ForensiT Homepage
Forum Home Forum Home > ForensiT Support > Domain Migration
  New Posts New Posts RSS Feed - New to ForensIT`
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

New to ForensIT`

 Post Reply Post Reply
Author
Message
vinc3ntwang View Drop Down
Newbie
Newbie
Avatar

Joined: 18 Jan 2023
Location: San Jose
Status: Offline
Points: 3
Post Options Post Options   Thanks (0) Thanks(0)   Quote vinc3ntwang Quote  Post ReplyReply Direct Link To This Post Topic: New to ForensIT`
    Posted: 18 Jan 2023 at 4:19am
Hello everyone, 

We're currently working on a project within our org to migrate all our local user profiles to an Azure AD profile. The migration works great but we noticed that the local administration status carries over. (By Default, all local user profiles have admin rights) Our infosec team wants us to change this. The whole point of this is so that we remove the admin rights from the users. All our autopilot devices are standard users. The steps we took for testing are outlined as followed

-We joined the device's local profile to our Azure AD tenant. (Local users are device admins by default)
-Once the device and user is Azure AD joined - we run the profwiz tool to migrate the profile.
-After the migration is complete, we checked and found that the user still has admin rights. 

Does anyone have an idea on how local admin rights are carried over? or is there a way to change the users to standard after the migration? Any help would be appreciated!

Vince
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1844
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 18 Jan 2023 at 5:48pm
Hi, 

User Profile Wizard will always add the new user account to the same local groups that the original user account is individually a member of – including the local Administrators group. There is a specific setting in the Profwiz.config file to prevent the new user account being added to the local Administrators group:

<RemoveAdmins>True</RemoveAdmins>

Support.
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.03
Copyright ©2001-2019 Web Wiz Ltd.

This page was generated in 0.094 seconds.