<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article09_11_04_0040203</id>
	<title>The Machine SID Duplication Myth</title>
	<author>kdawson</author>
	<datestamp>1257344400000</datestamp>
	<htmltext>toppings writes <i>"Microsoft Technical fellow Mark Russinovich explains <a href="http://blogs.technet.com/markrussinovich/archive/2009/11/03/3291024.aspx">why he is now retiring NewSID</a>, which has been used by IT departments for years when deploying Windows to new systems from customized clone images. Russinovich writes: 'The reason that I began considering NewSID for retirement is that, although people generally reported success with it on Windows Vista, I hadn't fully tested it myself and I got occasional reports that some Windows component would fail after NewSID was used. When I set out to look into the reports I took a step back to understand how duplicate SIDs could cause problems, a belief that I had taken on faith like everyone else. The more I thought about it, the more I became convinced that machine SID duplication &mdash; having multiple computers with the same machine SID &mdash; doesn't pose any problem, security or otherwise. I took my conclusion to the Windows security and deployment teams and no one could come up with a scenario where two systems with the same machine SID, whether in a Workgroup or a Domain, would cause an issue. At that point the decision to retire NewSID became obvious.' He concludes: 'It's a little surprising that the SID duplication issue has gone unquestioned for so long, but everyone has assumed that someone else knew exactly why it was a problem. To my chagrin, NewSID has never really done anything useful and there's no reason to miss it now that it's retired. Microsoft's official policy on SID duplication will also now change and look for Sysprep to be updated in the future to skip SID generation.'"</i></htmltext>
<tokenext>toppings writes " Microsoft Technical fellow Mark Russinovich explains why he is now retiring NewSID , which has been used by IT departments for years when deploying Windows to new systems from customized clone images .
Russinovich writes : 'The reason that I began considering NewSID for retirement is that , although people generally reported success with it on Windows Vista , I had n't fully tested it myself and I got occasional reports that some Windows component would fail after NewSID was used .
When I set out to look into the reports I took a step back to understand how duplicate SIDs could cause problems , a belief that I had taken on faith like everyone else .
The more I thought about it , the more I became convinced that machine SID duplication    having multiple computers with the same machine SID    does n't pose any problem , security or otherwise .
I took my conclusion to the Windows security and deployment teams and no one could come up with a scenario where two systems with the same machine SID , whether in a Workgroup or a Domain , would cause an issue .
At that point the decision to retire NewSID became obvious .
' He concludes : 'It 's a little surprising that the SID duplication issue has gone unquestioned for so long , but everyone has assumed that someone else knew exactly why it was a problem .
To my chagrin , NewSID has never really done anything useful and there 's no reason to miss it now that it 's retired .
Microsoft 's official policy on SID duplication will also now change and look for Sysprep to be updated in the future to skip SID generation .
' "</tokentext>
<sentencetext>toppings writes "Microsoft Technical fellow Mark Russinovich explains why he is now retiring NewSID, which has been used by IT departments for years when deploying Windows to new systems from customized clone images.
Russinovich writes: 'The reason that I began considering NewSID for retirement is that, although people generally reported success with it on Windows Vista, I hadn't fully tested it myself and I got occasional reports that some Windows component would fail after NewSID was used.
When I set out to look into the reports I took a step back to understand how duplicate SIDs could cause problems, a belief that I had taken on faith like everyone else.
The more I thought about it, the more I became convinced that machine SID duplication — having multiple computers with the same machine SID — doesn't pose any problem, security or otherwise.
I took my conclusion to the Windows security and deployment teams and no one could come up with a scenario where two systems with the same machine SID, whether in a Workgroup or a Domain, would cause an issue.
At that point the decision to retire NewSID became obvious.
' He concludes: 'It's a little surprising that the SID duplication issue has gone unquestioned for so long, but everyone has assumed that someone else knew exactly why it was a problem.
To my chagrin, NewSID has never really done anything useful and there's no reason to miss it now that it's retired.
Microsoft's official policy on SID duplication will also now change and look for Sysprep to be updated in the future to skip SID generation.
'"</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29976326</id>
	<title>Re:It's the usual story</title>
	<author>dzfoo</author>
	<datestamp>1256993280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I'm impressed.  You certainly put a lot of thought into that comparison.</p><p>
&nbsp; &nbsp; &nbsp; &nbsp; Cheers!<br>
&nbsp; &nbsp; &nbsp; &nbsp; -dZ.</p></htmltext>
<tokenext>I 'm impressed .
You certainly put a lot of thought into that comparison .
        Cheers !
        -dZ .</tokentext>
<sentencetext>I'm impressed.
You certainly put a lot of thought into that comparison.
        Cheers!
        -dZ.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972684</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29978026</id>
	<title>Re:It's the usual story</title>
	<author>Anonymous</author>
	<datestamp>1257003960000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I have to take issue with your analogy.</p><p><i>Microsoft security</i></p><p>That is a bad thing.</p><p><i>looks good without actually covering much and is far too easy to get around or remove completely.</i></p><p>That is a good thing.</p></htmltext>
<tokenext>I have to take issue with your analogy.Microsoft securityThat is a bad thing.looks good without actually covering much and is far too easy to get around or remove completely.That is a good thing .</tokentext>
<sentencetext>I have to take issue with your analogy.Microsoft securityThat is a bad thing.looks good without actually covering much and is far too easy to get around or remove completely.That is a good thing.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972684</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972834</id>
	<title>Re:Except for Domain Controllers..</title>
	<author>mysidia</author>
	<datestamp>1257263880000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>5</modscore>
	<htmltext><p>
It's not for domain controllers in general it's for <b>the very first domain controller</b> used to initialize a brand new domain.  You want to never create a new server with that same SID again.   The first domain controller's SID is special, it will be  used to generate the domain SID.    From then on,  all subsequent domain controllers promoted in the domain will have the same machine SID.
</p><p>
So you're good if you create the very first DC with a unique install, and clone all your other servers from an image.
</p><p> <em>
As I said earlier, there&rsquo;s one exception to rule, and that&rsquo;s DCs themselves. Every Domain has a unique <b>Domain SID that&rsquo;s randomly generated by Domain setup, and all machine SIDs for the Domain&rsquo;s DCs match the Domain SID</b>. So in some sense, that&rsquo;s a case where machine SIDs do get referenced by other computers. That means that Domain member computers cannot have the same machine SID as that of the DCs and therefore Domain. However, like member computers, each DC also has a computer account in the Domain, and that&rsquo;s the identity they have when they authenticate to remote systems. All accounts in a Domain, including computers, users and security groups, have SIDs that are based on the Domain SID in the same way local account SIDs are based on the machine SID, <b>but the two are unrelated</b>.
</em> </p><p><nobr> <wbr></nobr>...
</p><p> <em>
issue is if a distributed application used machine SIDs to uniquely identify computers. No Microsoft software does so and using the machine SID in that way doesn&rsquo;t work just for the fact that <b>all DC&rsquo;s have the same machine SID</b>.
</em> </p></htmltext>
<tokenext>It 's not for domain controllers in general it 's for the very first domain controller used to initialize a brand new domain .
You want to never create a new server with that same SID again .
The first domain controller 's SID is special , it will be used to generate the domain SID .
From then on , all subsequent domain controllers promoted in the domain will have the same machine SID .
So you 're good if you create the very first DC with a unique install , and clone all your other servers from an image .
As I said earlier , there    s one exception to rule , and that    s DCs themselves .
Every Domain has a unique Domain SID that    s randomly generated by Domain setup , and all machine SIDs for the Domain    s DCs match the Domain SID .
So in some sense , that    s a case where machine SIDs do get referenced by other computers .
That means that Domain member computers can not have the same machine SID as that of the DCs and therefore Domain .
However , like member computers , each DC also has a computer account in the Domain , and that    s the identity they have when they authenticate to remote systems .
All accounts in a Domain , including computers , users and security groups , have SIDs that are based on the Domain SID in the same way local account SIDs are based on the machine SID , but the two are unrelated .
.. . issue is if a distributed application used machine SIDs to uniquely identify computers .
No Microsoft software does so and using the machine SID in that way doesn    t work just for the fact that all DC    s have the same machine SID .</tokentext>
<sentencetext>
It's not for domain controllers in general it's for the very first domain controller used to initialize a brand new domain.
You want to never create a new server with that same SID again.
The first domain controller's SID is special, it will be  used to generate the domain SID.
From then on,  all subsequent domain controllers promoted in the domain will have the same machine SID.
So you're good if you create the very first DC with a unique install, and clone all your other servers from an image.
As I said earlier, there’s one exception to rule, and that’s DCs themselves.
Every Domain has a unique Domain SID that’s randomly generated by Domain setup, and all machine SIDs for the Domain’s DCs match the Domain SID.
So in some sense, that’s a case where machine SIDs do get referenced by other computers.
That means that Domain member computers cannot have the same machine SID as that of the DCs and therefore Domain.
However, like member computers, each DC also has a computer account in the Domain, and that’s the identity they have when they authenticate to remote systems.
All accounts in a Domain, including computers, users and security groups, have SIDs that are based on the Domain SID in the same way local account SIDs are based on the machine SID, but the two are unrelated.
...
 
issue is if a distributed application used machine SIDs to uniquely identify computers.
No Microsoft software does so and using the machine SID in that way doesn’t work just for the fact that all DC’s have the same machine SID.
