Duplicate Computer SIDs on a Network, is it OK?

I have always been trained that it is essential that every computer on your network MUST have a unique SID (Computer Security Identifier). In today’s world of re-imaging computers, changing the SID is always the first step taken. I have a post that discusses using NewSID to easily change the SID on a server.  More info on Using NewSID.

I just came across an interesting blog post by Mark Russinovich,  The Machine SID Duplication Myth, that basically states that duplicate SIDs on a network isn’t as big of an issue as it is thought to be.

Mark states in his blog:

“I realize that the news that it’s okay to have duplicate machine SIDs comes as a surprise to many, especially since changing SIDs on imaged systems has been a fundamental principle of image deployment since Windows NT’s inception. This blog post debunks the myth with facts by first describing the machine SID, explaining how Windows uses SIDs, and then showing that – with one exception – Windows never exposes a machine SID outside its computer, proving that it’s okay to have systems with the same machine SID. Note that Sysprep resets other machine-specific state that, if duplicated, can cause problems for certain applications like Windows Server Update Services (WSUS), so MIcrosoft’s support policy will still require cloned systems to be made unique with Sysprep.”

His information has given me something to research into.  Making sure every computer has a unique SID has always been a frustration in the hardware imaging process.  There are many variable to consider.

Tell me what you think and what you feel should be considered in having duplicate SIDs on a network.

Leave a Reply

Your email address will not be published. Required fields are marked *


*

Subscribe without commenting