Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SID Generation 1

Status
Not open for further replies.
enisad

enisad

IS-IT--Management
Nov 30, 2003
26
in windows XP Prof, is the SID generated once you change the computer name and joining the domain or by default the SID that was generated on the install stays permanent until you use a to0l (SID, sysprep) to change it?
 
Sort by date Sort by votes
Sorry my English is not that good but i assuming that but latter you mean the SID is permanent untill you use a tool to change it(it is not done thur computer name change and joining the Domain).
 
Upvote 0 Downvote
You can always "cheat" the SID by simply using a Ghostwalker boot disk. This allows you to change the SID, computer name and a few other cool things.

It comes with the Symantec Ghost packager; but I'm sure you can find it somewhere since it fits on a floppy.
 
Upvote 0 Downvote
thanks for the info (i will sure try it) but is my assumption right?
 
Upvote 0 Downvote
You are correct... to an extent. For example: I recently installed 180 Dell GX260 footprints. I built one machine, and created a Ghost image and blew the image out to the wrks in groups of 10. I never had a SID issue with Windows 2000.

SID's are more finicky on NT4 boxes.
 
Upvote 0 Downvote
The problem with cloning is that it is only supported by Microsoft in a very limited sense. Microsoft has stated that cloning systems is only supported if it is done before the GUI portion of Windows Setup has been reached. When the install reaches this point the computer is assigned a name and a unique computer SID. If a system is cloned after this step the cloned machines will all have identical computer SIDs. Note that just changing the computer name or adding the computer to a different domain does not change the computer SID. Changing the name or domain only changes the domain SID if the computer was previously associated with a domain.

Duplicate SIDs aren't an issue in a Domain-based environment since domain accounts have SID's based on the Domain SID. But, according to Microsoft Knowledge Base article Q162001, "Do Not Disk Duplicate Installed Versions of Windows NT", in a Workgroup environment security is based on local account SIDs. Thus, if two computers have users with the same SID, the Workgroup will not be able to distinguish between the users. All resources, including files and Registry keys, that one user has access to, the other will as well.

Soource: sysinternals.com

An excellent freeware utility to change SID's is the Sysinternals NewSid utility:
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

basball
  • Locked
  • Question
GPO or Registry mod to remove File and Folders Task (Common Tasks Side Bar)
Replies
1
Views
110
strongm
strongm
dan2229
  • Locked
  • Question
Running MalWare Bytes along side other antivirus programs
Replies
3
Views
83
goombawaho
goombawaho
Goshawk943
  • Locked
  • Question
Sidekick 2 and Windows 7
Replies
2
Views
44
Goshawk943
Goshawk943
2ffat
  • Locked
  • News
Sidebar and Gadgets Security Advisory
Replies
0
Views
41
2ffat
2ffat
LMichel
  • Locked
  • Question
Vista Sysprep SID change
Replies
0
Views
29
LMichel
LMichel

Part and Inventory Search

Sponsor

Back
Top