How to Disable Guest Account Using OMA-URI Settings Microsoft Intune

  • This topic is empty.
  • Post
    • January 1, 2025 at 7:15 am
    Weekend Wiki
    Keymaster
    Here’s a detailed explanation of the second scenario (using Configuration Profiles with OMA-URI Settings) to disable the Guest Account via Microsoft Intune:

    Steps to Disable Guest Account Using OMA-URI Settings

    This approach involves creating a custom configuration profile that applies a specific policy setting to disable the Guest Account.

    1. Create a Configuration Profile

    1. Log in to Microsoft Intune Admin Center:
    2. Navigate to Configuration Profiles:
      • Go to Devices > Configuration profiles > + Create profile.
    3. Select Platform and Template:
      • Platform: Select Windows 10 and later.
      • Profile type: Select Custom.

    2. Define OMA-URI Setting

    1. Click Add to create a new OMA-URI setting.
    2. Fill in the fields as follows:
      • Name: Disable Guest Account.
      • Description: Add a brief description (e.g., “Policy to disable the Guest Account on Windows devices”).
      • OMA-URI: 
        ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/Accounts_GuestAccountStatus
        • This OMA-URI maps to the policy for enabling or disabling the Guest Account.
      • Data type: Select Integer.
      • Value: Set to 0 (to disable the Guest Account).
        • 0: Disables the Guest Account.
        • 1: Enables the Guest Account.
    3. Save the configuration.

    3. Assign the Profile

    1. After defining the OMA-URI setting, click Next to move to the Assignments step.
    2. Assign the profile:
      • Choose device or user groups that require the Guest Account to be disabled.
      • Click Next to proceed.
    3. Review your configuration and click Create to deploy the profile.

    4. Verify Policy Deployment

    1. Monitor deployment:
      • Navigate to Devices > Monitor > Configuration Profiles.
      • Check the status of the policy under the Device Status and User Status tabs.
    2. Check locally on the device:
      • On a managed Windows device, open Command Prompt or PowerShell and run: 
        net user guest
      • The output should show the Guest Account status as disabled.

    Benefits of Using This Method

    • Customizable: You can define various policies using OMA-URI for granular control.
    • Standardized Deployment: Ensures consistent settings across all managed devices.
    • Automated Updates: Any change to the configuration profile will automatically update all assigned devices.

    Let me know if you’d like further assistance with deploying this policy!

  • You must be logged in to reply to this topic.
en_USEnglish
arArabic en_USEnglish