20we%20can%20do%20any%20GPO%20that%20we%20had%20in%20the%20local%20Servers%20and%20Environment.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHere%20is%20the%20link%20some%20topic%20has%20been%20mentioned%20by%20PolicyPAK%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.policypak.com%2Fpp-blog%2Fwindows-10-mdm%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.policypak.com%2Fpp-blog%2Fwindows-10-mdm%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHere%20is%20Microsoft%20Docs%20on%20some%20of%20the%20Policy%20Configuration%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fclient-management%2Fmdm%2Fpolicy-configuration-service-provider%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fclient-management%2Fmdm%2Fpolicy-configuration-service-provider%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hello,

We need to let Standard users in our organization to be able to do disk cleanup. I mean the system files... Right now they need elevation (admin password). Is there any Roles beside Global Admin that can do the task?

Thanks in advance.

Kevin

3 Replies
Highlighted

@Kevin30  This is possible if you create a new configuration profile and then assign it to those devices and users, there is also some limitation and recently more updates/upgrades are coming to Microsoft Endpoint Manager, Also sometimes it is possible by doing some PowerShell as well which is now fully supported for Intune.

 

Also that can be done with some of the third party solutions which is Policy Pak.

Highlighted

@Pervaiz Dostiyar Thank you Pervaiz, could you explain or provide links for making "configuration profile" as you mentioned?

I tried some PowerShell scripts that I found in the internet but none of them worked completely to be deployed by Intune. if you have tried any and found working, I appreciate if you can share those also.

Highlighted

@Kevin30I have not applied this specific rule but other policies are possible and we do have some in place that is implemented and working fine it is like kind of group policies that work on Intune / MDM, as I did say at the start it is limited so not all the functions will be working today but surely it will get updated sooner and a day will come we can do any GPO that we had in the local Servers and Environment.

 

Here is the link some topic has been mentioned by PolicyPAK:

https://www.policypak.com/pp-blog/windows-10-mdm

 

 

Here is Microsoft Docs on some of the Policy Configuration

https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-configuration-service-provider