Mark Russinovich, creator of the Sysinternals toolset, has retired NewSid – citing multiple SIDS cause no harm. This may come as a suprise to anyone, myself included, that has faithfully created new SIDS when preping a system to be imaged.
The SID is a unique value created during a system install on all Windows versions post Windows NT. This unique SID is then used to create additional unique security descriptors, primarily the SID values for users and groups. If two separate machines had the same SID, then theoritcally these two machines could produce the same SID for local user accounts – thus, creating a security concern. Under this assumption, various tools have been produced to manipulate the SID. Even Microsoft has used the Sysprep tool to create a unique SID for systems being prepared for imaging.
Mark agrees that theorically the aforementioned problem could arise, but also states it causes no security concern because the local SID info never leaves the local system. Mark also admits that like everyone else he never questioned the theory, and assumed like everyone else that duplicate SID’s was a bad thing.
As of November 3, 2009, NewSid is retired. Read Marks full analysis on his blog at http://blogs.technet.com/markrussinovich/archive/2009/11/03/3291024.aspx.
Nice to see some new content. I always accepted the SID theory.
Not something we would try on production servers anyway, can imagine the headaches involved if issues arose with DC’s – last port of call etc.