question

JohnPark-8723 avatar image
0 Votes"
JohnPark-8723 asked JohnPark-8723 commented

Intune Device Configuration to Deny Local Log On by a local admin user.

Hello,

Glad to be here, and hoping someone can help me out. I've created a custom device configuration policy that should restrict a specific local admin user from logging into the windows 10 laptop. My configuration settings are as follows:

Name: Restrict Local Admin Login

Description: Not configured

OMA-URI: ./Device/Vendor/MSFT/Policy/Config/UserRights/DenyLocalLogOn

Data type: String

Value: <![CDATA[.\aLocalAdminUser]]>

After applying the policy to my test device, I see that my user above doesn't get added to the 'Deny log on locally' properties on the device's local security policy.

Is my syntax or data type being used not correct?

I'm at a loss now, so any help is greatly appreciated.

Thanks!

mem-intune-device-configurations
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

NickHogarth-MVP avatar image
1 Vote"
NickHogarth-MVP answered JohnPark-8723 commented

Have you read this blog post? It looks like the same error. https://www.inthecloud247.com/restrict-which-users-can-logon-into-a-windows-10-device-with-microsoft-intune/

Also you can configure this in the Settings Catalog:
132845-settingscatalog.png



settingscatalog.png (68.7 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@JohnPark-8723 I am currently standing by for further update from you and would like to know how things are going. If you have any questions or concerns, please don't hesitate to let us know.

1 Vote 1 ·

Thanks @NickHogarth-MVP , configuring via Settings Catalog worked for me. Can't thank you enough for the answer. Cheers!

0 Votes 0 ·