New to ForensIT` |
Post Reply |
Author | |
vinc3ntwang
Newbie Joined: 18 Jan 2023 Location: San Jose Status: Offline Points: 3 |
Post Options
Thanks(0)
Posted: 18 Jan 2023 at 4:19am |
Hello everyone,
We're currently working on a project within our org to migrate all our local user profiles to an Azure AD profile. The migration works great but we noticed that the local administration status carries over. (By Default, all local user profiles have admin rights) Our infosec team wants us to change this. The whole point of this is so that we remove the admin rights from the users. All our autopilot devices are standard users. The steps we took for testing are outlined as followed -We joined the device's local profile to our Azure AD tenant. (Local users are device admins by default) -Once the device and user is Azure AD joined - we run the profwiz tool to migrate the profile. -After the migration is complete, we checked and found that the user still has admin rights. Does anyone have an idea on how local admin rights are carried over? or is there a way to change the users to standard after the migration? Any help would be appreciated! |
|
Vince
|
|
Support
Moderator Group Joined: 09 Nov 2006 Location: United Kingdom Status: Offline Points: 1844 |
Post Options
Thanks(0)
|
Hi,
User Profile Wizard will always add the new user account to the same local groups that the original user account is individually a member of – including the local Administrators group. There is a specific setting in the Profwiz.config file to prevent the new user account being added to the local Administrators group: <RemoveAdmins>True</RemoveAdmins> Support.
|
|
Post Reply | |
Tweet
|
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |