Use Windows Sysprep to modify the operating system's SID

A lot of people might be wondering what the SID of Windows is, what's the use of it, and what's the impact on us?

With these questions, let's solve these problems slowly.

What the SID is:

The SID, also known as the security Identifiers, is the unique number that identifies the user, group, and computer accounts. When you create the account for the first time, a unique SID is published for each account on the network. Internal processes in Windows NT refer to the account's SID instead of the account's user or group name. If you create an account, delete the account, and then create another account with the same user name, the new account will not have the rights or permissions granted to the previous account because the account has a different SID number. Security identifiers are also known as security IDs or SIDS.

What is SID used for:

After the user logs on to the operating system, the login process will give the user an access token equivalent to the user's access to system resources, and when the user tries to access system resources, the access token is provided to Windows NT, and then Windows NT checks to see if the user is attempting to access the access control list on the object.  If the user is allowed access to the object, Windows NT assigns the appropriate access rights to the user. The access token is provided by the user at the time of authentication by the login process, so changing the user's permissions requires logging off and re-logging in, retrieving the access token again

What is the impact on us:

The main impact of this is the problem that can occur when SID duplication occurs:

When installing the NT system, a unique SID is generated, but when you use ghost-like software to clone a machine, you have a problem with using a SID for different machines. has created a serious security problem.

Similarly, a duplicate SID can have a lot of security implications for the peer network. In the peer network account is based on the SID plus a related identifier (RID), if all the workstations have the same SID, each workstation generated the first account is the same, so that the user's own folder and file security has a hidden danger.
At this point, someone in their own NTFS partition to establish a share, and set up their own access, but in fact, the other machine's SID number and the same user can also access this share.

And in the actual application process will find that such problems will be more and more, especially in server virtualization and desktop virtualization use more and more frequently today, such problems will become more and more prominent, so we need to have some measures is the system has a new SID approach:

In fact, the practice is also very simple:

After starting Windows2008 into the system, open the CMD window and enter the "C:\windows\system32\sysprep" directory before entering "Sysprep/generalize/oobe/reboot" to reconfigure the SID.

This article is from the "zhouhuaooo" blog, make sure to keep this source http://77132.blog.51cto.com/67132/1575678

Use Windows Sysprep to modify the operating system's SID