5

Is there a replacement for the old SysInternals NewSID utility that will work for Windows 7?

I found out the hard way that NewSID will totally hose a Windows 7 setup (BSOD on reboot). Apparently the same problem occurs for Windows Server 2008 R2. They've officially announced that NewSID will be retired in November, possibly because of this issue.

I'm aware of SYSPREP, but it's not a clean replacement in my case so I was hoping that there was another utility similar to NewSID that worked with Windows 7. Reworking our system to use SYSPREP will be ugly and slower as well. Is there another alternative?

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
Scott Bussinger
  • 1,761
  • 4
  • 23
  • 27
  • Have you thought about BDD as it sounds you are wanting to do on a large scale? (BDD is Business Desktop Deployment from Microsoft) – Wayne Sep 27 '09 at 23:56
  • I'd never even heard of BDD before. I have however installed the Microsoft Deployment Toolkit (MDT) which if I'm understanding it correctly is the lastest version of the same thing. Again, it's not that it wouldn't work for me, it's just not as convenient as what I've been doing (see below for more details). – Scott Bussinger Sep 28 '09 at 05:49
  • But what you've been doing hasn't been supported since NT4.0. New OS, new tools, new methods. – Chris S Apr 07 '10 at 13:22
  • For the wsus problem: http://support.microsoft.com/?scid=kb%3Ben-us%3B903262&x=13&y=11 –  Apr 30 '10 at 20:46

5 Answers5

11

You don't need NewSID. What's more, it has never been needed and the bit of code that generates a new machine SID as part of the sysprep process will ultimately be removed from sysprep in future.

See Mark Russinovich's latest blog entry: The Machine SID Duplication Myth.

ThatGraemeGuy
  • 15,314
  • 12
  • 51
  • 78
  • 4
    +100 - everyone should read that post – James Jan 26 '10 at 23:36
  • 1
    I love all those people explaining you don't need it and in the LAST line they go like 'oh, but for domain controllers...' You guys need to spend some more time thinking about what your advice means to people that don't have your use case. The caveat is right in the article and you're skipping over that like nothing. There's no myth here, there's just people that are black/white only. – Florian Heigl Jul 07 '17 at 21:45
3

Sysprep combined with an unattend file should solve most of your problems, although, as you say, it may work a bit slower since mini-setup is run after reboot. Are there any specific scenarios you need to solve using newsid or just OS generalization in general?

I wouldn't be surprised if MS knowingly crashed OSes where newsid was run. The only supported generalization teqnique is (as far as I know) sysprep, so if you're running production systems I'd stick with that.

Might not be the answer you're hoping for, though.

Trondh
  • 4,191
  • 23
  • 27
  • +1 from me as I too found this out with my 2008 the easy-way! You could add the BDD as a way to modify a WIM but then that is even longer than a sysprep scenario. – Wayne Sep 27 '09 at 23:54
  • I'm the defacto system administrator for my small business (<10 users) and I've got the computers for the staff set up such that they are all as hardware identical as possible (about the only variations are the keyboards. I've configured WinXP such that the exact same disk image can be written to the drives on all machines (I have legal licenses). All data is stored on the server. I use PGINA to create a temporary profile when they log on and discard it when they log off so the machines are pretty much bulletproof and stay that way. – Scott Bussinger Sep 28 '09 at 05:58
  • Periodically (like after Microsoft Patch Tuesday), I update a machine, create a new master image, and pave all of the machines to the new image. On the first boot, it automatically runs NewSID and the machine's good to go. Using the Trinity Rescue Disk software, I can update a machine to the new image in about 5 minutes and one reboot (after NewSID). It's fast and easy and locked down. Very easy to administer. Using SysPrep will make the process quite a bit slower that's why I was hoping there was an alternative. – Scott Bussinger Sep 28 '09 at 06:03
  • I would have a look at the MDT2010 tool from Microsoft if I were you. It's free, and it does a lot of the heavy lifting for you when it comes to image updates, captures and deployments. Especially in WinVista/Win7 environments, it really shines (mostly becaouse WinVista/win7 deployments are much easier) – Trondh Oct 09 '09 at 14:32
  • Definitely get a hold of MDT2010 and WinAIK/7. MS only supports SysPrep for imaging, and it's not as bad as you think. Time to evolve. – Chris S Apr 07 '10 at 13:21
2

A new SID IS still needed in a few specific situations, as was also mentioned in Russinovich's post's comments. I'm currently having problems with six cloned clients connected to a WSUS server. Since they have identical SIDs, and aren't members of a domain, only one of them will ever show up in WSUS. The last one to connect simply replaces all the other ones.

Florian Heigl
  • 1,440
  • 12
  • 19
1

NewSID is indeed needed when working with 2003, at least. If a server has the same SID as a DC, you won't be able to log on to the domain from that server. Since you have to be able to do that (for example, to authorize a DHCP server) you still need NewSID.

Laura Brandewie
  • 11
  • 1
0

For your WSUS issue it's not the SID but the SUSID in the registry you need to delete.

Dana Burns
  • 1