Solved

Change of SID using "GHSTWALKER.EXE" results in loss of access to all previously saved profiles

Posted on 2006-06-23
13
934 Views
Last Modified: 2012-06-22
This is a serious problem which needs solving as soon as possible.  I really need help.

I have used "ghstwalker" many times to change SID numbers on my Win2000 PCs without any problems, by booting from a dos floppy.

Now we have 10 new Fujitsu Siemens laptops with XP pro, no floppy disk.

I have installed a Volume licence XP pro again, joined the domain, created both local and domain profiles, then taken the laptop out of the domain back to a Workgroup, taken an image and rolled it out to the other 9 laptops.  I then change the names on the laptops.  Everything works well.  The 3 local profiles work well.

Then I change the SID number by using ULTIMATE BOOT CD 3.4 to run GHSTWALK.EXE over the network from a network share on my workstation. Remember I have no floppy disk station.  GHSTWALK.exe runs exactly as it should.  

But when I reboot and try to run one of the 3 local profiles: Administrator, Home, or Child, the following completely new profiles are created:
Administrator.laptopname
Home.laptopname
Child.laptopname

The original 3 local profile folders under Documents and Settings are still there but cannot be run:

Administrator
Home
Child

Under the USER ACCOUNTS applet in the Control Panel, all 3 local accounts are present.

However under the USER PROFILE applet (right click My computer, Properties, Advanced, User Profiles) both the HOME and CHILD profiles have vanished and there are 2 identical administrator profiles.

Clearly this is a SID issue.

To make things even more confusing, 2 laptops rebooted successfully after the SID change and I had full access to my profiles, no duplicates were created, I rejoined the domain.  They are now finished and ready for use.

WHY DO THE OTHERS NOT WORK?

IMPORTANT POINT: The first time I changed the SID on the 1st clone, I had exactly the same problem, so I rolled out the same image again to the laptop. It would not even boot up, so I sent the same image again a 3rd time, changed the SID and everything worked fine.  This is one of my 2 working laptops.

I am using BARTS PE cd to create and roll out images using Ghost32.exe.  The conventional Symantec Ghost boot CDs have never worked on these laptops, hence BARTS PE cd.

Help please!
0
Comment
Question by:Alistair7
  • 7
  • 6
13 Comments
 
LVL 38

Expert Comment

by:younghv
ID: 16967412
Hi Alistair,
Unless you are in an NT Domain, you do not need to change the SID from a Ghost image.
The act of adding the box to the domain will do that for you.

Just load your image and add the box to the Domain - the SID will be created at that time.

Good Luck,
Vic
0
 

Author Comment

by:Alistair7
ID: 16967665
It's a Windows 2003 active directory domain.
0
 

Author Comment

by:Alistair7
ID: 16967801
Any comments Vic?
0
 
LVL 38

Expert Comment

by:younghv
ID: 16967827
Sorry for the delay - I left home and drove over to the base.

AD has removed a lot of the old SID problems that existed with NT.
If you skip the whole SID process you're doing and just add the boxes to your AD Domain, I think you will see that your boxes are up, running, and authenticating with your DC's.

Try it on a couple of boxes and let me know.

I'll check back in later.
Vic
0
 

Author Comment

by:Alistair7
ID: 16968179
Thanks for your comments Vic. Although I must admit I'm feeling somewhat speechless at the moment.  I've only being doing this IT work now for 5 years so I'm not very experienced.  But everything I have heard and read til now has told me that I must change the SID numbers before joining a 2003 active directory domain by using either GHOST WALKER or SYSPREP.

I suppose it wouldn't hurt to try.  I can't forsee any negative consequences.  But I would rather like to have confirmation of this from another source as well if possible.

????
0
 
LVL 38

Expert Comment

by:younghv
ID: 16968241
Understood.
We didn't stand up our first AD Domain until about 3 years ago.
All of us 'Old-Timers' had a real hard time with many of the changes.
I will try to find you a specific reference regarding SID and AD.
The neat thing is that XP and AD tend to be a whole bunch smarter than the old systems - and that is a GOOD thing.
Back later.
Vic
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:Alistair7
ID: 16968339
Thanks a lot.  I'm holding my breath!!
0
 
LVL 38

Accepted Solution

by:
younghv earned 500 total points
ID: 16968400
Alistair,

One of my favorite web-sites: http://www.sysinternals.com/Utilities/NewSid.html

"Duplicate SIDs aren't an issue in a Domain-based environment since domain accounts have SID's based on the Domain SID."

If you do want to force a change in SID - their "newSID" program sure has the right price (free).

Good Luck,
Vic

0
 

Author Comment

by:Alistair7
ID: 16968450
This looks REALLY interesting.  Very promising!!  I'm reading reading ........
0
 

Author Comment

by:Alistair7
ID: 16969270
It worked!!  I used "newsid" instead and it worked.

Thanks a heap.  You've really saved my bacon.  The summer holidays start today and I can now send the teachers home with their laptops finished.

What a relief.

Many thanks

Al
0
 
LVL 38

Expert Comment

by:younghv
ID: 16969369
Al,
A pleasure to help out one of my British 'cousins'.
"Anywhere, anytime".
Thank you for the points.

Semper Fidelis,
Vic
0
 

Author Comment

by:Alistair7
ID: 16969885
British!!!   What an insult.  I'm Australian living in Norway.

Just joking.  I lived in Britain for 8 years and have many friends there.
0
 
LVL 38

Expert Comment

by:younghv
ID: 16969937
OOPS! (sorry),
It was the spelling of "licence" that tricked me.

For military folks, the Aussies are our "Brothers" - not 'cousins'.
Vic
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Migration of Exchange mailbox can be done with the ExProfre.exe tool. But at times, when the ExProfre.exe tool migrates the Exchange Server user profile, it results in numerous synchronization problems. Synchronization error messages appear in the e…
Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now