 </sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972610</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29982966</id>
	<title>Re:It is no myth</title>
	<author>Archangel Michael</author>
	<datestamp>1257019020000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Bingo.</p><p>This is exactly my experience as well. Here is a test for all those who want to see it in action.</p><p>Take a normal Dell workstation, remove the Serial # from the bios (leave blank) on two machines, and RIS both, in sequence, using completely identical processes.</p><p>Once the second one is RISed compare the RISed computer's name for each computer.</p><p>RIS uses the SID for the computer in AD to match the computer's name. Machines that are RISed retain their unique name based on that supposedly useless SID.</p><p>Suffice it to say, the article itself is in error.</p></htmltext>
<tokenext>Bingo.This is exactly my experience as well .
Here is a test for all those who want to see it in action.Take a normal Dell workstation , remove the Serial # from the bios ( leave blank ) on two machines , and RIS both , in sequence , using completely identical processes.Once the second one is RISed compare the RISed computer 's name for each computer.RIS uses the SID for the computer in AD to match the computer 's name .
Machines that are RISed retain their unique name based on that supposedly useless SID.Suffice it to say , the article itself is in error .</tokentext>
<sentencetext>Bingo.This is exactly my experience as well.
Here is a test for all those who want to see it in action.Take a normal Dell workstation, remove the Serial # from the bios (leave blank) on two machines, and RIS both, in sequence, using completely identical processes.Once the second one is RISed compare the RISed computer's name for each computer.RIS uses the SID for the computer in AD to match the computer's name.
Machines that are RISed retain their unique name based on that supposedly useless SID.Suffice it to say, the article itself is in error.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972806</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972624</id>
	<title>Well... it WAS a problem...</title>
	<author>flydpnkrtn</author>
	<datestamp>1257262020000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext>I know for a fact that WSUS (Windows Server Update Services... basically a centralized patch server) would do "weird, interesting" things when two machines tried to check into WSUS with the same SID. Not sure if they've resolved the problem in later versions of WSUS...see this thread for an example: <a href="http://www.neowin.net/forum/lofiversion/index.php/t343182.html" title="neowin.net" rel="nofollow">http://www.neowin.net/forum/lofiversion/index.php/t343182.html</a> [neowin.net]
<br> <br>
I thought that the problem was defined as being based around locking a specific machine down with Group Policy... when two machines have the same SID, AD had a hard time distinguishing them for security reasons, much as if two users' SIDs collided...
<br> <br>
But who am I to question the great creator of psexec and psinfo, Lord Russinovich<nobr> <wbr></nobr>:-)</htmltext>
<tokenext>I know for a fact that WSUS ( Windows Server Update Services... basically a centralized patch server ) would do " weird , interesting " things when two machines tried to check into WSUS with the same SID .
Not sure if they 've resolved the problem in later versions of WSUS...see this thread for an example : http : //www.neowin.net/forum/lofiversion/index.php/t343182.html [ neowin.net ] I thought that the problem was defined as being based around locking a specific machine down with Group Policy... when two machines have the same SID , AD had a hard time distinguishing them for security reasons , much as if two users ' SIDs collided.. . But who am I to question the great creator of psexec and psinfo , Lord Russinovich : - )</tokentext>
<sentencetext>I know for a fact that WSUS (Windows Server Update Services... basically a centralized patch server) would do "weird, interesting" things when two machines tried to check into WSUS with the same SID.
Not sure if they've resolved the problem in later versions of WSUS...see this thread for an example: http://www.neowin.net/forum/lofiversion/index.php/t343182.html [neowin.net]
 
I thought that the problem was defined as being based around locking a specific machine down with Group Policy... when two machines have the same SID, AD had a hard time distinguishing them for security reasons, much as if two users' SIDs collided...
 
But who am I to question the great creator of psexec and psinfo, Lord Russinovich :-)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972800</id>
	<title>Re:Well... it WAS a problem...</title>
	<author>Anonymous</author>
	<datestamp>1257263580000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>It is a common misconception that duplicate SIDs create the issue where multiple PCs check in as the same PC (with a rolling name) in WSUS. The WSUS ID is in fact stored here: [HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate]</p><p>as the SusClientId and SusClientIdValidation keys.</p><p>It can and should be reset independently of SIDs to have PCs correctly check-in to WSUS</p></htmltext>
<tokenext>It is a common misconception that duplicate SIDs create the issue where multiple PCs check in as the same PC ( with a rolling name ) in WSUS .
The WSUS ID is in fact stored here : [ HKEY \ _LOCAL \ _MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ WindowsUpdate ] as the SusClientId and SusClientIdValidation keys.It can and should be reset independently of SIDs to have PCs correctly check-in to WSUS</tokentext>
<sentencetext>It is a common misconception that duplicate SIDs create the issue where multiple PCs check in as the same PC (with a rolling name) in WSUS.
The WSUS ID is in fact stored here: [HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate]as the SusClientId and SusClientIdValidation keys.It can and should be reset independently of SIDs to have PCs correctly check-in to WSUS</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972624</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29975938</id>
	<title>I'll miss NewSID</title>
	<author>Darkon</author>
	<datestamp>1256989020000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>Not that I ever used it to generate a completely new SID, but what I did find it invaluable for was to set a machine's SID back to its old value after a re-install. This did away with the need to change the ownership on all of the user's files still on the hard drive and meant that most of the time their user profile would just keep on working as if nothing had changed.</p></htmltext>
<tokenext>Not that I ever used it to generate a completely new SID , but what I did find it invaluable for was to set a machine 's SID back to its old value after a re-install .
This did away with the need to change the ownership on all of the user 's files still on the hard drive and meant that most of the time their user profile would just keep on working as if nothing had changed .</tokentext>
<sentencetext>Not that I ever used it to generate a completely new SID, but what I did find it invaluable for was to set a machine's SID back to its old value after a re-install.
This did away with the need to change the ownership on all of the user's files still on the hard drive and meant that most of the time their user profile would just keep on working as if nothing had changed.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973358</id>
	<title>Duplicate SIDs are a huge problem with KMS</title>
	<author>Anonymous</author>
	<datestamp>1257268380000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>As a student, I worked for the CS department. It was just me and my boss, and we both had extremely limited hours. Thus, we didn't have a whole lot of time or opportunity to figure out how to do things 'the right way' whenever that would change, and just kept doing things as we had been.</p><p>This was a problem when Vista was deployed. Once we got out image to where we wanted, we would ghost it and deploy to about 60 machines. For Vista, we used a KMS (Key Management Server) which is one of the options you have for licensing large numbers of machines. In a nutshell, each machine contacts the KMS and gets a license for itself.</p><p>This was supposed to be strictly limited to volume licensing; thus, the KMS would not activate any machines until it had at least 25 different machines registered to it.</p><p>Now, ideally what would happen is that before you make your image you'd basically set Windows into a 'deployment mode' (not the technical term) where, the next time it's booted, it would go through and reinitialize everything for the machine it's on, and part of this involves generating a unique SID.</p><p>We toyed with this a bit with the time we had, but couldn't get it to a place where we were happy with the results. In particular, we had some issues with networking, IIRC, that means we would have had to go and manually setup every machine for our network.</p><p>TL;DR: All of our machines had the same SID, the KMS only say 1 unique installation even though 60 machines were connecting to it, and Vista wouldn't activate. In order to fix it, we had to change the SIDs for each machine.</p><p>So to say that duplicate SIDs are not a problem is erroneous indeed.</p></htmltext>
<tokenext>As a student , I worked for the CS department .
It was just me and my boss , and we both had extremely limited hours .
Thus , we did n't have a whole lot of time or opportunity to figure out how to do things 'the right way ' whenever that would change , and just kept doing things as we had been.This was a problem when Vista was deployed .
Once we got out image to where we wanted , we would ghost it and deploy to about 60 machines .
For Vista , we used a KMS ( Key Management Server ) which is one of the options you have for licensing large numbers of machines .
In a nutshell , each machine contacts the KMS and gets a license for itself.This was supposed to be strictly limited to volume licensing ; thus , the KMS would not activate any machines until it had at least 25 different machines registered to it.Now , ideally what would happen is that before you make your image you 'd basically set Windows into a 'deployment mode ' ( not the technical term ) where , the next time it 's booted , it would go through and reinitialize everything for the machine it 's on , and part of this involves generating a unique SID.We toyed with this a bit with the time we had , but could n't get it to a place where we were happy with the results .
In particular , we had some issues with networking , IIRC , that means we would have had to go and manually setup every machine for our network.TL ; DR : All of our machines had the same SID , the KMS only say 1 unique installation even though 60 machines were connecting to it , and Vista would n't activate .
In order to fix it , we had to change the SIDs for each machine.So to say that duplicate SIDs are not a problem is erroneous indeed .</tokentext>
<sentencetext>As a student, I worked for the CS department.
It was just me and my boss, and we both had extremely limited hours.
Thus, we didn't have a whole lot of time or opportunity to figure out how to do things 'the right way' whenever that would change, and just kept doing things as we had been.This was a problem when Vista was deployed.
Once we got out image to where we wanted, we would ghost it and deploy to about 60 machines.
For Vista, we used a KMS (Key Management Server) which is one of the options you have for licensing large numbers of machines.
In a nutshell, each machine contacts the KMS and gets a license for itself.This was supposed to be strictly limited to volume licensing; thus, the KMS would not activate any machines until it had at least 25 different machines registered to it.Now, ideally what would happen is that before you make your image you'd basically set Windows into a 'deployment mode' (not the technical term) where, the next time it's booted, it would go through and reinitialize everything for the machine it's on, and part of this involves generating a unique SID.We toyed with this a bit with the time we had, but couldn't get it to a place where we were happy with the results.
In particular, we had some issues with networking, IIRC, that means we would have had to go and manually setup every machine for our network.TL;DR: All of our machines had the same SID, the KMS only say 1 unique installation even though 60 machines were connecting to it, and Vista wouldn't activate.
