This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I created a Windows configuration profile in Intune using Settings catalog to enable and rename the Administrator account. I apply this in most tenant's to work in conjunction with Windows LAPS. I am getting strange results.
In one tenant, I applied a user-based Autopilot on a Windows 11 device. After all is said and done, I validate that the Administrator account is activated and renamed. I validate that the registry setting at Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\providers\AdministratorGUID\default\Device\LocalPoliciesSecurityOptions Accounts_RenameAdministratorAccount shows the new name. When I open Computer Management - the Admin account is renamed.
With another tenant, I apply a pre-provisioned Autopilot on a Windows 11 device. After I seal and then unseal and log in with a user account, I validate that the same registry key as above shows the new name. Unfortunately when I open Computer Management - Administrator is activated but shows Administrator as the name. Windows LAPS does not apply as the policy is looking for the renamed account.
I checked Local Security Policy on both devices and the "broken" one shows Adminsitrator, while the working one shows the rename.
Both of the autopilot's are entra joined. About to wipe and reload the device that worked and run a pre provision on it to see what happens. Was going to user based autopilot the "broken" device. If anyone can offer a solution, please let me know.
reversed this and sure enough the pre-provisioned autopilot has the wrong admin name.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 35%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZM%3C/text%3E%3C/svg%3E)
@Matt Dillon,Thanks for posting in Q&A.
We are glad to know that you have found out the problem. Please allow me to give a brief summary of this problem to help people with the same problem.
Issue Description:
Rename Admin Account got issue using pre-provisioned Autopilot deployment mode.
Resolution:
From your description, we know that the issue of renaming administrators occurs in Autopilot pre-provisioned deployment mode; to solve this issue, it is recommended use User-Driven mode.
Thanks for your time and have a nice day!
Or you can open an online case to get deep dive Autopilot pre-provisioned.
https://learn.microsoft.com/en-us/mem/get-support
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
I never solved it. I only confirmed that this is an issue during pre-provisioning.
This is a huge problem for many people then. If everything on the device (reg settings, Intune policy, etc.) is showing that the local Administrator account has been renamed, but it has not actually been renamed and it is active, that is a huge problem. Many companies take advantage of the autopilot pre provisioning. They also take advantage of Windows LAPS. From what I have seen, this somehow resolves itself with time, but this should probably be addressed or at least we need a solution to force the local admin account to rename it self via PowerShell or something./
Checking on my test device this morning - it corrected itself overnight. Not sure what happened, but pretty annoying.
@Matt Dillon,Thanks for your reply.
Honestly, there is not many reports about this issue, it may occur during Autopilot deployment and need grab the background log to analyze, so it is recommended that you open an online case to get deep into Autopilot.
https://learn.microsoft.com/en-us/mem/get-support
Thanks for your kind understanding.
Does not work 100% in autopilot pre provisioning, but seems to self correct overnight. I'll try to write a PowerShell script to force the change. Should not have to, but we do what we must.
@Matt Dillon,Thanks for your reply.
There may be a delay in applying the policy to the device, and if you create a script and apply it to the device there may be a delay as well, so the script isn't a good option either.