Lately I’ve been working on our Server 2008 R2 vSphere 4.1 template and ran into an interesting issue. During the template build process we rename the Administrator and Guest accounts, to comply with best practices. However, after vCenter executed the customization specification the accounts got reset back to Administrator and Guest. Well that’s no good since it violates our security policies. I wanted to find an automated solution, and I did.
During the SYSPREP process Windows can call a script called setupcomplete.cmd which is located in %WINDIR%SetupScripts. So I added two lines to my existing script:
wmic useraccount where name=”Administrator” call rename name=”NewAdmin”
wmic useraccount where name=”Guest” call rename name=”NewGuest”
Since this gets called at the very end of the sysprep process, it renames the accounts just before Windows reboots. This should work on Windows 7, and very likely previous generation operating systems.