If you want two copies of XP running in a virtual machine. You set one up, shut it down and copy it using Explorer. However, you'll now find when both are running only one will work properly on the network.
I found this out the hard way and took ages to work it out. You need to open your XP VM and then choose CLONE within VMWare Workstation to clone it. This then gives it a different random MAC address. If you just copy the VM from explorer, the 2nd VM will have the same MAC as the original hence only one will work on the network when both are running.
Cloning fixes that issue.
I feel a bit stupid now...
Dont forget to create a new SID if it belongs to a domain.
Funny you should say that. Because according to the guy that created NewSID at Microsoft has retired the software. Because he says
"The Machine SID Duplication Myth
On November 3 2009, Sysinternals retired NewSID, a utility that changes a computers machine Security Identifier (machine SID). I wrote NewSID in 1997 (its original name was NTSID) because the only tool available at the time for changing machine SIDs was the Microsoft Sysprep tool, and Sysprep doesn’t support changing the SIDs of computers that have applications installed. A machine SID is a unique identifier generated by Windows Setup that Windows uses as the basis for the SIDs for administrator-defined local accounts and groups. After a user logs on to a system, they are represented by their account and group SIDs with respect to object authorization (permissions checks). If two machines have the same machine SID, then accounts or groups on those systems might have the same SID. It’s therefore obvious that having multiple computers with the same machine SID on a network poses a security risk, right? At least that’s been the conventional wisdom.
The reason that I began considering NewSID for retirement is that, although people generally reported success with it on Windows Vista, I hadn’t fully tested it myself and I got occasional reports that some Windows component would fail after NewSID was used. When I set out to look into the reports I took a step back to understand how duplicate SIDs could cause problems, a belief that I had taken on faith like everyone else. The more I thought about it, the more I became convinced that machine SID duplication – having multiple computers with the same machine SID – doesn’t pose any problem, security or otherwise. I took my conclusion to the Windows security and deployment teams and no one could come up with a scenario where two systems with the same machine SID, whether in a Workgroup or a Domain, would cause an issue. At that point the decision to retire NewSID became obvious.
I realize that the news that it’s okay to have duplicate machine SIDs comes as a surprise to many, especially since changing SIDs on imaged systems has been a fundamental principle of image deployment since Windows NT’s inception. This blog post debunks the myth with facts by first describing the machine SID, explaining how Windows uses SIDs, and then showing that - with one exception - Windows never exposes a machine SID outside its computer, proving that it’s okay to have systems with the same machine SID. Note that Sysprep resets other machine-specific state that, if duplicated, can cause problems for certain applications like Windows Server Update Services (WSUS), so MIcrosoft's support policy will still require cloned systems to be made unique with Sysprep."
Thanks that's interesting, two points stand out to me....
"if duplicated, can cause problems for certain applications like Windows Server Update Services (WSUS),"
because WSUS and some other services will misbehave because of duplicate SIDs then i say its still a issue that has to be dealt with.
"same machine SID on a network poses a security risk"
If there is a possibly that critical updates can be effected because WSUS misbehaves then yes it could pose as a security risk.
Thats the way i interpret this.
I will continue to use sysprep
Yeah, I tend to aggree with you guys now., Used to be a big fan of NEWSID but it just seems a little risky now. All I do now is just build a machine with all updates etc, and then run SYSPREP on it. Then just take copies of the file for new VMs.
I think you might of misunderstood the MS guys point. It's not that NewSID doesn't do a good job, it's just the fact, from his research, having a duplicate SID on a network isn't an issue. And using Sysprep does the same as NewSID. At least with NewSID there is no limit on the amount of times you can use it.
I think, skim reading the article. He says using Sysprep is still recommended. Not because of the SID issue but because there are other duplicate issues that Sysprep fixes.
Yes reading Nickys comment i wondered if he was reading the same article ;-)
"At least with NewSID there is no limit on the amount of times you can use it."
you can run sysprep as many times as you like, that's the point of factory and audit modes. You just cant reset windows activation grace period more than 3 times.
Well Newsid is fine for labs but for production it gives too many issues, especially with SCCM clients, the reports show duplicate machines!