Windows Thread, Changing WinXP SIDs in Technical; We all know that you must change your XP client's SID when it has been imaged.
But... hypothetically speaking... what ...
16th January 2008, 11:49 AM #1
- Rep Power
Changing WinXP SIDs
We all know that you must change your XP client's SID when it has been imaged.
But... hypothetically speaking... what would happen if you cloned, let's say, a suite of computers and didn't change any of the SIDs - just Workstation name and IP address?
Just hypothetically, mind!
16th January 2008, 11:56 AM #2
If you then joined them to the domain you should be ok but if they were in a workgroup then you would have problems as all of the local admin accounts would have the same SID in fact any account created on any of the machines would have the same SID.
16th January 2008, 12:20 PM #3
IIRC (hypothetically :P) One example is that Sophos will not recognise more than one workstation and as a result won't deploy remotely.
Originally Posted by cookie_monster
16th January 2008, 12:49 PM #4
What about duplicate GUID's?
I have over 20 computers that all have the same GUID. The event viewver on the Remote Installation server is moaning about it all the while.
16th January 2008, 12:52 PM #5
LOL Don't be lazy use newsid or sysprep
16th January 2008, 12:59 PM #6
Oh yeh and WSUS doesn't recognese more that one PC either.
As stated above always use sysprep or newsid.
16th January 2008, 12:59 PM #7
My brother in law does this a lot, and no matter how much I tell him to use sysprep he just keeps on deploying those images.
I'm just waiting for it to bite him in the bum.
16th January 2008, 02:03 PM #8
We just use ghost here - but we image whilst it's disjoined. So in theory when you jpin the domain after imaging the SID should always be different?
16th January 2008, 06:39 PM #9
Joining a domain doesn't give your computer a new SID, if that's what you mean. You should use newsid to set a new SID for the computer before joining the domain.
Originally Posted by TeddyKGB
16th January 2008, 09:55 PM #10
Oh well. That's potentially a 1000+ clients with the same SID then
But that said, our AV, WSUS, ADUC works properly
18th January 2008, 03:00 PM #11
....This sounds familiar park_bench...
Originally Posted by ICT_GUY
As mentioned above, matching SIDs mean that WSUS doesn't recognise each computer. They do get the updates intended - just no information on which updated correctly etc. etc.
Not sure which antivirus you use but it may cause problems with that. Here it's McAfee with ePO for central management. Each machine is given an "Agent ID" independently by the Agent installer - so this key has to be deleted before the image is taken.
Just get NewSID from Sysinternals to assign a new SID apres-image if sysprep is a no-no, like it is on a bunch of 5 year old PCs here with OEM versions of XP on them - that buggers up imaging.
Last edited by mortstar; 18th January 2008 at 03:02 PM.
Thanks to mortstar from:
park_bench (24th January 2008)
18th January 2008, 06:21 PM #12
The symptoms of WSUS (when multiple machines share the same SID) is that they appear then disappear in turn within the console! But they do receive updates still.
I could imagine it would create problems with some AV software, but I think the reason Active Directory works ok, is because the computer object account itself is also given a unique SID.
Last edited by Michael; 18th January 2008 at 06:24 PM.
24th January 2008, 10:35 AM #13
By BKGarry in forum Windows
Last Post: 18th May 2010, 04:31 PM
By djstylus in forum Windows
Last Post: 20th December 2007, 04:45 PM
By FN-GM in forum Web Development
Last Post: 2nd December 2007, 02:00 AM
By jcryan1 in forum Windows
Last Post: 2nd July 2007, 09:41 PM
By SimpleSi in forum Windows
Last Post: 19th September 2006, 01:43 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)