9 thoughts on “Removing local device administrators using Endpoint Manager

  1. Hello everyone,

    I’ve set my policy to Remove the user who joined the device in Azure AD from the admin group so that they don’t have local admin permissions and in Intune I see the policy status as OK, even when I go to view the admin group in my devices, I no longer see the user I deleted with my policy, i.e. the user who enrolled the device should no longer have local admin permissions, is that correct? However, it still has the permissions and they are only changed when I log out or restart the device. Is this normal behavior? Will it only work after reboot or logout?

    Like

      1. Hello, thank you very much for your answer. My policy is assigned to a user group, not devices, however it doesn’t take effect until I reboot or log out.

        Like

      2. Once it is applied I assume it stays applied. Remember, policies are not applied immediately and can take quite a while to apply. Rebooting and logging out tend to make this happen quicker. Try forcing a refresh of the policy manually using the Settings | User Accounts | Access work or school | Info | Sync

        Like

      3. I can’t get this to work. I assigned my policy from Intune and in a few minutes it already appeared as applied correctly, even when I checked the local administrators group on my device, I noticed that the policy applied correctly but when testing the user’s permissions, he is still an administrator on the device. I assigned the directive and tested it after two days and the user’s permissions do not change.

        Like

      4. In the end you’ll need to troubleshoot back through policy to ensure applied to device and it is set correctly. It should work as I had no issues. Call MS if you need to but my guess is that it is a config issue you’ve overlooked.

        Like

      5. Thank you very much for the help. One last question, do you recommend applying this policy to a group of users or devices?

        Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s