Does the Domain SID linger after being removed from the domain?

  • Thread starter Thread starter Matthew
  • Start date Start date
M

Matthew

Late last year (http://blogs.msdn.com/aaron_margosis/archive/
2009/11/05/machine-sids-and-domain-sids.aspx) there was a blog post
further explaining the differences between a computer’s Machine SID
and the Domain SID as it relates to NewSID and the SID myth (http://
blogs.technet.com/markrussinovich/archive/2009/11/03/3291024.aspx). At
the end of the blog post the author makes the point that you shouldn’t
clone a computer that is part of a domain. Does that mean a computer
that is currently in the domain when the image is taken or ever in a
domain? Consider the following sequence of events:

1. On PC #1 you do a fresh install of Windows XP Pro.
2. Join to domain, add apps, configure Default User, etc.
3. Remove from domain and put back into a workgroup.
4. Gather image.
5. Push image to PC #2.
6. Join PC #2 to domain.
7. Will PC #2 have problems, such as from lingering registry settings
or Domain SID?

Matthew
 
Matthew said:
Will PC #2 have problems, such as from lingering registry settings
or Domain SID?

As you point out, Russinovich proved that even a machine with a
duplicate SID was not violating anything or causing domain problems, and
this was *after* he became a MicroSoft droid.

Microsoft just doesn't want you to clone your OS and operate the clone
on it's own PC hardware. They want you to buy licenses and not mess
around with cloning.

But I do it all the time.
 
Back
Top