This blog post uses the Accounts configuration service provider (CSP), to create a local user account on Windows 10 devices. This area was added in Windows 10, version 1803.
This weeks blog post is a follow up on last weeks post about creating a local user account via Windows 10 MDM. This week is also about the Accounts CSP, but this this time I’ll use the Accounts CSP for renaming a Windows 10 device. This can be useful with maintaining a specific naming convention. I’ll show the available nodes, I’ll show how to configure them and I’ll end this post by showing the end-user experience. Also, I’m pretty sure this will be possible via Windows AutoPilot at some point in time, but, even then, this can be useful for existing devices.
Like last week, let’s start by having a look at the tree of the Accounts CSP. That enables everybody to use this post without switching between this post and my previous post.
The Accounts CSP contains nodes for renaming a computer account and for the creation of a user account. To get a better understanding of the different nodes, it’s good to walk through the available nodes. Specifically those related to the device name, as those are the subject of this post. Let’s go through those related nodes.
- .Device/Vendor/MSFT/Account – Defines the root node for the Accounts CSP;
- Domain – Defines the interior node for the domain account information;
- ComputerName – Defines the name of the device.
There is basically only one configurable node related to the naming of the device. The ComputerName node. The ComputerName node can be any string within the standard requirements for a device name. Besides that, it also allows a couple of macros. The table below provides an overview of them.
|%RAND: <# of digits>%||
This macro can be used to generate a random number with the specified number of digits, as part of the device name.
This macro can be used to set the serial number of the device, as part of the device name.
Note: The random number macro can create pretty bizarre behavior when targeted at devices (or users). It will keep on renaming the device. In that case make sure to use a Dynamic Device group filtered on disaplayName (for example filtered on Starts With DESKTOP). That will prevent constant renaming of the devices, as the devices will eventually loose the membership of the group.
Now let’s continue by having a look at the configuration to rename a device. In other words, create a device configuration profile with the previously mentioned custom OMA-URI setting. The following three steps walk through the creation of that device configuration profile. After that simply assign the created profile to a device group.
|1||Open the Azure portal and navigate to Intune > Device configuration > Profiles;|
|2||On the Devices configuration – Profiles blade, click Create profile to open the Create profile blade;|
On the Create profile blade, provide the following information and click Create;
On the Custom OMA-URI Settings blade, provide the following information and click Add to open the Add row blade. On the Add row blade, provide the following information and click OK (and click OK in the Custom OMA-URI blade);
Note: At some point in time this configuration will probably become available in the Azure portal without the requirement of creating a custom OMA-URI.
Let’s end this post by having a quick look at the end-user experience. There is not that much to be shown, besides the actual device name. However, it’s good to see that it automatically generates a name within the restrictions of a device name. Below on the right is a screenshot of the serial number of the device and below on the left is a screenshot of the generated device name. It contains the specified prefix with the added serial number. When the serial number is too long, it will use the maximum number of characters that are allowed for a device name. It uses the characters starting from the back.
Note: The reporting in the Azure portal still provides me with a remediation failed error message, while the actual rename of the device was a success.
For more information about the Accounts CSP, refer to this article named Accounts CSP.
32 thoughts on “Rename a device via Windows 10 MDM”
Have tested this without much luck so far. The PC’s are renamed in Intune and AzureAD and show the new name in the company portal, but not locally – cmd->hostname shows the original name.
Intune shows Remediation Failed also for the configuration item.
Looks like I just needed to reboot for it to take effect 🙂
It’s all in the details, Ryan 😉
A PC just needs a restart to make a computername change effective. Even when managed by Intune.
Thanks for sharing this Peter, very helpful. I have two questions:
I suppose there is the risk that the random number macro may create a duplicate computer name, right?
We use multiple naming conventions based on location of the device. I tried assigning different custom profiles to different user groups, but reading your article I may risk continues computer name changes this way. Would there be another way of assigning the profile to a dynamic group and identify specific computers in a group? Unfortunately we can’t use the OU attribute as we’re have a cloud-only environment.
Theoretically, yes. Why not using the serial number in the name?
Note: You need to leave the trailing ‘;’ off the OMA-URI path above for this to work.
Correct. I always use that at the end of every line in a bullet list.
Thanks Peter, indeed I’m using the serial number now (like you suggested in your reply). Although it is easier to remember 001 or 024 as number (rather than longer serials) thus distinguish computer names. But hey.. this one works :-).
Shame though that Intune is still giving a deployment error despite a correct name change.
Give it time John 🙂
Thanks Peter, i used the dynamic device group, this filters fine, but the policy is not applied to the devices. They are all failing. Has anyone tried applying this policy (%Rand:6%) to a dynamic device group with success ?
Yes, Misho. I’ve used that variant. The UI would always show an error as result, but the actual result was always successful.
Hey Peter, do you know if there is a variable to rename the device to %username%_%Serialnumber% instead of CLDCLN%SERIAL%?
Can Intune resolve the variable %username%?
No. At this moment only the %SERIAL% and %RAND% variables are available.
I’m using the serial number variable and always receive a remediation failure. Because we have targeted all those settings to users we cannot exclude devices. Ha you made similar experiences?
Yeah, I’ve got the same experience about the remediation failure. There is a note regarding that below the user experience.
We use this configuration to rename the corporate devices (Autopilot). It works but after the configuration (renaming device) has been applied and the device name has changed, a dublicate compliance policy of each compliance policy is visible (one for the system account and one for the user).
Are you having the same experience?
What do you mean with a duplicate compliance policy?
Also, keep in mind that this configuration is now also available within an AutoPilot deployment profile.
Thanks for the post. Works great however I do get the error you mentioned. Did you have any update on the Remediation Failed for the configuration item in Intune?
No, but do keep in mind that you can now also use Windows AutoPilot for setting a naming standard.
It “fails” because it doesn’t restart after. So when it checks for the name, the name is still technically the old name. Reboots would need to be done after it gets to the machine. Won’t do it on its own. That said, this is helpful still since the current renaming method has a limit of 100 at a time. We are using this to change the device name of specific models so thank you for this gem.
Thank you for the information Falcon!
when doing this as part of autopilot it works but gives an error saying the parameter is incorrect when trying to reboot and auto-login
Also keep in mind that you can use the computer name template when using Windows Autopilot (starting with Windows 10, version 1809).
Every time i try that, the security trust between the computer and the on prem AD gets lost.
So not working for me here.
I use the intune task rename computer, in computer management i can see the computer gets renamed on the next reboot.
The new name appears in AAD, but never in the ON PREM AD..
Even though it’s not documented, it sounds like this CSP only works for Azure AD joined devices.
Kenneth, I am seeing the same thing. I can rename a device through intune, however, once I do that, it does not get renamed in the on prem AD, so the device can no longer talk to the domain.