In order to fix it, we had to change the SIDs for each machine.So to say that duplicate SIDs are not a problem is erroneous indeed.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29974398</id>
	<title>Re:Well... it WAS a problem...</title>
	<author>Macfox</author>
	<datestamp>1257276180000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I was under the impression this was the case. I found even after syspreping a machine, if the WSUS keys were not cleared, it wouldn't register with the WSUS server. The fix is to stop the WU service, clear the keys then sysprep....So I found anyway.</p></htmltext>
<tokenext>I was under the impression this was the case .
I found even after syspreping a machine , if the WSUS keys were not cleared , it would n't register with the WSUS server .
The fix is to stop the WU service , clear the keys then sysprep....So I found anyway .</tokentext>
<sentencetext>I was under the impression this was the case.
I found even after syspreping a machine, if the WSUS keys were not cleared, it wouldn't register with the WSUS server.
The fix is to stop the WU service, clear the keys then sysprep....So I found anyway.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972624</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29981352</id>
	<title>Re:Hmm... Pretty sure I ran into an issue somewher</title>
	<author>Unequivocal</author>
	<datestamp>1257014520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I remember back around 99/00 we were cloning a ton of machines to QA boxes and server stuff. NT server maybe - hard to remember. We tried cloning without SID removal and the machines didn't work right. I can't remember what exactly the problem was, but possibly joining to a domain. We paid some consultant to come in, they informed us that we're idiots and can't just clone these machines like that. They brought ghost to the problem, swapped in new SID's and the problems went away. I can't remember all the details but maybe this helps jog the memory.</p><p>I have no idea if the problem was really SID's or as TFA suggests, the issue was elsewhere but got blamed on SID's..</p></htmltext>
<tokenext>I remember back around 99/00 we were cloning a ton of machines to QA boxes and server stuff .
NT server maybe - hard to remember .
We tried cloning without SID removal and the machines did n't work right .
I ca n't remember what exactly the problem was , but possibly joining to a domain .
We paid some consultant to come in , they informed us that we 're idiots and ca n't just clone these machines like that .
They brought ghost to the problem , swapped in new SID 's and the problems went away .
I ca n't remember all the details but maybe this helps jog the memory.I have no idea if the problem was really SID 's or as TFA suggests , the issue was elsewhere but got blamed on SID 's. .</tokentext>
<sentencetext>I remember back around 99/00 we were cloning a ton of machines to QA boxes and server stuff.
NT server maybe - hard to remember.
We tried cloning without SID removal and the machines didn't work right.
I can't remember what exactly the problem was, but possibly joining to a domain.
We paid some consultant to come in, they informed us that we're idiots and can't just clone these machines like that.
They brought ghost to the problem, swapped in new SID's and the problems went away.
I can't remember all the details but maybe this helps jog the memory.I have no idea if the problem was really SID's or as TFA suggests, the issue was elsewhere but got blamed on SID's..</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972690</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29975166</id>
	<title>Ignorant and inconsiderate</title>
	<author>BitZtream</author>
	<datestamp>1256981340000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext><p>Not so much of Mark, if he doesn't want to maintain it, thats fine, it was free, I get it.</p><p>However<nobr> <wbr></nobr>... this is typical of MS.</p><p>They tell us (developers) that the sid will be unique.  We write software that expects this and uses the sid as a unique ID.</p><p>Now they come along and say 'naaa, its not important to be unique, use the same sid all you want, no one will notice!'</p><p>And then I have to say<nobr> <wbr></nobr>... thank god for real OSes where backwards compatibility is a rule for a reason, not just because they need it to maintain compatibility.  They throw corner cases to the wind and go back on something they've said for years, completely ignoring the fact that people have built things based on something they said was a requirement.</p><p>This is the forth change that will break (or potentially in this case) software I have to maintain.  Two patches that remove existing functionality in the name of security with the argument that 'no one uses it that way', to which Google can clearly show to be wrong.  Even better is that one of them, a change to the DHTML control breaks some of their own apps, OWA for instance.</p><p>Its fucked up when you have to find a hack via Google to fix a bug in MS software that they say doesn't effect anyone<nobr> <wbr></nobr>... except everyone that uses one of their more popular clients.  Their response is 'patch exchange' which breaks OTHER things.</p><p>STOP</p><p>CHANGING</p><p>BINARY</p><p>COMPATIBILITY</p><p>you worthless fucks.  Yes, I'm annoyed.</p></htmltext>
<tokenext>Not so much of Mark , if he does n't want to maintain it , thats fine , it was free , I get it.However ... this is typical of MS.They tell us ( developers ) that the sid will be unique .
We write software that expects this and uses the sid as a unique ID.Now they come along and say 'naaa , its not important to be unique , use the same sid all you want , no one will notice !
'And then I have to say ... thank god for real OSes where backwards compatibility is a rule for a reason , not just because they need it to maintain compatibility .
They throw corner cases to the wind and go back on something they 've said for years , completely ignoring the fact that people have built things based on something they said was a requirement.This is the forth change that will break ( or potentially in this case ) software I have to maintain .
Two patches that remove existing functionality in the name of security with the argument that 'no one uses it that way ' , to which Google can clearly show to be wrong .
Even better is that one of them , a change to the DHTML control breaks some of their own apps , OWA for instance.Its fucked up when you have to find a hack via Google to fix a bug in MS software that they say does n't effect anyone ... except everyone that uses one of their more popular clients .
Their response is 'patch exchange ' which breaks OTHER things.STOPCHANGINGBINARYCOMPATIBILITYyou worthless fucks .
Yes , I 'm annoyed .</tokentext>
<sentencetext>Not so much of Mark, if he doesn't want to maintain it, thats fine, it was free, I get it.However ... this is typical of MS.They tell us (developers) that the sid will be unique.
We write software that expects this and uses the sid as a unique ID.Now they come along and say 'naaa, its not important to be unique, use the same sid all you want, no one will notice!
'And then I have to say ... thank god for real OSes where backwards compatibility is a rule for a reason, not just because they need it to maintain compatibility.
They throw corner cases to the wind and go back on something they've said for years, completely ignoring the fact that people have built things based on something they said was a requirement.This is the forth change that will break (or potentially in this case) software I have to maintain.
Two patches that remove existing functionality in the name of security with the argument that 'no one uses it that way', to which Google can clearly show to be wrong.
Even better is that one of them, a change to the DHTML control breaks some of their own apps, OWA for instance.Its fucked up when you have to find a hack via Google to fix a bug in MS software that they say doesn't effect anyone ... except everyone that uses one of their more popular clients.
Their response is 'patch exchange' which breaks OTHER things.STOPCHANGINGBINARYCOMPATIBILITYyou worthless fucks.
Yes, I'm annoyed.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29974630</id>
	<title>Re:Go Figure</title>
	<author>kestasjk</author>
	<datestamp>1257278280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I think God just takes the piss out of artists and software developers when it comes to work vs reward.</htmltext>
<tokenext>I think God just takes the piss out of artists and software developers when it comes to work vs reward .</tokentext>
<sentencetext>I think God just takes the piss out of artists and software developers when it comes to work vs reward.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972640</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29981156</id>
	<title>Re:Great.</title>
	<author>clockt</author>
	<datestamp>1257013920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Not really. I've always found people working that side of the fence to have a deep and immovable faith in the lore and fable of their trade. It worked for them and they all got paid in the end, but I never felt that they deserved it.
<p>
I've just been through this whole charade while replicating an image for a local community centre; Not my field, but I'd been around and had sat through a few deployment meetings in a previous life. It was identical hardware so I was fairly confident I could pull it off. I found Microsoft's documentation on replication and digested it. I ran sysprep and discovered that not only did it completely remove Microsoft's own SteadyState, but it destroyed the customisation I'd spent hours crafting for my end users. There's more to it than that, but that was the guts of it. I restored from backup and moved on...
</p><p>
 I did some more research, downloaded NewSID, read the documentation and decided that the scenarios alluded to didn't apply and it was all a lot of messing about for no good reason. In fact, I decided on my own volition that it was all a crock of shit.
</p><p>
I "rolled it out" to use the parlance of the day, and it's fine. Imaging and renaming the computer takes 5 minutes. It works, it prints, it does internet.
</p><p>
I'm marking this one up as a triumph of common sense and practicality tempered by evidential results, over complexity, self-serving bullshit and FUD - vindicated after the event by this article.</p></htmltext>
<tokenext>Not really .
I 've always found people working that side of the fence to have a deep and immovable faith in the lore and fable of their trade .
It worked for them and they all got paid in the end , but I never felt that they deserved it .
I 've just been through this whole charade while replicating an image for a local community centre ; Not my field , but I 'd been around and had sat through a few deployment meetings in a previous life .
It was identical hardware so I was fairly confident I could pull it off .
I found Microsoft 's documentation on replication and digested it .
I ran sysprep and discovered that not only did it completely remove Microsoft 's own SteadyState , but it destroyed the customisation I 'd spent hours crafting for my end users .
There 's more to it than that , but that was the guts of it .
I restored from backup and moved on.. . I did some more research , downloaded NewSID , read the documentation and decided that the scenarios alluded to did n't apply and it was all a lot of messing about for no good reason .
In fact , I decided on my own volition that it was all a crock of shit .
I " rolled it out " to use the parlance of the day , and it 's fine .
Imaging and renaming the computer takes 5 minutes .
It works , it prints , it does internet .
I 'm marking this one up as a triumph of common sense and practicality tempered by evidential results , over complexity , self-serving bullshit and FUD - vindicated after the event by this article .</tokentext>
<sentencetext>Not really.
I've always found people working that side of the fence to have a deep and immovable faith in the lore and fable of their trade.
