Share via

how to get group policy for duplicate sid

Ron Sigmon 0 Reputation points
2025-12-07T21:45:50.11+00:00

duplicate sid on cloned computer. trying to get temporary group policy

Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-12-07T21:45:57.2466667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To address the issue of duplicate SIDs on cloned computers, you can utilize Group Policy to manage temporary settings. However, it's essential to note that Microsoft does not support images prepared using tools like NewSID for deployment; instead, they recommend using the Sysprep utility to avoid SID duplication.

    To create a temporary Group Policy for handling duplicate SIDs, you can follow these general steps:

    1. Identify Duplicate SIDs: Use tools like Ntdsutil to check for duplicate SIDs in your environment. This will help you understand the scope of the issue.
    2. Create a Temporary Group Policy Object (GPO): In the Group Policy Management Console, create a new GPO that applies specific settings to the affected computers. This can include user permissions, security settings, or other configurations needed to mitigate the impact of duplicate SIDs.
    3. Link the GPO: Link the newly created GPO to the organizational unit (OU) that contains the cloned computers. This ensures that the settings are applied to the correct machines.
    4. Monitor and Adjust: After applying the GPO, monitor the environment for any issues related to access permissions or security. Adjust the GPO settings as necessary to ensure proper functionality until the duplicate SID issue is resolved.

    Remember that resolving the underlying SID duplication issue should be a priority, as temporary fixes may not provide a long-term solution.

    0 comments
  2. Hailey Huong Bui 2,285 Reputation points Independent Advisor
    2025-12-08T02:12:21.1366667+00:00

    Dear Ron Sigmon

    In general, Windows does not provide a Group Policy Object specifically for fixing or detecting duplicate SIDs, because duplicate machine SIDs typically don’t cause functional issues in domain-joined systems. However, if you’re working with imaging or deployment scenarios, the recommended approach is to ensure each machine is generalized using Sysprep, which automatically generates a unique SID during the setup phase. You can also review your deployment workflow to confirm that no images are being cloned without running Sysprep beforehand.

    If your concern is related to domain conflicts, you may validate unique domain SIDs by rejoining the affected device to the domain, which forces regeneration of local identifiers. Additionally, tools such as PsGetSid from Sysinternals can help you verify the SID of each machine for auditing purposes. If this issue is appearing during compliance or security checks, updating your imaging process is typically the long-term fix.

    Please feel free to let me know if you’d like guidance on adjusting your deployment process or validating SIDs across multiple systems.

    If this guidance proves helpful, feel free to click “Accept Answer” so we know we’re heading in the right direction and let me know if you need any assistance. Thank you

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.