I've run into a frustrating problem since transitioning our entire setup to a Windows 11 environment with Intune and EntraID for user and device management. We used to have no issues with local admin account escalations for tasks like software installs on Windows 10, but now, after the upgrade, it looks like our devices aren't giving users the option to switch to a separate admin account when prompted for confirmations. When I try to use the default LAPS policy, I'm only prompted to enter the local admin account credentials without any option to select another one. Deleting the local admin account leads to losing the escalation options entirely, and users are then restricted to Windows Hello for Business, which is not practical since they can't make changes themselves. I've reached out to our licensing support at Pax8, and they've mentioned that LAPS is meant to limit the use of highly privileged accounts for everyday actions, but I never faced this limitation with Windows 10. Has anyone else experienced this, or have suggestions on how to manage it?
1 Answer
If you're trying to log in using the LAPS account, just type in `.` at the login screen and enter the password; that should work fine.
Does it have to be `.
ame` or would `.name` work as well?