Well, I did that today, so I went looking for a way to tell. Here's what I found. According to Microsoft you can look in the HKLM\Security\SAM\Domains\Account registry key.
This subkey contains two values, F and V. Figure 2 shows a sample Registry editor session that displays these values .The V value is a REG_BINARY value in which the computer SID is embedded (at the end of its data). However, because the data is in binary format, it's difficult to read. For this information to be useful, you also need to now the format of a machine SID in NT 4.0: three 32-bit subauthorities, preceded by three 32-bit authority fields. By comparing the V value on different machines, you can identify whether the machines have duplicate SIDs.
Now you can put your mind at ease that SysPrep or SidGen or whatever else you might be using to ensure the uniqueness of your SIDs is actually doing its job.
No comments:
Post a Comment