It worked for them and they all got paid in the end, but I never felt that they deserved it.
I've just been through this whole charade while replicating an image for a local community centre; Not my field, but I'd been around and had sat through a few deployment meetings in a previous life.
It was identical hardware so I was fairly confident I could pull it off.
I found Microsoft's documentation on replication and digested it.
I ran sysprep and discovered that not only did it completely remove Microsoft's own SteadyState, but it destroyed the customisation I'd spent hours crafting for my end users.
There's more to it than that, but that was the guts of it.
I restored from backup and moved on...

 I did some more research, downloaded NewSID, read the documentation and decided that the scenarios alluded to didn't apply and it was all a lot of messing about for no good reason.
In fact, I decided on my own volition that it was all a crock of shit.
I "rolled it out" to use the parlance of the day, and it's fine.
Imaging and renaming the computer takes 5 minutes.
It works, it prints, it does internet.
I'm marking this one up as a triumph of common sense and practicality tempered by evidential results, over complexity, self-serving bullshit and FUD - vindicated after the event by this article.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973124</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972622</id>
	<title>first post</title>
	<author>lapinmalin</author>
	<datestamp>1257262020000</datestamp>
	<modclass>None</modclass>
	<modscore>-1</modscore>
	<htmltext>and i didnt use any SID duplication</htmltext>
<tokenext>and i didnt use any SID duplication</tokentext>
<sentencetext>and i didnt use any SID duplication</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973852</id>
	<title>Re:Well... it WAS a problem...</title>
	<author>Anonymous</author>
	<datestamp>1257271860000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>WSUS has it own "WSUS-SID" per client.</p></htmltext>
<tokenext>WSUS has it own " WSUS-SID " per client .</tokentext>
<sentencetext>WSUS has it own "WSUS-SID" per client.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972624</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973286</id>
	<title>Re:It's the usual story</title>
	<author>jkrise</author>
	<datestamp>1257267660000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext><p>Thanks for a good laugh, Sir! But at least in Britney's underwear, it covers something useful.</p></htmltext>
<tokenext>Thanks for a good laugh , Sir !
But at least in Britney 's underwear , it covers something useful .</tokentext>
<sentencetext>Thanks for a good laugh, Sir!
But at least in Britney's underwear, it covers something useful.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972684</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972690</id>
	<title>Hmm... Pretty sure I ran into an issue somewhere</title>
	<author>davidbrit2</author>
	<datestamp>1257262500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I distinctly remember having problems joining two Windows 2003 VMs (using copied disk images) to a Windows 2003 domain (also running on a VM using that same copied disk image). I was setting up a test environment for SQL Server 2005 clustering at the time. I recall there was a very specific reason that I ended up using NewSID on those VMs.

Anybody able to jog my memory/correct me?</htmltext>
<tokenext>I distinctly remember having problems joining two Windows 2003 VMs ( using copied disk images ) to a Windows 2003 domain ( also running on a VM using that same copied disk image ) .
I was setting up a test environment for SQL Server 2005 clustering at the time .
I recall there was a very specific reason that I ended up using NewSID on those VMs .
Anybody able to jog my memory/correct me ?</tokentext>
<sentencetext>I distinctly remember having problems joining two Windows 2003 VMs (using copied disk images) to a Windows 2003 domain (also running on a VM using that same copied disk image).
I was setting up a test environment for SQL Server 2005 clustering at the time.
I recall there was a very specific reason that I ended up using NewSID on those VMs.
Anybody able to jog my memory/correct me?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29978726</id>
	<title>Re:There is general agreement: NewSID is needed.</title>
	<author>mysidia</author>
	<datestamp>1257006480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>
I don't know about what other sites might be offering as NewSID.exe, but I got NewSID from Microsoft's web site a few months ago as part of the "SysInternals Suite"  ZIP file,  and  the  Newsid.exe id'ed as version 4.10 had a SHA1 digest of:
</p><p>
4c64df34ef8f8faa757e1d4482486453d7425752
newsid.exe</p><p> <em>Mark Russinovich seems very knowledgeable to me, but I think he has made a mistake. There is general agreement that NewSID is necessary. </em> </p><p>
There would be some question of.. does it even matter?   The general agreement resulted from Microsoft policies and statements regarding SIDs that were taken at face value that they needed to be unique.  Microsoft essentially admitting they are wrong all along and SIDs don't need to be unique.
</p><p>
General agreements can be wrong.   Following voodoo practices like "Someone ran into a problem once, and running NewSID seemed to fix it", therefore SIDs  need to be unique,  is faulty reasoning.
</p><p>
Surely Microsoft has done some sort of basic testing before making a revision to their recommendations that could incur support costs to MS customers if inaccurate.   It would seem to be make more sense to advise against SID changing, but still provide the tools to do it, in any case.
</p><p>
I don't believe MS ever documented in the platform APIs  that a field called Machine SID was available as a unique id.
Someone relying on the SID would be coding by coincidence,  and should definitely be prepared to fix the bug in their software, if their assumptions should prove wrong...
</p><p>
Even before Microsoft's changes, many people are not generating new SIDs for cloned systems, or using sysprep to handle cloned systems, for that matter.
</p></htmltext>
<tokenext>I do n't know about what other sites might be offering as NewSID.exe , but I got NewSID from Microsoft 's web site a few months ago as part of the " SysInternals Suite " ZIP file , and the Newsid.exe id'ed as version 4.10 had a SHA1 digest of : 4c64df34ef8f8faa757e1d4482486453d7425752 newsid.exe Mark Russinovich seems very knowledgeable to me , but I think he has made a mistake .
There is general agreement that NewSID is necessary .
There would be some question of.. does it even matter ?
The general agreement resulted from Microsoft policies and statements regarding SIDs that were taken at face value that they needed to be unique .
Microsoft essentially admitting they are wrong all along and SIDs do n't need to be unique .
General agreements can be wrong .
Following voodoo practices like " Someone ran into a problem once , and running NewSID seemed to fix it " , therefore SIDs need to be unique , is faulty reasoning .
Surely Microsoft has done some sort of basic testing before making a revision to their recommendations that could incur support costs to MS customers if inaccurate .
It would seem to be make more sense to advise against SID changing , but still provide the tools to do it , in any case .
I do n't believe MS ever documented in the platform APIs that a field called Machine SID was available as a unique id .
Someone relying on the SID would be coding by coincidence , and should definitely be prepared to fix the bug in their software , if their assumptions should prove wrong.. . Even before Microsoft 's changes , many people are not generating new SIDs for cloned systems , or using sysprep to handle cloned systems , for that matter .</tokentext>
<sentencetext>
I don't know about what other sites might be offering as NewSID.exe, but I got NewSID from Microsoft's web site a few months ago as part of the "SysInternals Suite"  ZIP file,  and  the  Newsid.exe id'ed as version 4.10 had a SHA1 digest of:

4c64df34ef8f8faa757e1d4482486453d7425752
newsid.exe Mark Russinovich seems very knowledgeable to me, but I think he has made a mistake.
There is general agreement that NewSID is necessary.
There would be some question of.. does it even matter?
The general agreement resulted from Microsoft policies and statements regarding SIDs that were taken at face value that they needed to be unique.
Microsoft essentially admitting they are wrong all along and SIDs don't need to be unique.
General agreements can be wrong.
Following voodoo practices like "Someone ran into a problem once, and running NewSID seemed to fix it", therefore SIDs  need to be unique,  is faulty reasoning.
Surely Microsoft has done some sort of basic testing before making a revision to their recommendations that could incur support costs to MS customers if inaccurate.
It would seem to be make more sense to advise against SID changing, but still provide the tools to do it, in any case.
I don't believe MS ever documented in the platform APIs  that a field called Machine SID was available as a unique id.
Someone relying on the SID would be coding by coincidence,  and should definitely be prepared to fix the bug in their software, if their assumptions should prove wrong...

Even before Microsoft's changes, many people are not generating new SIDs for cloned systems, or using sysprep to handle cloned systems, for that matter.
</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29977210</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972694</id>
	<title>With an important caveat!</title>
	<author>derinax</author>
	<datestamp>1257262500000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>5</modscore>
	<htmltext><p>"As I said earlier, there&rsquo;s one exception to rule, and that&rsquo;s DCs themselves. Every Domain has a unique Domain SID that&rsquo;s randomly generated by Domain setup, and all machine SIDs for the Domain&rsquo;s DCs match the Domain SID. So in some sense, that&rsquo;s a case where machine SIDs do get referenced by other computers. That means that Domain member computers cannot have the same machine SID as that of the DCs and therefore Domain. However, like member computers, each DC also has a computer account in the Domain, and that&rsquo;s the identity they have when they authenticate to remote systems. All accounts in a Domain, including computers, users and security groups, have SIDs that are based on the Domain SID in the same way local account SIDs are based on the machine SID, but the two are unrelated."</p><p>The low ramifications of this as mentioned above may have changed post Win2K and XP.  This particular caveat governed our processes as system deployment specialists for Microsoft corporate events.  We had to make sure that any potential DC had a unique SID even before the machines were promoted to DC, otherwise we saw (verifiably!) many issues with Workstations failing to join the domain.  I seem to recall other more esoteric issues with older Microsoft server products, but that may be delusions based on the mass hysteria we had about unique SIDs at the time.</p></htmltext>
<tokenext>" As I said earlier , there    s one exception to rule , and that    s DCs themselves .
Every Domain has a unique Domain SID that    s randomly generated by Domain setup , and all machine SIDs for the Domain    s DCs match the Domain SID .
So in some sense , that    s a case where machine SIDs do get referenced by other computers .
