This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 24%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAE%3C/text%3E%3C/svg%3E)
Hello all,
I was wondering if there is a way to remove admin rights from mac users's devices enrolled in our intune,
I know there is no function to do so but is there a script i can push with intune agent?
Thank you
@Ammar Esmaeel Thanks for posting in our Q&A.
Honestly, I'm not familiar with scripts on Mac. For this issue, I have done a lot of research and I found that someone has shared a script to remove admin right on Mac. Please refer to the following links:
https://community.jamf.com/t5/jamf-nation/script-to-remove-admin-right-on-mac/m-p/260730
Note: Non-Microsoft link, just for the reference.
Hope it will help.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thank you for your answer.
i aware of this link , the problem it need a Jamf subscription which I wanted to avoid, I will try to push the same script in powershell in intune and see if it works.
@Ammar Esmaeel Thanks for your time to have a try to push the PowerShell script via intune. If there is anything update, feel free to let us know.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 98%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERT%3C/text%3E%3C/svg%3E)
Hi @Ammar Esmaeel Any luck with this one? Thanks. I have the same problem.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 35%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
What I understand with the whole onboarding journey is:
So in this flow, the first user facilitating the onboarding cannot be the real user. Either you use a local user with username/password you keep secure or you use a Device Enrolment Manager account.
Then you create the second account as standard user.
I hope my approach is meaningful.
Thanks.