Intune

Intune – Add User or Groups to Local Admin

In this post I will show you how to add (user or groups) as local admin using Intune. The machine could be a domain joined or without domain.

To manage a Windows device, you need to be a member of the local administrators group. Read this article to know more about managing local administrators on Azure AD joined devices.

Many people assume when you add a user in the first time with Autopilot, user becomes local admin. This happens if you leave the Profile Autopilot settings by default as Administrator.

Autopilot Standard User
Autopilot Standard User

But if you configure the OOBE profile to Standard, there will be no local admin, even local administrator is disabled. Furthermore there is no option that allows you to change it.

Intune – Add User or Groups to Local Admin

We will now look at the steps to add user or groups to local admin in Intune. First lets create a new text file and rename it add_localadmin.ps1.

You can edit this file either with PowerShell ISE or Notepad++. Paste the following command inside the file

Net localgroup administrators "AzureAD\yourgroups@domain.xx" /add

Replace “AzureAd\xxxx” with email account of your groups or user.

Tip – Don’t use the PowerShell command add-Localgroup because it creates an error, and doesn’t work on remote computer.

Intune Add User or Groups to Local Admin
Intune Add User or Groups to Local Admin

After you have made the changes, save your ps1 script. Return to Intune portal. In the portal, create a new script.

Create Script in Intune Portal
Create Script in Intune Portal

Add a Powershell script. Specify script name and add a description.

Add PowerShell Script
Add PowerShell Script

Import the add_localadmin.ps1 script. Leave the other settings to default.

Configure Script Settings
Configure Script Settings

Select groups that you wish to assign your script. Don’t forget the script will be assigned to computer groups, or by default select all devices. Click Next.

Script Assignments
Script Assignments

Finally review the settings and click Create.

Intune Add User or Groups to Local Admin
Intune Add User or Groups to Local Admin

Take a look at the script and ensure the Assigned value is set to Yes.

Verify the Assigned Field
Verify the Assigned Field

After you have applied the script, wait for few minutes or manually trigger the sync.

Trigger Intune Sync
Trigger Intune Sync

The script has done the changes. We see the users are now part of local administrator group. Do not forget to logoff and logon to see the results.

Add users to local admin
Add users to local admin

Dakhama Mehdi

Hello, I’m DAKHAMA MEHDI from FRANCE. I am currently working as a MICROSOFT consultant and trainer (infrastructure, cloud and server), and systems administrator for more than 12 years. I am also a developer desktop applications. I managed lot projects of different technology (SCCM, Server, MDT, ADFS, ADRMS, Security, Microsoft 365, Intune …). I like to share my knowledge and helping everyone through my articles and applications.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button