Windows Tip Sheet
Attack of the Clones
Avoid inadvertent duplicate SIDs when cloning with this trick.
You're undoubtedly aware of all the weird issues that come up when you
deploy WinXP using imaging products like Norton Ghost, most of which result
from duplicated computer Security IDs (SIDs). This is an annoying problem that
Microsoft has
yet to create a really workable solution for, despite the
fact that we admins
insist on cloning stuff, no matter how often they
tell us not to. Sigh.
The latest clone issue nabbed me a few weeks ago, and a helpful trick from
a friend helped solve it. The deal is that a WinXP machine, which was a clone,
didn't appear in the Windows Server Update Services (WSUS, and does anyone
else hate this name as much as I do?) console. Turns out if I'd used Sysprep
(Microsoft's answer to cloning, although not a great one in my opinion),
I'd have been fine, but I didn't, so the duplicate SID issue hit
me again. Actually, this computer had a duplicate SusClientID value in the registry
-- which I understand is caused by having a duplicate SID in the first
place.
The registry, however, I can deal with. Go to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
and delete:
- PingID
- AccountDomainSid
- SusClientId
And then restart the WSUS client-side service. Then, run wuauclt.exe
/resetauthorization /detectnow to force WSUS to get its act together
and start over. It'll recreate the keys you deleted with a unique ID,
solving the problem.
Additional Resources:
About the Author
Don Jones is a multiple-year recipient of Microsoft’s MVP Award, and is Curriculum Director for IT Pro Content for video training company Pluralsight. Don is also a co-founder and President of PowerShell.org, a community dedicated to Microsoft’s Windows PowerShell technology. Don has more than two decades of experience in the IT industry, and specializes in the Microsoft business technology platform. He’s the author of more than 50 technology books, an accomplished IT journalist, and a sought-after speaker and instructor at conferences worldwide. Reach Don on Twitter at @concentratedDon, or on Facebook at Facebook.com/ConcentratedDon.