Change hostname (computer name) for > 100 nt 4 workstations

How can I change hostname (computer name) for >100 nt 4 workstations, where the user is not administrator. And I do not want to travel to each of them.

My idea goes on something in the login script:
1. Add user to local administrator group (this one have to be done by an administrator, could i use SU.EXE, and what are the commandlines for this?)
2. Add computer name to server manager at server (almost done, but need some help)
3. Change user computer name at ws. via a scriptit script (I have done this one)
4. Remove user from local administrator group (I have done this one too)


-Dennis Siggaard (ICQ 41577345)
Dennis_SiggaardAsked:
Who is Participating?
 
aho2Connect With a Mentor Commented:
Dennis,

read the file called su.txt to get all the command switches.

run an su while running the command remote /c and remote /s (client server)

create an app in vb or C++ that will make the changes in the registry.

Of course you will need to have someone at the other end to run the "remote /s \\Server yourid" command.

You then close su and then close the remote shell instance.

I beleive that this should be fairly painless.

Hope this helps.

aho.
0
 
Tim HolmanCommented:
Don't ever add a user to ANY administrator group !
You could get into all sorts of predicaments !

Something like SMS / WinInstall would do this for you.

You need to change the registry key :
HKLM\CurrentControlSet\......\activecomputername
(Hostname is the same thing as computername under NT)
I suppose you could use a remote shell as the command needs to be run locally.
(ie regedit /s hostname.reg, where the .reg file contains this registry key and appropriate hostname).

Then change it via srvmgr to update the SAM.
0
 
jhanceCommented:
I'll just 2nd tim_holman's warning NOT to add the users to your administrative group.  If security is an issue (and it must be since you have the workstations locked down) you are playing with dynamite.

The problem is that NT goes out of its way to prevent users from gaining access to privileges they are not authorized for.  There is a way, however, that involves a program that calls LogonUser and then CreateProcessAsUser to run the application in the context of a privileged account.  Two security issues with this approach:

1) You must have an account name and password embedded in the application.  The danger here can be minimized by creating an authorized administrative account that is enabled only for a specific time interval while you are deploying the script.  After that time, you disable it.

2) The user accounts must have SE_TCB_NAME (Act as part of the operating system) privilege.  While this one can be used for exploits, it's far less dangerous than the entire administrator set of privs.

A year ago or so I developed an application that did the above for a client who had to change some of the network properties for 140,000 workstations.  Most (about 120,000) were Win95 boxes which present no security problems at all.  The last 20,000 were NT.  The above technique worked and solved the problem.  The "window of vulnerability" if you want was only a few days and the administrator at the site closed off SE_TCB_NAME privs for each user as their computer logged on to the network and was forced to run the app via the logon script.
0
 
Dennis_SiggaardAuthor Commented:
Here is my idea:

First you should know that i have developed two programs. One which runs at server, and is listening for a client to tell it what to to.
And one which calls the server program with some parameters.

examples client \\servername create_hostname_in_server_manager.bat %USERNAME%321

i have then created a create_hostname_in_server_manager.bat at the server. which will be run at the server. the bat file contains following:
net computer \\%1 /add

net localgroup administrators
   // this tells me who is local admin
   // here i can read if user is local
   // admin
if not give him local admin rights
client \\server add_user_to_local_admin.bat %COMPUTERNAME% %USERNAME
goto END

if local admin rights
call scriptit script which change computername
net localgroup Administrators %USERDOMAIN%\%USERNAME% /DELETE
  // removes the user from local admin


add_user_to_local_admin.bat contains:
soon \\%1 500 cmd /c "net localgroup Administrators DONAIN\%2" /ADD


0
All Courses

From novice to tech pro — start learning today.