Saturday, September 8, 2012

The Machine SID Duplication Myth (and Why Sysprep Matters) by Mark Russinovich

On November 3 2009, Sysinternals retired NewSID, a utility that changes a computers machine Security Identifier (machine SID). I wrote NewSID in 1997 (its original name was NTSID) because the only tool available at the time for changing machine SIDs was the Microsoft Sysprep tool, and Sysprep doesn’t support changing the SIDs of computers that have applications installed. A machine SID is a unique identifier generated by Windows Setup that Windows uses as the basis for the SIDs for administrator-defined local accounts and groups. After a user logs on to a system, they are represented by their account and group SIDs with respect to object authorization (permissions checks). If two machines have the same machine SID, then accounts or groups on those systems might have the same SID. It’s therefore obvious that having multiple computers with the same machine SID on a network poses a security risk, right? At least that’s been the conventional wisdom. Read more

The Microsoft policy for disk duplication of Windows installations:

When you deploy a duplicated or imaged Windows installation, it is required that the System Preparation (Sysprep) tool is used before the capture of the image. Sysprep prepares an installation of Microsoft Windows for duplication, auditing, and customer delivery. For Microsoft Windows 2000, Windows XP, and Windows Server 2003, Sysprep is included with the latest service pack For later versions of Windows, Sysprep is included with the operating system, and Sysprep is located in the following folder:


Read more

No comments: