Do not disk duplicate installed versions of Windows (162001)
The information in this article applies to:
- Microsoft Windows Server 2003, Standard Edition
- Microsoft Windows Server 2003, Enterprise Edition
- Microsoft Windows XP Professional
- Microsoft Windows XP Home Edition
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0 Terminal Server Edition
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Server 3.51
- Microsoft Windows NT Workstation 3.51
- Microsoft Windows NT Workstation 3.5
- Microsoft Windows NT Server 3.5
- Microsoft Windows NT Workstation 3.1
- Microsoft Windows NT Server 3.1
This article was previously published under Q162001 SUMMARY Microsoft provides several methods for the proper
deployment of the Windows operating system. The use of a supported method is
very important to ensuring the security of the systems running Windows is not
compromised.
Computers running the Windows operating system use a
Security ID (SID) to uniquely identify themselves. When you use
disk-duplicating software, it is important to take steps to ensure the
uniqueness of these Security IDs. This article briefly describes the SID and
supported methods for cloning or duplicating a Windows installation.
MORE INFORMATION During installation of Windows, a machine SID is computed
to contain a statistically unique 96-bit number. The machine SID is the prefix
of the user account and group account SID'S created on the computer. The
machine SID is concatenated with the Relative ID (RID) of the account to create
the account's unique identifier. The following example displays the
SID'S for 4 local user accounts. Notice that only the last four digits are
incremented as new accounts are added.
HKEY_USERS on Local Machine
S-1-5-21-191058668-193157475-1542849698-500 administrator
S-1-5-21-191058668-193157475-1542849698-1000 User one
S-1-5-21-191058668-193157475-1542849698-1001 User two
S-1-5-21-191058668-193157475-1542849698-1002 User three
Cloning or duplicating an installation without taking the
recommended steps could lead to duplicate SIDs, and in the case of removable
media, lead to accounts having access to files even though they were
specifically denied access by using NTFS permissions. Because the SID
identifies the computer or domain as well as the user, it is critical that it
be unique to maintain support for current and future programs. Microsoft Policy Statement Microsoft does not provide support for computers that have been
installed by duplicating fully installed copies of Windows. Microsoft supports
computers that were installed by using disk-duplicating software and the System
Preparation Tool (Sysprep.exe). Microsoft supports the following operating
systems that have been imaged by using the Sysprep utility:
Windows 2000 Professional
Windows 2000 Server (can only be imaged before you run DCPROMO)
Windows 2000 Advanced Server
Windows XP Professional
Windows XP Home Edition
Windows Server 2003, Standard Edition
Windows Server 2003, Enterprise Edition For more information about the Windows System Preparation Tool, visit the following Microsoft Web site: Microsoft does not provide support for computers that were set up
with SID duplicating tools other than the System Preparation tool.
Details of this support can be found in the Disk-Image Copying of MS Windows
Operating Systems Whitepaper located on the following Microsoft Web site: For more information about the Sysprep utility and the utility
itself, can be found on the product CD at:
CD:\support\tools\deploy.cab
If an image was created without the use of sysprep, Microsoft does not support running Sysprep after the image is deployed as a way to bring the computer back into compliance. REFERENCES The Microsoft Knowledge Base provides a variety of articles
that outline specifications and how to information for the proper deployment of
Windows.
The Windows NT 4.0 Workstation Resource Kit provides
documentation on the deployment procedures for Windows NT 4.0.
Consult the Computer Profile Setup documentation in the Windows NT 3.5 and
Windows NT 3.51 Resource Kits on deployment utilities.
| Modification Type: | Major | Last Reviewed: | 2/9/2006 |
|---|
| Keywords: | kbinfo kbnetwork kbsetup KB162001 kbAudITPRO |
|---|
|