Q. I heard that having duplicate SIDs on workstations causes security problems on removable media. Is this true?

A. Yes. Consider the following, paraphrased from an email from Jeremy Moskowitz of gpanswers.com:

Imagine you have three Windows NT or later machines. They're all clones, with the same SID. There are local accounts on each with the following computer name-user SID combos:

  • CompA: Fred (501), Wilma (502), Barney (503)
  • CompB: Jerry (501), Elaine (502), George (503)
  • CompC: Harry (501), Sally (502), Mom (503)

If Fred stores something on an external NTFS drive, it's only protected by his SID. That means that Jerry or Harry could read from Fred's drive. The same situation exists for Wilma, Elaine, and Sally and for Barney, George, and Mom. As you can see, SIDs must be changed to ensure that external NTFS (or stolen internal NTFS) drives can't be read by anyone other than the user who's written on the item's ACL.

There's a counter to this argument that says NTFS security on removable drives is worthless anyway, because there are many third party applications and services that can read NTFS and bypass the security.

Related Reading:

Check out hundreds more useful Q&As like this in John Savill's FAQ for Windows. Also, watch instructional videos made by John at ITTV.net.
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.