How to use SysPrep to Generate Unique SID before Cloning
To increase the efficiency of recovering your system, some of you may think of cloning your current system and store it in a portable drive by using the program such as Ghost. If your system crashed, you can easily plug in the portable drive, and recover your system to the state whereby you do not need to spend so much time on installing necessary software or security updates for each of the application. Apparently, this will save you a lot of time.
By preparing a clean operating system image, after you install the necessary software and tools, you will need to perform a system preparation by using a tool called Sysprep. (For Windows Embedded operating system, you will need to use a tool called FBreseal to prepare the system, it is hard to search for on the Internet, and you may download the FBreseal tool from here if you are using Windows Embedded operating system). This step is very important, especially if you would like to clone the same operating system image on multiple machines. If you do not perform system preparation, all the machine that using the same image, will have the same Security Identifier (SID) applied on it. Imagine if everyone in the same town is having the same identity card number, this is ridiculous, and no one will be able to proof themselves. Furthermore, those machines that with the same SID will not be able to join to the domain. From Microsoft system point of view, SID should be unique for every computer device that connected to the Active Directory.
Sysprep is a tool that will regenerate a unique SID for the operating system, and also it will clear off temporary files, and some of the Internet history records on the based image before you clone it. You can always get the Sysprep tool from the Windows operating system CD/DVD media. Normally the tool is located under \Support\ folder or you can actually get this tool from Microsoft official website. Always remember that, Microsoft ONLY support the Windows operating system that clones with using Sysprep (or FBreseal), although there are some other program that provide regenerate SID capabilities such as Altiris agent, again, sorry to tell that, those method are NOT supported by Microsoft.For those who would like to perform testing using virtualization, you should try to apply system preparation on your image, to avoid SID crash in between virtual images. To use the Sysprep tool, you can just follow the below simple steps:
1. Prepare your operating system and install necessary software on it.
2. Get the Sysprep tool from Microsoft official website.
3. Extract the tool and put it under C:\Sysprep folder.
4. Double click sysprep.exe and then click OK.
5. Click on the Reseal button.
You can select the option Used Mini-Setup, if you would like to automate the initial setup for the operating system after you deploy the image to a machine. Besides that, you will need to create one sysprep.inf file inside C:\Sysprep folder. This sysprep.inf file will contain some of the setup information and you can refer to below sample content of sysprep.inf.
;SetupMgrTag
[Unattended]
OemSkipEula=Yes
KeepPageFile=1[GuiUnattended]
AdminPassword=”password”
EncryptedAdminPassword=NO
OEMSkipRegional=1
TimeZone=215
OemSkipWelcome=1[UserData]
ProductKey=XXXX-XXXX-XXXXX-XXXXX-XXXX
FullName=”Testing”
OrgName=”Test Organization”
ComputerName=*[SetupMgr]
DistFolder=C:\sysprep\i386
DistShare=windist[Identification]
JoinWorkgroup=WORKGROUP[Networking]
InstallDefaultComponents=Yes
For the timezone setting, you can just always refer to deploy.chm file for more information.
In the case of cloning a hdd (as backup) and the old PC hardware no longer works, what additional steps to be done to get the backup hdd working on an entirely new & different hardware PC? TIA.
This is absolutely unnecessary. paul witherspoon and luddy are correct
@Rui Paz – I will prepare the article for Windows 7 in the future, no worry.
@hanneng – SID will still remain the same regardless the machine join or not join to the domain.
@JMJ Squared – Yes. It will, so get the software vendor advise before you apply Sysprep on the machine.
@paul witherspoon – There are posts out there talking about SID issues is safe, but personally I will still recommend to perform System Preparation on images. As we do not know when the problem will hit us and it is very hard for us to track…
The information regarding sid’s is out of date, and incorrect. Duplicate sid’s are not a problem on a domain, or standalone. Read the system internals blog on the subject for more information
The Machine SID Duplication Myth
blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx
blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx
Note: NewSID has been retired and is no longer available for download. Please see Mark Russinovich’s blog post: NewSID Retirement and the Machine SID Duplication Myth
@ Vanamali: For Windows 7 check this article:
blog.brianleejackson.com/sysprep-a-windows-7-machine-%E2%80%93-start-to-finish-v2
thank… :) It’s a lot easier.
Interesting that someone mentioned NewSID. NewSID has been retired because M$ thinks duplicate SIDs are not an issue.
thx for this informative content
If you change the SID on a BACKUP disk, won’t you invalidate all the software that depends on the SID for registration, activation and updates?
Use Newsid. It’s a lot easier.
it is not necessary to regenerate the Security Identifier (SID) prior join to an Windows domain, because SID will change once join to the domain.
@ Juan.. thanks.
@ Rui Paz… How do you do it for windows 7? I got windoews 7 (32 and 64 bit variants). Please give some information regarding that.
Thanks
Thanks Juan, looking forward to more such interesting tips from you
Hi Juan,
You should and the information that this article is only about Sysprep on WIndows 2000, Windows XP, because on Windows Vista and WIndows 7 Sysprep is included on the OS by default and the configuration is very different…
many thanks, this is very usefull post
Hi Raymond. there any free keylogger for phone?
cool thanks paul
That’s a great tip. I’m planning to reinstall about 40 OS on machines with the same hardware and was thinking abou cloning, but didn’t know about this, specially on the domain part. Thanks Juan…