Microsoft KB Archive/162001

= Do not disk duplicate installed versions of Windows =

Article ID: 162001

Article Last Modified on 3/27/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows XP Professional
 * Microsoft Windows XP Home Edition
 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows 2000 Datacenter Server
 * Microsoft Windows NT Server 4.0 Standard Edition
 * Microsoft Windows NT Server 4.0, Terminal Server Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Server 3.51
 * Microsoft Windows NT Workstation 3.51
 * Microsoft Windows NT Workstation 3.5
 * Microsoft Windows NT Server 3.5
 * Microsoft Windows NT Workstation 3.1
 * Microsoft Windows NT Advanced Server 3.1

-



This article was previously published under Q162001





SUMMARY
Microsoft provides several methods for the proper deployment of the Windows operating system. The use of a supported method is very important to ensuring the security of the systems running Windows is not compromised.

Computers running the Windows operating system use a Security ID (SID) to uniquely identify themselves. When you use disk-duplicating software, it is important to take steps to ensure the uniqueness of these Security IDs. This article briefly describes the SID and supported methods for cloning or duplicating a Windows installation.



MORE INFORMATION
During installation of Windows, a machine SID is computed to contain a statistically unique 96-bit number. The machine SID is the prefix of the user account and group account SID'S created on the computer. The machine SID is concatenated with the Relative ID (RID) of the account to create the account's unique identifier.

The following example displays the SID'S for 4 local user accounts. Notice that only the last four digits are incremented as new accounts are added.

HKEY_USERS on Local Machine

S-1-5-21-191058668-193157475-1542849698-500 administrator

S-1-5-21-191058668-193157475-1542849698-1000 User one

S-1-5-21-191058668-193157475-1542849698-1001 User two

S-1-5-21-191058668-193157475-1542849698-1002 User three

Cloning or duplicating an installation without taking the recommended steps could lead to duplicate SIDs, and in the case of removable media, lead to accounts having access to files even though they were specifically denied access by using NTFS permissions. Because the SID identifies the computer or domain as well as the user, it is critical that it be unique to maintain support for current and future programs.

Microsoft Policy Statement
Microsoft does not provide support for computers that have been installed by duplicating fully installed copies of Windows. Microsoft supports computers that were installed by using disk-duplicating software and the System Preparation Tool (Sysprep.exe). Microsoft supports the following operating systems that have been imaged by using the Sysprep utility:

Windows 2000 Professional

Windows 2000 Server (can only be imaged before you run DCPROMO)

Windows 2000 Advanced Server

Windows XP Professional

Windows XP Home Edition

Windows Server 2003, Standard Edition

Windows Server 2003, Enterprise Edition

For more information about the Windows System Preparation Tool, visit the following Microsoft Web site:

http://www.microsoft.com/technet/desktopdeployment/imaging/imagingsysprep.mspx

Microsoft does not provide support for computers that were set up with SID duplicating tools other than the System Preparation tool.

For more information about the Sysprep utility and the utility itself, can be found on the product CD at:

CD:\support\tools\deploy.cab

If an image was created without the use of sysprep, Microsoft does not support running Sysprep after the image is deployed as a way to bring the computer back into compliance.

