I just use a simple batch file on imaged machines. Our imaging software (Acronis) has an option to generate a new sid on restore so that is unneccesary. After restore to new machines I run, like I said, a batch file that looks something like this
rem Fixes problem with client machines not showing up on the server due to imaging method
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
cls
@echo Triggering detection after resetting WSUS client identity
net stop wuauserv
net start wuauserv
wuauclt /resetauthorization /detectnow
Ehren J. Benson, MCSE
Windows Systems Administrator
Department of Physics and Astronomy
[log in to unmask]
517-884-5469
-----Original Message-----
From: Laurence Bates [mailto:[log in to unmask]]
Sent: Monday, August 09, 2010 7:32 AM
To: [log in to unmask]
Subject: Re: [MSUNAG] Apparently, SID Duplication Doesn't Matter?
Sysprep works fine for me. Mark Minasi recommends it and claims to have researched the issue with top Microsoft developers. That settles it for me.
I also would not bet in Microsoft ignoring their own SID's, either now or in the future.
Laurence
-----Original Message-----
From: Tony Cooke [mailto:[log in to unmask]]
Sent: Friday, August 06, 2010 2:56 PM
To: [log in to unmask]
Subject: Re: [MSUNAG] Apparently, SID Duplication Doesn't Matter?
Reference:
http://blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx
I would tend to take Russinovich at his word too. The problem I see is the last paragraph: "The New Best Practice", which essentially reinforces "you should really run Sysprep or bad stuff will happen".
This is the same mantra we've all been fed in MS documentation for years now, it just so happens that we've been using NewSID to sleep at night.
NewSID was great because you could run it *in* Windows as opposed to Ghostwalker. Ghostwalker was great because you didn't have to suffer through Sysprep. Now we're back to Sysprep for relatively vague reasons.
We use WSUS (as the only example given) without Sysprep and do not have any problems. Some light googling showed that it's likely a problem with duplicate WSUS client IDs. I queried our WSUS database for duplicates and didn't get any hits. Perhaps our procedures prevent the problem from happening, but it would be nice to have a document along the lines of "If you don't use sysprep, you have to do X for Y software or Z will happen" in very specific terms.
Does anyone use Sysprep? Can anyone share experiences that have led them to use Sysprep?
-Tony
|