Re: How to change the SID on a Windows XP, Windows 2000, or Windows NT computer...


Deji Akomolafe wrote:
> Replying to the subject since I can't follow what you are asking in the
> body:
>
> get newsid.exe from sysinternals.com. It's very effective and trusty.
>
> --




What difference does it make. Just don't change the SID. It doesn't
hurt anything to have the same SID on multiple machines. That's just a
lie from microsoft.









> Sincerely,
> Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
> Microsoft MVP - Directory Services
> www.readymaids.com - we know IT
> www.akomolafe.com
> Do you now realize that Today is the Tomorrow you were worried about
> Yesterday? -anon
> "-|Tree=Bonz|-" <nospam@xxxxxxxxxxx> wrote in message
> news:pan.2005.09.13.00.49.01.267785@-|Tree=Bonz|-...
> > How to change the SID on a Windows XP, Windows 2000, or Windows NT
> > computer
> >
> > Situation:
> > You are copying a Windows XP, Windows 2000, or Windows NT computer to
> > another computer, and you want to know how to change the Security
> > Identifier (SID) afterward.
> >
> > Solution:
> > Need to change the SID
> > When you clone a Windows NT/2000/XP installation to many computers, the
> > destination computers have the same SID and computer name as the source
> > Windows installation. Because Windows NT/2000/XP networks use each
> > computer's SID and computer name to uniquely identify the computer on the
> > network, you must change the SID and computer name on each destination
> > (client) computer after cloning.
> >
> > Overview of ways to change the SID after cloning
> >
> > * Ghost Walker
> > Ghost Walker is a Ghost utility included in the corporate Ghost
> > versions and Norton Ghost 2003. Ghost Walker is a DOS program that allows
> > you to change the SID and computer name at each client computer after
> > cloning, that is, before restarting the computer into Windows.
> > * Ghost Console
> > The option SID Change is available on the Task you create in Ghost
> > Console. When you use this option, Ghost remotely runs Ghost Walker at
> > each client computer. That is, Ghost does not require that you visit each
> > client computer to change the SID.
> > * Microsoft's System Preparation Tool (SysPrep)
> > Microsoft provides the SysPrep utility for preparing a source
> > computer before creating an image of that computer. SysPrep allows you to
> > change the SID, computer name, and other configuration information. When
> > used on a Windows 2000/XP installation, SysPrep also prompts the client
> > computers to rebuild their Plug and Play driver database.
> > * Third party utilities
> >
> >
> >
> > Problems with changing SIDs
> > When the SID changer cannot locate and change all of the files that it
> > needs to change, some applications or Windows features may not work on the
> > destination computer.
> >
> > Example of need to remove features before creating an image file
> > For instance, Windows 2000 NTFS File Encryption and Windows NT and Windows
> > 2000 Protected Storage use a SID as a unique token. When you change the
> > SID, Windows can no longer access encrypted files or Protected Storage
> > media. To prevent the problem, these features must be removed before
> > creating the image file.
> >
> > Test the image file before rolling it out
> > For these reasons we advise that you prepare for mass rollouts or upgrades
> > by first testing the image file on the various computer environments that
> > you will rollout the image to, including testing the applications after
> > cloning to a new computer.
> >
> > Which SID changer to use
> > Each method for changing the SID has its own advantages and disadvantages.
> > Use the SID changer recommended for the operating system being cloned.:
> >
> > Note: Because Microsoft support varies depending upon the operating
> > system, method of cloning, and method of changing the SID, refer to the
> > Microsoft document Do Not Disk Duplicate Installed Versions of Windows
> > (Article ID 162001) for more detailed information.
> >
> > * Windows 2000 or Windows XP installation: Use Microsoft's System
> > Preparation (SysPrep) tool.
> >
> > Although Ghost Walker successfully changes the SID on Windows 2000/XP
> > computers, Microsoft's System Preparation (SysPrep) tool changes the SID
> > and prompts Windows 2000/XP to rebuild its Plug-and-Play driver database.
> >
> > Alternatively, instead of using SysPrep for all configuration
> > changes, you can use SysPrep to rebuild the driver database and use Ghost
> > to change the SID and computer name. Here are the general steps:
> > 1. Disable the SysPrep feature that changes the SID.
> > 2. Run SysPrep at the source Windows 2000 computer immediately
> > before cloning.
> > 3. Use Ghost to create an image file of the source computer.
> > 4. Check the SID Change option on the Task that you create in
> > Ghost Console.
> > 5. Run the Task to rollout the image.
> > * Windows NT installation: Use Ghost Walker or the SID Change option in
> > Ghost Console.
> >
> > Because Ghost Walker is more thorough than SysPrep at changing all
> > instances of the SID, and Windows NT does not have a Plug and Play driver
> > database for the Windows NT SysPrep utility to rebuild, Ghost Walker is a
> > better choice for changing the SID and computer name on Windows NT
> > installations.
> > * Other Windows installations, such as Windows 95/98/Me: Use Ghost
> > Walker or the SID Change option in Ghost Console. Use the SID Change
> > option when running a Task in Ghost Enterprise Console and use Ghost
