Remove From My Forums

How can I pass the rename-computer credential in a powershell script (.ps1)?

Question
0

Sign in to vote
Hello everyone,

How can i give the password to "rename-computer" for the "-domaincredential" attribute in the powershell script,?

There are no properties/methods like "-password" (eg image)

I want the script to execute silently, the without HAVING to Manually The Enter password that Needs to be encrypted.

I have read the links below, but still confused How to Write the completely command in .ps1
: HTTPS: //stackoverflow.com/questions/23482389 /entering-a -password-for-domaincredential-in-rename-computer -in-powershell? Noredirect = 1&lq = 1
https://stackoverflow.com/questions/13842611/how-to-pass-credentials-to-rename- Command

I wrote the following, but it n't work to rename my computer name.

$path=\\sc\cont $computername="CN-D"+$number $currentname=(Get-CimInstance -ClassName Win32_ComputerSystem).Name $user="sc\joindomain" $encpwd = Get-Content $path\password.bin $passwd = ConvertTo-SecureString $encpwd $credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $user, $passwd if($computername -ne $currentname){ Rename-Computer -NewName $computername -DomainCredential $credential }

Thank you in advance.
- Edited by 2019_315 Friday, July 19, 2019 2:21 AM
Thursday, July 18, 2019 9:08 AM

Answers

Hi,

Rename-Computer wont work as expected as it accepts only a user name, if the user has the permission to rename the computer then it will proceed else it will error out. Hence you can use:

Rename-Computer -NewName <something> -DomainCredential domain\administrator -Force

Renaming the computer using WMI:

# Encrypt Password using AES 256 bit encryption (32 bytes). Can be used on any Machine
$File256 = "AESPwd256.txt"
[Byte[]] $key = (1..32)
$AESPwd256 = 'Passw0rd@123' | ConvertTo-SecureString -AsPlainText -Force
$AESPwd256 | ConvertFrom-SecureString -key $key | Out-File $File

Save the above file along with your script: $path\password.bin 

# Set new name for the computer
$NewName = 'newname'

# Set User Name 
$UserName = 'Domain\Administrator'

# Now Import the Password in your script
[Byte[]] $key = (1..32)
$Password = Get-Content $AESPwd256.txt | ConvertTo-SecureString -key $key

# Rename the computer using WMI
(Get-WmiObject win32_computersystem).Rename( $NewName,$Password,$UserName)

Thanks, Rajiv Iyer

Proposed as answer by Rajiv IR Thursday, July 18, 2019 12:46 PM
Edited by Rajiv IR Thursday, July 18, 2019 1:19 PM
Marked as answer by 2019_315 Wednesday, August 21, 2019 6:02 PM

Thursday, July 18, 2019 12:42 PM

1

Sign in to vote
Not very secure if "key" in part of the script. No point in encrypting if you tell everyone the key.

The code also does not answer the original issue.

\_(ツ)_/

Hi jrv,

I am still a little confused:

The key is encrypted and stored in a share accessible only to a specific account, so why is it still insecure?

The key is NOT encrypted. It is in the PS1 file.

# Now Import the Password in your script
[Byte[]]$key = (1..32)
$Password = Get-Content $AESPwd256.txt | ConvertTo-SecureString -key $key

See the key is in the script. It is also a key that anyone can guess. You cannot make the key visible. This is why we never store admin credentials.

TO secure this just grant the user running it permissions in AD to rename the computer object. By default all users have "domain join" permission. You can let them unjoin, rename, rejoin their own workstations.

\_(ツ)_/
- Proposed as answer by LeeSeenLiMicrosoft contingent staff Wednesday, July 31, 2019 7:22 AM
- Marked as answer by 2019_315 Wednesday, August 21, 2019 6:02 PM
Friday, July 19, 2019 2:10 AM
0

Sign in to vote
Hi,

Pardon me for noticing this a bit late. Since you're renaming a computer I see that you're using a Domain Administrator credentials. Normally, when we rename a computer, we first disjoin the computer from the domain, rename the computer and join it back to the domain.

What say you...

Thanks, Rajiv Iyer

That is the preferred method and it does not require a domain admin as all users are allowed to join up to 10 computers to the network. Of course this can be disabled via Group Policy.

The first requirement is that the user must also be an admin on the local system.

