How to Delete a Local user account using Intune

You might need to remove a local user account for various reasons, such as when it’s no longer in use or as part of a cleanup process across all your organization’s devices. Whatever the case may be, you can easily delete a local user account on a Windows 10 or Windows 11 device using Intune.

In my previous blog posts, I have discussed how to easily Create a Local Admin Account using Intune and also How to Add an existing Azure AD/Entra ID user into the Local administrator group using Intune.

In this blog post, we will explore the steps to delete a local user account using Intune. Let’s go through the steps:

Create a Script Package

To delete a local user account using Intune, follow below steps:

Basics

In the basics tab, we will provide information about the script package like Name, Description, and Publisher.

  • Name – Delete cloudinfra101 local user account
  • Description – Provide a useful description.
  • Publisher – Jatin Makhija

Settings

  • Create a Detection script using the below Powershell code. Save it as DetectLocaluser.ps1

DetectLocaluser.ps1

$userName = "cloudinfra101"
$Userexist = (Get-LocalUser).Name -Contains $userName
if ($userexist) { 
  Write-Host "$userName exist" 
  Exit 1
} 
Else {
  Write-Host "$userName does not exist"
  Exit 0
}
  • Create a Remediation script using the below Powershell code. Save it as RemediateLocalUser.ps1

RemediateLocalUser.ps1

$userName = "cloudinfra101"
$userexist = (Get-LocalUser).Name -Contains $userName
if($userexist) {
  try{ 
     Remove-LocalUser -Name $username
     Exit 0
   }   
  Catch {
     Write-error $_
     Exit 1
   }
}
  • Detection script file – Browse to the Detection script Detectlocaluser.ps1
  • Remediation script file – Browse to Remediation script file RemediateLocalUser.ps1
  • Run this script using the logged-on credentials – No
  • Enforce script signature check – No
  • Run script in 64-bit Powershell – Yes
Create a Script Package
Create a Script Package

Assignments

Click on Add group to add an Azure AD group containing users or devices. You can also click on Add all users or Add all devices.

Review + Create

Review the deployment and click on Create to start the deployment process.

Sync Intune Policies

The device check-in process might not begin immediately. If you’re testing this policy on a test device, you can manually kickstart Intune sync either from the device itself or remotely through the Intune admin center.

Alternatively, you can use PowerShell to force the Intune sync on Windows devices. Another way to trigger the Intune device check-in process is by restarting the device.

End-user Experience

After the deployment is completed successfully, a local user account specified will be deleted.

  • Click on Start > search for Computer Management.
  • Then go to Local Users and Groups > Users.
  • Check if cloudinfra101 local user account has been deleted.
  • If this user was a part of other local groups. For example: Administrators or Remote desktop users, it will be removed from those groups as well.

How to Verify Proactive Remediation Status from Logs

For troubleshooting purposes, you can examine the logs to confirm whether the detection and remediation scripts were executed successfully. Additionally, you can check the script’s date timestamp from the logs and refer to them if any issues arise during your deployment.

You can find the Intune management extension log file at C:\ProgramData\Microsoft\IntuneManagementExtension\Logs location.

If you find multiple IntuneManagementExtension.log files, you can sort the list by the “date modified” attribute to identify the most recent or active log file. As shown in the screenshot below, the script detected the “cloudinfra101” local user account, resulting in an exit code of 1, which will then trigger the remediation script to delete that particular local user account.

How to Verify Proactive Remediation Status from Logs
How to Verify Proactive Remediation Status from Logs

Conclusion

In this blog post, we’ve explored the process of deleting a local user account using Intune. While you have the option to deploy a one-time PowerShell script to achieve this, using the proactive remediation script package is often the preferred choice.

This method checks for the existence of the local user account before removing it, making it more efficient. Additionally, proactive remediation runs on a schedule, ensuring that the local account is deleted even if someone recreates it, which offers a more robust and reliable solution.

2 thoughts on “How to Delete a Local user account using Intune”

  1. Just a remark : you made a typo in DetectLocalUser.ps1 : exists should be exist.
    Thanks again for this post, it works like a charm !

    Reply

Leave a Comment