Tuesday, April 8, 2008

Thinking of cloning your workstations and servers?Think NewSID.exe

How many times have I mentioned in my blog posts that I am indeed a lazy guy? Probably a lot of times. That is practically because I always think of ways to make my work, especially those repetitive ones, as easy as possible. This case is one of them. I regularly work with virtualization, whether using Microsoft Virtual PC/Virtual Server or VMWare Server or Workstation for my tests or even for simulations. And whenever I need to work with a few servers and workstations, I simply create a copy of the virtual machine to eliminate the time and effort to install the operating system and applying the service packs if they need to be on each one of those images. Many organizations use disk image cloning software such as Norton Ghost or Acronis both for mass deployment of operating systems and for disaster recovery. But if you are to simply use these tools (or my method using virtualization) for cloning purposes, you are in for a surprise if you do not change the computer security identifier (SID) of the different images. To validate what I mean by this, create two cloned images and deploy them on a network. Then, try logging in using a domain account on either of the machines and you'll get the error mentioned below

The name or security ID (SID) of the domain specified is inconsistent with the trust information for that domain

Fortunately, SysInternals have a tool called NewSID v4.10. This tool is a program that changes a computer's SID. It is free and is a Win32 program, meaning that it can easily be run on systems that have been previously cloned. NewSID works on Windows NT 4, Windows 2000, Windows XP and Windows Server 2003. You can download the tool from Microsoft and run it on the cloned machine to change its SID. It is recommended though that you run this tool on a machine that is not a member of a domain. You can choose to randomly generate a SID, copy an SID from another computer or simply specify one (which is not really recommended). You can also choose to rename the machine to a different one (in my case, I still needed to run this tool eventhough I've already renamed the cloned image since they are both going to be a part of the same domain). A rebot would be required after a SID change has been applied. Download the tool and try it out for yourself

2 comments:

Mon said...

Newsid is tested and running on Windows Server 2008 (all editions/x86/x64)

Edwin Sarmiento said...

Hi Mon,

Thanks for your feedback. I still have not tested NewSID on Windows Server 2008 but your comment has just added a valuable insight to those who might want to use it. Thanks, again.

Google