Category: clone

Cloning and SIDs

A big issue of Windows cloning is the duplication of the machine Security Identifier (aka SID). The SID represents all security principals on a computer (machines, domain computer accounts, users and groups). In the past simply duplicating a computer saw the SID copied to the other computer or in this case the virtual machine.

If you run sysprep, you don’t have to worry about it. However, the computing world being as it is there are always attempts to speed the process and avoid steps if possible.

One of these attempts was a nice little utility called NEWSID by Mark Russinovich. It was small, simple and it appeared to do the job. I admit to using it a couple times.

However, as with many things you learn later that it’s not the best thing to use. In this case, newsid starts having problems if you install applications and add them to your cloning process.  Mark Russinovich has a blog and a good entry about it so I won’t go into detail.

NEWSID was retired in 2009 and really shouldn’t be used anymore. Options are sysprep (expected by Microsoft) and third party (VMware SID generation).

I have used the cloning wizard of VMware and found it does generate a new SID. This was verified by using Mark’s program psgetsid. This is part of pstools and if you aren’t already using them, you should get them!

However, I am curious to how clean the VMware SID generation is and will go back and review some clones to make sure things are good.


I had been away from the virtual world due to requirements of the job. My return saw the need to establish a virtual machine and then clone it. Basic task.

One question raised was the need to run sysprep as it appeared VMware’s clone process had the ability to generate new SID information. I didn’t find a obvious answer on the Net and cluster owner said probably not.

I tried the clone wizard and was rewarded with a message this option can only be used with Vista and above.  This was a Windows 10 VM so I thought this was the result of the cluster running version 5.1

I thought ok let’s just use sysprep.

As a precaution I made a copy of the VM and ran sysprep. It ran without issue. However, when I tried to login with the local administrator; I was informed the account was disabled!  DOH! Standard practice of sysprep. Did I mention there wasn’t an answer file?

Not a huge problem if it was only one VM. Just need to boot of an ISO and enable the account.

I had many clones to create so this was not an option.  The clone and the image were deleted and the copy restored.

I decided to try the clone wizard again as I remembered there was an option where you could submit one time commands. This would be a good place to try:

net use administrator /active:yes

I also had a thought on the clone wizard steps as one of them was adding the host to the domain. I thought this is what triggered the Vista message. This time I would clone the VM and leave it in a workgroup.

This time the VM was cloned without an error and I was able to login as the local administrator.

I suspect the Net command was not needed as the password assigned on the main image worked on the clone. I didn’t have any time to experiment; but, I left the command in the one time options as a precaution.

The rest of the clones were created without issue.

Time to re-familiarize myself with VMware!