I recently cloned around 80 Windows 11 PCs and discovered they've all ended up with the same Security Identifier (SID). I've come across several methods people suggest for changing the SID, such as using the Windows Sysprep tool, various third-party tools like NewSid (which seems outdated), and other tools like Wittytool Disk Clone. My goal is to avoid rebuilding everything or disrupting existing applications and settings if I can help it. Is there a relatively quick and effective way to change the SID on all these PCs? Any advice would be appreciated!
5 Answers
You might not need to change anything unless you encounter issues with specific software. I've seen duplicates create problems with updates and remote connections, especially in environments like Citrix. There are some workarounds, but it's better to fix it if possible.
I'm definitely running into some of those problems. That adds urgency for me to figure out a fix!
The official way to do it is through Sysprep with the /generalize option, which is built into Windows. NewSid isn't recommended since it's outdated, and you might run into support issues with it.
I hear you! I'm hesitant about using Sysprep because it resets all settings. Doing that for each machine sounds like such a hassle.
Yeah, I'm concerned about that too. Trying to find a balance between efficiency and safety here.
Cloning machines without Sysprep isn't a best practice. If you're facing issues, Sysprep is the go-to, but it means some manual steps. Just be careful with third-party tools, they might not be reliable.
Regrettably learned that the hard way. I'm thinking of giving a third-party tool like Wittytool a shot.
As for your situation, make sure you fix the Windows image before cloning next time. If they're already set up, you’ll need to log in as the local admin, remove each from Active Directory (AD), run Sysprep, and then rejoin them to AD. It's a bit of a manual job, but necessary.
There are actually two types of SIDs to consider: one for the Windows installation (which you can fix with Sysprep) and another for when the PC joins a domain. Just confirming that?
That's correct! You need to handle both for everything to function smoothly.
I've heard similar things; the SID clash can lead to serious issues with RDP and sharing, especially after those updates Microsoft rolled out.