Print

Print


Thanks Ehren.  That is very helpful and I will try using your script for
VM's that I use myself but I may still prefer Sysprep for VM's that I build
for other since is does a lot of cleanup.

Laurence

-----Original Message-----
From: Ehren Benson [mailto:[log in to unmask]] 
Sent: Monday, August 09, 2010 10:23 AM
To: [log in to unmask]
Subject: Re: [MSUNAG] Apparently, SID Duplication Doesn't Matter?

I just use a simple batch file on imaged machines.  Our imaging software
(Acronis) has an option to generate a new sid on restore so that is
unneccesary.  After restore to new machines I run, like I said,  a batch
file that looks something like this

rem Fixes problem with client machines not showing up on the server due to
imaging method

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v
AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v
PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v
SusClientId /f
cls
@echo Triggering detection after resetting WSUS client identity
net stop wuauserv
net start wuauserv
wuauclt /resetauthorization /detectnow

Ehren J. Benson, MCSE
Windows Systems Administrator
Department of Physics and Astronomy
 
[log in to unmask]
517-884-5469


-----Original Message-----
From: Laurence Bates [mailto:[log in to unmask]] 
Sent: Monday, August 09, 2010 7:32 AM
To: [log in to unmask]
Subject: Re: [MSUNAG] Apparently, SID Duplication Doesn't Matter?

Sysprep works fine for me.  Mark Minasi recommends it and claims to have
researched the issue with top Microsoft developers.  That settles it for me.
I also would not bet in Microsoft ignoring their own SID's, either now or in
the future.  

Laurence 

-----Original Message-----
From: Tony Cooke [mailto:[log in to unmask]]
Sent: Friday, August 06, 2010 2:56 PM
To: [log in to unmask]
Subject: Re: [MSUNAG] Apparently, SID Duplication Doesn't Matter?

Reference:
http://blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx

I would tend to take Russinovich at his word too. The problem I see is the
last paragraph: "The New Best Practice", which essentially reinforces "you
should really run Sysprep or bad stuff will happen".
This is the same mantra we've all been fed in MS documentation for years
now, it just so happens that we've been using NewSID to sleep at night.

NewSID was great because you could run it *in* Windows as opposed to
Ghostwalker. Ghostwalker was great because you didn't have to suffer through
Sysprep. Now we're back to Sysprep for relatively vague reasons.

We use WSUS (as the only example given) without Sysprep and do not have any
problems. Some light googling showed that it's likely a problem with
duplicate WSUS client IDs. I queried our WSUS database for duplicates and
didn't get any hits. Perhaps our procedures prevent the problem from
happening, but it would be nice to have a document along the lines of "If
you don't use sysprep, you have to do X for Y software or Z will happen" in
very specific terms.

Does anyone use Sysprep? Can anyone share experiences that have led them to
use Sysprep?

-Tony