Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: Cloning not creating SID!

2 views
Skip to first unread message

KM

unread,
Apr 2, 2007, 1:59:42 PM4/2/07
to
Bill,

What do you see under HKEY_USERS key? What subkeys?
You can always find them under [HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList] key (subkeys).

You can download and use NewSID tools (ex: sysinternals.com, now Microsoft) to generate new SIDs:
http://www.microsoft.com/technet/sysinternals/Security/NewSid.mspx
Here you will find a list of well-known SIDs: http://msdn2.microsoft.com/en-us/library/aa379649.aspx

--
=========
Regards,
KM


> Hi all,
>
> I am using system cloning tool in my OS. The reseal phase is happening
> properly, but when i clone the resealed image, i am not able to see any SID
> related keys under HKEY_USERS.
> I dont see any dependent component for this and there is nothing wrong in
> component setting also!
> Am i looking at wrong place to check for SID?
>
> Please help,


Bill

unread,
Apr 3, 2007, 12:52:02 AM4/3/07
to
Hi KM,

I am refering Sean Liming's "Windows XP Embedded Advanced" book for cloning,
in which he has mentioned:
"Use regedit and check HKEY_USEER for SID
S-1-5-21-<xxxxxxxxxx><xxxxxxxxxx><xxxxxxxxxx> -500".

I am not able to see any keys similar to this in my XPe cloned image.
Neither it is seen in under [HKLM\Software\Microsoft\Windows

NT\CurrentVersion\ProfileList] key (subkeys).

Why do i need to use some tool to generate new SIDs? Is it not a feature of
cloning to generate new unique SID for each of the cloned system?

Thanks,

KM

unread,
Apr 3, 2007, 1:07:21 AM4/3/07
to
Bill,

No, you don't have to use NewSID. The only purpose for me to mention that link was that the page contains lots of helpful info about
SID.

Anyway, could you please show us what exactly you got under HKEY_USERS key and under the ProfileList key? You would want to show us
only the subkeys. This is what I have asked for in my previous post :-)

A few more questions the answers to which may lead to the root of the issue:
- How exactly do you run fbreseal? What command line switches and/or advanced properties of the System Cloning Tool component do
you use?
- Do you have an Administrator account component included? Any user account component?
- What is your image based on - Minlogon or Winlogon? What Shell?

Bill

unread,
Apr 3, 2007, 1:58:00 AM4/3/07
to
I have minlogon with custom shell, and i have set Automatic mode in system
cloning tool setting which means reseal.exe runs at 12000 phase.
I don't have any administrator/User account component.
The keys under HKEY_USER are:
.DEFAULT
S-1-5-18
S-1-5-19
S-1-5-19_Classes
S-1-5-20
S-1-5-20_Classes

under the ProfileList key:
S-1-5-19
S-1-5-20

Thanks,

KM

unread,
Apr 3, 2007, 3:25:24 AM4/3/07
to
Bill,

Minlogon and no Admin/User components in your image explains why you don't see the registry subkeys you're expecting to see.
The keys you expected to see are related to user accounts (Admin is also an user).
The keys you saw were related to some system accounts. Please see the list of well-known SIDs I posted the link to earlier in this
thread.

For instance,
SECURITY_LOCAL_SYSTEM_RID S-1-5-18 A special account used by the operating system.


--
=========
Regards,
KM

Sean Liming (eMVP)

unread,
Apr 3, 2007, 11:02:03 AM4/3/07
to
In the book, the example uses Windows Logon (standard) or WinLogon. If you
are using Minlogon, the results are what you see.

Regards,

Sean Liming
www.sjjmicro.com / www.seanliming.com
XP Embedded Book Author - XP Embedded Advanced, XP Embedded Supplemental
Toolkit

"KM" <konstmor@nospam_yahoo.com> wrote in message
news:eZNo9Ecd...@TK2MSFTNGP04.phx.gbl...

Bill

unread,
Apr 3, 2007, 11:32:07 AM4/3/07
to
Hi,

Thank you so much for the help!

I now have a small query: How do i validate the creation of SID on each of
the cloned system? I mean, how do i test and confirm, after cloning, that the
system has been assigned unique SID?
if my question sounds like i am a bit confused about SIDs, it could be true!!

Thanks,

KM

unread,
Apr 3, 2007, 7:51:57 PM4/3/07
to
Bill,

User SID duplication is not much an issue in Minlogon environment. However, there is still computer SID. You can find that SID
somewhere in SAM hive (HKLM\SECURITY\SAM), typically listed in the list of Members keys.
Much easier way to find out that SID though is to run PsGetSid utility from sysinternals.com (I should've mentioned this tool
earlier but not NewSID to avoid confutions). here is where you can download it as a part of PsTools package:
http://www.microsoft.com/technet/sysinternals/utilities/psgetsid.mspx

FYI.. In Release Notes for SP2 there was mentioned the following: If your embedded run-time image is based on the Minlogon baseline
configuration and you add the System Cloning Tool component, you must also ensure that your configuration includes the Local
Security Authority Subsystem (LSASS) and TCP/IP Networking components.

--
=========
Regards,
KM

Bill

unread,
Apr 4, 2007, 2:32:01 AM4/4/07
to
Hi KM,

Thank you very much for the support!

I could do it using psgetsid tool. I found that the computer SID is stored
in :
HKLM\SAM\SAM\Domain\Builtin\Aliases\Members
and cloned images are acquiring unique IDs.

Thanks a lot!

0 new messages