Introduction
Now that I am working full-time as an IT specialist, it allows me to deal more with the issues one may not often have to deal with in regular home- and small business settings.
This is one such issue.
Lately I have been tasked with changing the names of incorrectly named computers in the active directory domain. There are quite a few specialists working at the main office and regional field offices, and sometimes the names get messed up or people don’t really get the nomenclatures.
Now, changing names would be easy—if it wasn’t mired by things like software that’s licensed based on the computer’s names and the encryption. I’m not saying that encryption is bad; it can help secure the data against those who do not have the time (or expertise) to crack the password or decrypt the hard drive in some other way. It might mess with the database used to keep track of tokens—and credentials—for the users in the organization and the registered computers.
The encryption software I am currently dealing with is McAfee Endpoint Encryption, version 5.2.4. (I hear it was formerly known as SafeBoot). I am not sure if our current installation is linked to active directory (something tells me that no, it’s not), but in any rate, I was not sure how the McAfee Endpoint Encryption (we’ll call it EEPC from here) behaves when the computer name it’s installed on is changed.
I’m not going to go on about how EEPC works; for that, go and chase down a white paper or something.
Problem
What I needed to do here was twofold:
- Find out what happens when name of the computer that EEPC was installed in is changed
- Any special procedures for those who may have to end up doing the same thing
Solution
Unfortunately, I couldn’t really find any information regarding this matter. So I decided to take the matters to my own hands.
To find out, I set up a testing computer with a name that I could easily remember. I set it up like I would a normal computer for the employee use:
- Windows XP SP3 (we’re currently rolling out Windows 7 for new computers)
- Office 2010
- Symantec Endpoint Protection 12
- Lotus Notes 7
- McAfee Endpoint Encryption 5.2.4
After computer was set up and encryption was running, I made sure it worked by forcing a synchronization from the server side. It worked pretty well, like it normally should.
From there I deviated from the norm and changed the computer name. I turned on the active directory management console to see the change; it was recognized by the server pretty quickly—that was a good sign.
As for the encryption, it appears that the encryption record-keeping is done via a separate token. Furthermore, once the token’s created, it would not change the names of the computers on its own database even after the computer name was changed on the active directory side. So, theoretically, you can change the names of all the computers from the database side and the encryption from the client side will continue to work fine, complete with periodic synchronization.
So, my findings: 1) when AD name is changed, absolutely nothing changes from the McAfee side, and 2) you really should change the name of the computer from the EEPC management console if you want to avoid confusion later on. Otherwise if you need to modify the token from the server side to change the settings or delete the token, you might have a hard time to do so when you don’t remember the computer’s old name.
TL,DR;
Nothing happens when you change the computer on active directory that’s also on McAfee Endpoint Encryption. Go ahead and change the name—just remember to also change the name on the McAfee server as well.
Beyond RTFM 