locked
Change Computer Name without Domain Admin prompt? RRS feed

  • Question

  • Howdy,

    We name all our machines with the User's ID and the OS #.  E.g. John Smith - jsmith8

    We are going through and upgrading people to Windows 10 via an SCCM Task Sequence.  One of the things we want to do when that is done is rename the machine so that jsmith8 would become jsmith10.

    All of our users are local admins but are not domain admins so I'm not sure if there's an easy way to do this.  Can anyone let me know if there's an easy way to do this?  Even if it isn't through Powershell...

    We figured we could get the username who is currently logged in, add a "10" to that and set that as the new computer name.  However, when you do that manually you have to put in admin credentials for the domain which is the part I'm not sure how to handle since we don't want to just have them in a text file or something that anyone can see.  We could possibly put a powershell script in a onetime run login script somehow that would kick off automatically the first time they log in after the upgrade...

    Just brainstorming possible options.

    Thanks!

    Friday, October 16, 2015 7:47 PM

Answers

  • That's all fine and dandy but do you have a way to change the name to something else from the user's side?  Can I embed credentials in some sort of script or package a PS1 file as an EXE or something like that so it can run locally under the user's account but still complete the rename?

    No you can't. A user cannot change AD objects without permission. You cannot and use credentials as the user can easily decode the credential and use it. Worse is that any rogue process can also get the credential.

    What you are doing is completely at odds with all Windows administration and security best practices.

    Since a domain admin can bath update anything in AD just update the machines using the Add-AdComputer Cmdlet which can  easily rename a computer object.  If you do not knowhow to sue AD or AD Cmdlets then start here: https://technet.microsoft.com/en-us/scriptcenter/dd793613

    You can use Get-AdComputer to fin computers by OS.  Just replace the number in  thee name.

    $computer.Name -replace '8','10'


    \_(ツ)_/

    • Proposed as answer by Elaine Jing Tuesday, October 20, 2015 2:26 AM
    • Marked as answer by Elaine Jing Thursday, October 22, 2015 3:17 AM
    Friday, October 16, 2015 8:43 PM
  • As an administrator, you can remotely rename machine.  This would be a much better option than giving your users the ability to rename machines.  Checkout the netdom command. More specifically netdom renamecomputer.

    As was already stated, you should really consider using a different naming scheme. The OS version is very easy to identify without putting it in the machine name.

    • Proposed as answer by Elaine Jing Tuesday, October 20, 2015 2:26 AM
    • Marked as answer by Elaine Jing Thursday, October 22, 2015 3:17 AM
    Friday, October 16, 2015 9:48 PM

All replies

  • Only a domain admin can rename a machine in the domain.

    You should not use this convention.  It, like so many other bad ideas, is a formula for future issues.  The OS is part of the AD entry by default.   Machines should be functionally named and not user dependent.

    If you search you will find many documents discussing how machine names can be devised that will not likely cause issues.

    If you must have a convenience description use the "description" property of the machine account in AD.

    If you want you can make the user one of the managers of their machine and they will have some control over changing the description.


    \_(ツ)_/

    Friday, October 16, 2015 8:06 PM
  • Maybe I've missed something, but this is really just a chekbox?:

    One more: if you've got SCCM it already ''knows" and can report/gather collections of your windows version clients, maybe there is no need to use version-specific suffixes.


    Friday, October 16, 2015 8:29 PM
  • Only a domain admin can rename a machine in the domain.

    You should not use this convention.  It, like so many other bad ideas, is a formula for future issues.  The OS is part of the AD entry by default.   Machines should be functionally named and not user dependent.

    If you search you will find many documents discussing how machine names can be devised that will not likely cause issues.

    If you must have a convenience description use the "description" property of the machine account in AD.

    If you want you can make the user one of the managers of their machine and they will have some control over changing the description.


    \_(ツ)_/

    That's all fine and dandy but do you have a way to change the name to something else from the user's side?  Can I embed credentials in some sort of script or package a PS1 file as an EXE or something like that so it can run locally under the user's account but still complete the rename?
    Friday, October 16, 2015 8:34 PM
  • That's all fine and dandy but do you have a way to change the name to something else from the user's side?  Can I embed credentials in some sort of script or package a PS1 file as an EXE or something like that so it can run locally under the user's account but still complete the rename?

    No you can't. A user cannot change AD objects without permission. You cannot and use credentials as the user can easily decode the credential and use it. Worse is that any rogue process can also get the credential.

    What you are doing is completely at odds with all Windows administration and security best practices.

    Since a domain admin can bath update anything in AD just update the machines using the Add-AdComputer Cmdlet which can  easily rename a computer object.  If you do not knowhow to sue AD or AD Cmdlets then start here: https://technet.microsoft.com/en-us/scriptcenter/dd793613

    You can use Get-AdComputer to fin computers by OS.  Just replace the number in  thee name.

    $computer.Name -replace '8','10'


    \_(ツ)_/

    • Proposed as answer by Elaine Jing Tuesday, October 20, 2015 2:26 AM
    • Marked as answer by Elaine Jing Thursday, October 22, 2015 3:17 AM
    Friday, October 16, 2015 8:43 PM
  • As an administrator, you can remotely rename machine.  This would be a much better option than giving your users the ability to rename machines.  Checkout the netdom command. More specifically netdom renamecomputer.

    As was already stated, you should really consider using a different naming scheme. The OS version is very easy to identify without putting it in the machine name.

    • Proposed as answer by Elaine Jing Tuesday, October 20, 2015 2:26 AM
    • Marked as answer by Elaine Jing Thursday, October 22, 2015 3:17 AM
    Friday, October 16, 2015 9:48 PM