NewSID 4.10

Many organizations use disk image cloning to perform mass rollouts of Windows.

Developer:   Mark Russinovich       software by Mark Russinovich → Price:  0.00 License:   Freeware File size:   0K Language:    OS:   Windows XP/Vista (?) Rating:   0 /5 (0 votes)

Many organizations use disk image cloning to perform mass rollouts of Windows. This technique involves copying the disks of a fully installed and configured Windows computer onto the disk drives of other computers. These other computers effectively appear to have been through the same install process, and are immediately available for use.

While this method saves hours of work and hassle over other rollout approaches, it has the major problem that every cloned system has an identical Computer Security Identifier (SID). This fact compromises security in Workgroup environments, and removable media security can also be compromised in networks with multiple identical computer SIDs.

Demand from the Windows community has lead Symantec and Altiris to develop programs that can change a computer's SID after a system has been cloned. However, Symantec's SID Changer andSymantec's Ghost Walker are only sold as part of each company's high-end product. Further, they both run from a DOS command prompt (Altiris' changer is similar to NewSID).

NewSID is a program we developed that changes a computer's SID. It is free, comes with full source, and is a Win32 program, meaning that it can easily be run on systems that have been previously cloned. NewSID works on Windows NT 4, Windows 2000, Windows XP and Windows .NET Server.

One of the most popular ways of performing mass Windows rollouts (typically hundreds of computers) in corporate environments is based on the technique of disk cloning. A system administrator installs the base operating system and add-on software used in the company on a template computer. After configuring the machine for operation in the company network, automated disk or system duplication tools (such as Symantec's Ghost, PowerQuest's Image Drive, Altiris' RapiDeploy, and Innovative Software's ImageCast) are used to copy the template computer's drives onto tens or hundreds of computers. These clones are then given final tweaks, such as the assignment of unique names, and then used by company employees.

Another popular way of rolling out is by using the Microsoft sysdiff utility (part of the Windows Resource Kit). This tool requires that the system administrator perform a full install (usually a scripted unattended installation) on each computer, and then sysdiff automates the application of add-on software install images.

Because the installation is skipped, and because disk sector copying is more efficient than file copying, a cloned-based rollout can save dozens of hours over a comparable sysdiff install. In addition, the system administrator does not have to learn how to use unattended install or sysdiff, or create and debug install scripts. This alone saves hours of work.

NewSID is an application we developed to change a computer's SID. It first generates a random SID for the computer, and proceeds to update instances of the existing computer SID it finds in the Registry and in file security descriptors, replacing occurrences with the new SID. NewSID requires administrative privileges to run. It has two functions: changing the SID, and changing the computer name.

To use NewSID's auto-run option, specify "/a" on the command line. You can also direct it to automatically change the computer's name by including the new name after the "/a" switch. For example:

newsid /a [newname]

Would have NewSID run without prompting, change the computer name to "newname" and have it reboot the computer if everything goes okay.

NewSID starts by reading the existing computer SID. A computer's SID is stored in the Registry's SECURITY hive under SECURITY\SAM\Domains\Account. This key has a value named F and a value named V. The V value is a binary value that has the computer SID embedded within it at the end of its data. NewSID ensures that this SID is in a standard format (3 32-bit subauthorities preceded by three 32-bit authority fields).

Next, NewSID generates a new random SID for the computer. NewSID's generation takes great pains to create a truly random 96-bit value, which replaces the 96-bits of the 3 subauthority values that make up a computer SID.

Three phases to the computer SID replacement follow. In the first phase, the SECURITY and SAM Registry hives are scanned for occurrences of the old computer SID in key values, as well as the names of the keys. When the SID is found in a value it is replaced with the new computer SID, and when the SID is found in a name, the key and its subkeys are copied to a new subkey that has the same name except with the new SID replacing the old.

The final two phases involve updating security descriptors. Registry keys and NTFS files have security associated with them. Security descriptors consist of an entry that identifies which account owns the resource, which group is the primary group owner, an optional list of entries that specify actions permitted by users or groups (known as the Discretionary Access Control List - DACL), and an optional list of entries that specify which actions performed by certain users or groups will generate entries in the system Event Log (System Access Control List - SACL). A user or a group is identified in these security descriptors with their SIDs, and as I stated earlier, local user accounts (other than the built-in accounts such as Administrator, Guest, and so on) have their SIDs made up of the computer SID plus a RID.

The first part of security descriptor updates occurs on all NTFS file system files on the computer. Every security descriptor is scanned for occurrences of the computer SID. When NewSID finds one, it replaces it with the new computer SID.

The second part of security descriptor updates is performed on the Registry. First, NewSID must make sure that it scans all hives, not just those that are loaded. Every user account has a Registry hive that is loaded as HKEY_CURRENT_USER when the user is logged in, but remains on disk in the user's profile directory when they are not. NewSID identifies the locations of all user hive locations by enumerating the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList key, which points at the directories in which they are stored. It then loads them into the Registry using RegLoadKey under HKEY_LOCAL_MACHINE and scans the entire Registry, examining each security descriptor in search of the old computer SID. Updates are performed the same as for files, and when its done NewSID unloads the user hives it loaded. As a final step NewSID scans the HKEY_USERS key, which contains the hive of the currently logged-in user as well as the .Default hive. This is necessary because a hive can't be loaded twice, so the logged-in user hive won't be loaded into HKEY_LOCAL_MACHINE when NewSID is loading other user hives.

