Windows Thread, New sid numptie question in Technical; Right daft question time - if running newsid on workstations and rejoining the domain solves with my current sophos problems.
3rd March 2011, 08:34 PM #1
New sid numptie question
Right daft question time - if running newsid on workstations and rejoining the domain solves with my current sophos problems.
Will running newsid and rejoining the domain on staff laptops with local profiles affect any software or the local profiles. (don't want to incurr the wrath of teachers)
Also is there an equilalent for windows 7?
IDG Tech News
3rd March 2011, 08:40 PM #2
Rejoining to the domain would make it redeploy any centrally deployed stuff again but should be fine.
You should use sysprep with 7 as it causes isues if you don't (with wsus, kms etc.). I'm guessing the av uss the sid in its db. You may be able to do the same fix by removing the pc from the central av console and reinstalling the client av to rejoin it with a new record in the db.
3rd March 2011, 08:44 PM #3
From what I've been told, you don't need to use new Sid at all especially with win7 it will break it...
Joining the domain gives the computer a unique Id and should not affect any other computer...
We dropped newsid from our post ghost procedures in the latter part of 2010 and we have been working fine without it at all
3rd March 2011, 08:46 PM #4
Just out of interest what issues are you having with sophos?
3rd March 2011, 09:01 PM #5
Changing the SID would force all MSIs you deploy to be re-deployed (I think that's what Synack was saying).
You will also need to re-deploy Sophos from the console or using a script, as changing the SID will break it on workstations. Re-installing it should work fine however.
3rd March 2011, 09:34 PM #6
Thanks everyone! The sophos problem is that sophos keeps trying to install savxp.msi and failing, it installs fine initially but next day going into a continuous reinstalling loop.
We had a new DC last week, demoted the old one with console 3.1 on, installed console 4.5 from scratch on the new. Endoints appeared straightaway and can be protected but then it all goes pear shaped.
I took a laptop off the domain, renamed it and rejoined it, but it went straight back into it's original OU and then failed with sophos. So I did the same today with a workstation but used newsid, will know soon enough if it's solved the sophos issue.
I also still have the old server running so will turn it off tomorrow to see if that helps.
I'm not going to image the workstations - just wondering if they need a new identity.
4th March 2011, 01:02 AM #7
Sounds like AD could be prestaging, if you drop the domain by joining it to a workgroup, go into ad and delete the disabled computer account then rejoin the client it should forget its previous location in AD.
4th March 2011, 08:32 AM #8
Microsoft have never supported or recommended using NewSID (even on older operating systems) because it breaks things: http://www.migee.com/2010/09/21/the-...f-newsid-4-10/
Originally Posted by sister_annex
Although it doesn't matter if cloned machines have the same SID, you should still run SysPrep beforehand.
Originally Posted by sister_annex
4th March 2011, 10:02 AM #9
Syspreped or not I didn't have a problem with sophos console 3 on my old server. The old server is still running I'm loathe to turn it off as with all this faffing about with sophos I haven't double checked I've got all I need off it and it's only accessible through remote desktop as the logon screen has disappeared! If I physically turn it off I have a feeling it won't start again!
So going to just take the network cable out and see if that makes a difference with sophos, is there anything I need to do make sure there are no dns connections to the old server other than maybe ipconfig renew/release?
4th March 2011, 01:42 PM #10
Are you sure it's not a script which is trying to re-install Sophos each time rather than a SID issue? If it was a SID issue, I would of thought you'd have same/similar problems when you deployed from Sophos 3.1.
4th March 2011, 04:05 PM #11
The only script I've got is the old disable end of life script, now changed it to 00000000.
By leco in forum Windows Server 2008
Last Post: 20th August 2010, 08:58 AM
By Phil-Dyer in forum Windows
Last Post: 8th July 2010, 02:17 PM
Last Post: 23rd January 2009, 02:28 PM
By adamf in forum Windows
Last Post: 19th June 2008, 04:51 PM
By jrubinstein in forum How do you do....it?
Last Post: 22nd June 2007, 10:40 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)