The Consequences and Problems of NewSID 4.10 : MIKE MORAWSKI

While there have been compelling posts on why NewSID is not needed, Microsoft still recommends to not image in such a way that you end up with identical Security Identifiers (SID). I prefer to trust Microsoft with this. What is a bit jarring, is that some management software works off of SIDs and will require for you to have unique SIDs. What I never found was a list of what NewSID fails to work with and what it will fudge up. Here’s some findings that may help when deciding to use this in your environment.

NewSID 4.10 - Bringer of unforseen consequences

Here are some facts I’ve encountered while testing on Windows XP (Though most can likely be extrapolated to Vista and 7).

Say goodbye to encrypted files, they will not be adjusted to the new SID.
The tool requires administrative rights.
Terminating the newSID during operation will likely lead to an unstable system. This might be a problem because:
NewSID takes several minutes to run! Any power loss or unwanted user intervention should be taken into consideration. For a 2.4 Ghz Dell /w 512mb ram it took over 5 minutes to complete with a Fresh XP install containing email client software, Office 2003 and 2007, Wordperfect and a couple other programs. Keep in mind, this would take considerably longer on a system with its HDD filled up to the brim or with many more individual programs. Larger file space usage and registry equals longer NewSID run time.
The tool will run on Windows XP x64 though it executes as a 32 bit program.
“A backup of the computer is strongly recommended” as expressed by the creator.
Remote Desktop Requests appeared to fail after running NewSID. I was able to recreate this behavior.
System restore will function fine jumping accross restore points. However keep in mind that a user can revert to the old SID if they perform a restore before the change.

With that said I have seen problems with several programs posted on the internet:

IIS 6 (http://blog.bluewire-technologies.com/2007/08/10/iis6-doesnt-like-newsid/)

“On II6, however, our app pool identity is a member of IIS_WPG, the IIS Worker Process Group, and relies on that group’s permissions. NewSID leaves the old SID in the Metabase and doesn’t add the new one, effectively nuking IIS_WPG’s permissions on all IIS directories.”

SQL Server (http://kendalvandyke.blogspot.com/2009/01/changing-machine-sid-with-newsid-breaks.html)

“SQL Server stores the logins – and SID – for each of those groups in master.dbo.syslogins. NewSID wasn’t written with SQL awareness so after using it to change the machine SID (which in turn changes the SID for each local group) you’re going to be left with the old group SIDs in SQL, new group SIDs in the OS, a SQL service that won’t start”

64 Bit Windows (Appears rare) (http://forum.sysinternals.com/topic18834.html) (http://forum.sysinternals.com/topic14362.html)

Infinite loops/Hangs sometimes reported on x64 bit machines

XP Remote Desktop (Appears rare) (http://www.tech-archive.net/Archive/WinXP/microsoft.public.windowsxp.general/2008-09/msg00207.html)

“The RDP protocol component “DATA ENCRYPTION” detected an error in the protocol stream and has disconnected the client.”

Visual Source Safe (Common)

If anyone finds any more info in particular to NewSID 4.10 please post it up!

2 Comments

# bboy31320January 6, 2013 at 7:31 pm

What do i do if i stopped during the process of a new sid, then something went wrong with my pc then i did a system restore but after that i couldnt open any files wat do i do?i was looking in the internet and i found a repair installation program for windows 7 but im not sure if i should try it, can u plz help me?????.?.?.?

Pingbacks