As you probably know by now, Microsoft-based operating systems use SIDs (Security IDs) that are generated as part of the initial setup of Windows. If you have more than one computer with the same SID, this could cause problems, and cloning a computer (either physical or virtual) without re-generating this SID can cause SID duplication. Please read the following article if you need to learn more about this issue:
Curious about what sort of problems you may run into if you don’t follow these guides? See my article about email stuck in Drafts folder on Exchange Server 2007/2010, for one example of what can happen…
BTW, you can use PsGetSid (by Microsoft Sysinternals) to find out if you’re using computers with duplicate SIDs:
Have you performed a rollout, only to discover that your network might suffer from the SID duplication problem? In order to know which systems have to be assigned a new SID (using a SID updater like our own NewSID), you have to know what a computer’s machine SID is. Up until now, there’s been no way to tell the machine SID without knowing Regedit tricks and exactly where to look in the Registry. PsGetSid makes reading a computer’s SID easy, and works across the network so that you can query SIDs remotely. PsGetSid also lets you see the SIDs of user accounts and translate a SID into the name that represents it.
This guide assumes that you’ve got some sort of virtualization infrastructure in place – this could be a VMware product, Microsoft Hyper-V, Citrix XEN and so on. It also assumes that you’ve got some sort of virtualization management tool, and a library where you store all the virtual machine templates and master images. This guide is not product specific.
In addition, it’s important that you have a basic knowledge about how to set up and run your virtualization product, that you are knowledgeable about setting up virtual machines, and about the proper procedure to install and configure a Windows-based operating system on these virtual machines.
Lastly, this guide assumes that you’re knowledgeable about the proper procedures needed to be taken prior to creating a virtual machine clone, how to use SYSPREP (the system preparation tool from Microsoft), and how to create proper answer files for the preparation procedure.
Note: SYSPREP is a tool that prepares an installation of Windows for duplication, auditing, and customer delivery.
To download SYSPREP for Windows Server 2003/R2 and Windows XP, please use one of these links:
Download details: System Preparation tool for Windows Server 2003 SP2 Deployment
Download details: System Preparation tool for Windows Server 2003 SP2 Deployment (x64)
Download details: Windows XP Service Pack 3 Deployment Tools
Note that in Windows Server 2008/R2, Windows Vista/7 – the SYSPREP tool is already included in the operating system, therefore there’s no need to download it.
To create the proper answer file under Windows Server 2003/R2 and Windows XP, you need to either manually edit an existing SYSPREP.INF file, or create one for your needs. To create a SYSPREP.INF answer file for Windows Server 2003/R2 and Windows XP you can use the SETUPMGR.EXE tool found inside the Deployment Tools. Use the above links to get the proper version for your needs.
To create the proper answer file under Windows Server 2008/R2, Windows Vista/7, you need to either manually edit an existing answer file, or create one for your needs. . To create an answer file for Windows Server 2008/R2, Windows Vista/7, you must use the tools available in the Windows Automated Installation Kit (AIK).
Download details: Windows Automated Installation Kit (AIK)
Prior to cloning the virtual machine there are several steps that you must accomplish. For example, some of the preparation tasks should include:
Note that unlike cloning physical machines, since we will be cloning virtual machines, there is not hardware abstraction layer that we need to worry about, no mass storage devices, and no other devices that need to be detected and installed.
After performing the initial setup steps on a single system, you need to run the SYSPREP utility to prepare the sample computer for cloning.
As stated above, there is a major difference between cloning systems running Windows Server 2003/XP and those running Windows Server 2008/Vista/7.
Here are some links that will help you get started:
The SYSPREP.inf answer file is a text file that scripts the answers for a series of graphical user interface dialog boxes.Instead of having t0 manually enter the computer’s product ID, accept the license agreement, choose regional settings, enter a password, owner and computer name and so on, you can script everything inside one small text file that will provide the mini-setup wizard that runs after the computer is cloned and rebooted, with the correct answers.
To create a SYSPREP.inf answer file that is used by the SYSPREP tool, you can use a text editor or you can use the Setup Manager tool that is included on the Windows XP CD and is also included with the Microsoft Windows XP Resource Kit. The answer file must be renamed to SYSPREP.inf, and must reside in the SYSPREP folder in the root of the drive where Windows XP is installed, or these files can reside on a floppy disk. If the SYSPREP folder is named differently, the Setup program ignores it. There is no need to specify any parameter for the Mini-Setup Wizard answer file.
After preparing the answer file, run the SYSPREP tool from the C:\SYSPREP folder:
Select the “Use Mini Setup” and then click on “Reseal”:
The computer will shut down. At that moment, if it’s a physical computer – take out the hard drive and use any cloning mechanism that you may have (i.e. Ghost etc.). If it’s a virtual machine, either use existing virtualization tools such as System Center Virtual Machine Manager (SCVMM), or simply copy the VHD file. When using virtual machines, you will need to create the settings for an X number of cloned virtual machines, and then simply connect them to the copied VHD files.
After starting up each cloned machine, if the answer file has been properly created, you will need to enter the computer name and the entire process will automatically run.
Now, you can verify your computer’s SID with PsGetSID.
Unlike previous versions, the unattended Windows Setup answer file in Windows Server 2008/Vista/7, is an XML file typically called Unattend.xml. This is the answer file for Windows Setup that is created by using Windows System Image Manager (Windows SIM). The answer file enables the configuration of default Windows settings, as well as the addition of drivers, software updates, and other applications. The answer file enables OEMs and corporations to customize Windows Setup tasks, for example, specifying disk configuration, changing the default values for Internet Explorer, and installing additional drivers.
Unlike previous versions, the unattended Windows Setup answer file in Windows Server 2008/Vista/7 needs to be specified during the running of SYSPREP. To do so, run the SYSPREP tool with the /unattend:filename option.
If you wish to manually configure the Windows settings after SYSPREP, run SYSPREP from the C:\Windows\System32\sysprep folder:
Make sure you do NOT FORGET to select the “Generalize” option if you need to change the computer’s SID. Unlike previous versions, it seems that this version will NOT change the SID unless you pick that option!!! When done, click on “OK”:
Select the “Shutdown” and then click on “OK”:
The computer will shut down. Like in the previous section, if this is a physical computer – take out the hard drive and use any cloning mechanism that you may have. If it’s a virtual machine, either use existing virtualization tools such as System Center Virtual Machine Manager (SCVMM), or simply copy the VHD file. When using virtual machines, you will need to create the settings for an X number of cloned virtual machines, and then simply connect them to the copied VHD files.
After starting up each cloned machine, if no answer file has been created, you will be prompted to configure the computer name and some other settings. Of course, creating an answer file will greatly ease this process, and the entire process will automatically run.
Now, you can verify your computer’s SID with PsGetSID and you’re done!