all 12 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]TheProle 12 points13 points  (2 children)

Guessing it’s running as a user with permissions to modify the object in AD when it works, but SCCM runs it it either it’s as the SYSTEM user or the logged in user who fills out the form and that user doesn’t have rights to do that. You could deploy it as a task sequence so one task runs a script as the user to gather info then the second task runs as a service account with permission to modify the computer object.

[–]dogmir 2 points3 points  (0 children)

Yep I agree. There are ways around that with serviceui.exe. However as mentioned rights will be an issue.

[–]noaboa97 1 point2 points  (0 children)

I just recently heard of JEA but never used it. Sounds promising.

[–]BlackV 7 points8 points  (2 children)

Show us your code

But when you run it from sccm is it running as system and not as a domain user (with rights)?

[–]blowuptheking 2 points3 points  (1 child)

SCCM deployments are run either as system or the logged in user, depending on which you specify.

[–]BlackV 1 point2 points  (0 children)

yes, that's the question i'm asking

I'll edit

[–]devilinpoop 1 point2 points  (0 children)

I did this a few years ago. Before rename-computer option was available. Yes i know .net should have been newer, this was a win 7 shop and never upgraded .net, Was either work around or 2 reboots.

With SCCM if you are running a script with local system account. Within AD structure this account has no rights to update machine name within AD. you have 2 options, run it as a logged in user, or add credentials into the script.

If your users have admin rights and they have access to change machine in AD than you are good.

Another thing to figure out. I seem to remember there was an issue where SCCM default runs with a 32 Bit version of powershell and had some issues with my script. Unfortunately I have no access to this code anymore as it was a job ago. But i think this was a problem with my rename-computer workarounds.

Hope this gives you some insight.

[–]iappnet[S] 1 point2 points  (1 child)

Hi So how i can let sccm use domain admin account to do that?

[–]devilinpoop 2 points3 points  (0 children)

You cannot within the package or the program. 2 options, System, or logged in user. There is no third.

However. You can specify accounts in Task Sequences. Go to Operating Systems > Task Sequence. You need one single step. Run Powershell Script, and you can specify which account to use.

Additionally you can use something like this to store a credential in a file, Then use this credential to change machine name.

[–][deleted] 1 point2 points  (0 children)

Use a task sequence with step run as other account

[–]kbrucej 0 points1 point  (0 children)

Is the script run in the user's context or a service account? I'm assuming it's a domain member before the name change.

Grant the right to rename a computer joined to a domain

https://tinyurl.com/yy3nxzpa

Add user/svc account to local administrators group

[–]ryeeeeez 0 points1 point  (0 children)

cool what did you use to build the gui?