none
Prompt user to change computer name via SCCM without using Task Sequence

    Question

  • Hi All,

    Due to bad naming conventions, I'd like to prompt users to change their computers via SCCM, and wondering if its possible. I have a powershell script that prompts for the new computer name; however, after entering the name and restarting the computer name doesn't get changed but does work manually. I have it being deployed as a package and running with administrative rights, so not sure why the name isn't being change. Can someone tell me if it is possible?

    Thanks

    Monday, June 04, 2018 6:20 PM

All replies

  • When running the package as you describe, you are running the package with SYSTEM rights. SYSTEM has no rights in your Active Directory :-)

    That's why you initially have a Domain Join account, with access to join computer objects into Active Directory.

    Perhaps doable with a task sequence, where you can run a given step as a specific user. That user needs to have the proper rights in your AD, as well as locally on the computer. Never tried it though.


    Martin Bengtsson | Blog: www.imab.dk | Twitter: @mwbengtsson
    If a post helps to resolve your issue, please remember to click Mark as Answer.



    Monday, June 04, 2018 7:26 PM
  • Are you using a package for this?

    What command-line are you using?

    What exactly does execmgr.log say about its execution?


    Jason | https://home.configmgrftw.com | @jasonsandys

    Monday, June 04, 2018 8:41 PM
    Moderator
  • Second that. Rights in AD might only be needed when joining initially :-)

    Have you tested your script with psexec? psexec.exe -s

    Monday, June 04, 2018 9:13 PM
  • I haven't tested it with psexec, I've been using powershell, and it seems to be running as it prompts for the computer name but just doesn't actually change the name. The execmgr.log says everything ran successfully.

    Script:

    [void][System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic')
    $NewComputerName = [Microsoft.VisualBasic.Interaction]::InputBox("Enter New Computer Name:", "Name", "$env:computername")
    $ComputerInfo = Get-WmiObject -Class Win32_ComputerSystem
    $ComputerInfo.Rename($NewComputerName)

    Tuesday, June 05, 2018 3:29 PM
  • I just tested this with psexec, and no matter how I twist and turn the scenario, you have to have some rights in your Active Directory (assuming this is a domain joined PC obviously)

    The account you use outside of ConfigMgr and where you succeed. I bet it's both a local admin as well as a domain admin?

    You can even delegate the rename computer object rights in AD.

    If I try to rename a computer manually in my end, I'm first prompted for local admin and then next an account that has the proper permissions in AD.

    So unless I'm missing out on something, this is not doable running the script as SYSTEM in ConfigMgr (which I stated in my first reply :-)


    Martin Bengtsson | Blog: www.imab.dk | Twitter: @mwbengtsson
    If a post helps to resolve your issue, please remember to click Mark as Answer.





    Tuesday, June 05, 2018 3:46 PM
  • Where exactly, relative to other tasks (the Setup Windows and ConfigMgr task specifically) is this task located in the TS?

    Jason | https://home.configmgrftw.com | @jasonsandys

    Tuesday, June 05, 2018 9:14 PM
    Moderator
  • > "Where exactly, relative to other tasks (the Setup Windows and ConfigMgr task specifically) is this task located in the TS?"

    Hmm. This is not a TS at all?


    Martin Bengtsson | Blog: www.imab.dk | Twitter: @mwbengtsson
    If a post helps to resolve your issue, please remember to click Mark as Answer.

    Tuesday, June 05, 2018 10:01 PM
  • Yep, you're right, the thread is getting too long and I lost track.

    Jason | https://home.configmgrftw.com | @jasonsandys

    Tuesday, June 05, 2018 10:35 PM
    Moderator
  • You can try using the "run command-line" step of the task sequence. That allows you to specify the account that will be used to run the command-line (which, in your case would just run your script). You would then just specify the account that has permissions on AD to rename machines.

    Wednesday, June 06, 2018 12:29 AM
  • Sorry about any confusion here. When my reply got marked / unmarked, I thought I missed something obvious. Apparently I didn't, so my first reply is still valid here:

    "When running the package as you describe, you are running the package with SYSTEM rights. SYSTEM has no rights in your Active Directory :-)

    That's why you initially have a Domain Join account, with access to join computer objects into Active Directory.

    Perhaps doable with a task sequence, where you can run a given step as a specific user. That user needs to have the proper rights in your AD, as well as locally on the computer. Never tried it though."

    Martin Bengtsson | Blog: www.imab.dk | Twitter: @mwbengtsson
    If a post helps to resolve your issue, please remember to click Mark as Answer.

    Wednesday, June 06, 2018 5:17 AM