Powershell Script for Hostrename is not working from Bigfix

Hello Everyone,

I am trying to execute a Powershell script to change computer name from Bigfix but it is not working and completing with exit code 1 however manually I tried to run from PowerShell it worked. I tried below methods to execute it from Bigfix:

  1. Pasted PowerShell script into the scripts section by selection PowerShell in Script Type and failed with exit code -1.
  2. Placed ps1 file in c:\temp folder and called with below command, its completed but exit code 1 host name not changed.
    waithidden { pathname of file ((it as string) of value “Path” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of native registry) } -ExecutionPolicy Bypass -File C:\temp\rename.ps1
  3. Tried Override method to execute it as current user(User has admin privilage and manual execution is working with this user), not worked.
  4. Created PowerShell file in Bigfix Action script with createfile method and called the file from the command on point no 2.
    Adding theps1 script below, please help me to understand what I am missing here.

"$ComputerModel = (Get-WmiObject -Class Win32_ComputerSystem | Select-Object Model).Model
$SerialNumber = (Get-WmiObject -Class Win32_BIOS | Select-Object SerialNumber).SerialNumber
$AssetTag = (Get-WmiObject -Class Win32_SystemEnclosure | Select-Object SMBiosAssetTag).SMBiosAssetTag
$key = "HKLM:\System\CNO\Deployment"
$OldName = $env:COMPUTERNAME
$department = (Get-ItemProperty -Path $key -Name department).department

if ($department -eq “HO-Exec”) {
$firstletter = “E”
}

elseif ($department -eq “FA-Fieldagent”) {
$firstletter = “G”
}

elseif ($department -eq “FA-Field”) {
$firstletter = “F”
}

elseif ($department -eq “HO-Testing”) {
$firstletter = “Z”
}

Else {$firstletter = "T"
    }

$NewName = $firstletter+$AssetTag

write-host $NewName

Rename-Computer -ComputerName $env:COMPUTERNAME -NewName $NewName -Force

Try saving the console output to a file so you can see what the error message is. Tips at Tip: Running Commands and Saving Output (Windows)

For PowerShell it will be something like

waithidden cmd.exe /c "powershell.exe -ExecutionPolicy Bypass -File "C:\temp\rename.ps1" > c:\temp\output.log 2>&1"

Thank you @JasonWalker . From the logs we got that the issue is privilege’s to the system user so now I am using dedicated user id which has permission to change the hostname and it is working. But now I am facing another issue it is working well when I am calling it as below:
override wait
runas=localuser
asadmin=true
user=userid
password=required
wait cmd.exe /c “powershell.exe -ExecutionPolicy Bypass -File “C:\cno\rename.ps1” > c:\cno\output.log 2>&1”

The issue with this task is that I am not able to target it on dynamic group as individual or into the baseline. And when I am trying to give the password directly in quotation like below then its failing on execution and not generating the log also.
override wait
runas=localuser
asadmin=true
user=userid
password=“password”
wait cmd.exe /c “powershell.exe -ExecutionPolicy Bypass -File “C:\cno\rename.ps1” > c:\cno\output.log 2>&1”

So please guide me if there is any way to target the task on dynamic group which have password in required method.

It can’t be targeted dynamically because the password is sent as a Secure Parameter - it must be encrypted with the keys of each targeted endpoint, which is not known when issuing the action to dynamic targets.

I’m not sure the usefulness of renaming a computer dynamically though?

Do consider careful the impacts if you try to bypass the secure parameter protection. Any password you hard-code into an actionscript can be read by any client in the deployment.

Ok I understood that when we are sending password as secure parameter it can not be targeted dynamically.
And the reason behind dynamic target is, change the hostname after Intune Autopilot imaging process to give the name as per organization standard.
So please help me with below Action script commands, when I am trying to send password directly then it should work, but its keep failing and when I am sending password as secure parameter it is working. Is there I am doing wrong anything in below script?

override wait
runas=localuser
asadmin=true
user=userid
password=“password”
wait cmd.exe /c “powershell.exe -ExecutionPolicy Bypass -File “C:\cno\rename.ps1” > c:\cno\output.log 2>&1”

I think I explore the override options at Tip - Action Override User settings please have a look.and see if that helps

Wonderful Article, Thank you so much.
I think the failure reason in my case you mentioned into the last row.
override wait
runas=localuser
user=MyTempUser1
password="MyTempPassword"
asadmin=true
wait cmd.exe /c "cd C:\temp & c:\temp\test.cmd" Command failed (The keyword 'AsAdmin=true' can be used when both RunAs=localuser and Password=required are specified.)
‘AsAdmin=true’ cannot be used with a clear-text string for the password.

So the only way to run it AsAdmin=“interactive” and in that case it will need to user interaction during execution?

I understand the way you are going about it and just want to state that there are many ways get the same results.

You create a custom property with the desired new computer name. Then you can have a batch or PowerShell script run periodically to set the name of the computer to the name in the desired property. You can create a scheduled task to run as any user you want and have it execute the script.

I have a custom relay cache size setting. We are multi tenant and having a default relay cache size is fine for most but sometimes we need to make it smaller. So I created a custom property to hold the desired size and then I have a fixlet that reads that value and sets cache size if it is different. which reapplies once a day.

Running a combination of scripts, BigFix and scheduled tasks do do things removes many limits that other management tools have. It is why I love BigFix so much.

Hi @D.Dean ,
Thank you for your response. Can you please guide me task scheduler in my case to run it with a specific user and for one time only. Any Article if you can recommend that also will also fine.

Hi @JasonWalker ,
Just wanted to confirm about the bypassing the secure parameter protection of password. If we send the password in plain string then it should work in the same way as it is working in secure parameter (password=required) method.
Because in my case it is working well in this way (password=required) but not in (password=“PasswordString”).