Please help to study on this issue. Thank you very much.
NewSID v4.10 statement of the SID Duplication Problem
The problem with cloning is that it is only supported by Microsoft in a very
limited sense. Microsoft has stated that cloning systems is only supported
if it is done before the GUI portion of Windows Setup has been reached. When
the install reaches this point the computer is assigned a name and a unique
computer SID. If a system is cloned after this step the cloned machines will
all have identical computer SIDs. Note that just changing the computer name
or adding the computer to a different domain does not change the computer
SID. Changing the name or domain only changes the domain SID if the computer
was previously associated with a domain.
To understand the problem that cloning can cause, it is first necessary to
understand how individual local accounts on a computer are assigned SIDs.
The SIDs of local accounts consist of the computer's SID and an appended RID
(Relative Identifier). The RID starts at a fixed value, and is increased by
one for each account created. This means that the second account on one
computer, for example, will be given the same RID as the second account on a
clone. The result is that both accounts have the same SID.
Duplicate SIDs aren't an issue in a Domain-based environment since domain
accounts have SID's based on the Domain SID. But, according to Microsoft
Knowledge Base article Q162001, "Do Not Disk Duplicate Installed Versions of
Windows NT", in a Workgroup environment security is based on local account
SIDs. Thus, if two computers have users with the same SID, the Workgroup
will not be able to distinguish between the users. All resources, including
files and Registry keys, that one user has access to, the other will as
well.
Another instance where duplicate SIDs can cause problems is where there is
removable media formated with NTFS, and local account security attributes
are applied to files and directories. If such a media is moved to a
different computer that has the same SID, then local accounts that otherwise
would not be able to access the files might be able to if their account IDs
happened to match those in the security attributes. This is not be possible
if computers have different SIDs.
An article Mark has written, entitled "NT Rollout Options", was published in
the June issue of Windows NT Magazine. It discusses the duplicate SID issue
in more detail, and presents Microsoft's official stance on cloning. To see
if you have a duplicate SID issue on your network, use PsGetSid to display
machine SIDs.
| Dear All,
|
| Please help to study on this issue. Thank you very much.
|
| NewSID v4.10 statement of the SID Duplication Problem
|
| The problem with cloning is that it is only supported by Microsoft in a very
| limited sense. Microsoft has stated that cloning systems is only supported
| if it is done before the GUI portion of Windows Setup has been reached. When
| the install reaches this point the computer is assigned a name and a unique
| computer SID. If a system is cloned after this step the cloned machines will
| all have identical computer SIDs. Note that just changing the computer name
| or adding the computer to a different domain does not change the computer
| SID. Changing the name or domain only changes the domain SID if the computer
| was previously associated with a domain.
|
| To understand the problem that cloning can cause, it is first necessary to
| understand how individual local accounts on a computer are assigned SIDs.
| The SIDs of local accounts consist of the computer's SID and an appended RID
| (Relative Identifier). The RID starts at a fixed value, and is increased by
| one for each account created. This means that the second account on one
| computer, for example, will be given the same RID as the second account on a
| clone. The result is that both accounts have the same SID.
|
| Duplicate SIDs aren't an issue in a Domain-based environment since domain
| accounts have SID's based on the Domain SID. But, according to Microsoft
| Knowledge Base article Q162001, "Do Not Disk Duplicate Installed Versions of
| Windows NT", in a Workgroup environment security is based on local account
| SIDs. Thus, if two computers have users with the same SID, the Workgroup
| will not be able to distinguish between the users. All resources, including
| files and Registry keys, that one user has access to, the other will as
| well.
|
| Another instance where duplicate SIDs can cause problems is where there is
| removable media formated with NTFS, and local account security attributes
| are applied to files and directories. If such a media is moved to a
| different computer that has the same SID, then local accounts that otherwise
| would not be able to access the files might be able to if their account IDs
| happened to match those in the security attributes. This is not be possible
| if computers have different SIDs.
|
| An article Mark has written, entitled "NT Rollout Options", was published in
| the June issue of Windows NT Magazine. It discusses the duplicate SID issue
| in more detail, and presents Microsoft's official stance on cloning. To see
| if you have a duplicate SID issue on your network, use PsGetSid to display
| machine SIDs.
|
| Source:
|
| http://www.microsoft.com/technet/sys...ty/NewSid.mspx
|
| But Microsoft has a policy about the disk duplicate of Windows XP.
|
| The Microsoft policy concerning disk duplication of Windows XP
| installations
|
| http://support.microsoft.com/default...b;EN-US;314828
|
And when you run Sysprep and the PC shuts down the SIDs are stripped. The PC is the imaged
with such software as Symantec Ghost. When that image is restored a Mini-Setup wizard
executes and news SIDs are created.
