NewSid Retired: Multiple SID Myth Debunked by Mark Russinovich

Mark Russinovich, creator of the Sysinternals toolset, has retired NewSid – citing multiple SIDS cause no harm. This may come as a suprise to anyone, myself included, that has faithfully created new SIDS when preping a system to be imaged.

The SID is a unique value created during a system install on all Windows versions post Windows NT. This unique SID is then used to create additional unique security descriptors, primarily the SID values for users and groups. If two separate machines had the same SID, then theoritcally these two machines could produce the same SID for local user accounts – thus, creating a security concern. Under this assumption, various tools have been produced to manipulate the SID.  Even Microsoft has used the Sysprep tool to create a unique SID for systems being prepared for imaging.

Mark agrees that theorically the aforementioned problem could arise, but also states it causes no security concern because the local SID info never leaves the local system. Mark also admits that like everyone else he never questioned the theory, and assumed like everyone else that duplicate SID’s was a bad thing.

As of November 3, 2009, NewSid is retired. Read Marks full analysis on his blog at http://blogs.technet.com/markrussinovich/archive/2009/11/03/3291024.aspx.

2 Responses to NewSid Retired: Multiple SID Myth Debunked by Mark Russinovich

  1. FireMonkey says:

    Nice to see some new content. I always accepted the SID theory.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: