That is a nice script Ehren I would like to see that in use around here. Good Show.
Timoteo "Timo" Vasquez; MCTS, MCP
Client Services - Network Security Team
[log in to unmask] - 517.884-3082
Administrative Information Services
2 Administration Bldg
East Lansing, MI 48832
"...I agree with you!"
-----Original Message-----
From: Laurence Bates [mailto:[log in to unmask]]
Sent: Monday, August 09, 2010 10:35 AM
To: [log in to unmask]
Subject: Re: [MSUNAG] Apparently, SID Duplication Doesn't Matter?
Thanks Ehren. That is very helpful and I will try using your script for VM's that I use myself but I may still prefer Sysprep for VM's that I build for other since is does a lot of cleanup.
Laurence
-----Original Message-----
From: Ehren Benson [mailto:[log in to unmask]]
Sent: Monday, August 09, 2010 10:23 AM
To: [log in to unmask]
Subject: Re: [MSUNAG] Apparently, SID Duplication Doesn't Matter?
I just use a simple batch file on imaged machines. Our imaging software
(Acronis) has an option to generate a new sid on restore so that is unneccesary. After restore to new machines I run, like I said, a batch file that looks something like this
rem Fixes problem with client machines not showing up on the server due to imaging method
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f cls @echo Triggering detection after resetting WSUS client identity net stop wuauserv net start wuauserv wuauclt /resetauthorization /detectnow
Ehren J. Benson, MCSE
Windows Systems Administrator
Department of Physics and Astronomy
[log in to unmask]
517-884-5469
-----Original Message-----
From: Laurence Bates [mailto:[log in to unmask]]
Sent: Monday, August 09, 2010 7:32 AM
To: [log in to unmask]
Subject: Re: [MSUNAG] Apparently, SID Duplication Doesn't Matter?
Sysprep works fine for me. Mark Minasi recommends it and claims to have researched the issue with top Microsoft developers. That settles it for me.
I also would not bet in Microsoft ignoring their own SID's, either now or in the future.
Laurence
-----Original Message-----
From: Tony Cooke [mailto:[log in to unmask]]
Sent: Friday, August 06, 2010 2:56 PM
To: [log in to unmask]
Subject: Re: [MSUNAG] Apparently, SID Duplication Doesn't Matter?
Reference:
http://blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx
I would tend to take Russinovich at his word too. The problem I see is the last paragraph: "The New Best Practice", which essentially reinforces "you should really run Sysprep or bad stuff will happen".
This is the same mantra we've all been fed in MS documentation for years now, it just so happens that we've been using NewSID to sleep at night.
NewSID was great because you could run it *in* Windows as opposed to Ghostwalker. Ghostwalker was great because you didn't have to suffer through Sysprep. Now we're back to Sysprep for relatively vague reasons.
We use WSUS (as the only example given) without Sysprep and do not have any problems. Some light googling showed that it's likely a problem with duplicate WSUS client IDs. I queried our WSUS database for duplicates and didn't get any hits. Perhaps our procedures prevent the problem from happening, but it would be nice to have a document along the lines of "If you don't use sysprep, you have to do X for Y software or Z will happen" in very specific terms.
Does anyone use Sysprep? Can anyone share experiences that have led them to use Sysprep?
-Tony
