(imported topic written by BenKus)
I created a Task that changes the computer name of Windows computers using a tool I at http://groups.google.com/group/microsoft.public.scripting.hosting/msg/7ff81125418f21a
See the attached Task (must be logged in to the forum to see it).
Let me know if you see any issues,
Ben
(imported comment written by dgibson91)
Will this work on a PC joined to a domain? Normally when you change the name of a domain PC, it requires your domain credentials.
(imported comment written by BenKus)
Hey dgibson,
I have no idea… Based on your explanation, I am guessing that it would fail and I can’t think of an easy way to provide the appropriate domain credentials to the application.
Ben
(imported comment written by SystemAdmin)
Reading that person’s web site, although freeware he’d like a donation if you use that utility in a business environment.
How about NETDOM.exe instead? You’d have to format the name of the PC yourself, but this might work.
http://support.microsoft.com/kb/298593/EN-US/
(There’s also a version for Windows 2000 in the Windows 2000 support tools - on the Windows 2000 CD)
Granted, would you want your username/password sent out via an action? I think they’re sent out as clear text, right?
-Paul
(imported comment written by BenKus)
Hey Paul,
That is a good point… Here is the website of the developer of compname.exe:
As a general rule, BigFix, Inc. tries to donate money to freeware applications like this that we use in our product (even if not required), but since this tool is not specifically used by our product, we didn’t make a donation here. I strongly believe in the idea that tools like these can save companies hundreds or thousands of dollars in time and effort and I think it makes sense to give a donation if you find this tool useful.
And to answer your other question… you don’t want to send passwords to agents because there is no safe way to secure the password from onlookers on the BES Agent computers or elsewhere.
Ben
(imported comment written by tim7ad91)
Hello all,
Netdom would work for the domain account rename, but the clear text issue is a problem (on the wire and in the BF action/task). However, for some environments the following may serve as an acceptable risk mitigation.
Create a domain account that does not have the interactive logon privilege. Assign it the privilege to Join/Create computers.
Create a pseudo-random 64 character password (or greater)… be careful not to exceed the command line character limitations.
Use this for the netdom command in the action script (or build an __appendfile and call it)
Even if the password is obtained it only grants access for a limited account.
You can take this further by wrapping the netdom into an exe (using Wise or your favorite tool) and store/pass the hashed value of the password. This provides another layer of obfuscation. However, it still doesn’t remove the risk completely.
(imported comment written by deanmorris3891)
This is a great task Ben. Thanks.
(imported comment written by cstoneba)
tim7ad, I have said action using netdom (and it works greats), but the only problem is that the domain account used to rename the computer must have local admin rights as well as write access to the computer object within AD. So, even though they may not be able to login interactivly, they still have local admin rights. That is my problem right now and I’m not finding a workaround.