Let's check how to Rename & Disable Administrator accounts using Intune Security Policies in this video.
#msintune #microsoftintune #microsoft365 #securitypolicies #securityrisk #administratoraccount #adminaccount
==
Rename & Disable Administrator Account using Intune
Disable Admin Account Status
Rename Admin Account using Custom Policy/Settings Catalog
Verification Process
==
What is Security Risk with Default Administrator Account?
Security Recommendations:
Disable the Administrator Account Status
Rename the Administrator account
When a computer is booted into safe mode, the Administrator account is always enabled, regardless of how this setting is configured.
The admin account has a well-known security identifier (SID), and there are third-party tools that allow authentication by using the SID rather than the account name so rename of this account won't always help.
==
Disable the Administrator Account Status using Intune security policy CSP?
Accounts_EnableAdministratorAccountStatus is the policy to Disable the Administrator Account status.
This security setting helps to Disable the Admin Account status to Disable. The default Value is Disable (int = 0).
./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus
==
Rename Admin Account using Intune security policy CSP?
Accounts_RenameAdministratorAccount is the policy to Rename the Administrator Account.
This security setting helps to Rename the Admin Account to a customized name. Default Value is Administrator.
./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount
==
Intune Settings Catalog?
Intune Settings Catalog policies are going to help here to automate the policy deployment.
Accounts Enable Administrator Account Status to Disable
Accounts Rename Administrator Account to HTMD_Adm
Endpoint Protection or Custom Profile can also be used.
==
Intune Troubleshooting?
Monitor
Health Alerts
Deployment Status
Assess the impact
Service (Global/Regional?)
Tenant wide?
Deployment (all users/devices)
Identify small set to drill down
Deployment Reports
Troubleshooting Node (Single user drill down)
Device Drill down
==
Policy Deployment Checks?
MDM Event Logs
Applications and Services - Microsoft - Windows- DeviceManagement- Enterprise-Diagnostics-Provider/Admin
Registry - User Based:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\D1E11663-BF69-4DD8-974A-BAD47E6EF433\default\S-1-5-21-2901188661-3025291148-348095268-1124\ADMX_ControlPanelDisplay
Registry - Device Based Policy
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\providers\21915145-BD7F-4430-BC50-4C6F60D24965\default\Device\LocalPoliciesSecurityOptions
==
Rename administrator account This security setting determines whether a different account name is associated with the security identifier (SID) for the account Administrator.
Renaming the well-known Administrator account makes it slightly more difficult for unauthorized persons to guess this privileged user name and password combination. Default: Administrator.
==
[ Ссылка ]
[ Ссылка ]
==
More Blog posts related to SCCM/Intune/Windows 11/Cloud PC/AVD/Hyper-V/Cloud/IT Pro/Azure -
✔ [ Ссылка ]
👉 Stay Connected - [ Ссылка ] 👉 [ Ссылка ]
#CloudPC #Windows365 #W365
[ Ссылка ]
Learn SCCM Read [ Ссылка ]
[ Ссылка ]
Learn Intune Read - [ Ссылка ]
[ Ссылка ]
Learn Windows 10 Read - [ Ссылка ]
Learn Hyper-V Read - [ Ссылка ]
Learn About Cloud Read - [ Ссылка ]
Learn about Azure Read - [ Ссылка ]
Learn About IT Pros Events - [ Ссылка ]
Learn about me - [ Ссылка ]
#SCCM #ConfigMgr #SCCMVideos #SCCMTutorials #SCCMStudyVideos #SCCMFreeTraining #SCCMTraining #HowtoManageDevices
#Intune #MicrosoftIntune #IntuneVideos #IntuneTutorials #IntuneGuide #IntuneStudy #MSIntune #IntuneTraining #HowtoManageDevices
