3 Replies Latest reply on Apr 16, 2010 4:05 PM by Bill Robinson

    setting server properties during provisioning

    Matt Kreger

      We use the property Server/ADMIN_ACCOUNT for mapping users to the local admin user on Windows systems.  When a server is joined to the domain, a group policy renames the local administrator account from Administrator to something else.  Let's say Admin2 for the purposes of this question.  So in the property dictionary we have the default value for ADMIN_ACCOUNT set to Admin2 so that we don't have to set it explicitly for each server.


      Worked like a charm until we started to tackle provisioning.  When we're provisioning, we're not joining the domain (can't for reasons I won't go into here).  Is there a way to populate the Server/ADMIN_ACCOUNT property during the provisioning process so it is set to Administrator?  If I can figure that out, I guess I'll work on how to change it to Admin2 when it joins the domain.

        • 1. Re: setting server properties during provisioning

          I'll be watching this ticket for a final answer as our issues match up nearly exactly with the described issues above.  We also use a server property and cannot join the domain at the time of provisioning for security issues.


          However, since there was no reply, I'll put in a high level over view of how we worked around this issue.


          At the time of provisioning, the OS installs and uses Administrator by default.  Due to this, our Server Property is an enumarated string whose default is "Administrator".


          Later on, when we run the post-provisioning batch job, I have another batch job embedded that has two member jobs.  The member jobs:

          1. Use Group Policy to rename Administrator to Admin2
          2. Run an NSH Script job that updates the Server Property to the Admin2 value.


          It was necessary to group these two member jobs into a single batch job because we'd lose connectivity to the targer server between steps 1 and 2 if there were run as seperate jobs.


          Hope this helps!

          1 of 1 people found this helpful
          • 2. Re: setting server properties during provisioning
            Matt Kreger

            Thanks.  Very helpful.  So you are manually applying the group policy to rename the administrator account?  We haven't gotten that far yet.  We're plowing through a whole bunch of other issues related to provisioning in a secure manner.  So far we have done as you have and changed the default to Administrator. Our current plan is:

            PXE boot into PE

            redirect output of ipconfig to a file on the provisioning server

            provision the server with dhcp (small scope with ACLs limiting access to BL app/provisioning servers)

            kick off a batch job that first parses the ipconfig output and adds a line to the app servers hosts file then does all the post provisioning steps.


            Then we'll have to write a job that re-ips the host, strips the entry out of the app server hosts file, and forces the app server to do a name cache clear or somthing....

            • 3. Re: setting server properties during provisioning
              Bill Robinson

              You could add a line in the post install section of the system package like:


              Echo BLAdmins:* rw,map=Administrator > C:\windows\rsc\users.local


              You might be able to parameterize that a bit if your role is different


              Then create a package that runs the domain add (net dom I think?) and in that package add a line to do:

              Echo BLAdmins:* rw,map=??TARGET.ADMIN_ACCOUNT > C:\windows\rsc\users.local


              To set it to the new admin name.