Is anyone cleanup up orphaned SID's they find in local groups on servers?
I'm grabbing this information with SCCM and never really looked into it. I
have a script that will clean this up, but was wondering what others are
doing.
Thanks
Christopher Bodnar
Enterprise Achitect I, Corporate
: Tue, 21 Feb 2012 12:28:52
To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com
Reply-To: NT System Admin Issues
ntsysadmin@lyris.sunbelt-software.comSubject: Orphaned SIDs
Is anyone cleanup up orphaned SID's they find in local groups on servers?
I'm grabbing this information
A SID should never be duplicated. That's why the PDCe allocates RID pools for
every writable DC.
From: Rankin, James R [mailto:kz2...@googlemail.com]
Sent: Tuesday, February 21, 2012 12:33 PM
To: NT System Admin Issues
Subject: Re: Orphaned SIDs
Its probably a good idea. Could they technically
No, sids never get reused.
From: Rankin, James R [mailto:kz2...@googlemail.com]
Sent: Tuesday, February 21, 2012 11:33 AM
To: NT System Admin Issues
Subject: Re: Orphaned SIDs
Its probably a good idea. Could they technically be reused and therefore cause
an access issue, or does Windows/AD
RID Master, not PDCe :)
Thanks,
Brian Desmond
br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Tuesday, February 21, 2012 11:49 AM
To: NT System Admin Issues
Subject: RE: Orphaned SIDs
A SID should never be duplicated
Sorry. :-P
From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: Tuesday, February 21, 2012 1:49 PM
To: NT System Admin Issues
Subject: RE: Orphaned SIDs
RID Master, not PDCe :)
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
I have a new admin that believes you don't have to sysprep machines
because Mark R. from systernals wrote an article saying duplicate sid's
were not an issue.
He doesn't have the article for me to refute so I don't know how to
answer him or tell him he is wrong?
Any help would and will be
http://blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx
On 21 April 2011 13:52, itli...@imcu.com itli...@imcu.com wrote:
I have a new admin that believes you don’t have to sysprep machines because
Mark R. from systernals wrote an article saying duplicate sid’s were not an
Google..
http://blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx
On Thu, Apr 21, 2011 at 8:52 AM, itli...@imcu.com itli...@imcu.com wrote:
I have a new admin that believes you don’t have to sysprep machines
because Mark R. from systernals wrote an article saying duplicate
The most important point is probably the very last in that article
*Note that Sysprep resets other machine-specific state that, if duplicated,
can cause problems for certain applications like Windows Server Update
Services (WSUS), so Microsoft’s support policy will still require cloned
systems to
Conversation: SIDs
Subject: Re: SIDs
The most important point is probably the very last in that article
Note that Sysprep resets other machine-specific state that, if
duplicated, can cause problems for certain applications like Windows
Server Update Services (WSUS), so Microsoft's support policy
: Thursday, April 21, 2011 9:46 AM
To: NT System Admin Issues
Subject: RE: SIDs
Read the article and skimmed the many many pages of comments. It is just a
blog. Which is opinion not fact, right. Why would Mark state this to the
public?
From: James Rankin [mailto:kz2...@googlemail.com]
Posted
Mark Russinovich's opinion counts for a hell of a lot more than many facts
I have read
The bottom line is this - duplicate machine SIDs don't matter. As long as
they are not domain-joined machines. Duplicate *domain *SIDs are BAD. And
sysprep does other stuff than just SIDs. If you are cloning
, 2011 9:48 AM
To: NT System Admin Issues
Subject: Re: SIDs
Mark Russinovich's opinion counts for a hell of a lot more than many facts I
have read
The bottom line is this - duplicate machine SIDs don't matter. As long as they
are not domain-joined machines. Duplicate domain SIDs are BAD. And sysprep
At:* Thursday, April 21, 2011 8:57 AM
*Posted To:* itli...@imcu.com
*Conversation:* SIDs
*Subject:* Re: SIDs
The most important point is probably the very last in that article
/Note that Sysprep resets other machine-specific state that, if
duplicated, can cause problems for certain
kz2...@googlemail.com wrote:
Mark Russinovich's opinion counts for a hell of a lot more than many
facts
I have read
The bottom line is this - duplicate machine SIDs don't matter. As long as
they are not domain-joined machines. Duplicate *domain *SIDs are BAD. And
sysprep does other stuff than
Mark state this to the
public?