Finally, NewSID must update the ProfileList subkeys to refer to the new account SIDs. This step is necessary to have Windows NT correctly associate profiles with the user accounts after the account SIDs are changed to reflect the new computer SID.

NewSID ensures that it can access and modify every file and Registry key in the system by giving itself the following privileges: System, Backup, Restore and Take Ownership.

tags computer sid  the computer  the new  with the  the system  security descriptor  the registry  security descriptors  the user  has the  when the  the sid  the old  

Download NewSID 4.10

 Download NewSID 4.10

Authors software

Bluescreen 3.2
Mark Russinovich

One of the most feared colors in the NT world is blue.

Du v 1.00 r 7
Mark Russinovich

Du (disk usage) will report the disk space usage for the directory you specify.

Sigcheck 1.0
Mark Russinovich

Verify that images are digitally signed and dump version information with this simple command-line utility called Sigcheck.

AccessChk 1.03
Mark Russinovich

As a part of ensuring that they've created a secure environment Windows administrators often need to know what kind of accesses specific users or groups have to resources including files, directories, Registry keys, and Windows services.

CacheSet 1.0
Mark Russinovich

CacheSet is an applet which helps you manipulate the working-set parameters of the system file cache.

Similar software

NewSID 4.10
Mark Russinovich

Many organizations use disk image cloning to perform mass rollouts of Windows.

Windows Registry Recovery 1.3.0.0
Mitec

Windows Registry Recovery is a free tool that allows you to read files containing Windows 9x,NT,2K,XP,2K3 registry hives.

PsLoggedOn 1.21
Mark Russinovich

You can determine who is using resources on your local computer with the "net" command ("net session"), however, there is no built-in way to determine who is using the resources of a remote computer.

Softtanks Security Software 1.2
Softtanks.com

Our Security software will work only on Windows 95/98/ME/2000 Operating System.

RunasSpc 2.03
Hessing

Security patches, software updates and each other software-package can be installed by the user themselves without having administrator privileges.

MaxCrypt 2.0.1.0
KinoCode, Inc

MaxCrypt offers you an automated computer encryption application that protects your PC MaxCrypt Security Suite is the premiere solution for computer security.

PsInfo 1.73
Sysinternals

including the type of installation, kernel build, registered organization and owner, number of processors and their type, amount of physical memory, the install date of the system, and if its a trial version, the expiration date.

W2kTotalPowerWhere 1.0.2
TryWareDk

Did You know, that You - probably - from Your own computer, can open Your colleagues computer with Explorer, without Your colleague can see, that it happens? And that You - if it works - gains total admin power with all documents/files on Your colleagues hard disk ? Your company has this security-hole in Windows 2, if You can install programs on Your Windows 2 computer, when You are logged on Your company’s network! W2kLocalAdminGroup lets you administrate who can or not to be a member of the Local Admin Group, and who should be deleted.

Registry Bot Cleaner 2007
RegistryBot.com

Registry Bot Cleaner represents the best registry repair solution.

Adware.NDotNet Removal Tool 1.0.3
Symantec Corporation

Adware.

Other software in this category

Nullsoft Beep 0.3
Nullsoft, Inc

Nullsoft Beep is an application that makes your computer sound like computers sound in the movies.

AR Soft RAM Disk 1.20
AR Soft

The AR RAM Disk is a freeware driver for Windows NT or Windows 2000.

DBX Plugin for Windows Commander Beta
Labs99

DBX Plugin is an additional component for Windows Commander allowing you to read contents of Microsoft Outlook Express files.

4th split 1.1.9.0
Sergey S. Tkachenko

4th split is used for splitting impossibly large files on blocks.

HDCopy 2.104
Kurt Zimmermann

HDCopy is recommended to make a boot disk.

Search

Featured Software

IrfanView 4.57 IrfanView is a fast and simple image viewer and editor that supports all major graphic formats, including BMP, DIB, JPEG, GIF, animated GIF, PNG, PCX, multipage TIFF, TGA, and more.

Home ( RSS)

Authoring tools

Desktop Enhancements

DVD Tools

Internet

iPod Tools

Mobile Phone Tools

Multimedia

Network Tools

Office tools

Others

Portable

Programming

Security

System Utilities

Back-Up and Recovery
Benchmarks
Boot Manager/Disk
File Management
Hard Disk Utils
Info
Launchers
Miscellaneous
OS Enhancements

Tweak

UNIX

Widgets

Latest software

Top tags

                             

Our network

Kostenlose Software
Software Reviews
Software Übersicht
Descargar Programas
Télécharger
Freeware Downloads
Shareware Downloads
Go Software

© freewareApp / Submit  Contact / Privacy Policy