{"id":6871,"date":"2023-04-26T01:00:46","date_gmt":"2023-04-26T01:00:46","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=6871"},"modified":"2023-04-26T01:00:48","modified_gmt":"2023-04-26T01:00:48","slug":"intune-enumerate-administrator-accounts-on-elevation","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/intune-enumerate-administrator-accounts-on-elevation","title":{"rendered":"Intune &#8211; Enumerate administrator accounts on elevation"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<p><strong>Option 1<\/strong>&nbsp;&#8211; Set the following Group Policy:<br><em>Computer Configuration\\Policies\\Administrative Templates\\Windows Components\\Credential User Interface\\Enumerate administrator accounts on elevation<\/em><br>To the following value:&nbsp;<em>Disabled<\/em><\/p>\n\n\n\n<p><strong>Option 2<\/strong>&nbsp;&#8211; Follow these steps to apply a MEM policy:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to the&nbsp;<a href=\"https:\/\/endpoint.microsoft.com\/#blade\/Microsoft_Intune_DeviceSettings\/DevicesMenu\/configurationProfiles\"><strong>Devices-&gt; Configuration profiles<\/strong><\/a><\/li>\n\n\n\n<li>To update an\u00a0<strong>existing policy:<\/strong>\n<ul class=\"wp-block-list\">\n<li>Click on the policy name in the list<\/li>\n\n\n\n<li>In the navigation bar, click on&nbsp;<strong>Properties<\/strong><\/li>\n\n\n\n<li>Next to&nbsp;<strong>Configuration settings<\/strong>&nbsp;click on&nbsp;<strong>Edit<\/strong><\/li>\n\n\n\n<li>Go to step #4<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>If you\u2019d like to create a\u00a0<strong>new policy<\/strong>, click on the\u00a0<strong>Create Policy<\/strong>\u00a0button\n<ul class=\"wp-block-list\">\n<li>in the side panel, choose:\n<ul class=\"wp-block-list\">\n<li><strong>Platform:<\/strong>&nbsp;Windows 10 and later<\/li>\n\n\n\n<li><strong>Profile Type:&nbsp;<\/strong>Administrative Templates<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Click on&nbsp;<strong>Create<\/strong>&nbsp;button<\/li>\n\n\n\n<li>Proceed to step #4<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>In the\u00a0<strong>Configuration settings<\/strong>\u00a0wizard step, set the following:\n<ul class=\"wp-block-list\">\n<li>Set Computer Configuration-&gt; Windows Components-&gt; Credential User Interface-&gt;&nbsp;<strong>Enumerate administrator accounts on elevation<\/strong>&nbsp;to&nbsp;<strong>Disabled<\/strong><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Complete all remaining wizard steps, review and&nbsp;<strong>Save<\/strong>&nbsp;policy<\/li>\n<\/ol>\n\n\n\n<p><strong>Option 3<\/strong>&nbsp;&#8211; Set the following registry value:<br><em>HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\CredUI\\EnumerateAdministrators<\/em><br>To the following REG_DWORD value:<br><em>0<\/em><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Option 1&nbsp;&#8211; Set the following Group Policy:Computer Configuration\\Policies\\Administrative Templates\\Windows Components\\Credential User Interface\\Enumerate administrator accounts on elevationTo the following value:&nbsp;Disabled Option 2&nbsp;&#8211; Follow these steps to apply a [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-6871","post","type-post","status-publish","format-standard","hentry","category-research"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/6871","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=6871"}],"version-history":[{"count":1,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/6871\/revisions"}],"predecessor-version":[{"id":6872,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/6871\/revisions\/6872"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=6871"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=6871"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=6871"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}