This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
When setting up a Windows device, the user who does so becomes local Admin. These same users are now enrolled within Intune however they still hold 'local admin' rights and therefore have sufficient credentials to download software etc without admin credentials required. How do we revoke this 'local admin' access on these users/devices to stop them from doing this? If it's a Powershell script that is needed, dows anyone have a working one? Many thanks
@support-117 , Hope things are going well. I am writing to see if the following suggestions can help. if there's still anything else we can help, feel free to let us know.
Check out this new capability we added in January (of this year): https://techcommunity.microsoft.com/t5/intune-customer-success/new-settings-available-to-configure-local-user-group-membership/ba-p/3093207
You can remove the local admin rights by going into computer management > users and groups > administrators
However this will not stop it from happening in future on new devices.
Thanks for the quick response Barley, We would like to achieve this via Intune and not have to physically change this within each device. Is this possible at all?