VMware Workspace ONE Community
admin
Immortal
Immortal
‎03-13-2019 02:28 AM

Do i need local administrative rights to deploy deivce profiles at windows clients

Hi there,


I've got a generally question about deploying device profiles to windows 10 clients.Does endusers need local administrative rights to process device profiles, that i assigned to the devices?


Because some months ago, i talked with the support about the problem that device profiles are not been installed and they told me that this is normal behaviour. See Answer attached. You have to use an user account with local admin rights to process the profiles.


I think its a bad idea to provide any user local admin permission? So if this is really a normal behaviour we will focus on other MDM Software? Really weird and thanks in advantage!


Support Answer:


Hi Jonny, It was a pleasure speaking with you.


As discussed, It is recommend to have local admin privileges in order to make the windows profile installed effectively on the windows machines. As you mentioned, kindly login to machine with local admin privileges and enroll the device to make it work. If you observe that the profile not being installed kindly check login to machine using local admin privileges and it will work. I am glad I was able to assist you today. With your permission I will now proceed to archive this ticket.

Labels (1)
Labels
0 Kudos
3 Replies
j0nn1e
Contributor
Contributor
‎03-14-2019 02:25 AM

*Push* Nobody has an idea about this? I Can't imagine that the big players with airwatch provide their users local admin privileges?

0 Kudos
paulprice
Contributor
Contributor
‎03-14-2019 02:41 AM

We have the same issue. Non of our users have admin rights, but profiles are  being deployed successfully to some Windows PC's  but we are seeing profiles not installed on a lot of devices. Also the time taken is longer then expected. We have had conflicting responses from Airwatch support regarding this. We have been told that users don't need admin rights by one team and that they do by another team for profiles to be deployed successfully. Which is not what we are seeing in our environment. It is very confusing.
0 Kudos
j0nn1e
Contributor
Contributor
‎03-14-2019 04:53 AM

Hey Paul, thanks for your reply! Maybe they distinguish between user Profiles und device profiles?Which means that for device profiles you need local admin rights, but not for user profiles. Could you could verify this?
I think it's a really bad situtation with the need for admin privileges. Every endpoint security client grants itself with the installation, admin or system rights to monitor and control the whole system and also to deploy security profiles. So whats wrong with airwatch?
0 Kudos