That means that Domain member computers can not have the same machine SID as that of the DCs and therefore Domain .
However , like member computers , each DC also has a computer account in the Domain , and that    s the identity they have when they authenticate to remote systems .
All accounts in a Domain , including computers , users and security groups , have SIDs that are based on the Domain SID in the same way local account SIDs are based on the machine SID , but the two are unrelated .
" The low ramifications of this as mentioned above may have changed post Win2K and XP .
This particular caveat governed our processes as system deployment specialists for Microsoft corporate events .
We had to make sure that any potential DC had a unique SID even before the machines were promoted to DC , otherwise we saw ( verifiably !
) many issues with Workstations failing to join the domain .
I seem to recall other more esoteric issues with older Microsoft server products , but that may be delusions based on the mass hysteria we had about unique SIDs at the time .</tokentext>
<sentencetext>"As I said earlier, there’s one exception to rule, and that’s DCs themselves.
Every Domain has a unique Domain SID that’s randomly generated by Domain setup, and all machine SIDs for the Domain’s DCs match the Domain SID.
So in some sense, that’s a case where machine SIDs do get referenced by other computers.
That means that Domain member computers cannot have the same machine SID as that of the DCs and therefore Domain.
However, like member computers, each DC also has a computer account in the Domain, and that’s the identity they have when they authenticate to remote systems.
All accounts in a Domain, including computers, users and security groups, have SIDs that are based on the Domain SID in the same way local account SIDs are based on the machine SID, but the two are unrelated.
"The low ramifications of this as mentioned above may have changed post Win2K and XP.
This particular caveat governed our processes as system deployment specialists for Microsoft corporate events.
We had to make sure that any potential DC had a unique SID even before the machines were promoted to DC, otherwise we saw (verifiably!
) many issues with Workstations failing to join the domain.
I seem to recall other more esoteric issues with older Microsoft server products, but that may be delusions based on the mass hysteria we had about unique SIDs at the time.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29986592</id>
	<title>Re:Well... it WAS a problem...</title>
	<author>Cramer</author>
	<datestamp>1256986920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>SusClientID not SID.  WSUS identifies a machine based on a self-generated ID completely independent of the machine/domain SID.  It won't change until the registry key is deleted.</p></htmltext>
<tokenext>SusClientID not SID .
WSUS identifies a machine based on a self-generated ID completely independent of the machine/domain SID .
It wo n't change until the registry key is deleted .</tokentext>
<sentencetext>SusClientID not SID.
WSUS identifies a machine based on a self-generated ID completely independent of the machine/domain SID.
It won't change until the registry key is deleted.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973280</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973356</id>
	<title>my NewNewSID program fixes these problems</title>
	<author>Anonymous</author>
	<datestamp>1257268380000</datestamp>
	<modclass>Funny</modclass>
	<modscore>1</modscore>
	<htmltext><p><tt><br>#include &lt;stdio.h&gt;</tt></p><p><tt>int main()<br>{<br>
&nbsp; &nbsp; printf( "\%d\n", 42 );<br>
&nbsp; &nbsp; return 0;<br>}<br></tt></p></htmltext>
<tokenext># include int main ( ) {     printf ( " \ % d \ n " , 42 ) ;     return 0 ; }</tokentext>
<sentencetext>#include int main(){
    printf( "\%d\n", 42 );
    return 0;}</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973990</id>
	<title>Re:Except for Domain Controllers..</title>
	<author>Anonymous</author>
	<datestamp>1257272580000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Yeah, I had this bite me just last week. I created a Windows Server 2008 VM. I cloned it and made it a domain controller. I then took the original VM and joined it to the domain. That machine was really messed up and domain authorizations were failing; for example, no domain admin user could have Admin rights on the client machine. The client machine just would not recognize the domain rights. I then of course realized I forgot to change the SID and then all was okay with the Universe.</p></htmltext>
<tokenext>Yeah , I had this bite me just last week .
I created a Windows Server 2008 VM .
I cloned it and made it a domain controller .
I then took the original VM and joined it to the domain .
That machine was really messed up and domain authorizations were failing ; for example , no domain admin user could have Admin rights on the client machine .
The client machine just would not recognize the domain rights .
I then of course realized I forgot to change the SID and then all was okay with the Universe .</tokentext>
<sentencetext>Yeah, I had this bite me just last week.
I created a Windows Server 2008 VM.
I cloned it and made it a domain controller.
I then took the original VM and joined it to the domain.
That machine was really messed up and domain authorizations were failing; for example, no domain admin user could have Admin rights on the client machine.
The client machine just would not recognize the domain rights.
I then of course realized I forgot to change the SID and then all was okay with the Universe.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972834</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972900</id>
	<title>Re:fp</title>
	<author>Anonymous</author>
	<datestamp>1257264420000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>best first post in a long time</p></htmltext>
<tokenext>best first post in a long time</tokentext>
<sentencetext>best first post in a long time</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972568</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29975408</id>
	<title>Re:It's the usual story</title>
	<author>Anonymous</author>
	<datestamp>1256983440000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>more like covering something used...</p></htmltext>
<tokenext>more like covering something used.. .</tokentext>
<sentencetext>more like covering something used...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973286</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29974298</id>
	<title>Closed source</title>
	<author>rolfc</author>
	<datestamp>1257275160000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Obviously this has gone undetected so long because of the lack of understanding of the issue in general and the users lack of access to the code in special.

How many of these issues are still hidden?</htmltext>
<tokenext>Obviously this has gone undetected so long because of the lack of understanding of the issue in general and the users lack of access to the code in special .
How many of these issues are still hidden ?</tokentext>
<sentencetext>Obviously this has gone undetected so long because of the lack of understanding of the issue in general and the users lack of access to the code in special.
How many of these issues are still hidden?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29976378</id>
	<title>Re:It's the usual story</title>
	<author>MasterOfGoingFaster</author>
	<datestamp>1256993820000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>A ggreat deal of Microsoft security is unfortunately just like the underwear of Brittany Spears.</p></div><p>Not crazy about this analogy.  After all, one is known to harbor viruses and infections, and the other.....   uh....  never mind.</p></div>
	</htmltext>
<tokenext>A ggreat deal of Microsoft security is unfortunately just like the underwear of Brittany Spears.Not crazy about this analogy .
After all , one is known to harbor viruses and infections , and the other..... uh.... never mind .</tokentext>
<sentencetext>A ggreat deal of Microsoft security is unfortunately just like the underwear of Brittany Spears.Not crazy about this analogy.
After all, one is known to harbor viruses and infections, and the other.....   uh....  never mind.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972684</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29977540</id>
	<title>Re:but they have the source!</title>
	<author>Thundersnatch</author>
	<datestamp>1257001860000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Windows is now supposedly &gt; 50 Million lines of code. I imagine that it would take man-years to inspect every hit on the SID in the source code.</htmltext>
<tokenext>Windows is now supposedly &gt; 50 Million lines of code .
I imagine that it would take man-years to inspect every hit on the SID in the source code .</tokentext>
<sentencetext>Windows is now supposedly &gt; 50 Million lines of code.
I imagine that it would take man-years to inspect every hit on the SID in the source code.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973654</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973964</id>
	<title>sysprep already does this for you</title>
	<author>Anonymous</author>
	<datestamp>1257272400000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>When using Sysprep the tool will automatically generate a new (clean) SID for the cloned machine at first boot, if you intend to create clones rather than a backup image for example where you would want to restore the original SID. the exception is when the -NOSIDGEN argument provided with sysprep is used, it will force the cloned machine to retain the SID of the original system, soemtimes this is desirable,sometimes not. Not sure how someone would confuse this, its clearly stated in the documentation for sysprep since 2000. Literally 30 seconds on google and Voila, RTFM folks.</p></htmltext>
<tokenext>When using Sysprep the tool will automatically generate a new ( clean ) SID for the cloned machine at first boot , if you intend to create clones rather than a backup image for example where you would want to restore the original SID .
the exception is when the -NOSIDGEN argument provided with sysprep is used , it will force the cloned machine to retain the SID of the original system , soemtimes this is desirable,sometimes not .
Not sure how someone would confuse this , its clearly stated in the documentation for sysprep since 2000 .
Literally 30 seconds on google and Voila , RTFM folks .</tokentext>
<sentencetext>When using Sysprep the tool will automatically generate a new (clean) SID for the cloned machine at first boot, if you intend to create clones rather than a backup image for example where you would want to restore the original SID.
the exception is when the -NOSIDGEN argument provided with sysprep is used, it will force the cloned machine to retain the SID of the original system, soemtimes this is desirable,sometimes not.
Not sure how someone would confuse this, its clearly stated in the documentation for sysprep since 2000.
Literally 30 seconds on google and Voila, RTFM folks.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972666</id>
	<title>ID</title>
	<author>pete-classic</author>
	<datestamp>1257262320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>How is it an ID if reuse <em>in the same context</em> has no ill effects?  What does it mean to identify something if all things can have the same ID?</p><p>Something is missing here.</p><p>-Peter</p></htmltext>
<tokenext>How is it an ID if reuse in the same context has no ill effects ?
What does it mean to identify something if all things can have the same ID ? Something is missing here.-Peter</tokentext>
<sentencetext>How is it an ID if reuse in the same context has no ill effects?
What does it mean to identify something if all things can have the same ID?Something is missing here.-Peter</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972620</id>
	<title>Re:fp</title>
	<author>Anonymous</author>
	<datestamp>1257261960000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>But... that would tear a hole in the space-time continuum! Its not meant to be!</p></htmltext>
<tokenext>But... that would tear a hole in the space-time continuum !
Its not meant to be !</tokentext>
<sentencetext>But... that would tear a hole in the space-time continuum!