\_(ツ)_/
- Proposed as answer by LeeSeenLiMicrosoft contingent staff Wednesday, July 31, 2019 7:23 AM
- Marked as answer by 2019_315 Wednesday, August 21, 2019 6:01 PM
Friday, July 19, 2019 6:22 AM

All replies

0

Sign in to vote

Please read the following link carefully: An image of code is not helpful

Also carefully read the following: How to ask questions in a technical forum
\_(ツ)_/

Thursday, July 18, 2019 9:22 AM
0

Sign in to vote

You will also need to read the full help for the command that you are trying to use:

help rename-computer -online

The examples will help you understand how to use the command.
\_(ツ)_/

Thursday, July 18, 2019 9:24 AM

Hi,

Rename-Computer wont work as expected as it accepts only a user name, if the user has the permission to rename the computer then it will proceed else it will error out. Hence you can use:

Rename-Computer -NewName <something> -DomainCredential domain\administrator -Force

Renaming the computer using WMI:

# Encrypt Password using AES 256 bit encryption (32 bytes). Can be used on any Machine
$File256 = "AESPwd256.txt"
[Byte[]] $key = (1..32)
$AESPwd256 = 'Passw0rd@123' | ConvertTo-SecureString -AsPlainText -Force
$AESPwd256 | ConvertFrom-SecureString -key $key | Out-File $File

Save the above file along with your script: $path\password.bin 

# Set new name for the computer
$NewName = 'newname'

# Set User Name 
$UserName = 'Domain\Administrator'

# Now Import the Password in your script
[Byte[]] $key = (1..32)
$Password = Get-Content $AESPwd256.txt | ConvertTo-SecureString -key $key

# Rename the computer using WMI
(Get-WmiObject win32_computersystem).Rename( $NewName,$Password,$UserName)

Thanks, Rajiv Iyer

Proposed as answer by Rajiv IR Thursday, July 18, 2019 12:46 PM
Edited by Rajiv IR Thursday, July 18, 2019 1:19 PM
Marked as answer by 2019_315 Wednesday, August 21, 2019 6:02 PM

Thursday, July 18, 2019 12:42 PM

1

Sign in to vote

Not very secure if "key" in part of the script. No point in encrypting if you tell everyone the key.

The code also does not answer the original issue.

\_(ツ)_/

Thursday, July 18, 2019 4:17 PM
0

Sign in to vote
Hi jrv,

I'm sorry that I didn't notice the way I asked question which would be unfavorable for solving my problem.

I'll pay attention to these details later.

I am a powershell noob and learning.

I had read the help rename-computer -online, but didn't solve it.
- Edited by 2019_315 Friday, July 19, 2019 1:40 AM
Friday, July 19, 2019 1:23 AM
0

Sign in to vote
Hi jrv,

I'm sorry that I didn't notice the way I asked question which would be unfavorable for solving my problem.

I'll pay attention to these details later.

I am a power shell noob and learning.

I had read the help rename-computer -online, but didn't solve it.

Please edit your original post and use the code posting tool to post your code. This has nothing to do with not knowing PwoerSHell. It has to do with learning how to asking questions in these technical forums.

This can be helpful: How to ask questions in a technical forum

How to post code in Technet Forums

\_(ツ)_/
- Edited by jrv Friday, July 19, 2019 1:36 AM
Friday, July 19, 2019 1:36 AM

Hi Rajiv IR,

I have run the below script to save my password.bin to my $path\password.bin：

$path="\\sc\cont"
[Byte[]] $key = (1..32)
$AESPwd256 = '123.com' | ConvertTo-SecureString -AsPlainText -Force
$AESPwd256 | ConvertFrom-SecureString -key $key | Out-File $path\password.bin

And the run the below script on my clients：

# $number = Computer Serial_NO.last 7 bits
# $path = One shared folder in my site server
$newname="CN-D"+$number
$oldname=(Get-CimInstance -ClassName Win32_ComputerSystem).Name
$user="sc\joindomain"
[Byte[]] $key = (1..32)
$password = Get-Content $path\password.bin | ConvertTo-SecureString -key $key
if($oldname -ne $newname){
    (Get-WmiObject win32_computersystem).Rename( $newname,$password,$user)
}

When testing manually on the client side, there are the following tips

I've tried to restart and re-join domain，but it's not helpful.

