We provide several methods for the correct deployment of the Windows operating system. The use of a supported method is very important to make sure that the security of the systems that are running Windows is not compromised.

Computers that are running the Windows operating system use a Security ID (SID) to uniquely identify themselves. When you use disk-duplicating software, it is important to take steps to ensure the uniqueness of these Security IDs. This article briefly describes the SID and supported methods for cloning or duplicating a Windows installation.

Back to the top

During installation of Windows, a machine SID is computed to contain a statistically unique 96-bit number. The machine SID is the prefix of the user account and group account SIDs that are created on the computer. The machine SID is concatenated with the Relative ID (RID) of the account to create the account's unique identifier.

The following example displays the SIDs for four local user accounts. Notice that only the last four digits are incremented as new accounts are added. Cloning or duplicating an installation without taking the recommended steps could lead to duplicate SIDs, and in the case of removable media, lead to accounts having access to files even though they were specifically denied access by using NTFS permissions. Because the SID identifies the computer or domain as well as the user, it is critical that it be unique to maintain support for current and future programs.

Back to the top

Microsoft policy statement

Microsoft does not provide support for computers that have been installed by duplicating fully installed copies of Windows. Microsoft supports computers that were installed by using disk-duplicating software and the System Preparation Tool (Sysprep.exe). Microsoft supports the following operating systems that have been imaged by using the Sysprep utility:

•	Windows 2000 Professional
•	Windows 2000 Server Note You can image Windows 2000 Server only before you run DCPROMO.
•	Windows 2000 Advanced Server
•	Windows XP Professional
•	Windows XP Home Edition
•	Windows Server 2003, Standard Edition
•	Windows Server 2003, Enterprise Edition
•	All versions of Windows Vista
•	All versions of Windows Server 2008

For more information about the Windows System Preparation Tool, visit the following Microsoft Web site:Microsoft does not provide support for computers that were set up with SID duplicating tools other than the System Preparation tool.

For more information about the Sysprep utility and the utility itself, can be found on the product CD at: If an image was created without the use of sysprep, Microsoft does not support running Sysprep after the image is deployed as a way to bring the computer back into compliance.

The Microsoft Knowledge Base provides a variety of articles that outline specifications and how to information for the proper deployment of Windows.

The Windows NT 4.0 Workstation Resource Kit provides documentation on the deployment procedures for Windows NT 4.0.

Consult the Computer Profile Setup documentation in the Windows NT 3.5 and Windows NT 3.51 Resource Kits on deployment utilities.

Back to the top