Its not meant to be!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972568</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973598</id>
	<title>Re:Except for Domain Controllers..</title>
	<author>shaitand</author>
	<datestamp>1257270360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Yup</p></htmltext>
<tokenext>Yup</tokentext>
<sentencetext>Yup</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972610</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29982398</id>
	<title>Re:It's the usual story</title>
	<author>Anonymous</author>
	<datestamp>1257017520000</datestamp>
	<modclass>Funny</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>A ggreat deal of Microsoft security is unfortunately just like the underwear of Brittany Spears.</p></div><p>No...Microsoft relies on security through obscurity.</p></div>
	</htmltext>
<tokenext>A ggreat deal of Microsoft security is unfortunately just like the underwear of Brittany Spears.No...Microsoft relies on security through obscurity .</tokentext>
<sentencetext>A ggreat deal of Microsoft security is unfortunately just like the underwear of Brittany Spears.No...Microsoft relies on security through obscurity.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972684</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973654</id>
	<title>but they have the source!</title>
	<author>Anonymous</author>
	<datestamp>1257270660000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>can't they just grep through it for all references to the SYSID and see what decisions are based upon it?  i wish it was as simple as this...</p></htmltext>
<tokenext>ca n't they just grep through it for all references to the SYSID and see what decisions are based upon it ?
i wish it was as simple as this.. .</tokentext>
<sentencetext>can't they just grep through it for all references to the SYSID and see what decisions are based upon it?
i wish it was as simple as this...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973350</id>
	<title>Google "COMMANDO"</title>
	<author>Anonymous</author>
	<datestamp>1257268260000</datestamp>
	<modclass>Funny</modclass>
	<modscore>5</modscore>
	<htmltext><i>A ggreat deal of Microsoft security is unfortunately just like the underwear of Brittany Spears.</i>
<br><br>
<a href="http://images.google.com/images?safe=off&amp;q=britney+spears+commando" title="google.com"> <b>GOOGLE IMAGES: britney spears commando</b> </a> [google.com]</htmltext>
<tokenext>A ggreat deal of Microsoft security is unfortunately just like the underwear of Brittany Spears .
GOOGLE IMAGES : britney spears commando [ google.com ]</tokentext>
<sentencetext>A ggreat deal of Microsoft security is unfortunately just like the underwear of Brittany Spears.
GOOGLE IMAGES: britney spears commando  [google.com]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972684</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972610</id>
	<title>Except for Domain Controllers..</title>
	<author>tensop</author>
	<datestamp>1257261960000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext>I found that unless you change the SID on a computer before becoming a (virtual or otherwise) windows Domain Controller, it will cause all sorts of issues.

That is, at least in windows 2000 and 2003.</htmltext>
<tokenext>I found that unless you change the SID on a computer before becoming a ( virtual or otherwise ) windows Domain Controller , it will cause all sorts of issues .
That is , at least in windows 2000 and 2003 .</tokentext>
<sentencetext>I found that unless you change the SID on a computer before becoming a (virtual or otherwise) windows Domain Controller, it will cause all sorts of issues.
That is, at least in windows 2000 and 2003.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972790</id>
	<title>Anon E. Moose</title>
	<author>Anonymous</author>
	<datestamp>1257263460000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I personally on recently had found this one. I'm dead set against virtualization when computing power is so cheap and folding@home or seti@home or similar needs more!</p><p>Anyway. I had vista issues. Literally identical virtuals and host. Host remained the default SID. Both vista had this run on it. 1 totally blubbered. The other worked well enough to call success. Had to go use sysprep to fix it.</p><p>More recently server 2008 and server 2003 issues. newsid worked fine for me. Everyone else had issues. All requiring sysprep.</p><p>So inevitably it comes down to... why not update sysprep and use that instead? Or even... upgrade the issue of SIDs themselves?</p></htmltext>
<tokenext>I personally on recently had found this one .
I 'm dead set against virtualization when computing power is so cheap and folding @ home or seti @ home or similar needs more ! Anyway .
I had vista issues .
Literally identical virtuals and host .
Host remained the default SID .
Both vista had this run on it .
1 totally blubbered .
The other worked well enough to call success .
Had to go use sysprep to fix it.More recently server 2008 and server 2003 issues .
newsid worked fine for me .
Everyone else had issues .
All requiring sysprep.So inevitably it comes down to... why not update sysprep and use that instead ?
Or even... upgrade the issue of SIDs themselves ?</tokentext>
<sentencetext>I personally on recently had found this one.
I'm dead set against virtualization when computing power is so cheap and folding@home or seti@home or similar needs more!Anyway.
I had vista issues.
Literally identical virtuals and host.
Host remained the default SID.
Both vista had this run on it.
1 totally blubbered.
The other worked well enough to call success.
Had to go use sysprep to fix it.More recently server 2008 and server 2003 issues.
newsid worked fine for me.
Everyone else had issues.
All requiring sysprep.So inevitably it comes down to... why not update sysprep and use that instead?
Or even... upgrade the issue of SIDs themselves?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29981044</id>
	<title>Re:There is general agreement: NewSID is needed.</title>
	<author>Unequivocal</author>
	<datestamp>1257013620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>What is the specific problem that occurs in your scenario? You describe a lot of organizations that say it's bad to dupe SID's but you don't describe the failure mode that occurs when SID's are duped.</p><p>It seems like the original article is saying that everyone says duped SID's are bad, but no one can produce a failure scenario / test case that documents it. Please provide some evidence so we can call check out your scenario.</p></htmltext>
<tokenext>What is the specific problem that occurs in your scenario ?
You describe a lot of organizations that say it 's bad to dupe SID 's but you do n't describe the failure mode that occurs when SID 's are duped.It seems like the original article is saying that everyone says duped SID 's are bad , but no one can produce a failure scenario / test case that documents it .
Please provide some evidence so we can call check out your scenario .</tokentext>
<sentencetext>What is the specific problem that occurs in your scenario?
You describe a lot of organizations that say it's bad to dupe SID's but you don't describe the failure mode that occurs when SID's are duped.It seems like the original article is saying that everyone says duped SID's are bad, but no one can produce a failure scenario / test case that documents it.
Please provide some evidence so we can call check out your scenario.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29977210</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973256</id>
	<title>Re:Great.</title>
	<author>osu-neko</author>
	<datestamp>1257267480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Doesn't it bother anyone else that even Microsoft doesn't have a clue how the OS they developed works anymore? That something like this is even an issue?</p></div><p>Par for the course.  Welcome to the tech world.  At most companies there's a bunch of stuff running that no one who currently works there knows how it works, they're working of the notes of the people who left, who made those notes while trying to figure out how it works, after the generation before them already quit...</p><p>Suddenly the part of <i>Foundation</i> where planets are just working to maintain stuff they don't understand doesn't seem so far fetched...</p></div>
	</htmltext>
<tokenext>Does n't it bother anyone else that even Microsoft does n't have a clue how the OS they developed works anymore ?
That something like this is even an issue ? Par for the course .
Welcome to the tech world .
At most companies there 's a bunch of stuff running that no one who currently works there knows how it works , they 're working of the notes of the people who left , who made those notes while trying to figure out how it works , after the generation before them already quit...Suddenly the part of Foundation where planets are just working to maintain stuff they do n't understand does n't seem so far fetched.. .</tokentext>
<sentencetext>Doesn't it bother anyone else that even Microsoft doesn't have a clue how the OS they developed works anymore?
That something like this is even an issue?Par for the course.
Welcome to the tech world.
At most companies there's a bunch of stuff running that no one who currently works there knows how it works, they're working of the notes of the people who left, who made those notes while trying to figure out how it works, after the generation before them already quit...Suddenly the part of Foundation where planets are just working to maintain stuff they don't understand doesn't seem so far fetched...
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973124</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29975490</id>
	<title>No specification</title>
	<author>Anonymous</author>
	<datestamp>1256984400000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>"It&rsquo;s a little surprising that the SID duplication issue has gone unquestioned for so long, but everyone has assumed that someone else knew exactly why it was a problem."</p><p>So no one at MS ever wrote a specification of how SIDs are supposed to work? That could be checked against the code and the behaviour of test systems.</p><p>Bah Microsoft!!</p></htmltext>
<tokenext>" It    s a little surprising that the SID duplication issue has gone unquestioned for so long , but everyone has assumed that someone else knew exactly why it was a problem .
" So no one at MS ever wrote a specification of how SIDs are supposed to work ?
That could be checked against the code and the behaviour of test systems.Bah Microsoft !
!</tokentext>
<sentencetext>"It’s a little surprising that the SID duplication issue has gone unquestioned for so long, but everyone has assumed that someone else knew exactly why it was a problem.
"So no one at MS ever wrote a specification of how SIDs are supposed to work?
That could be checked against the code and the behaviour of test systems.Bah Microsoft!
!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972806</id>
	<title>It is no myth</title>
	<author>Anonymous</author>
	<datestamp>1257263580000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext>Speaking from experience, having two machines with the same SID on a single Domain you will have issues related to the computer account in Active Directory.  Remove one of these computers from the Domain and the others will experience Netlogon errors and various other issues as a result.

Although NewSID may no longer be relevant due to lack of Vista/2008/7/2008R2 support, you should always sysprep<nobr> <wbr></nobr>/generalize to prevent these issues from occuring.

Not too sure why an MS blogger would have this stance, I've seen it numerous times (10+) with my own eyes.  The fix is to either perform an offline workgroup join and generate new SID's on all but 1 affected machine, or to remove machines, NewSID all but one, and rejoin the Domain.</htmltext>
<tokenext>Speaking from experience , having two machines with the same SID on a single Domain you will have issues related to the computer account in Active Directory .
