Win10: enabling local admin account

%3CLINGO-SUB%20id%3D%22lingo-sub-854215%22%20slang%3D%22en-US%22%3EWin10%3A%20enabling%20local%20admin%20account%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-854215%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ei've%20experienced%20a%20problem%20with%20the%20local%20admin%20account%20options.%3C%2FP%3E%3CP%3EWhen%20creating%20a%20new%20device%20configuration%20policy%20with%20policy%20type%20%22endpoint%20protection%22%20there%20are%20options%20in%20the%20blade%20%22local%20device%20security%20options%22%20%26gt%3B%20%22Accounts%22.%3C%2FP%3E%3CP%3EThe%20first%20one%20is%20called%20%22Local%20admin%20account%22%20with%20the%20description%2C%20that%20says%2C%20that%20i%20can%20enable%20or%20disable%20the%20local%20admin%20account%20(the%20build-in%20one)%20with%20this%20config%20item.%3C%2FP%3E%3CP%3EThe%20first%20problem%3A%20The%20two%20config%20options%20are%20%22block%22%20or%20%22not%20configured%22%2C%20which%20is%20kind%20of%20weird.%26nbsp%3B%3C%2FP%3E%3CP%3ENo%20matter%20which%20option%20i%20choose%2C%20the%20local%20admin%20account%20will%20left%20deactivated.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20renaming%20option%20is%20working%20as%20expected.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-854215%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EEndpoint%20Protection%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-854273%22%20slang%3D%22en-US%22%3ERe%3A%20Win10%3A%20enabling%20local%20admin%20account%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-854273%22%20slang%3D%22en-US%22%3EBy%20the%20way%3A%20At%20the%20moment%20i'm%20creating%20a%20new%20user%20and%20add%20this%20one%20to%20the%20local%20admin%20group%20via%20OMA-URI%20configurations.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fclient-management%2Fmdm%2Faccounts-csp%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fclient-management%2Fmdm%2Faccounts-csp%3C%2FA%3E%3C%2FLINGO-BODY%3E
Frequent Contributor

Hi,

 

i've experienced a problem with the local admin account options.

When creating a new device configuration policy with policy type "endpoint protection" there are options in the blade "local device security options" > "Accounts".

The first one is called "Local admin account" with the description, that says, that i can enable or disable the local admin account (the build-in one) with this config item.

The first problem: The two config options are "block" or "not configured", which is kind of weird. 

No matter which option i choose, the local admin account will left deactivated.

 

The renaming option is working as expected.

1 Reply
By the way: At the moment i'm creating a new user and add this one to the local admin group via OMA-URI configurations.

https://docs.microsoft.com/en-us/windows/client-management/mdm/accounts-csp