Share via

how to get group policy for duplicate sid

Ron Sigmon 0 Reputation points
2025-12-07T21:45:50.11+00:00

duplicate sid on cloned computer. trying to get temporary group policy

Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
Answer recommended by moderator
  1. GTS-NJ 575 Reputation points Volunteer Moderator
    2025-12-19T21:30:14.9866667+00:00

    This is the only fix I have found to actually work for the duplicate SID problem. (Credit to AksWoody.com)

    Download and run this on the Guest PC (the one accessing the shares).

    Windows 11 24H2, Windows 11 25H2 and Windows Server 2025 KB5065426 250923_06201 Known Issue Rollback.msi

    from

    https://download.microsoft.com/download/c6c70455-59ce-4d47-b13c-56b99d0435f1/Windows%2011%2024H2%2c%20Windows%2011%2025H2%20and%20Windows%20Server%202025%20KB5065426%20250923_06201%20Known%20Issue%20Rollback.msi

    Then in Local Group Policy Editor (gpedit.msc) -

    Local Computer Policy / Administrative Templates \ KB5065426_20250923_06201 Known Issue Rollback

    Set to Disabled.

    Reboot

    Alternatively this can be done with a registry change. (I haven't tested this one.)

    HKLM\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides

    Right-click the key, click New, and create a DWORD32 named 1517186191 with a value of 0.

    3 people found this answer helpful.

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. HLBui 4,640 Reputation points Independent Advisor
    2025-12-09T10:44:24.4+00:00

    Hi Ron Sigmon

    Just checking to see how is everything. Please feel free to let me know if you need any assistance

    0 comments
  2. HLBui 4,640 Reputation points Independent Advisor
    2025-12-08T02:12:21.1366667+00:00

    Dear Ron Sigmon

    In general, Windows does not provide a Group Policy Object specifically for fixing or detecting duplicate SIDs, because duplicate machine SIDs typically don’t cause functional issues in domain-joined systems. However, if you’re working with imaging or deployment scenarios, the recommended approach is to ensure each machine is generalized using Sysprep, which automatically generates a unique SID during the setup phase. You can also review your deployment workflow to confirm that no images are being cloned without running Sysprep beforehand.

    If your concern is related to domain conflicts, you may validate unique domain SIDs by rejoining the affected device to the domain, which forces regeneration of local identifiers. Additionally, tools such as PsGetSid from Sysinternals can help you verify the SID of each machine for auditing purposes. If this issue is appearing during compliance or security checks, updating your imaging process is typically the long-term fix.

    Please feel free to let me know if you’d like guidance on adjusting your deployment process or validating SIDs across multiple systems.

    If this guidance proves helpful, feel free to click “Accept Answer” so we know we’re heading in the right direction and let me know if you need any assistance. Thank you

    0 comments
  3. Q&A Assist
    2025-12-07T21:45:57.2466667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To address the issue of duplicate SIDs on cloned computers, you can utilize Group Policy to manage temporary settings. However, it's essential to note that Microsoft does not support images prepared using tools like NewSID for deployment; instead, they recommend using the Sysprep utility to avoid SID duplication.

    To create a temporary Group Policy for handling duplicate SIDs, you can follow these general steps:

    1. Identify Duplicate SIDs: Use tools like Ntdsutil to check for duplicate SIDs in your environment. This will help you understand the scope of the issue.
    2. Create a Temporary Group Policy Object (GPO): In the Group Policy Management Console, create a new GPO that applies specific settings to the affected computers. This can include user permissions, security settings, or other configurations needed to mitigate the impact of duplicate SIDs.
    3. Link the GPO: Link the newly created GPO to the organizational unit (OU) that contains the cloned computers. This ensures that the settings are applied to the correct machines.
    4. Monitor and Adjust: After applying the GPO, monitor the environment for any issues related to access permissions or security. Adjust the GPO settings as necessary to ensure proper functionality until the duplicate SID issue is resolved.

    Remember that resolving the underlying SID duplication issue should be a priority, as temporary fixes may not provide a long-term solution.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.