+ Post New Thread
Results 1 to 13 of 13
Windows Thread, Changing WinXP SIDs in Technical; We all know that you must change your XP client's SID when it has been imaged. But... hypothetically speaking... what ...
  1. #1

    Join Date
    Nov 2006
    Location
    Lancashire
    Posts
    95
    Thank Post
    34
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Changing WinXP SIDs

    We all know that you must change your XP client's SID when it has been imaged.

    But... hypothetically speaking... what would happen if you cloned, let's say, a suite of computers and didn't change any of the SIDs - just Workstation name and IP address?

    Just hypothetically, mind!

  2. #2
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,185
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    If you then joined them to the domain you should be ok but if they were in a workgroup then you would have problems as all of the local admin accounts would have the same SID in fact any account created on any of the machines would have the same SID.

  3. #3
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,790
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    117
    Quote Originally Posted by cookie_monster View Post
    If you then joined them to the domain you should be ok but if they were in a workgroup then you would have problems as all of the local admin accounts would have the same SID in fact any account created on any of the machines would have the same SID.
    IIRC (hypothetically :P) One example is that Sophos will not recognise more than one workstation and as a result won't deploy remotely.

  4. #4
    Kyle's Avatar
    Join Date
    Jan 2006
    Posts
    969
    Thank Post
    91
    Thanked 14 Times in 13 Posts
    Rep Power
    20
    What about duplicate GUID's?

    I have over 20 computers that all have the same GUID. The event viewver on the Remote Installation server is moaning about it all the while.

  5. #5
    AustenLowe
    Guest
    LOL Don't be lazy use newsid or sysprep

  6. #6
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,185
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    Oh yeh and WSUS doesn't recognese more that one PC either.

    As stated above always use sysprep or newsid.

  7. #7
    ICT_GUY's Avatar
    Join Date
    Feb 2007
    Location
    Weymouth
    Posts
    2,261
    Thank Post
    646
    Thanked 283 Times in 204 Posts
    Rep Power
    103
    My brother in law does this a lot, and no matter how much I tell him to use sysprep he just keeps on deploying those images.

    I'm just waiting for it to bite him in the bum.

  8. #8
    Oops_my_bad's Avatar
    Join Date
    Jan 2007
    Location
    Man chest hair
    Posts
    1,738
    Thank Post
    438
    Thanked 53 Times in 50 Posts
    Rep Power
    29
    We just use ghost here - but we image whilst it's disjoined. So in theory when you jpin the domain after imaging the SID should always be different?

  9. #9

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,499
    Thank Post
    1,185
    Thanked 745 Times in 647 Posts
    Rep Power
    228
    Quote Originally Posted by TeddyKGB View Post
    We just use ghost here - but we image whilst it's disjoined. So in theory when you jpin the domain after imaging the SID should always be different?
    Joining a domain doesn't give your computer a new SID, if that's what you mean. You should use newsid to set a new SID for the computer before joining the domain.

    --
    David Hicks

  10. #10
    Oops_my_bad's Avatar
    Join Date
    Jan 2007
    Location
    Man chest hair
    Posts
    1,738
    Thank Post
    438
    Thanked 53 Times in 50 Posts
    Rep Power
    29
    Oh well. That's potentially a 1000+ clients with the same SID then

    But that said, our AV, WSUS, ADUC works properly

  11. #11
    mortstar's Avatar
    Join Date
    Jan 2007
    Location
    Oxford
    Posts
    341
    Thank Post
    12
    Thanked 29 Times in 18 Posts
    Rep Power
    20
    Quote Originally Posted by ICT_GUY View Post
    My brother...does this a lot, and no matter how much I tell him to use sysprep he just keeps on deploying those images.

    I'm just waiting for it to bite him in the bum.
    ....This sounds familiar park_bench...

    As mentioned above, matching SIDs mean that WSUS doesn't recognise each computer. They do get the updates intended - just no information on which updated correctly etc. etc.

    Not sure which antivirus you use but it may cause problems with that. Here it's McAfee with ePO for central management. Each machine is given an "Agent ID" independently by the Agent installer - so this key has to be deleted before the image is taken.

    Just get NewSID from Sysinternals to assign a new SID apres-image if sysprep is a no-no, like it is on a bunch of 5 year old PCs here with OEM versions of XP on them - that buggers up imaging.
    Last edited by mortstar; 18th January 2008 at 02:02 PM.

  12. Thanks to mortstar from:

    park_bench (24th January 2008)

  13. #12

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,941
    Thank Post
    232
    Thanked 1,512 Times in 1,206 Posts
    Rep Power
    328
    The symptoms of WSUS (when multiple machines share the same SID) is that they appear then disappear in turn within the console! But they do receive updates still.

    I could imagine it would create problems with some AV software, but I think the reason Active Directory works ok, is because the computer object account itself is also given a unique SID.
    Last edited by Michael; 18th January 2008 at 05:24 PM.

  14. #13

    Join Date
    Nov 2006
    Location
    Lancashire
    Posts
    95
    Thank Post
    34
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Thanks everyone.

    I asked this question for a friend y'know, so, I'll let him know what you've said!


SHARE:
+ Post New Thread

Similar Threads

  1. WINXP Logon Times (IE Branding =S)
    By BKGarry in forum Windows
    Replies: 8
    Last Post: 18th May 2010, 03:31 PM
  2. Replies: 7
    Last Post: 20th December 2007, 03:45 PM
  3. Changing From II6 > Apache
    By FN-GM in forum Web Development
    Replies: 6
    Last Post: 2nd December 2007, 01:00 AM
  4. Lost WinXp User's rights
    By jcryan1 in forum Windows
    Replies: 1
    Last Post: 2nd July 2007, 08:41 PM
  5. How to tell WinXP from W2000
    By SimpleSi in forum Windows
    Replies: 3
    Last Post: 19th September 2006, 12:43 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •