S04E02 - Local Users and Groups - (I.T)

preview_player
Показать описание
00:00 - Intro
01:35 - Local user group membership
02:30 - Policy CSP - LocalUsersAndGroups
09:53 - Managing local administrators with Azure-AD and Intune
15:50 - Directory Roles
17:26 - PowerShell Helpers to convert Azure AD Object IDs and SIDs
19:13 - Add (replace) users manually
24:27 - Troubleshoot incorrect xml
34:00 - Assign user local administrator on just their device
38:28 - Wrap up

New settings available to configure local user group membership in endpoint security

Visit our websites and social media for more or to get in touch with us

Steve Hosking - Microsoft MMD Team

Adam Gross - Microsoft MVP - Enterprise Mobility

Ben Reader - Microsoft MVP - Enterprise Mobility

Jake Shackelford - Microsoft MVP - Enterprise Mobility

Jóhannes Geir Kristjansson - Microsoft MVP - Enterprise Mobility
  1. Intune Training
  2. Microsoft
  3. Intune
  4. Training
  5. Azure
  6. AAD
Рекомендации по теме
S04E02 - Local 0:39:14

S04E02 - Local Users and Groups - (I.T)

how to create 0:05:53

how to create user in local users and groups | local users

Local admin/privilege management 0:08:39

Local admin/privilege management with Intune

46. How to 0:11:30

46. How to Manage Local User Group Membership with Intune

Bargain Loving Brits 0:41:19

Bargain Loving Brits In The Sun | Season 4 Episode 2

Intune Account Protection: 0:11:22

Intune Account Protection: Local User Group Membership su PC Windows Azure AD Joined

How to manage 0:11:30

How to manage local administrator accounts on Windows Servers and Workstations using Group Policy

78. How to 0:10:58

78. How to Create a Local Admin Account using Microsoft Intune

Add User As 0:03:52

Add User As Local Administrator on server or workstation

How to Create 0:03:22

How to Create a local user or administrator account in Windows 10 Using Computer Management

What happened to 0:18:15

What happened to Cassidy Mceown of “Rust Valley Restorers”?

Intune to Manage 0:06:52

Intune to Manage local groups on Windows devices |Manage Windows 10 Local Admin accounts with Intune

Intune Policies for 0:12:51

Intune Policies for Managing Local User Groups for Azure AD Joined Devices | Hybrid Azure AD Joined

87. Restrict Users 0:09:14

87. Restrict Users Logon to Windows Device with Microsoft Intune

How to manage 0:04:22

How to manage Local Administrator Passwords using Intune

Device configuration Profiles 0:04:01

Device configuration Profiles Windows 10 Configure Shared multi user device - Intune Training No#51

How to create 0:06:52

How to create a local admin via Intune

Tony's Toilet Heaven 0:03:02

Tony's Toilet Heaven | Rick and Morty | adult swim

Apigee Edge - 0:04:57

Apigee Edge - 4MV4D - Drupal Developer Portal - Developer Management - User Settings - S04E02

Getting Started with 0:18:07

Getting Started with CloudLAPS

Managing User and 0:04:41

Managing User and Group Properties in Azure

How do I 0:02:04

How do I add Azure Active Directory User to Local Administrators Group

How to Manage 0:04:21

How to Manage User Accounts in Windows 10

How to safely 0:04:27

How to safely remove Local Admin rights from Windows endpoints

Комментарии
Автор

great video and the troubleshooting part is impressive

nazerbori
Автор

GREAT topic, format, discussions, loved it, thanks!

IntuneVitaDoctrina
Автор

THANK YOU!!!! you actually guide your viewers through soft, unlike so videos that rush the whole tNice tutorialng or talk too fast.

Liubtv
Автор

Looking younger than ever you young youngers! Great video :)

mukmusicdiary
Автор

Getting odd looks in the airport, screaming at my laptop to elevate your powershell!!!

grunt-yt
Автор

Thanks for the video!
Can you guys do an S04E02+1/2 and show the best way to set it up so that when InTune users who aren't signing into an AutoPilot machine are taken out of the Administrators group, and put into the Standard Users group?
Currently when users are signing into devices via InTune they are set as Administrators, using AutoPilot allows you to choose the target group for the users, but I'm guessing we could use the instructions from this episode to just use replace to take the users out of the Admin group?
Not sure how we'd add the individual user back to the normal user group though?

gpanucci
Автор

Steve unrecognisable without the beard

Anarchyontheweb
Автор

Is there a way to change the maximum password age for a local computer user who is not part of active directory or active directory? For instance, my work computer environment utilizes local user accounts that are not administrator account. I am not sure how to get in tune to override the default 42 day maximum password, expiration age. I’ve tried using the settings available, but it appears that this only works with accounts that are linked to Measure or active directory. Am I missing something? Thank you in advance.

LunaTuna
Автор

Great videos guys. One question. If I need to unjoin a PC from Azure AD and the local administrator is disabled, how do I login when the PC restarts and only comes up with the local user login prompt?

FrankParise
Автор

Once again, great coverage guys.
One question. Do you know if pim is working if added to an admin group nowadays. Tested this a while ago and this works not very well regarding syncing. (Took too long)

roelendia
Автор

Please explain how you make a filter with devices of a certain user (where he is primary user). You mention that in the video..

skvgrd
Автор

Thanks for that good teaching! But, howcan we set a restricted list of users that can log into the pc? I want to limit users logon to a few users, not all. Thanks in advance 🙂

ipunto
Автор

Great video! I was wondering if you add an azure ad group on local admins group and leverage on privileged identity management (PIM) for managing, controlling and auditing access for local admin users. What happens with local caching and offline access?

sipds
Автор

So I am starting to enable this in my HAADJ environment and I would say its working quite well. A couple questions.

1. Do you guys know how long it takes the policy to figure out if there are changes made to the Administrators group. (i.e. - If I add a random user or remove a policy-added member to the Administrators group, how long before the policy corrects?)

2. I am assuming this only works in a HAADJ environment if a device is connected to the domain directly or through VPN?

matthewdillon
Автор

Haven't tested this yet but I have a gut feeling that renamed local admin accounts (Administrator -> LocalAdmin etc.) and language localized admin accounts (like 'Järjestelmänvalvoja' in Finnish) are about to fail somehow. Or is it that I just need to know the displayname of my SID-500 user and work with that? Can't use the local admin SID as it's different on each computer.

arisaastamoinen
Автор

Hello!

I would like to know if these problems have already been corrected in 2024?

gabrielluizbh
Автор

I have been looking everywhere and have found very limited help on a need of mine. Sorry if this is way off topic. In our azure ad domain a user can sign into any azure joined computer and I am looking for a way to restrict a specific user to a specific machine(s) like Active Directory used to be able to. How is this acheived in Azure AD/Intune? My research so far has not found any full successful result. Thx and cheers

petero
Автор

Kinda lost....So if I just choose to add a group via the Add (update), it will still remove the two AAD groups that get added in by default. I still need to add the two GUIDs for those default groups in order to keep them in there, even though I chose the Add(update)?

michaelpietrzak
Автор

Would this work with PIM if you use a group with the Azure AD Joined Local Device Admin role applied?

andrew
Автор

This is AD in the cloud policy Intune is gpo on prem that is the only difference

robertgowdey