How to change SID of a re-imaged machine without doing a sysprep

I've made a clone of an image for one of our departments with acronis software. Do I need to change the SID or will windows 7 automatically change the SID so that it's different than the cloned image I am installing on the CD?
Randy MadejAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
In Windows XP there use to be a program from Systernals called NewSid which would allow you to change the Sid successfully without having to Sysprep. In WIndows 7/8 the correct method to change this SID (and make sure that it is updated completely in the image) is to use the built-in Sysprep tool. You can then use the General option which will not remove any of the software you install.

if you do not update this properly you will run into issues when the machine is on the domain with Trusts/GPO not applying etc.

Will.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
KromptonCommented:
I have duplicated machines in a Domain environment many times over the past 15+ years using Acronis and other imaging utilities with no problems.

It's is best to rename the computer before connecting to the network and then rejoining to the Domain.

That said, Sysprep is still worth using whenever you can.

Mark Russinovich has a very good blog post here relating to workstations and SIDs. It's worth a read.

http://blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx

Cheers,
Krompton
0
Will SzymkowskiSenior Solution ArchitectCommented:
I have duplicated machines in a Domain environment many times over the past 15+ years using Acronis and other imaging utilities with no problems.

I would completely disagree with this comment as having machines improperly imaged will create issues on a domain period. You might not see them right away but they will come into play with Group Policy, trusts etc.

The NewSid tool is only good for XP machines not windows 7. If you try and use this tool for Windows 7 it will destroy your bootup process.

In new domains 2012, you are required to sysprep the machine or you will have issues joining the domain. This is a fail safe mechanism that is built-in so that you cannot add machines to the domain that have identical SID's before adding to the domain.

Will.
0
KromptonCommented:
Will,

As is always true, other people may have different experience related with different environments. It is impossible to anticipate all possible combinations of software and hardware used. So I will not discount your comment.

There can be issues which is why I suggest using sysprep whenever possible, though I have never experienced any significant problems with this process. The one exception to this for me was having to generate a new connection when using WSUS.

In a domain environment, when you join a re-named computer to the domain a new domain sid is generated for that computer. For that reason the two machines are completely different, IMHO.

Krompton
0
Will SzymkowskiSenior Solution ArchitectCommented:
In a domain environment, when you join a re-named computer to the domain a new domain sid is generated for that computer. For that reason the two machines are completely different, IMHO.

If you try and do this within a 2012 environment it will fail at the domain join prompt and will tell you to sysprep the machine. This is the new fail safe in 2012 domain environment for duplicate SID's when joining a domain.

Will.
0
KromptonCommented:
Will,

I may very well be correct for 2012 Domains. I have heard that.

I have to say my comments are from my experience with NT/2000/2003/2008 Domains. Good catch!

I still recommend sysprep be used for any domain.

Cheers,
Krompton
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
It's very unwise to configure ANY machine in an unsupported manner for anything meant for production, period.  Sysprep has been used and officially REQUIRED for any imaging since AT LEAST Windows 2000.  That includes XP.  Sysprep does a LOT more than reset the SID.  Failing to have it do its job can cause problems.  Period.  What problems can be hard to say as it depends on the environment and what and how you do things.
0
Natty GregIn Theory (IT)Commented:
Must Change sid
0
Will SzymkowskiSenior Solution ArchitectCommented:
Probably not the appropriate answer to be selected as myself and other experts have outlined best practices when it comes to imaging a machine. I have made several valid points as to why you need to do this.

Someone that searches for this answer in the future is going to get the wrong information because the more appropriate solution was not accepted.

Will.
0
KromptonCommented:
@syco1us

Thank you for selecting my answer.

I know the imaging can be done in Domain environments prior to Server 2012, and other in-depth studies have been done supporting that conclusion but, new information and technologies constantly evolve our industry just like any other.

That said however, I have to recommend heeding the cautions from Will and others. I have not worked much yet with server 2012 Domains and the SID of local a computer seems to have again become an issue.

Therefore, for you and anyone reading this posting later, I will echo the other experts here in strongly advising the use of SysPrep.

Cheers,
Krompton
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 7

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.