Do you have any ideas?

Friday, July 19, 2019 1:39 AM

2

Sign in to vote

See this for the error code returned.

https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/joindomainorworkgroup-method-in-class-win32-computersystem

\_(ツ)_/

Friday, July 19, 2019 1:44 AM
0

Sign in to vote

Not very secure if "key" in part of the script. No point in encrypting if you tell everyone the key.

The code also does not answer the original issue.

\_(ツ)_/

Hi jrv,

I am still a little confused:

The key is encrypted and stored in a share accessible only to a specific account, so why is it still insecure?

Friday, July 19, 2019 2:04 AM
0

Sign in to vote

See this for the error code returned.

https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/joindomainorworkgroup-method-in-class-win32-computersystem

\_(ツ)_/

Hi jrv,

Thank you .

I will read it carefully.

Friday, July 19, 2019 2:04 AM
0

Sign in to vote

非常有趣。我们可以安排您或不使用此论坛。也许这会有所帮助

\_(ツ)_/

Friday, July 19, 2019 2:06 AM
1

Sign in to vote
Not very secure if "key" in part of the script. No point in encrypting if you tell everyone the key.

The code also does not answer the original issue.

\_(ツ)_/

Hi jrv,

I am still a little confused:

The key is encrypted and stored in a share accessible only to a specific account, so why is it still insecure?

The key is NOT encrypted. It is in the PS1 file.

# Now Import the Password in your script
[Byte[]]$key = (1..32)
$Password = Get-Content $AESPwd256.txt | ConvertTo-SecureString -key $key

See the key is in the script. It is also a key that anyone can guess. You cannot make the key visible. This is why we never store admin credentials.

TO secure this just grant the user running it permissions in AD to rename the computer object. By default all users have "domain join" permission. You can let them unjoin, rename, rejoin their own workstations.

\_(ツ)_/
- Proposed as answer by LeeSeenLiMicrosoft contingent staff Wednesday, July 31, 2019 7:22 AM
- Marked as answer by 2019_315 Wednesday, August 21, 2019 6:02 PM
Friday, July 19, 2019 2:10 AM
0

Sign in to vote

Thank you for fixing the original post.

\_(ツ)_/

Friday, July 19, 2019 2:40 AM
0

Sign in to vote

Hi jrv,

So sorry.

Please forgive my poor English.
So sometimes I need the help of Google tool bar.
Obviously, it just translated my post into Chinese automatically.

Could you speak Chinese? I saw you write Chinese above?

Friday, July 19, 2019 2:52 AM
0

Sign in to vote

I Googled the Chinese. I hoped it would get your attention.

祝你今天愉快。

\_(ツ)_/

Friday, July 19, 2019 2:56 AM
0

Sign in to vote

Hi,

Pardon me for noticing this a bit late. Since you're renaming a computer I see that you're using a Domain Administrator credentials. Normally, when we rename a computer, we first disjoin the computer from the domain, rename the computer and join it back to the domain.

What say you...
Thanks, Rajiv Iyer

Friday, July 19, 2019 6:13 AM
0

Sign in to vote
Hi,

Pardon me for noticing this a bit late. Since you're renaming a computer I see that you're using a Domain Administrator credentials. Normally, when we rename a computer, we first disjoin the computer from the domain, rename the computer and join it back to the domain.

What say you...

Thanks, Rajiv Iyer

That is the preferred method and it does not require a domain admin as all users are allowed to join up to 10 computers to the network. Of course this can be disabled via Group Policy.

The first requirement is that the user must also be an admin on the local system.

\_(ツ)_/
- Proposed as answer by LeeSeenLiMicrosoft contingent staff Wednesday, July 31, 2019 7:23 AM
- Marked as answer by 2019_315 Wednesday, August 21, 2019 6:01 PM
Friday, July 19, 2019 6:22 AM
0

Sign in to vote

Hi,

Was your issue resolved?

If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

If no, please reply and tell us the current situation in order to provide further help.

Best Regards,

Lee
Just do it.

Wednesday, July 31, 2019 7:23 AM
0

Sign in to vote

Hi all,

Sorry for late mark.

Thank you for your help.

Wednesday, August 21, 2019 6:06 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

How can I pass the rename-computer credential in a powershell script (.ps1)?

Question

Answers

All replies