pseymour
commented
1 year ago Okay, so what is the issue?
Open salihzett opened 1 year ago
pseymour
commented
1 year ago Okay, so what is the issue?
salihzett
commented
1 year ago
Hello, we want to use MakeMeAdmin in our Intune (cloud only) infrastructure, so I tried the config and comment here and can setup via ADMX the entry in my case for TimeOut. I also tried Allowed Entities but even AzureAD/user also SID from my AzureAD Group didn't work. (which is also an open issue)
So anyway, I will install the app only for those, who are allowed to be admin. After installing the app and profile, the user is not able to start any application with admin privileges, even he grants himself admin rights. Not cmd, not pw, even not Notepad or anything else. I can only start as a normal user.
Regarding
net localgroup administratorsI can see my AzureAD/user as administrator.When I am a standard user, i am still able to install Zoom via download. Also here I checked with
net localgroup administratorsif I am an admin or not. I am not, (but ok, installation didn't ask me for any credentials or "do u want to run this as admin" thing.After restart sometimes it seems to work. I did read this which is a similar issue, but we dont have any GPO/Intune policy which prevents starting CMD/Powershell. (and also it is not allowing any application starting as admin therefore this prevent policy would not make sense in our case). (btw per default remove admin rights on logout (=restart) is true, but still then user as admin rights)
Any hints on what we can do here?