I've got a problem with my users when I deploy win10 1709 with autopilot. I prevent my user account to be local administrator on his device (I make an profile enrollment assign to his device and i've got all prerequisites). I don't uderstand why he is still local administrator.
Did anyone ever have this problème ?
I'm using a test user account on a test tenant (E5). My account have the user rights on my Azure AD.
For my user
- Azure AD Premium P2 & Office 365 licences.
- Allowed to join devices into Azure AD
- MDM user scope : All
Here's my process
- I create a VM (UEFI, no vTPM) in Vsphere with Win10 professional build 1709.
- I capture my VM's hardware ID autopilot deployment. I realized that I don't have the same Hardware Hash when i used windowsautopilotinfo.ps1 and this scrypt
wmic bios get serialnumberGet-ItemPropertyValue "hklm:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DefaultProductKey\" "ProductId"$wmi = Get-WMIObject -Namespace root/cimv2/mdm/dmmap -Class MDM_DevDetail_Ext01 -Filter "InstanceID='Ext' AND ParentID='./DevDetail'"$wmi.DeviceHardwareData | Out-File "($env:COMPUTERNAME).txt"
The first part is the same, the second part change everytime I run the script (in bold in the example) : xxxxxxxxx/YYYYYYYYY
- I reset my VM back to OOBE
- I register my VM to my organisation https://businessstore.microsoft.com/
- I assign a profile ; disable local admin account : On, Skip privacy settings : Off, Skip EULA: Off