Local admin created after implementing UAM

Has anyone seen this? I implemented UAM policies last month, first on one host pool, then two more. I just noticed that hosts in those pools have a local admin account, which looks like 20 characters of random hexadecimal. The admin user is the same in all the hosts in all 3 pools. The profile creation times match with when UAM policies were added, and the last logon times match with when UAM ran during the last maintenance window, so I asked Nerdio support, but they said it was not created by UAM. 

The 3 host pools have only 4 applications in common, and they are: 

  1. 7-Zip
  2. Google Chrome
  3. PowerShell
  4. Mozilla Firefox

I was installing those applications with Winget in Scripted Actions previously, and they did not create any users. 

Thanks!

0

Comments (1 comment)

Avatar
Peter Yasuda

I should check my email before hitting SUBMIT, but maybe this will help someone else. I received this correction from Nerdio support: 

Currently UAM does create a local admin account. This process is being improved and will change slightly but currently this is the process:
 
UAM will first attempt to create a Local Admin account to use to create a powershell session. The passwords are to be generated unique each time, but the local account name is always the same. If the local admin user doesn't work, it will try to work around with a couple fixes (clearing listener filters, firewall blockers) and retry with the same user. If it still doesn't work, it will undo the changes and report a failure. UAM won't install applications using System, since it requires installing as a user account.

0

Please sign in to leave a comment.