SID's

Hi

Does renaming a client give it a new SID

In my current contract we rename clients while they are still joined to the domain and this works fine

In my recent jobs I have always disjoined it from the domain then renamed it then joined it back again

So does renaming a client regardless on domain or not give it a new SID

Thanks

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

gorebrush

A SID should never change, therefore renaming it should be no problem

Lee H

What I am trying to find out is if you need a SID changer for every imaged client

Sysprep, NEWSID to name just 2, but what if you dont use one

You have flat install of XP, before you join to domain you take an image, then you deploy image to 5 machines, then rename each machine differently and join to domain

Will each machine have a different SID

dynamik

Lee H wrote: »

What I am trying to find out is if you need a SID changer for every imaged client

Yes, you do. Otherwise, you're going to run into all kinds of obscure problems that are going to be very difficult to resolve.

tiersten

You should go to each deployed clone machine and change the SID.

hypnotoad

Lee H wrote: »

What I am trying to find out is if you need a SID changer for every imaged client

Sysprep, NEWSID to name just 2, but what if you dont use one

You have flat install of XP, before you join to domain you take an image, then you deploy image to 5 machines, then rename each machine differently and join to domain

Will each machine have a different SID

No, each machines will have the same SID...and things will go crazy. Pretty much anything that can break will...from windows updates to file sharing permissions.

rwwest7

hypnotoad wrote: »

No, each machines will have the same SID...and things will go crazy. Pretty much anything that can break will...from windows updates to file sharing permissions.

IF you're using workgroups this will happen. If you're using a domain, then when the computer is joined to the domain an new sid is generated for the computer account in the domain. I've heard otherwise, but I have about 2,000 computers on my domain, most of which have been imaged with Ghost, and I have not once ran newsid or sysprep.

dynamik

Was sysprep run before the image was made though? You don't need to do it every time after you deploy an image.

down77

Sounds like a good time to check for duplicate SIDS

HOW TO: Find and Clean Up Duplicate Security Identifiers with Ntdsutil in Windows Server 2003

royal

NewSID is not supported in production by Microsoft. You need to ensure that your images are Sysprepped so each image obtains unique information once deployed. SID is just one of the things Sysprep does.

Hyper-Me

If you are imaging computers for production and arent sysprepping them and regenerating SID's then you arent doing your job.

There is no excuse for not doing this, as micrsoft expressly states that this is only the right way to prepare an image.

We have countless techs at work that dont do it and I have to constantly get on to them.

Hyper-Me

Yes! more undeserved neg rep.

Fools.

tiersten

Or not...

blargoe

royal wrote: »

NewSID is not supported in production by Microsoft. You need to ensure that your images are Sysprepped so each image obtains unique information once deployed. SID is just one of the things Sysprep does.

This...

tiersten

blargoe wrote: »

This...

Except that from further research by Microsoft, a duplicate SID doesn't actually do anything bad. You don't actually need to regenerate the SID for a machine and sysprep will stop doing it in the future.

dynamik

I've had two DCs with identical SIDs (just copied the VM), and I experienced all kinds of problems. It might have been a coincidence, but the situation went away after I remedied that. Maybe something else got changed in the process. I can't remember exactly how I went about it. I was pulling my hair out for awhile though...

tiersten

dynamik wrote: »

I've had two DCs with identical SIDs (just copied the VM), and I experienced all kinds of problems. It might have been a coincidence, but the situation went away after I remedied that. Maybe something else got changed in the process. I can't remember exactly how I went about it. I was pulling my hair out for awhile though...

Yeah. Domain SIDs are special. Go read the article :P

dynamik

tiersten wrote: »

Yeah. Domain SIDs are special. Go read the article :P

What's with the attitude dude? You're acting like I'm an MCSE and MCITP. Oh, wait...

tiersten

dynamik wrote: »

What's with the attitude dude?

Bring it on! Outside! Now!

dynamik wrote: »

You're acting like I'm an MCSE and MCITP. Oh, wait...

We've all been indoctrinated that duplicate SIDs are always bad and that you must always use SysPrep/NewSID otherwise the world will explode in a ball of burning Windows PCs. If the SysInternals/Microsoft guy is correct then we've been mostly worrying about nothing.

Lee H

sysprep all the way that's my opinion so maybe that's why I haven't had any of the problems with duplicate machine sids. I simply questioned the need for using it if you happen to be imaging without sysprep and if it would still work. people say they have issues but MS say it doesn't matter. am more curious now than I was before this thread. lol

blargoe

tiersten wrote: »

Except that from further research by Microsoft, a duplicate SID doesn't actually do anything bad. You don't actually need to regenerate the SID for a machine and sysprep will stop doing it in the future.

Was referring to the "other" that royal was talking about, not the sid generation. There's other generalization and cleanup that happens during a sysprep other than just changing the sid.

Why would everyone be so against doing something that's been a long established best practice?

tiersten

blargoe wrote: »

Was referring to the "other" that royal was talking about, not the sid generation. There's other generalization and cleanup that happens during a sysprep other than just changing the sid.

Why would everyone be so against doing something that's been a long established best practice?

Ah yeah. I'm just talking about SIDs themselves. Not the rest of the stuff that sysprep does which you obviously should be doing.