I am looking for a way in my GPO setting to rename the admin account to
the Hostname_adm. I have tried to add the %computername%_adm in the
GPO, but it does not take the name of the server, it only renames the
admin account to %computername%_adm. Does anybody know an easy way to
do this? How can I get the admin account to effectively change and be
unique to the server using GPOs in my AD environment?
Hi
You could do it in a computer startup script (with a GPO) that runs
as part of the boot up process (before the user logs in). It runs
under the system context and has admin rights.
This script should do the job:
'--------------------8<----------------------
'
' Description: Script that renames the builtin administrator
' account to %computername%_adm
'
' Should work against remote domain computers as well
' as long as current user have administrator rights on it.
' (you just need to adjust the sComputerName definition)
'
' Author: Torgeir Bakken
' Date: 2004-12-10
'
Set oWshNet = CreateObject("WScript.Network")
' get computer name for local computer
sComputerName = oWshNet.ComputerName
' If you want to run the script against a remote computer,
' disable the line above and enable the line below
'sComputerName = "SomeComputer"
' obtain current administrator name regardless of name
sOldUser = GetAdministratorName(sComputerName)
' new user name
sNewUser = sComputerName & "_adm"
If sNewUser <> sOldUser Then
Set oComputer = GetObject("WinNT://" & sComputerName)
' Turn off internal error handling
On Error Resume Next
' connect to user object
Set oUser = GetObject("WinNT://" & sComputerName & "/" _
& sOldUser & ",user")
' rename user
Set oNewUser = oComputer.MoveHere(oUser.ADsPath, sNewUser)
On Error Goto 0
End If
Function GetAdministratorName(sComputerName)
Dim sUserSID, oWshNetwork, oUserAccount
Set oUserAccounts = GetObject( _
"winmgmts:{impersonationLevel=impersonate}!//" _
& sComputerName & "/root/cimv2").ExecQuery( _
"Select Name, SID from Win32_UserAccount WHERE Domain = '" _
& sComputerName & "'")
On Error Resume Next
For Each oUserAccount In oUserAccounts
If Left(oUserAccount.SID, 9) = "S-1-5-21-" And _
Right(oUserAccount.SID, 4) = "-500" Then
GetAdministratorName = oUserAccount.Name
Exit For
End if
Next
End Function
'--------------------8<----------------------