How to Delete a Local user account using Intune

Photo of author
Jatin Makhija
2

You might need to remove a local user account for various reasons, such as when it’s no longer in use or as part of a cleanup process across all your organization’s devices. Whatever the case, you can easily delete a local user account on a Windows 10 or Windows 11 device using Intune.

In my previous blog posts, I discussed how to create a local administrator account using Intune and add an existing Entra ID user to the local administrator group using Intune.

This blog post will explore how to delete a local user account using Intune. Let’s go through the steps:

Create a Script Package

To delete a local user account using Intune, follow the below steps:

  • Sign in to the Intune admin center.
  • Go to Devices Scripts and Remediations.
  • Click on + Create under the Remediations tab.

Basics

The basics tab will provide information about the script package, such as its Name, Description, and Publisher.

  • Name – Delete cloudinfra101 local user account
  • Description – Provide a useful description.
  • Publisher – Jatin Makhija

Settings

  • Create a detection script using the Powershell code below. Save it as DetectLocaluser.ps1.

DetectLocaluser.ps1

$userName = "cloudinfra101"
$Userexist = (Get-LocalUser).Name -Contains $userName
if ($userexist) { 
  Write-Host "$userName exist" 
  Exit 1
} 
Else {
  Write-Host "$userName does not exist"
  Exit 0
}
  • Create a remediation script using the Powershell code below. Save it as RemediateLocalUser.ps1.

RemediateLocalUser.ps1

$userName = "cloudinfra101"
$userexist = (Get-LocalUser).Name -Contains $userName
if($userexist) {
  try{ 
     Remove-LocalUser -Name $username
     Exit 0
   }   
  Catch {
     Write-error $_
     Exit 1
   }
}
  • Detection script file – Browse to the Detection script Detectlocaluser.ps1
  • Remediation script file – Browse to Remediation script file RemediateLocalUser.ps1
  • Run this script using the logged-on credentials – No
  • Enforce script signature check – No
  • Run script in 64-bit Powershell – Yes
Create a Script Package
Create a Script Package

Assignments

Click Add groups and select the Entra security group containing Windows 10/11 test devices. Once testing proves successful, you can expand the deployment by including additional devices in the group.

Review + Create

Review the deployment and click on Create to start the deployment process.

Sync Intune Policies

The device check-in process might not begin immediately. If you’re testing this policy on a test device, you can manually kickstart Intune sync from the device itself or remotely through the Intune admin center.

Alternatively, you can use PowerShell to force the Intune sync on Windows devices. Restarting the device is another way to trigger the Intune device check-in process.

End-user Experience

After the deployment is completed successfully, the specified local user account will be deleted.

  • Click on Start > search for Computer Management.
  • Then go to Local Users and Groups > Users.
  • Check if cloudinfra101 local user account has been deleted.
  • If this user were a member of other local groups, such as Administrators or Remote desktop users, it would also be removed from those groups.

How to Verify Remediation Scripts Status from Logs

You can examine the logs for troubleshooting purposes to confirm whether the detection and remediation scripts were executed successfully. Additionally, you can check the script’s date timestamp from the logs and refer to them if any issues arise during your deployment.

You can find the Intune management extension log file at C:\ProgramData\Microsoft\IntuneManagementExtension\Logs location.

If you find multiple IntuneManagementExtension.log files, you can sort the list by the date modified attribute to identify the most recent or active log file. As shown in the screenshot below, the script detected the “cloudinfra101” local user account, resulting in an exit code of 1, triggering the remediation script to delete that particular local user account.

How to Verify Proactive Remediation Status from Logs
How to Verify Proactive Remediation Status from Logs

Conclusion

In this blog post, we’ve explored the process of deleting a local user account using Intune. While you can deploy a one-time PowerShell script to achieve this, the proactive remediation script package is often the preferred choice.

This method checks for the existence of the local user account before removing it, making it more efficient. Additionally, proactive remediation runs on a schedule, ensuring that the local account is deleted even if someone recreates it, which offers a more robust and reliable solution.

2 thoughts on “How to Delete a Local user account using Intune”

  2. Just a remark : you made a typo in DetectLocalUser.ps1 : exists should be exist.
    Thanks again for this post, it works like a charm !

    Reply

Leave a Comment

Comprehensive Step-by-Step Guides: SetUp/Troubleshooting/Configuring Solutions for Intune, Microsoft 365, Windows 365, PowerShell, Windows, Azure, and other Cloud Technologies.

About the author
Contact Us
Privacy Policies
Comment Policies
Cookie Policies

Enter your email address to subscribe to this blog and receive notifications of new posts by email.