Disable Domain credentials error received in Intune

Paul Barnes 0 Reputation points
2025-01-03T09:49:50.97+00:00

I am fairly new to Intune and have setup a custom configuration rule using the OMA-URI ./Device/Vendor/MSFT/Policy/Config/Security/LocalAccounts/DisablePasswordStorage but each time it is applied it errors with error code -2016281112 - 0x87d1fde8.

I got this OMA from doing a Co-Pilot search

Where I have applied Custom rules they all seem to fail as above

Any idea what i am doing wrong if anything?

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,987 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Crystal-MSFT 51,551 Reputation points Microsoft Vendor
    2025-01-06T01:31:48.6466667+00:00

    @Paul Barnes, Thanks for posting in Q&A. Based on my researching, the CSP is not valid now. Therefore, it is failed. But we can try to change it via registry key.

    HKLM\SYSTEM\CurrentControlSet\Control\Lsa\DisableDomainCreds To the following REG_DWORD value: 1

    Here is a link with more details for your reference:

    https://mbcloudteck.substack.com/p/hklmsystemcurrentcontrolsetcontrollsadisabledoma?r=2jeuoc&utm_campaign=post&utm_medium=web&triedRedirect=true

    Note: Non-Microsoft link, just fir the reference.

    Hope the above information can help.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. Paul Barnes 0 Reputation points
    2025-01-08T08:48:12.14+00:00

    intune screenshot

    I have attached a picture showing the script applied and assigned successfully


  3. Crystal-MSFT 51,551 Reputation points Microsoft Vendor
    2025-01-15T01:56:58.48+00:00

    @Paul Barnes, Hope things are going well. For our issue, please let me write a brief summary to let others who have the same issue to get the suggestion quickly.

    Issue

    Setup a custom configuration rule using the OMA-URI ./Device/Vendor/MSFT/Policy/Config/Security/LocalAccounts/DisablePasswordStorage but each time it is applied it errors with error code -2016281112 - 0x87d1fde8.

    Suggestions

    Based on my researching, the CSP is not valid now. Therefore, it is failed. But we can try to change it via registry key.

    HKLM\SYSTEM\CurrentControlSet\Control\Lsa\DisableDomainCreds To the following REG_DWORD value: 1

    Deploy registry key via PowerShell script in Intune. User's imageEnsure the "Run this script using the logged on credentials" is set as No.

    User's image

    Thanks for your time and have a nice day!


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.