Rename Administrator Account to %computername%

C

colesky

I am looking for a way in my GPO setting to rename the admin account to
the Hostname_adm. I have tried to add the %computername%_adm in the
GPO, but it does not take the name of the server, it only renames the
admin account to %computername%_adm. Does anybody know an easy way to
do this? How can I get the admin account to effectively change and be
unique to the server using GPOs in my AD environment?
 
C

Carey Frisch [MVP]

To automatically rename the administrator account, access
the security options using the Group Policy snap-in, expand
Local Policies, and then select Security Options. Right-click
Accounts: Rename The Administrator Account and then click
Properties. Type in the new name you wish to use for the
Administrator account and click OK.

Accounts: Rename administrator account
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/583.mspx

Please visit the Group Policy experts:
news://msnews.microsoft.com/microsoft.public.windows.group_policy

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect Your PC!
http://www.microsoft.com/athome/security/protect/default.aspx

-------------------------------------------------------------------------------

:

| I am looking for a way in my GPO setting to rename the admin account to
| the Hostname_adm. I have tried to add the %computername%_adm in the
| GPO, but it does not take the name of the server, it only renames the
| admin account to %computername%_adm. Does anybody know an easy way to
| do this? How can I get the admin account to effectively change and be
| unique to the server using GPOs in my AD environment?
 
T

Torgeir Bakken \(MVP\)

I am looking for a way in my GPO setting to rename the admin account to
the Hostname_adm. I have tried to add the %computername%_adm in the
GPO, but it does not take the name of the server, it only renames the
admin account to %computername%_adm. Does anybody know an easy way to
do this? How can I get the admin account to effectively change and be
unique to the server using GPOs in my AD environment?
Click to expand...
Hi

You could do it in a computer startup script (with a GPO) that runs
as part of the boot up process (before the user logs in). It runs
under the system context and has admin rights.

This script should do the job:

'--------------------8<----------------------
'
' Description: Script that renames the builtin administrator
' account to %computername%_adm
'
' Should work against remote domain computers as well
' as long as current user have administrator rights on it.
' (you just need to adjust the sComputerName definition)
'
' Author: Torgeir Bakken
' Date: 2004-12-10
'

Set oWshNet = CreateObject("WScript.Network")

' get computer name for local computer
sComputerName = oWshNet.ComputerName
' If you want to run the script against a remote computer,
' disable the line above and enable the line below
'sComputerName = "SomeComputer"

' obtain current administrator name regardless of name
sOldUser = GetAdministratorName(sComputerName)

' new user name
sNewUser = sComputerName & "_adm"

If sNewUser <> sOldUser Then
Set oComputer = GetObject("WinNT://" & sComputerName)

' Turn off internal error handling
On Error Resume Next
' connect to user object
Set oUser = GetObject("WinNT://" & sComputerName & "/" _
& sOldUser & ",user")

' rename user
Set oNewUser = oComputer.MoveHere(oUser.ADsPath, sNewUser)
On Error Goto 0
End If


Function GetAdministratorName(sComputerName)
Dim sUserSID, oWshNetwork, oUserAccount

Set oUserAccounts = GetObject( _
"winmgmts:{impersonationLevel=impersonate}!//" _
& sComputerName & "/root/cimv2").ExecQuery( _
"Select Name, SID from Win32_UserAccount WHERE Domain = '" _
& sComputerName & "'")

On Error Resume Next
For Each oUserAccount In oUserAccounts
If Left(oUserAccount.SID, 9) = "S-1-5-21-" And _
Right(oUserAccount.SID, 4) = "-500" Then
GetAdministratorName = oUserAccount.Name
Exit For
End if
Next
End Function

'--------------------8<----------------------
 
T

Torgeir Bakken \(MVP\)

Carey said:
To automatically rename the administrator account, access
the security options using the Group Policy snap-in, expand
Local Policies, and then select Security Options. Right-click
Accounts: Rename The Administrator Account and then click
Properties. Type in the new name you wish to use for the
Administrator account and click OK.
Click to expand...
Hi

I would think this is what the OP have tried, but found that it does
not support the use of environment variables (to let the administrator
name contain the computer name).
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

What really is Computername/IUSR_Computername? 1
Get Computername for a Specific User 2
Very strange admin account rename issue 3
administrator account locked out? 11
Cannot change computername on W2K PC connecting to W2K Server 5
Local Group Policy 6
Accessing the administrator account? 3
Rename or Not to rename the Local Admin username...... 2

Top