Restrict user account

Sk-73 · ‎Jan 18 2022

Dear all,

Can I check with you guys, when we use the user account to enrol a new laptop/desktop, the system will auto put the user account into the 'Administrator group' Thus, the user will get the admin privilege.

In this case, is there have a way something like self creates a restricted configuration profile in Intune, to restrict the user self install software or run cmd as admin?

Will be grateful for any help you can provide.

Thank you. =)

Rudy_Ooms_MVP · ‎Jan 18 2022

You will need applocker, but when using applocker you will need to make sure the user doesn't has admin permission... Also there is no security when being local admin :)

SO https://call4cloud.nl/2021/04/dude-wheres-my-admin/ --> admin

And Applocker
https://call4cloud.nl/2020/06/applocker-a-la-minute/

michael_moshkovich · ‎Jan 19 2022

Hi,

I'll suggest to use Autopilot to enroll new devices, in which you can define a profile that will make the enrolling user a standard user and not an admin.

for existing devices you can create a Policy CSP - LocalUsersAndGroups in Intune to modify the members on the local administrators group (Starting from Windows 10, version 20H2)
https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-localusersandgroups

hope this helps.

Sk-73 · ‎Jan 19 2022

Hi @Rudy_Ooms_MVP

I hope you are doing fine. I will try. Thanks!

Sk-73 · ‎Jan 19 2022

Hi @michael_moshkovich,

Thank you for your kind suggestion. I will try later. Thanks!

Restrict user account

Restrict user account

Re: Restrict user account

Re: Restrict user account

Re: Restrict user account

Re: Restrict user account

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Restrict user account