Managing the built-in Administrator account in Windows is for maintaining security and control over your organization’s devices. Microsoft Intune provides a streamlined way to enable or disable this account through policy settings. In this guide, we’ll walk you through the steps to manage the built-in Administrator account using Intune.

Why Manage the Built-in Administrator Account?

The built-in Administrator account has elevated privileges that can be a security risk if not properly managed. Disabling this account can help prevent unauthorized access, while enabling it can be useful for troubleshooting and administrative tasks.

Prerequisites

Before you begin, ensure you have:

  • An active Microsoft Intune subscription.
  • Administrative access to the Intune portal.
  • Devices enrolled in Intune.

Steps to Enable or Disable the Built-in Administrator Account

1. Sign in to the Intune Portal

Go to the Microsoft Intune Admin Center and sign in.

2. Create a Device Configuration Profile

  1. Navigate to Devices > Configuration > Policies > Create New Policy.
  2. Select Windows 10 and later as the platform.
  3. Select Templates  as the Profile type.
  4. Select Custom as the template name.
  5. Click Create at the bottom.
    Intune Local Admin

3. Configure the Profile

  1. Enter a Name and Description for the profile.
  2. Click Next.
    Intune Local Admin

4. Add OMA-URI Settings

  1. Under Configuration Settings, click Add.
  2. For OMA-URI, use the following: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/Accounts_AdministratorAccountStatus
  3. Set the Data type to Integer.
  4. Set the Value to 1 to enable or 0 to disable the account.
  5. Click Save.
  6. Click Next.
    Intune Local Admin

5. Assign the Profile

  1. Select the groups or devices you want to apply the policy to.
  2. Click Next.
    Intune Local Admin

6. Applicability Rules

  1. If necessary add a rule.
  2. Click Next.
  3. Click Next to review and click create to create the Policy
    Intune Local Admin

Monitoring and Compliance

After deploying the profile, you can monitor its status and compliance through the Intune portal. Navigate to Devices > Configuration profiles and select the profile you created to view its deployment status.

Conclusion

Managing the built-in Administrator account using Intune policy is a straightforward process that enhances your organization’s security posture. By following these steps, you can easily enable or disable the account as needed.

 

Paul Cobbenpex