For an IT department initiative, we have to remotely remove admin rights from a subset of M1 Macbook Air users. Their computers were set up manually with one original admin user account.
After much research and testing, the admin rights removal portion of our scripting is working except for the original admin user account. A few niche online resources indicated this might possibly be due to M1's having a new type of user account called an owner. I also read that any secondary accounts after the initial one should have access to the OIK and OIC so we're confused why admin rights aren't getting removed from that original user when it works on other secondary accounts in multiple ways of testing.
Any ideas or context surrounding this elusive new owner type of account, why the working script won't remove admin rights from that account but will for others, or if there's some missing info in order to accomplish this goal? We ideally would like to add an IT managed admin user and remove admin from the original user (current MDM does not support his inherently so we're getting creative.)
