SOLVED

Rename built-in local admin and change password

Copper Contributor

I'm trying to rename the local built-in admin account and change the password using the following

Devices > Windows > Create custom profile > 

OMA-URI 

/Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount
The account is renamed fine. However, on trying to set the password: ./Device/Vendor/MSFT/Accounts/Users/localadmin/Password  I get the error code -2016281112 which I believe Rudy talked about here https://call4cloud.nl/2021/12/i-kill-remediation-errors/ 
However, I'm not able to login with the user and password. If I create a new account instead of renaming the existing one, I'm able to login fine. Any tips on how to resolve this corner case?
4 Replies
Hi as responded on reddit:
https://www.reddit.com/r/Intune/comments/txkdyf/rename_builtin_admin_account_and_set_password/

Hi,

I noticed you also reached out in a comment.. Looking at what you are trying to do and the CSP. It looks like you can only change the administrator account name with it... but I don't see anything mentioned a password change?

Could you still login with the password that was configured for the old account? Could you also check if that account is disabled?

Yes, I can still login with the password for the old account. No, the account is not disabled. Btw, I apologize for the double/triple posting. I should clarify - set password. 

Is it that the ./Device/Vendor/MSFT/Accounts/Users/localadmin/Password will only set a password for a newly created account and not an existing one?

best response confirmed by Wesoley (Copper Contributor)
Solution
So far as i know: yes… we created our own laps (powershell) to change those passwords. Leanlaps was the creation of that idea
Ah, hence my current issue. I've deployed Leanlaps yesterday and it works pretty well. Will resort to this then. Thank you again for the insight.
1 best response

Accepted Solutions
best response confirmed by Wesoley (Copper Contributor)
Solution
So far as i know: yes… we created our own laps (powershell) to change those passwords. Leanlaps was the creation of that idea

View solution in original post