Sysprep Question

  • Thread starter Thread starter news.microsoft.com
  • Start date Start date
N

news.microsoft.com

If you deploy an image without sysprep and then add pc to the domain will
you have issues with the SID? I was under the impression that if you add
the PC to the domain the SID will change, so you do not necassarally need
sysprep. Thanks!
 
news.microsoft.com said:
If you deploy an image without sysprep and then add pc to the domain
will you have issues with the SID? I was under the impression that if
you add the PC to the domain the SID will change, so you do not
necassarally need sysprep. Thanks!
Click to expand...

From http://technet.microsoft.com/en-us/sysinternals/bb897418.aspx

Duplicate SIDs aren't an issue in a Domain-based environment since
domain accounts have SID's based on the Domain SID. But, according to
Microsoft Knowledge Base article Q162001, "Do Not Disk Duplicate
Installed Versions of Windows NT", in a Workgroup environment security
is based on local account SIDs. Thus, if two computers have users with
the same SID, the Workgroup will not be able to distinguish between the
users. All resources, including files and Registry keys, that one user
has access to, the other will as well.

So, from the way I read it the computer's SID doesn't change when added
to a Domain, but Domain accounts get SIDs based on the Domain SID so
duplicate computer SIDs aren't a problem in a Domain. In a workgroup on
the other hand, it is a problem.

Hope this helps!

--
Zaphod

Arthur: All my life I've had this strange feeling that there's something
big and sinister going on in the world.
Slartibartfast: No, that's perfectly normal paranoia. Everyone in the
universe gets that.
 
Thanks!~


Zaphod Beeblebrox said:
From http://technet.microsoft.com/en-us/sysinternals/bb897418.aspx

Duplicate SIDs aren't an issue in a Domain-based environment since domain
accounts have SID's based on the Domain SID. But, according to Microsoft
Knowledge Base article Q162001, "Do Not Disk Duplicate Installed Versions
of Windows NT", in a Workgroup environment security is based on local
account SIDs. Thus, if two computers have users with the same SID, the
Workgroup will not be able to distinguish between the users. All
resources, including files and Registry keys, that one user has access to,
the other will as well.

So, from the way I read it the computer's SID doesn't change when added to
a Domain, but Domain accounts get SIDs based on the Domain SID so
duplicate computer SIDs aren't a problem in a Domain. In a workgroup on
the other hand, it is a problem.

Hope this helps!

--
Zaphod

Arthur: All my life I've had this strange feeling that there's something
big and sinister going on in the world.
Slartibartfast: No, that's perfectly normal paranoia. Everyone in the
universe gets that.
Click to expand...
 
Back
Top