Q. Is it true that I don't need to worry about duplicate machine SIDs anymore?

A. For a long time, it's been been understood that duplicate SIDs is a bad thing, so any environment that uses machine imaging always performs an action to reset the SIDs, such as using SYSPREP from Microsoft.

Mark Russinovich recently posted an article that says there's no problem with duplicate machine SIDs, because when a machine joins a domain, the domain SID is used, and no one at Microsoft can come up with a reason a duplicate machine SID is a problem.

It is important to realize that just because Microsoft security still functions with duplicate SIDs, it doesn't mean every application will. Some applications, rightly or wrongly, still use the SID to identify a machine uniquely, so if you have duplicate SIDs in an environment, you may see things start to break. Application developers have long assumed the machine SID in an environment will always be unique, which was Microsoft's official guidance.

At this point, I would still err toward ensuring your machines' SIDs are unique until you have time to perform in depth testing to ensure that no applications or services in your environment rely on unique machine SIDs.

Related Reading:

Check out hundreds more useful Q&As like this in John Savill's FAQ for Windows. Also, watch instructional videos made by John at ITTV.net.
TAGS: Windows 8
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.