Duplicate SID report issues

dharris_jbs · ‎03-06-2019

Hey all,

So as we are getting LS stood up, we noticed that around 80% of our computers are coming back as having duplicate sids. Upon investigation, it seems that this is not the case. When I check machines SIDS manually, they are not coming back with the same SID that lansweeper is reporting. I took a look at the SQL and it looks like its just checking the administrator account, denoted by the "'%-500'" listed in the report.

Does this report need to be customized? If so, how do I see duplicate machines SIDs in the environment? If not, what is the point of checking the admin account SID? Its always the same across windows computers.

Could definitely use some clarification on this as it caused quite a stir only to be shown as false upon further investigation. Not a great impression for LS.

Thanks!

JacobH · ‎03-06-2019

OK... i could definitely be wrong - so here goes:

If you don't sysprep a machine properly with a generalization, it doesn't make a new machine SID. The local accounts would therefore have the same user SID (with a -500 RID for administrator accounts).

Joining the machine to a domain after this, would result in a unique domain SID (Computer), which is what is used for domain security/access.

So the report tells me that i have workstations that weren't generalized properly when deployed, and have the same SID for local accounts. Therefore, since the account SID is based on machine SID, Lansweeper named the report a Computer: report, as that means the computer SID is the same... but that doesn't really matter if they are on a domain, as nothing really uses the local SID outside of the box itself. The domain SIDs are all unique though.

Correct me if i'm wrong, anyone.

Duplicate SID report issues

New to Lansweeper?

Try Lansweeper For Free