Thank you for your reply. My question is Microsoft is or is not support the
NewSID for disk cloning.Also, Microsoft is or is not recommand to use NewSID
instead of use sysprep for disk cloning.
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:Ou%23QT%23urHHA.4992@TK2MSFTNGP05.phx.gbl...
> From: "KC2006" <billyfungtech2006@yahoo.com.hk>
>
> | Dear All,
> |
> | Please help to study on this issue. Thank you very much.
> |
> | NewSID v4.10 statement of the SID Duplication Problem
> |
> | The problem with cloning is that it is only supported by Microsoft in a
> very
> | limited sense. Microsoft has stated that cloning systems is only
> supported
> | if it is done before the GUI portion of Windows Setup has been reached.
> When
> | the install reaches this point the computer is assigned a name and a
> unique
> | computer SID. If a system is cloned after this step the cloned machines
> will
> | all have identical computer SIDs. Note that just changing the computer
> name
> | or adding the computer to a different domain does not change the
> computer
> | SID. Changing the name or domain only changes the domain SID if the
> computer
> | was previously associated with a domain.
> |
> | To understand the problem that cloning can cause, it is first necessary
> to
> | understand how individual local accounts on a computer are assigned
> SIDs.
> | The SIDs of local accounts consist of the computer's SID and an appended
> RID
> | (Relative Identifier). The RID starts at a fixed value, and is increased
> by
> | one for each account created. This means that the second account on one
> | computer, for example, will be given the same RID as the second account
> on a
> | clone. The result is that both accounts have the same SID.
> |
> | Duplicate SIDs aren't an issue in a Domain-based environment since
> domain
> | accounts have SID's based on the Domain SID. But, according to Microsoft
> | Knowledge Base article Q162001, "Do Not Disk Duplicate Installed
> Versions of
> | Windows NT", in a Workgroup environment security is based on local
> account
> | SIDs. Thus, if two computers have users with the same SID, the Workgroup
> | will not be able to distinguish between the users. All resources,
> including
> | files and Registry keys, that one user has access to, the other will as
> | well.
> |
> | Another instance where duplicate SIDs can cause problems is where there
> is
> | removable media formated with NTFS, and local account security
> attributes
> | are applied to files and directories. If such a media is moved to a
> | different computer that has the same SID, then local accounts that
> otherwise
> | would not be able to access the files might be able to if their account
> IDs
> | happened to match those in the security attributes. This is not be
> possible
> | if computers have different SIDs.
> |
> | An article Mark has written, entitled "NT Rollout Options", was
> published in
> | the June issue of Windows NT Magazine. It discusses the duplicate SID
> issue
> | in more detail, and presents Microsoft's official stance on cloning. To
> see
> | if you have a duplicate SID issue on your network, use PsGetSid to
> display
> | machine SIDs.
> |
> | Source:
> |
> | http://www.microsoft.com/technet/sys...ty/NewSid.mspx
> |
> | But Microsoft has a policy about the disk duplicate of Windows XP.
> |
> | The Microsoft policy concerning disk duplication of Windows XP
> | installations
> |
> | http://support.microsoft.com/default...b;EN-US;314828
> |
>
> And when you run Sysprep and the PC shuts down the SIDs are stripped. The
> PC is the imaged
> with such software as Symantec Ghost. When that image is restored a
> Mini-Setup wizard
> executes and news SIDs are created.
>
> What's the problem ?
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
What do you care if they do? David answered well, since what he says is
essentially similar to an install from scratch.
--
The next version of Windows? Windows piñata
Piñatas are made from easily breakable materials. a bright container
surrounded by blindfolded children breaking the
piñata in order to collect the candy inside of it.
NewSID and Sysprep problem 
Linear Mode