Remove one of these computers from the Domain and the others will experience Netlogon errors and various other issues as a result .
Although NewSID may no longer be relevant due to lack of Vista/2008/7/2008R2 support , you should always sysprep /generalize to prevent these issues from occuring .
Not too sure why an MS blogger would have this stance , I 've seen it numerous times ( 10 + ) with my own eyes .
The fix is to either perform an offline workgroup join and generate new SID 's on all but 1 affected machine , or to remove machines , NewSID all but one , and rejoin the Domain .</tokentext>
<sentencetext>Speaking from experience, having two machines with the same SID on a single Domain you will have issues related to the computer account in Active Directory.
Remove one of these computers from the Domain and the others will experience Netlogon errors and various other issues as a result.
Although NewSID may no longer be relevant due to lack of Vista/2008/7/2008R2 support, you should always sysprep /generalize to prevent these issues from occuring.
Not too sure why an MS blogger would have this stance, I've seen it numerous times (10+) with my own eyes.
The fix is to either perform an offline workgroup join and generate new SID's on all but 1 affected machine, or to remove machines, NewSID all but one, and rejoin the Domain.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29991358</id>
	<title>Re:fp</title>
	<author>Anonymous</author>
	<datestamp>1257014700000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><b>Mark has lost all credibility (and creativity) after he joined MSFT.</b></p><p>He recently wrote that "Alex Ionescu now teaches Windows".</p><p><b>Now I understand why ReactOS development has stalled.</b></p><p>Too bad MSFT does not use all these talents to make better products. <b>Crunching the competition to stay the only one will not survive the crisis.</b></p><p>When you see that TrustLeap *in user-space* is beating IIS *in the kernel* you understand how inefficient MSFT is at developing technologies -despite hiring talented people.</p><p><b>When you see plain ANSI C scripts (from G-WAN web server) beating ASP.Net C# by a factor 5</b>, you understand where MSFT's priorities are.</p><p>Having spent 20 of my life with Windows, I am just tired of Windows. Linux may be squared at some places -but it can be improved. The same is not true with MSFT.</p></htmltext>
<tokenext>Mark has lost all credibility ( and creativity ) after he joined MSFT.He recently wrote that " Alex Ionescu now teaches Windows " .Now I understand why ReactOS development has stalled.Too bad MSFT does not use all these talents to make better products .
Crunching the competition to stay the only one will not survive the crisis.When you see that TrustLeap * in user-space * is beating IIS * in the kernel * you understand how inefficient MSFT is at developing technologies -despite hiring talented people.When you see plain ANSI C scripts ( from G-WAN web server ) beating ASP.Net C # by a factor 5 , you understand where MSFT 's priorities are.Having spent 20 of my life with Windows , I am just tired of Windows .
Linux may be squared at some places -but it can be improved .
The same is not true with MSFT .</tokentext>
<sentencetext>Mark has lost all credibility (and creativity) after he joined MSFT.He recently wrote that "Alex Ionescu now teaches Windows".Now I understand why ReactOS development has stalled.Too bad MSFT does not use all these talents to make better products.
Crunching the competition to stay the only one will not survive the crisis.When you see that TrustLeap *in user-space* is beating IIS *in the kernel* you understand how inefficient MSFT is at developing technologies -despite hiring talented people.When you see plain ANSI C scripts (from G-WAN web server) beating ASP.Net C# by a factor 5, you understand where MSFT's priorities are.Having spent 20 of my life with Windows, I am just tired of Windows.
Linux may be squared at some places -but it can be improved.
The same is not true with MSFT.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972568</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29977194</id>
	<title>Re:Well... it WAS a problem...</title>
	<author>Anonymous</author>
	<datestamp>1257000300000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>There is a unique SUS ID as well as the SID, both *must* be unique for things to work properly.</p><p>I am mindboggled that M$ would be killing NewSID, we use it every single day and without it there is no doubt you -will- encounter the dreaded "trust relationship has failed" when they collide in the domain....</p></htmltext>
<tokenext>There is a unique SUS ID as well as the SID , both * must * be unique for things to work properly.I am mindboggled that M $ would be killing NewSID , we use it every single day and without it there is no doubt you -will- encounter the dreaded " trust relationship has failed " when they collide in the domain... .</tokentext>
<sentencetext>There is a unique SUS ID as well as the SID, both *must* be unique for things to work properly.I am mindboggled that M$ would be killing NewSID, we use it every single day and without it there is no doubt you -will- encounter the dreaded "trust relationship has failed" when they collide in the domain....</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972624</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973962</id>
	<title>Re:It is no myth</title>
	<author>Anonymous</author>
	<datestamp>1257272400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>AD SID and machine SID are different.  If you join a system to the domain and then clone it, you'll have two identical *domain* SIDs and problems related to that.  If you RTFA and comments, they're talking about having duplicate *machine* SIDs.  If machineA connects to machineB, it uses either credentials from the domain or the destination system, so MachineB having a duplicate SID as the MachineA isn't relevant because they're not being compared or checked against each other.</htmltext>
<tokenext>AD SID and machine SID are different .
If you join a system to the domain and then clone it , you 'll have two identical * domain * SIDs and problems related to that .
If you RTFA and comments , they 're talking about having duplicate * machine * SIDs .
If machineA connects to machineB , it uses either credentials from the domain or the destination system , so MachineB having a duplicate SID as the MachineA is n't relevant because they 're not being compared or checked against each other .</tokentext>
<sentencetext>AD SID and machine SID are different.
If you join a system to the domain and then clone it, you'll have two identical *domain* SIDs and problems related to that.
If you RTFA and comments, they're talking about having duplicate *machine* SIDs.
If machineA connects to machineB, it uses either credentials from the domain or the destination system, so MachineB having a duplicate SID as the MachineA isn't relevant because they're not being compared or checked against each other.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972806</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29976460</id>
	<title>parent NSFW</title>
	<author>junglee\_iitk</author>
	<datestamp>1256994540000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>dude, write "NSFW"!!!</p><p>always!</p></htmltext>
<tokenext>dude , write " NSFW " ! !
! always !</tokentext>
<sentencetext>dude, write "NSFW"!!
!always!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973350</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973236</id>
	<title>I have been saying this for years.</title>
	<author>Anonymous</author>
	<datestamp>1257267360000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The machine receives a new sid when joins the domain.</p></htmltext>
<tokenext>The machine receives a new sid when joins the domain .</tokentext>
<sentencetext>The machine receives a new sid when joins the domain.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29985770</id>
	<title>Re:So who's got a copy of the final release of New</title>
	<author>IICV</author>
	<datestamp>1256984160000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Microsoft actually explicitly supports ghosting nowadays, assuming you do it their way. Check out the <a href="http://www.microsoft.com/downloads/details.aspx?FamilyID=C7D4BC6D-15F3-4284-9123-679830D629F2&amp;displaylang=en" title="microsoft.com">Windows AIK</a> [microsoft.com] and <a href="http://technet.microsoft.com/en-us/library/dd349348(WS.10).aspx" title="microsoft.com">this guide</a> [microsoft.com]. It's pretty nice, and if you want to automate things you just need to mount the boot image (using dism) and edit Windows\System32\startnet.cmd</htmltext>
<tokenext>Microsoft actually explicitly supports ghosting nowadays , assuming you do it their way .
Check out the Windows AIK [ microsoft.com ] and this guide [ microsoft.com ] .
It 's pretty nice , and if you want to automate things you just need to mount the boot image ( using dism ) and edit Windows \ System32 \ startnet.cmd</tokentext>
<sentencetext>Microsoft actually explicitly supports ghosting nowadays, assuming you do it their way.
Check out the Windows AIK [microsoft.com] and this guide [microsoft.com].
It's pretty nice, and if you want to automate things you just need to mount the boot image (using dism) and edit Windows\System32\startnet.cmd</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29974080</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29983924</id>
	<title>Re:Hmm... Pretty sure I ran into an issue somewher</title>
	<author>lucifuge31337</author>
	<datestamp>1257021720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I'm not sure this is any more useful to your post, but I very clearly remember going through this when I was contracted to make a machine imaging setup for a computer lab back in the NT 4.0 (possibly even 3.51) days.  NT4 Server/DC, and NT4 Workstation machines.  Once you joined the domain with one machine, any cloned one refused to join the domain.  I ended up with sysprep scripts and all kinds of other junk and cloned them at the point of the first (or maybe second....I don't recall) reboot during a fully scripted setup to solve the issue.  This was before tools were available to deal with this.</htmltext>
<tokenext>I 'm not sure this is any more useful to your post , but I very clearly remember going through this when I was contracted to make a machine imaging setup for a computer lab back in the NT 4.0 ( possibly even 3.51 ) days .
NT4 Server/DC , and NT4 Workstation machines .
Once you joined the domain with one machine , any cloned one refused to join the domain .
I ended up with sysprep scripts and all kinds of other junk and cloned them at the point of the first ( or maybe second....I do n't recall ) reboot during a fully scripted setup to solve the issue .
This was before tools were available to deal with this .</tokentext>
<sentencetext>I'm not sure this is any more useful to your post, but I very clearly remember going through this when I was contracted to make a machine imaging setup for a computer lab back in the NT 4.0 (possibly even 3.51) days.
NT4 Server/DC, and NT4 Workstation machines.
Once you joined the domain with one machine, any cloned one refused to join the domain.
I ended up with sysprep scripts and all kinds of other junk and cloned them at the point of the first (or maybe second....I don't recall) reboot during a fully scripted setup to solve the issue.
