+ Post New Thread
Results 1 to 11 of 11
Windows Thread, New sid numptie question in Technical; Right daft question time - if running newsid on workstations and rejoining the domain solves with my current sophos problems. ...
  1. #1
    chrbb's Avatar
    Join Date
    Oct 2005
    Location
    Midlands
    Posts
    1,509
    Thank Post
    141
    Thanked 67 Times in 62 Posts
    Rep Power
    47

    New sid numptie question

    Right daft question time - if running newsid on workstations and rejoining the domain solves with my current sophos problems.

    Will running newsid and rejoining the domain on staff laptops with local profiles affect any software or the local profiles. (don't want to incurr the wrath of teachers)

    Also is there an equilalent for windows 7?

  2. #2

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    Rejoining to the domain would make it redeploy any centrally deployed stuff again but should be fine.

    You should use sysprep with 7 as it causes isues if you don't (with wsus, kms etc.). I'm guessing the av uss the sid in its db. You may be able to do the same fix by removing the pc from the central av console and reinstalling the client av to rejoin it with a new record in the db.

  3. #3
    sister_annex's Avatar
    Join Date
    Jan 2009
    Location
    Wolverhampton
    Posts
    616
    Thank Post
    103
    Thanked 144 Times in 125 Posts
    Rep Power
    52
    From what I've been told, you don't need to use new Sid at all especially with win7 it will break it...

    Joining the domain gives the computer a unique Id and should not affect any other computer...

    We dropped newsid from our post ghost procedures in the latter part of 2010 and we have been working fine without it at all

    HTH

  4. #4
    sister_annex's Avatar
    Join Date
    Jan 2009
    Location
    Wolverhampton
    Posts
    616
    Thank Post
    103
    Thanked 144 Times in 125 Posts
    Rep Power
    52
    Just out of interest what issues are you having with sophos?

  5. #5

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,345
    Thank Post
    242
    Thanked 1,602 Times in 1,278 Posts
    Rep Power
    346
    Changing the SID would force all MSIs you deploy to be re-deployed (I think that's what Synack was saying).

    You will also need to re-deploy Sophos from the console or using a script, as changing the SID will break it on workstations. Re-installing it should work fine however.

  6. #6
    chrbb's Avatar
    Join Date
    Oct 2005
    Location
    Midlands
    Posts
    1,509
    Thank Post
    141
    Thanked 67 Times in 62 Posts
    Rep Power
    47
    Thanks everyone! The sophos problem is that sophos keeps trying to install savxp.msi and failing, it installs fine initially but next day going into a continuous reinstalling loop.
    We had a new DC last week, demoted the old one with console 3.1 on, installed console 4.5 from scratch on the new. Endoints appeared straightaway and can be protected but then it all goes pear shaped.
    I took a laptop off the domain, renamed it and rejoined it, but it went straight back into it's original OU and then failed with sophos. So I did the same today with a workstation but used newsid, will know soon enough if it's solved the sophos issue.
    I also still have the old server running so will turn it off tomorrow to see if that helps.

    I'm not going to image the workstations - just wondering if they need a new identity.

  7. #7

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    Sounds like AD could be prestaging, if you drop the domain by joining it to a workgroup, go into ad and delete the disabled computer account then rejoin the client it should forget its previous location in AD.

  8. #8


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,791
    Thank Post
    262
    Thanked 2,963 Times in 2,178 Posts
    Rep Power
    846
    Quote Originally Posted by sister_annex View Post
    From what I've been told, you don't need to use NewSID at all especially with win7 it will break it...
    Microsoft have never supported or recommended using NewSID (even on older operating systems) because it breaks things: http://www.migee.com/2010/09/21/the-...f-newsid-4-10/

    Quote Originally Posted by sister_annex View Post
    Joining the domain gives the computer a unique Id and should not affect any other computer...
    Although it doesn't matter if cloned machines have the same SID, you should still run SysPrep beforehand.

  9. #9
    chrbb's Avatar
    Join Date
    Oct 2005
    Location
    Midlands
    Posts
    1,509
    Thank Post
    141
    Thanked 67 Times in 62 Posts
    Rep Power
    47
    Syspreped or not I didn't have a problem with sophos console 3 on my old server. The old server is still running I'm loathe to turn it off as with all this faffing about with sophos I haven't double checked I've got all I need off it and it's only accessible through remote desktop as the logon screen has disappeared! If I physically turn it off I have a feeling it won't start again!
    So going to just take the network cable out and see if that makes a difference with sophos, is there anything I need to do make sure there are no dns connections to the old server other than maybe ipconfig renew/release?

  10. #10

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,345
    Thank Post
    242
    Thanked 1,602 Times in 1,278 Posts
    Rep Power
    346
    Are you sure it's not a script which is trying to re-install Sophos each time rather than a SID issue? If it was a SID issue, I would of thought you'd have same/similar problems when you deployed from Sophos 3.1.

  11. #11
    chrbb's Avatar
    Join Date
    Oct 2005
    Location
    Midlands
    Posts
    1,509
    Thank Post
    141
    Thanked 67 Times in 62 Posts
    Rep Power
    47
    The only script I've got is the old disable end of life script, now changed it to 00000000.



SHARE:
+ Post New Thread

Similar Threads

  1. Change SID
    By leco in forum Windows Server 2008
    Replies: 7
    Last Post: 20th August 2010, 08:58 AM
  2. SID Changing on Dual boot machines
    By Phil-Dyer in forum Windows
    Replies: 5
    Last Post: 8th July 2010, 02:17 PM
  3. Scripting new SID for PCs
    By mark in forum Windows
    Replies: 26
    Last Post: 23rd January 2009, 02:28 PM
  4. SID Migration W2k3 -> W2k3
    By adamf in forum Windows
    Replies: 3
    Last Post: 19th June 2008, 04:51 PM
  5. Win32 SID path - linking sims to AD
    By jrubinstein in forum How do you do....it?
    Replies: 2
    Last Post: 22nd June 2007, 10:40 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •