HowTo: Compare SIDs after Imaging

Have you ever imaged a ton of systems and then wondered, "Did sysprep really work? Or am I going to have goofy SID issues down the road?"

Well, I did that today, so I went looking for a way to tell. Here's what I found. According to Microsoft you can look in the HKLM\Security\SAM\Domains\Account registry key.

This subkey contains two values, F and V. Figure 2 shows a sample Registry editor session that displays these values .The V value is a REG_BINARY value in which the computer SID is embedded (at the end of its data). However, because the data is in binary format, it's difficult to read. For this information to be useful, you also need to now the format of a machine SID in NT 4.0: three 32-bit subauthorities, preceded by three 32-bit authority fields. By comparing the V value on different machines, you can identify whether the machines have duplicate SIDs.

Now you can put your mind at ease that SysPrep or SidGen or whatever else you might be using to ensure the uniqueness of your SIDs is actually doing its job.

Network Load Balancing fails after Veritas Install

If this isn't the most annoying thing ever. It's been a "known problem" since Veritas Backup Exec version 9.x, but no one at Veritas/Symantec or Microsoft seems to be inclined to fix it.

Just edit the registry to remove PNP_TDI from the Group reference in the WLBLS key. For more info on how to do that, go to http://seer.support.veritas.com/docs/263037.htm.

Event Viewer Message
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 5/3/2007
Time: 2:34:07 PM
User: N/A
Computer: UTILITY01
Description:The Network Load Balancing service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.