Intune is Group Policy Management

Hey guys and girls, sorry about not updating my blog because I have been occupied with work. I feel so bad to break this goal, which is to write every once a week.

So I think my title caught your attention right? You thought that this post is going to be talking nonsense? Hahaha…No! I do still receiving people having misunderstanding what is Intune, its capability and its limitations. I do see quite a lot of blogs are only talking about the wins and lose of Intune and Group Policy Management,  not many in explaining.

Familiar questions that I usually get;

“I thought Intune is a replacement of GPO?”

“Why do we still need to rely on GPO?”

“No,  you are wrong, I saw there is administrative templates in Intune”

I am here to explain it to you properly.

If you took your time to look closely on Intune’s Device configuration categories, you will notice their settings are actually not as complete as GPO for Windows. So seeing something half does not mean it gives you full understanding of Intune capability and limitations until you put yourself and it into experiment or lab testing.

The journey I had with Intune, I would say it was a roller-coaster, I experience its limitations, behavior and good part. Yes, technology keeps changing to ease our daily challenges.

Throughout my experience, I would say that Intune does their job but still not stable enough. I usually have to combine other technology to achieve the work. You might thought of this “Urgh…is lots of work and to keep track on.”, well, if you are creative person, these are your possibilities to your resolutions from stopping you to get that work done.

In conclusion, Intune is not Group Policy Management, but Intune and Group Policy Management can be one (combine) to get your work done.

 

 

 

Intune Autopilot: Troubleshoot RDP access prompt

So I am testing Autopilot in my lab environment, consist a Hyper-V with its Virtual Machines. Well I am doing a manual registration, so how do I export the device information that is required my VM to be register for Autopilot?

I already have a VM running Windows 10 Pro, and I ran this script to export and automatic import the device information to be register into autopilot. However, I wasn’t running the script before Out-of-the-box-experience (OOBE) happen, so to make Autopilot work on my VM, I had to reset my VM.

Once the VM has reset,  it ask for region, language of my keyboard and next it shows a welcome page with the Display name and the company name. So I key in the email address and password of the user and also setup the PIN. However, I just notice that I set this user with the Standard permission only. Thus, the administrator account is disabled and I keep getting the RDP permission error prompt due to the user account is not in the RDP group in the VM.

Example of the prompt;

To sign in remotely, you need the right to sign in through Remote Desktop Services. By default, members of the Remote Desktop Users group have this right. If the group you’re in doesn’t have this right, or if the right has been removed from the Remote Desktop Users group, you need to be granted the right manually.

050317_1039_Tosigninrem1

How I troubleshoot this;

  1. Is to run MMC as administrator > File > Add/Remove Snap-in
    • Capture
  2. Key in your Office 365 admin account (an account with permission that can manage device)
  3. Select Local Users and Groups > Add
    • Capture
  4. Select Local computer > Finish > Ok
  5. Expand the local users and groups > Users > Right click Administrator  > Uncheck Account is disabled
    • Capture
    • Capture
  6. Reset the local Administrator password too
  7. Select Groups > Right click on the remote desktop users > Add > Authenticated users > Ok
    • Capture
  8. Close MMC
  9. Sign out and Sign in again

 

These steps should help you from getting the prompt again.

Please take note that I am doing this in Lab environment. In production, by right not to enabled administrator account and not to do any changes to the local users and groups.