Travis said:
Shenan, I beg to differ. Each user account, group, and computer each
have thier own SID. The computer SID is randomly generated at the
time you install the OS. Amir, I believe the duplicate SIDs you are
referring to are computer SIDs. Duplicate computer SIDs are of a
concern when you clone an image and do not use a SID regenerator like
sysprep.
Duplicate SIDs aren't an issue in a Domain-based environment since domain
accounts have SID's based on the Domain SID. But, according to Microsoft
Knowledge Base article Q162001, "Do Not Disk Duplicate Installed Versions of
Windows NT", in a Workgroup environment security is based on local account
SIDs. Thus, if two computers have users with the same SID, the Workgroup
will not be able to distinguish between the users. All resources, including
files and Registry keys, that one user has access to, the other will as
well.
Another instance where duplicate SIDs can cause problems is where there is
removable media formated with NTFS, and local account security attributes
are applied to files and directories. If such a media is moved to a
different computer that has the same SID, then local accounts that otherwise
would not be able to access the files might be able to if their account IDs
happened to match those in the security attributes. This is not be possible
if computers have different SIDs.
An article Mark has written, entitled "NT Rollout Options", was published in
the June issue of Windows NT Magazine. It discusses the duplicate SID issue
in more detail, and presents Microsoft's official stance on cloning. The
relevant section is near the middle:
http://www.winntmag.com/Articles/ArticleID/3469/pg/2/2.html