Today’s one-liner may not be a direct PowerShell command, but it can be run inside the PowerShell terminal. Are you using Intune, or looking into using Intune? If your already using it, you know by default when you add a user it sets them as a local administrator(I’m not sure exactly why, but that can be a topic for another blog post), and of course we don’t want our users to be local administrators on their computers. To resolve this issue, all you need to do is remove them from the local administrators group like below.
net localgroup administrators azuread\user@domain.com /deleteThe only change needed is changing “User@domain.com” to their login address. I’d recommend adding this to your new device script, and if you do not have a new device script, I’d start one now, so you can keep adding and automating things to save you time and have consistent deployments.
Also, take a look at Azure Functions to see how you can deploy code and automate things on a bigger scale.
Leave a Reply