Solved

Change of SID using "GHSTWALKER.EXE" results in loss of access to all previously saved profiles

Posted on 2006-06-23
13
936 Views
Last Modified: 2012-06-22
This is a serious problem which needs solving as soon as possible.  I really need help.

I have used "ghstwalker" many times to change SID numbers on my Win2000 PCs without any problems, by booting from a dos floppy.

Now we have 10 new Fujitsu Siemens laptops with XP pro, no floppy disk.

I have installed a Volume licence XP pro again, joined the domain, created both local and domain profiles, then taken the laptop out of the domain back to a Workgroup, taken an image and rolled it out to the other 9 laptops.  I then change the names on the laptops.  Everything works well.  The 3 local profiles work well.

Then I change the SID number by using ULTIMATE BOOT CD 3.4 to run GHSTWALK.EXE over the network from a network share on my workstation. Remember I have no floppy disk station.  GHSTWALK.exe runs exactly as it should.  

But when I reboot and try to run one of the 3 local profiles: Administrator, Home, or Child, the following completely new profiles are created:
Administrator.laptopname
Home.laptopname
Child.laptopname

The original 3 local profile folders under Documents and Settings are still there but cannot be run:

Administrator
Home
Child

Under the USER ACCOUNTS applet in the Control Panel, all 3 local accounts are present.

However under the USER PROFILE applet (right click My computer, Properties, Advanced, User Profiles) both the HOME and CHILD profiles have vanished and there are 2 identical administrator profiles.

Clearly this is a SID issue.

To make things even more confusing, 2 laptops rebooted successfully after the SID change and I had full access to my profiles, no duplicates were created, I rejoined the domain.  They are now finished and ready for use.

WHY DO THE OTHERS NOT WORK?

IMPORTANT POINT: The first time I changed the SID on the 1st clone, I had exactly the same problem, so I rolled out the same image again to the laptop. It would not even boot up, so I sent the same image again a 3rd time, changed the SID and everything worked fine.  This is one of my 2 working laptops.

I am using BARTS PE cd to create and roll out images using Ghost32.exe.  The conventional Symantec Ghost boot CDs have never worked on these laptops, hence BARTS PE cd.

Help please!
0
Comment
Question by:Alistair7
  • 7
  • 6
13 Comments
 
LVL 38

Expert Comment

by:younghv
ID: 16967412
Hi Alistair,
Unless you are in an NT Domain, you do not need to change the SID from a Ghost image.
The act of adding the box to the domain will do that for you.

Just load your image and add the box to the Domain - the SID will be created at that time.

Good Luck,
Vic
0
 

Author Comment

by:Alistair7
ID: 16967665
It's a Windows 2003 active directory domain.
0
 

Author Comment

by:Alistair7
ID: 16967801
Any comments Vic?
0
 
LVL 38

Expert Comment

by:younghv
ID: 16967827
Sorry for the delay - I left home and drove over to the base.

AD has removed a lot of the old SID problems that existed with NT.
If you skip the whole SID process you're doing and just add the boxes to your AD Domain, I think you will see that your boxes are up, running, and authenticating with your DC's.

Try it on a couple of boxes and let me know.

I'll check back in later.
Vic
0
 

Author Comment

by:Alistair7
ID: 16968179
Thanks for your comments Vic. Although I must admit I'm feeling somewhat speechless at the moment.  I've only being doing this IT work now for 5 years so I'm not very experienced.  But everything I have heard and read til now has told me that I must change the SID numbers before joining a 2003 active directory domain by using either GHOST WALKER or SYSPREP.

I suppose it wouldn't hurt to try.  I can't forsee any negative consequences.  But I would rather like to have confirmation of this from another source as well if possible.

????
0
 
LVL 38

Expert Comment

by:younghv
ID: 16968241
Understood.
We didn't stand up our first AD Domain until about 3 years ago.
All of us 'Old-Timers' had a real hard time with many of the changes.
I will try to find you a specific reference regarding SID and AD.
The neat thing is that XP and AD tend to be a whole bunch smarter than the old systems - and that is a GOOD thing.
Back later.
Vic
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:Alistair7
ID: 16968339
Thanks a lot.  I'm holding my breath!!
0
 
LVL 38

Accepted Solution

by:
younghv earned 500 total points
ID: 16968400
Alistair,

One of my favorite web-sites: http://www.sysinternals.com/Utilities/NewSid.html

"Duplicate SIDs aren't an issue in a Domain-based environment since domain accounts have SID's based on the Domain SID."

If you do want to force a change in SID - their "newSID" program sure has the right price (free).

Good Luck,
Vic

0
 

Author Comment

by:Alistair7
ID: 16968450
This looks REALLY interesting.  Very promising!!  I'm reading reading ........
0
 

Author Comment

by:Alistair7
ID: 16969270
It worked!!  I used "newsid" instead and it worked.

Thanks a heap.  You've really saved my bacon.  The summer holidays start today and I can now send the teachers home with their laptops finished.

What a relief.

Many thanks

Al
0
 
LVL 38

Expert Comment

by:younghv
ID: 16969369
Al,
A pleasure to help out one of my British 'cousins'.
"Anywhere, anytime".
Thank you for the points.

Semper Fidelis,
Vic
0
 

Author Comment

by:Alistair7
ID: 16969885
British!!!   What an insult.  I'm Australian living in Norway.

Just joking.  I lived in Britain for 8 years and have many friends there.
0
 
LVL 38

Expert Comment

by:younghv
ID: 16969937
OOPS! (sorry),
It was the spelling of "licence" that tricked me.

For military folks, the Aussies are our "Brothers" - not 'cousins'.
Vic
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Can you find a fax from a vendor you saved a decade ago in seconds? Have you ever cursed your PC under your breath during an audit because you couldn’t find the requested statement or driver history?  If you answered no to the first question or yes …
Ok I have been working on this for some time having learned and gained certification in XenDesktop 4 along came version 5 which was released last month. Since then I have been working to deploy XenDesktop 5 in a small environment with only 2 virt…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now