JSI Tip 6090. NewSID freeware.

Download NewSID.

The NewSID page begins with:

Many organizations use disk image cloning to perform mass rollouts of Windows. This technique involves copying the disks of a fully installed and configured Windows computer onto the disk drives of other computers. These other computers effectively appear to have been through the same install process, and are immediately available for use.

While this method saves hours of work and hassle over other rollout approaches, it has the major problem that every cloned system has an identical Computer Security Identifier (SID). This fact compromises security in Workgroup environments, and removable media security can also be compromised in networks with multiple identical computer SIDs.

Demand from the Windows community has lead PowerQuest, Ghost Software and Altiris to develop programs that can change a computer's SID after a system has been cloned. However, PowerQuest's SID Changer and Ghost Software's Ghost Walker are only sold as part of each company's high-end product. Further, they both run from a DOS command prompt (Altiris' changer is similar to NewSID).

NewSID is a program we developed that changes a computer's SID. It is free, comes with full source, and is a Win32 program, meaning that it can easily be run on systems that have been previously cloned. NewSID works Windows NT 4, Windows 2000, Windows XP and Windows .NET Server.

Please read this entire article before you use this program.

Version Information:

  • Version 4.0 introduces support for Windows XP and .NET Server, a wizard-style interface, allows you to specify the SID that you want applied, Registry compaction and also the option to rename a computer (which results in a change of both NetBIOS and DNS names).
  • Version 3.02 corrects a bug where NewSid would not correctly copy default values with invalid value types when renaming a key with an old SID to a new SID. NT actually makes use of such invalid values at certain times in the SAM. The symptom of this bug was error messages reporting access denied when account information was updated by an authorized user.
  • Version 3.01 adds a work-around for an inaccessible Registry key that is created by Microsoft Transaction Server. Without the work-around NewSID would quit prematurely.
  • Version 3.0 introduces a SID-sync feature that directs NewSID to obtain a SID to apply from another computer.
  • Version 2.0 has an automated-mode option, and let's you change the computer name as well.
  • Version 1.2 fixes a bug in that was introduced in 1.1 where some file system security descriptors were not updated.
  • Version 1.1 corrects a relatively minor bug that affected only certain installations. It also has been updated to change SIDs associated with the permission settings of file and printer shares.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.