MORE INFORMATION
Computers that run the Windows XP operating system use a
security ID (SID) as a unique identifier. If you use disk-duplication software,
you must ensure the uniqueness of these security IDs.
When Windows XP
is installed, a machine SID is configured to contain a statistically unique
96-bit number. The machine SID prefixes the SIDs of user accounts and group
accounts that are created on the computer. The machine SID is concatenated with
the relative ID (RID) of the account to create the account's unique
identifier.
The following example displays the SIDs for four local
user accounts. Note that only the last four digits are incremented as new
accounts are added.
HKEY_USERS on Local Machine
S-1-5-21-191058668-193157475-1542849698-500 Administrator
S-1-5-21-191058668-193157475-1542849698-1000 User 1
S-1-5-21-191058668-193157475-1542849698-1001 User 2
S-1-5-21-191058668-193157475-1542849698-1002 User 3
Cloning or duplicating an installation without taking the
recommended steps can lead to duplicate SIDs. In the case of removable media, a
duplicate SID might give an account access to files even though NTFS
permissions for the account specifically deny access to those files. Because
the SID identifies both the computer or domain and the user, unique SIDs are
essential to maintain support for current and future programs.
Microsoft policy statement
Microsoft does not provide support for computers on which Windows
XP is installed by duplication of fully installed copies of Windows XP.
Microsoft does support computers on which Windows XP is installed by use of
disk-duplication software and the System Preparation tool (Sysprep.exe).
Microsoft supports the following Microsoft operating systems if they
are imaged by use of the Sysprep.exe utility:
- Windows NT Workstation 4.0
- Windows NT Server 4.0 (stand-alone server, not primary
domain controllers or backup domain controllers)
- Windows 2000 Professional
- Windows 2000 Server (must be imaged before you run
DCPromo)
- Windows 2000 Advanced Server
- Windows XP Home Edition
- Windows XP Professional
- Windows Server 2003, Standard Edition
- Windows Server 2003, Datacenter Edition
- Windows Server 2003, Enterprise Edition
- Windows Server 2003, Web Edition
Microsoft does not provide support for computers that are set
up by use of SID-duplicating tools other than the System Preparation tool. If
an image was created without the use of sysprep, Microsoft does not support the
running of Sysprep after the image is deployed as a way to bring the computer
back into compliance.
For more information, refer to the white paper
titled
Disk-Image Copying of MS Windows Operating Systems, which is available
on the following Microsoft Web site:
You can find more information about the Sysprep utility, along
with the utility itself, in the CD:\Support\Tools\Deploy.cab folder on the
Windows XP CD-ROM.
For more information about ensuring the uniqueness of SIDs and supported methods for cloning or duplicating a Windows installation, click the following article number to view the article in the Microsoft Knowledge Base:
162001
Do not disk duplicate installed versions of Windows
The following are examples of unsupported third-party tools that you can use to change SIDs:
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.