> > Walker when cloning with Ghost Multicast Server.
> >
> > If you use a third party SID changer, make sure that the SID changer
> > changes all instances of the old SID where the SID is used to control
> > access to files, registry settings, and so on. If the SID changer does not
> > update old instances of the SID, some application programs may not work.
> > In addition, Windows will no longer recognize the security settings,
> > resulting in either no access to selected system resources or global
> > access to system resources, increasing security risks on the system.
> >
> >
> > Ghost Walker
> > Run Ghstwalk.exe at the target computer after you write the disk or
> > partition image to the computer. Ghost Walker changes the SID for all user
> > profiles on the computer to a statistically-unique, randomly-generated
> > value. Because both Ghost.exe and Ghost Walker run in DOS, changing the
> > SID with Ghost Walker does not require an additional restart.
> >
> > Number of characters in the new name
> > The new name must contain the same number of characters as the computer
> > name of the source computer. Ghost Walker can change the computer name on
> > all supported Windows operating systems.
> >
> > Available in these Ghost versions
> >
> > * Symantec Ghost 7.0
> > * Symantec Ghost 7.5
> > * Symantec Ghost 8.x
> > * Norton Ghost 2003
> >
> >
> > SID Change option on Ghost Console
> > This option is available in all Ghost versions that include the feature
> > Ghost Console.
> >
> > Use this option
> >
> > * For cloning Windows NT installations when you want Ghost to remotely
> > change the SID on the client computers. To change the SID automatically,
> > check the "SID Change" option on the Clone tab in the Task. To change
> > other configuration items, check the Configuration option on the General
> > tab in the Task, and then choose an option in the Configuration tab.
> > * If you decide to use the SID Change option for cloning a Windows
> > 2000/XP installation, use either the SysPrep option that changes the SID
> > or the Ghost Console SID Change option, but not both options.
> >
> >
> > SysPrep
> > Although Ghost successfully changes the SID on Windows 2000/XP computers,
> > Microsoft's System Preparation (SysPrep) tool changes the SID and prompts
> > Windows 2000/XP to rebuild its Plug-and-Play driver database.
> > Advantages to using SysPrep
> >
> > * Rebuilding the driver database is a significant advantage because the
> > rebuild decreases the amount of user intervention required at the client
> > computers when the source computer and client computers do not have
> > exactly the same hardware.
> > * It invokes the Windows 2000/XP Setup Wizard, which is normally only
> > seen during installation. The Wizard enables you to enter details
> > regarding new users, licensing information, and other identification
> > information.
> > * It allows you to install different drivers for the hard disk
> > controller on the first startup after cloning. When the client computer
> > requires different hard drive controller drivers than the source computer,
> > the new drivers are loaded before the Plug and Play detection begins.
> > * It can be configured to have Windows 2000/XP to rebuild its
> > Plug-and-Play driver database on the first startup after cloning. The
> > rebuild process removes drivers for devices that are not on the client
> > computer and adds Windows drivers for devices that are on the client
> > computer but were not on the source computer.
> > * It supports most of the unattended installation parameters, including
> > computer name, domain, and network settings. These parameters are
> > command-line arguments for the Windows installation command.
> > * It can be configured to run automatically, without having to visit
> > the client computers.
> >
> >
> > No Symantec technical support for SysPrep
> > Symantec does not provide technical support for SysPrep. SysPrep is
> > written, maintained, and supported by Microsoft.
> >
> > To use SysPrep
> > See the document How to use SysPrep with Ghost. Note that SysPrep requires
> > an additional restart after cloning.
> >
> >
> > Technical Information:
> > SIDs, workgroups, and domains
> > For more information on why you must change the SID for workgroups and
> > domains, see the section "Security identifier (SID) for workstations
> > participating in a domain" in the document Introduction to cloning a
> > Windows NT, Windows 2000, or Windows XP computer.
> > SIDs and security
> > Many programs, including Windows itself, base security features on the SID
> > and the computer name.
> > The parts the SID changer needs to change
> > When the SID changer cannot locate and change all instances of the SID and
> > computer name, or locate and change proprietary calculated values that are
> > based on the SID and computer name, some applications or Windows features
> > may not work on the destination computer after changing the SID.
> >
> >
> >
> > References:
> > GhostWalker
> > Introduction to Ghost Walker
> > How to run Ghost Walker from a command line.
> >
> > Cloning Windows servers
> > Cloning a Windows NT or Windows 2000/2003 Server
> >
> > Separator
> > Translations of this Document:
> > Given the time needed to translate documents into other languages, the
> > translated versions of this document may vary in content if the English
> > document was updated with new information during the translation process.
> > The English document always contains the most up-to-date information.

.

Relevant Pages