deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update policy-csp-localusersandgroups.md

Browse Source 
Updated the group name "Administartors" with an SID as this example wont work if it is a non English language OS.
This commit is contained in:
Sriraman M S 2022-11-10 21:40:41 +05:30 committed by GitHub
parent 40fe118976
commit 8b7879b36d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
windows/client-management/mdm/policy-csp-localusersandgroups.md
View File

@ -104,11 +104,11 @@ See [Use custom settings for Windows 10 devices in Intune](/mem/intune/configura
Example 1: Azure Active Directory focused.
The following example updates the built-in administrators group with Azure AD account "bob@contoso.com" and an Azure AD group with the SID **S-1-12-1-111111111-22222222222-3333333333-4444444444** on an AAD-joined machine.
The following example updates the built-in administrators group with the SID **S-1-5-21-2222222222-3333333333-4444444444-500** with Azure AD account "bob@contoso.com" and an Azure AD group with the SID **S-1-12-1-111111111-22222222222-3333333333-4444444444** on an AAD-joined machine.
```xml
<GroupConfiguration>
<accessgroup desc = "Administrators">
<accessgroup desc = "S-1-5-21-2222222222-3333333333-4444444444-500">
<group action = "U" />
<add member = "AzureAD\bob@contoso.com"/>
<add member = "S-1-12-1-111111111-22222222222-3333333333-4444444444"/>
@ -119,12 +119,12 @@ The following example updates the built-in administrators group with Azure AD ac
Example 2: Replace / Restrict the built-in administrators group with an Azure AD user account.
> [!NOTE]
> When using R replace option to configure the built-in Administrators group. It is required to always specify the administrator as a member + any other custom members. This is because the built-in administrator must always be a member of the administrators group.
> When using R replace option to configure the built-in Administrators group with SID **S-1-5-21-2222222222-3333333333-4444444444-500**. It is required to always specify the administrator as a member + any other custom members. This is because the built-in administrator must always be a member of the administrators group.
Example:
```xml
<GroupConfiguration>
<accessgroup desc = "Administrators">
<accessgroup desc = "S-1-5-21-2222222222-3333333333-4444444444-500">
<group action = "R" />
<add member = "AzureAD\bob@contoso.com"/>
<add member = "Administrator"/>
@ -134,11 +134,11 @@ Example:
Example 3: Update action for adding and removing group members on a hybrid joined machine.
The following example shows how you can update a local group (**Administrators**)—add an AD domain group as a member using its name (**Contoso\ITAdmins**), add a Azure Active Directory group by its SID (**S-1-12-1-111111111-22222222222-3333333333-4444444444**), and remove a local account (**Guest**) if it exists.
The following example shows how you can update a local group (**Administrators** with SID **S-1-5-21-2222222222-3333333333-4444444444-500**)—add an AD domain group as a member using its name (**Contoso\ITAdmins**), add a Azure Active Directory group by its SID (**S-1-12-1-111111111-22222222222-3333333333-4444444444**), and remove a local account (**Guest**) if it exists.
```xml
<GroupConfiguration>
<accessgroup desc = "Administrators">
<accessgroup desc = "S-1-5-21-2222222222-3333333333-4444444444-500">
<group action = "U" />
<add member = "Contoso\ITAdmins"/>
<add member = "S-1-12-1-111111111-22222222222-3333333333-4444444444"/>