*From:* James Rankin [mailto:kz2...@googlemail.com kz2...@googlemail.com]
*Posted At:* Thursday, April 21, 2011 8:57 AM
*Posted To:* itli...@imcu.com
*Conversation:* SIDs
*Subject:* Re: SIDs
The most important point is probably the very last
You mean NewSID, right?
From: Tony Patton [mailto:apco...@gmail.com]
Sent: Thursday, April 21, 2011 6:55 AM
To: NT System Admin Issues
Subject: Re: SIDs
Sysprep on XP doesn't reset the WSUS sid, I had to delete the registry entries
for it in our image to get the cloned desktop to appear
it was because the
machines had been Ghosted with no NewSID or Sysprep being done.
David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Mobile 503.267.9764
From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Thursday, April 21, 2011 6:48 AM
To: NT System Admin Issues
Subject: Re: SIDs
than many
facts
I have read
The bottom line is this - duplicate machine SIDs don't matter. As long as
they are not domain-joined machines. Duplicate *domain *SIDs are BAD. And
sysprep does other stuff than just SIDs. If you are cloning domain-joined
machines, or if you use WSUS at all
Nope, sysprep with the generate new sid option.
T
Typed slowly on HTC Desire
On 21 Apr 2011 14:56, David Lum david@nwea.org wrote:
You mean NewSID, right?
From: Tony Patton [mailto:apco...@gmail.com]
Sent: Thursday, April 21, 2011 6:55 AM
To: NT System Admin Issues
Subject: Re: SIDs
At: Thursday, April 21, 2011 9:59 AM
Posted To: itli...@imcu.com
Conversation: SIDs
Subject: RE: SIDs
Nope, sysprep with the generate new sid option.
T
Typed slowly on HTC Desire
On 21 Apr 2011 14:56, David Lum david@nwea.org wrote:
You mean NewSID, right?
From: Tony Patton
Correct. IIRC a systems' domain ID = MachineSID + DomainSID, so anything that
relies on the systems domain ID will have issues with identical machine SID's.
Dave
From: itli...@imcu.com [mailto:itli...@imcu.com]
Sent: Thursday, April 21, 2011 7:12 AM
To: NT System Admin Issues
Subject: RE: SIDs
*Posted To:* itli...@imcu.com
*Conversation:* SIDs
*Subject:* RE: SIDs
Nope, sysprep with the generate new sid option.
T
Typed slowly on HTC Desire
On 21 Apr 2011 14:56, David Lum david@nwea.org wrote:
You mean NewSID, right?
From: Tony Patton [mailto:apco...@gmail.com
I believe this will reset the wsus sid as well.
wuauclt /resetauthorization /detectnow
From: Tony Patton [mailto:apco...@gmail.com]
Sent: Thursday, April 21, 2011 8:55 AM
To: NT System Admin Issues
Subject: Re: SIDs
Sysprep on XP doesn't reset the WSUS sid, I had to delete the registry entries
Admin Issues
Subject: RE: SIDs
I believe this will reset the wsus sid as well.
wuauclt /resetauthorization /detectnow
From: Tony Patton [mailto:apco...@gmail.com]
Sent: Thursday, April 21, 2011 8:55 AM
To: NT System Admin Issues
Subject: Re: SIDs
Sysprep on XP doesn't reset the WSUS sid, I had
seemed to work okay for the most part, but the event logs were
complaining about dupe sids all the time. We cleaned it up , but did not notice
any huge issues with the machines themselves.
So while I think the article is very interesting Im not going to try it anytime
soon ;)
From: James
the Interrupts and DPCs artifical processes switch to
Task Manager at this point to get a real idea of what's actually running
From: Level 5 Lists [mailto:li...@levelfive.us]
Sent: Thursday, April 21, 2011 3:14 PM
To: NT System Admin Issues
Subject: RE: SIDs
Well the last time I accidentally
Ahh. Makes sense, thx.
Is the reverse true? Will killing the registry key cause it to trigger a
resetauthorization too?
From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Thursday, April 21, 2011 11:54 AM
To: NT System Admin Issues
Subject: RE: SIDs
Don't think so, that just purges
I'm sure no one doubts the expertise of MR, but a lot of that article is
academics vs. the real world. In the real world you are likely going to
deal with an issue and/or have inflated logs. All of which depends on your
environment. As with many things, context is everything,.
--
ME2
On
30 matches
Mail list logo
