Intune LAPs issues

Question

Hi All,

I activated Lapsui on Intune and on Entra. That’s OK, I have the administrator password, which comes in the 2.
I cannot use Intune to activate the administrator account (it is deactivated), and I cannot use Intune to create a new local user and put him in the admin group.
Until now, admins were Azure users.
Can you help me, please?

Posted by  Lionel Zakarian in HTMD FB Group

in progress 0
Sunitha P.S 2023-11-02T21:12:34+05:30 2 Answers 11 views
0

Answers ( 2 )

  2. Sunitha P.S
    0
    2023-11-02T21:40:52+05:30
    Reply

    Replied by Lionel Zakarian

    Well, I succeeded despite the fact that it is displayed with errors in intune.
    Do you know why this works when it shows me errors?

    Replied by Jatin Makhija

    I used this to implement it in my company. Hope that it will help you too:
    https://cloudinfra.net/enable-disable-local-admin…/

    Replied by Owais Farooqui

    Lionel Zakarian, the CSP used to add a new user, does not support a GET operation. Hence it will always show an error.
    https://learn.microsoft.com/…/client…/mdm/accounts-csp
    Want to dig deeper? Have a look at Rudy Oom’s blog:
    https://call4cloud.nl/2021/12/i-kill-remediation-errors/
    Also, you mentioned that you cannot use Intune to enable a built-in admin account. You certainly can use another CSP:
    https://learn.microsoft.com/…/policy-csp…
    https://github.com/Micr…/windows-itpro-docs/issues/9927…

    Replied by Lionel Zakarian

    Jatin Makhija thanks very much !! It works

  4. Sunitha P.S
    0
    2023-11-02T21:16:45+05:30
    Reply

    Replied by Greg Gilbert

    I just had Bing Chat write a PowerShell script and told it to create the account in the local admin group, set the initial long password with upper, lower, etc., and secure the password so it wasn’t in plain text. I then wrapped that in PSADT and deployed it as an app to all devices. Then, I configured LAPS to manage that account using the account protection policy.

    Replied by Lionel Zakarian

    Greg Gilbert, good idea! What I did also works, but it’s not clean. If I can’t do it with the procedures I was given below, I would do like you!

    Replied by Fred van Workum

    There are remediation scripts to create a local admin account used for Window LAPS, like this one: https://www.nielskok.tech/…/windows-laps-user-via…/

Leave an answer

Sorry, you do not have permission to answer to this question .