Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
newsid.exe
- Thread starter robmazco
- Start date
SID duplication is not important in a domain-based environment (as pointed out in the article). Each user has a unique SID from their domain account and doesn't rely on the local PC's SID. In a workgroup environment, however, it is extremely important that each PC has its own unique SID.
~cdogg
"Insanity: doing the same thing over and over again and expecting different results." - Einstein
[tab][navy]For posting policies, click [/navy]here.
~cdogg
"Insanity: doing the same thing over and over again and expecting different results." - Einstein
[tab][navy]For posting policies, click [/navy]here.
LawnBoy
MIS
- Mar 12, 2003
- 2,881
Even in a workgroup scenario we didn't have trouble with the duplicate SIDs until we started using client software that used it as an identifier. Many management packages do, the ones that bit us were McAfee's ePO and MS's WSUS server.
The big issue in workgroup situations is that share permissions are predicated on the SID, and could be duplicated to the wrong user. Baaaad for security.
This wasn't a problem for us because we didn't use windows shares.
--
The stagehand's axiom: "Never lift what you can drag, never drag what you can roll, never roll what you can leave.
The big issue in workgroup situations is that share permissions are predicated on the SID, and could be duplicated to the wrong user. Baaaad for security.
This wasn't a problem for us because we didn't use windows shares.
--
The stagehand's axiom: "Never lift what you can drag, never drag what you can roll, never roll what you can leave.
- Thread starter
- #5
mmm interesting Lawn, cause this is coming from a possible bugaboo with WSUS. Reason being is System Center Essentials has about a dozen machines that almost always come up with Not yet connected. They are ghosted so the SIDs maybe the bugaboo.
Maybe I need to regenerate a SID on 1 machine to test.
Maybe I need to regenerate a SID on 1 machine to test.
LawnBoy
MIS
- Mar 12, 2003
- 2,881
What was happening to us is that different machines would report in as each other. I.E. pc1 would report in and be in the list, but pc2 was not. Then pc2 would report in and be in the list but pc1 would not. Whoever reported last would be the only one in the list (which makes sense if you think about it).
But Hah, gotcha! Generating a new SID won't fix the problem with WSUS. WSUS generates it's own ID based on the SID. Here's the full proceedure I gave to the service desk:
1. Run newsid.exe, allow the pc to reboot.
2. Using regedit, delete the following registry keys:
HKLM\Software\Microsoft\Windows\Current Version\Windows Update\SusClientId
HKLM\Software\Microsoft\Windows\Current Version\Windows Update\SusClientIdValidation
3. Stop then restart the Automatic Updates service on the pc.
4. From a command prompt, enter the following:
wuauclt.exe /resetauthorization /detectnow
The client should report in to WSUS within 10 - 20 minutes.
Deleting those registry keys forces the WSUS client to generate a new ID.
hth.
--
The stagehand's axiom: "Never lift what you can drag, never drag what you can roll, never roll what you can leave.
But Hah, gotcha! Generating a new SID won't fix the problem with WSUS. WSUS generates it's own ID based on the SID. Here's the full proceedure I gave to the service desk:
1. Run newsid.exe, allow the pc to reboot.
2. Using regedit, delete the following registry keys:
HKLM\Software\Microsoft\Windows\Current Version\Windows Update\SusClientId
HKLM\Software\Microsoft\Windows\Current Version\Windows Update\SusClientIdValidation
3. Stop then restart the Automatic Updates service on the pc.
4. From a command prompt, enter the following:
wuauclt.exe /resetauthorization /detectnow
The client should report in to WSUS within 10 - 20 minutes.
Deleting those registry keys forces the WSUS client to generate a new ID.
hth.
--
The stagehand's axiom: "Never lift what you can drag, never drag what you can roll, never roll what you can leave.
- Thread starter
- #7
My troubles are identical to Lawnboy.
While I have quite a few, Im testing on 2 pcs that I know were ghosted together. pc1 would show up and pc2 was Not yet connected. Then some time later, they would switch places.
So far on pc1 I followed his steps above, which I already had -
Ran newsid.exe
ran this bat file:
@echo off
This batch file will do the following:
Echo 1. Stop the wuauserv service
Echo 2. Delete the AccountDomainSid registry key (if it exists)
Echo 3. Delete the PingID registry key (if it exists)
Echo 4. Delete the SusClientId registry key (if it exists)
Echo 5. Restart the wuauserv service
Echo 6. Resets the Authorization Cookie
Pause
@echo on
net stop wuauserv
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
net start wuauserv
wuauclt /resetauthorization /detectnow
Pause
On other pc I just ran the bat file because the SID shoudl surely be different than pc 1 after running newsid on it.
SO far both are now connected. Will need to follow up later today to see how they do.
While I have quite a few, Im testing on 2 pcs that I know were ghosted together. pc1 would show up and pc2 was Not yet connected. Then some time later, they would switch places.
So far on pc1 I followed his steps above, which I already had -
Ran newsid.exe
ran this bat file:
@echo off
This batch file will do the following:
Echo 1. Stop the wuauserv service
Echo 2. Delete the AccountDomainSid registry key (if it exists)
Echo 3. Delete the PingID registry key (if it exists)
Echo 4. Delete the SusClientId registry key (if it exists)
Echo 5. Restart the wuauserv service
Echo 6. Resets the Authorization Cookie
Pause
@echo on
net stop wuauserv
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
net start wuauserv
wuauclt /resetauthorization /detectnow
Pause
On other pc I just ran the bat file because the SID shoudl surely be different than pc 1 after running newsid on it.
SO far both are now connected. Will need to follow up later today to see how they do.
- Thread starter
- #8
- Thread starter
- #10
- Status