This was before tools were available to deal with this.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972690</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972768</id>
	<title>Re:Well... it WAS a problem...</title>
	<author>fan of lem</author>
	<datestamp>1257263340000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>5</modscore>
	<htmltext><p>Did you mean the SusClientId?  AFAIK this is the only identifier WSUS uses to distinguish between computers (they also don't have to be on the same domain).</p><p>On new clones you only need to delete the SusClientId key under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate; the update service will take care of assigning the machine a new ID.</p></htmltext>
<tokenext>Did you mean the SusClientId ?
AFAIK this is the only identifier WSUS uses to distinguish between computers ( they also do n't have to be on the same domain ) .On new clones you only need to delete the SusClientId key under HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ WindowsUpdate ; the update service will take care of assigning the machine a new ID .</tokentext>
<sentencetext>Did you mean the SusClientId?
AFAIK this is the only identifier WSUS uses to distinguish between computers (they also don't have to be on the same domain).On new clones you only need to delete the SusClientId key under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate; the update service will take care of assigning the machine a new ID.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972624</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973124</id>
	<title>Great.</title>
	<author>Anonymous</author>
	<datestamp>1257266340000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>Doesn't it bother anyone else that even Microsoft doesn't have a clue how the OS they developed works anymore? That something like this is even an issue?</p></htmltext>
<tokenext>Does n't it bother anyone else that even Microsoft does n't have a clue how the OS they developed works anymore ?
That something like this is even an issue ?</tokentext>
<sentencetext>Doesn't it bother anyone else that even Microsoft doesn't have a clue how the OS they developed works anymore?
That something like this is even an issue?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29977780</id>
	<title>Britney Spears Sans Panties.</title>
	<author>Anonymous</author>
	<datestamp>1257002880000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>For your pleasure. <a href="http://www.promotinglinux.com/celebrity/britney-spears/" title="promotinglinux.com" rel="nofollow">Britney Spears Sans Panties.</a> [promotinglinux.com]</p></htmltext>
<tokenext>For your pleasure .
Britney Spears Sans Panties .
[ promotinglinux.com ]</tokentext>
<sentencetext>For your pleasure.
Britney Spears Sans Panties.
[promotinglinux.com]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972684</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29974724</id>
	<title>Theological disputation...</title>
	<author>Anonymous</author>
	<datestamp>1257020100000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>Maybe it's because I have a cold, but this seems reminescent of an <a href="http://en.wikipedia.org/wiki/Nestorianism" title="wikipedia.org" rel="nofollow">old heresy</a> [wikipedia.org],  and about as silly to non-believers.</htmltext>
<tokenext>Maybe it 's because I have a cold , but this seems reminescent of an old heresy [ wikipedia.org ] , and about as silly to non-believers .</tokentext>
<sentencetext>Maybe it's because I have a cold, but this seems reminescent of an old heresy [wikipedia.org],  and about as silly to non-believers.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29983100</id>
	<title>Re:Except for Domain Controllers..</title>
	<author>Anonymous</author>
	<datestamp>1257019440000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Yeah, I was going to say, because I ran into this before.  You definitely need a different SID for the member machine.</p></htmltext>
<tokenext>Yeah , I was going to say , because I ran into this before .
You definitely need a different SID for the member machine .</tokentext>
<sentencetext>Yeah, I was going to say, because I ran into this before.
You definitely need a different SID for the member machine.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972834</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29976628</id>
	<title>Re:Hmm... Pretty sure I ran into an issue somewher</title>
	<author>Chang</author>
	<datestamp>1256996220000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>You need to make sure the image wasn't joined to the domain and that each new copy does it's own join.</p><p>The domain SID in a domain joined image will cause problems.</p><p>Russinovich's post is about the machine SID which is not the same thing as a domain SID.</p></htmltext>
<tokenext>You need to make sure the image was n't joined to the domain and that each new copy does it 's own join.The domain SID in a domain joined image will cause problems.Russinovich 's post is about the machine SID which is not the same thing as a domain SID .</tokentext>
<sentencetext>You need to make sure the image wasn't joined to the domain and that each new copy does it's own join.The domain SID in a domain joined image will cause problems.Russinovich's post is about the machine SID which is not the same thing as a domain SID.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972690</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972898</id>
	<title>Finally validation!</title>
	<author>shemp42</author>
	<datestamp>1257264360000</datestamp>
	<modclass>Funny</modclass>
	<modscore>3</modscore>
	<htmltext>I have said this for years, glad its finally being widely accepted.  My coworkers when ghosting machines would be fanatical about changing the SId's.  I have a bad memory and would often forget to change them with no problems.  I finally just started skipping the step of changing SID's and never had any adverse issues. When I told me coworkers about this they would rattle off a liteny of problems that I "could" encounter.  After 10 years its nice to know I was right all along.

So now a drum roll please......

IN YOUR FACE....MY COWORKERS!</htmltext>
<tokenext>I have said this for years , glad its finally being widely accepted .
My coworkers when ghosting machines would be fanatical about changing the SId 's .
I have a bad memory and would often forget to change them with no problems .
I finally just started skipping the step of changing SID 's and never had any adverse issues .
When I told me coworkers about this they would rattle off a liteny of problems that I " could " encounter .
After 10 years its nice to know I was right all along .
So now a drum roll please..... . IN YOUR FACE....MY COWORKERS !</tokentext>
<sentencetext>I have said this for years, glad its finally being widely accepted.
My coworkers when ghosting machines would be fanatical about changing the SId's.
I have a bad memory and would often forget to change them with no problems.
I finally just started skipping the step of changing SID's and never had any adverse issues.
When I told me coworkers about this they would rattle off a liteny of problems that I "could" encounter.
After 10 years its nice to know I was right all along.
So now a drum roll please......

IN YOUR FACE....MY COWORKERS!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972860</id>
	<title>Isn't it ridiculous?</title>
	<author>Anonymous</author>
	<datestamp>1257264060000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>1</modscore>
	<htmltext><p>Isn't it ridiculous? A guru working for MS says "OK, we finally figure out we don't understand what's going on, after all these years"</p></htmltext>
<tokenext>Is n't it ridiculous ?
A guru working for MS says " OK , we finally figure out we do n't understand what 's going on , after all these years "</tokentext>
<sentencetext>Isn't it ridiculous?
A guru working for MS says "OK, we finally figure out we don't understand what's going on, after all these years"</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973090</id>
	<title>I seem to remember ...</title>
	<author>Anonymous</author>
	<datestamp>1257266040000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>that it DOES make a difference  when REMOVING a PC from a domain, at least 2000 or XP machines.  We didn't run newsid at first and found that by removing ONE PC from the domain it removed them ALL from the domain even when the PC names where different.</p><p>Things might of changed with a 2K3 / 2K8 domain with Vista and WIn 7 clients.</p></htmltext>
<tokenext>that it DOES make a difference when REMOVING a PC from a domain , at least 2000 or XP machines .
We did n't run newsid at first and found that by removing ONE PC from the domain it removed them ALL from the domain even when the PC names where different.Things might of changed with a 2K3 / 2K8 domain with Vista and WIn 7 clients .</tokentext>
<sentencetext>that it DOES make a difference  when REMOVING a PC from a domain, at least 2000 or XP machines.
We didn't run newsid at first and found that by removing ONE PC from the domain it removed them ALL from the domain even when the PC names where different.Things might of changed with a 2K3 / 2K8 domain with Vista and WIn 7 clients.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972628</id>
	<title>WSUS needs unique SIDs</title>
	<author>Anonymous</author>
	<datestamp>1257262020000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>At least in my experience.</htmltext>
<tokenext>At least in my experience .</tokentext>
<sentencetext>At least in my experience.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29975928</id>
	<title>Re:Duplicate UIDs</title>
	<author>Anonymous</author>
	<datestamp>1256988840000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Maybe it's just taken MS this long to realize they could break Samba by doing this...</p></htmltext>
<tokenext>Maybe it 's just taken MS this long to realize they could break Samba by doing this.. .</tokentext>
<sentencetext>Maybe it's just taken MS this long to realize they could break Samba by doing this...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972676</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972850</id>
	<title>In other words...</title>
	<author>jkrise</author>
	<datestamp>1257263940000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>Microsoft is now my employer, and I have no reason to cater to the needs of the user community anymore.</p></htmltext>
<tokenext>Microsoft is now my employer , and I have no reason to cater to the needs of the user community anymore .</tokentext>
<sentencetext>Microsoft is now my employer, and I have no reason to cater to the needs of the user community anymore.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29975466</id>
	<title>Re:With an important caveat!</title>
	<author>DangerousDriver</author>
	<datestamp>1256984100000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>5</modscore>
	<htmltext><p>Here's what happens when a DC and member server are both cloned from the same base image with identical SIDs:</p><p>Event Type:    Error<br>Event Source:    NETLOGON<br>Event Category:    None<br>Event ID:    5516<br>Date:        04/11/2009<br>Time:        08:52:35<br>User:        N/A<br>Computer:    SERVER01<br>Description:<br>The computer or domain SERVER01 trusts domain TESTDOMAIN.  (This may be an indirect trust.)  However, SERVER01 and TESTDOMAIN have the same machine security identifier (SID).  NT should be re-installed on either SERVER01 or TESTDOMAIN.</p><p>For more information, see Help and Support Center at <a href="http://go.microsoft.com/fwlink/events.asp" title="microsoft.com" rel="nofollow">http://go.microsoft.com/fwlink/events.asp</a> [microsoft.com].</p></htmltext>
<tokenext>Here 's what happens when a DC and member server are both cloned from the same base image with identical SIDs : Event Type : ErrorEvent Source : NETLOGONEvent Category : NoneEvent ID : 5516Date : 04/11/2009Time : 08 : 52 : 35User : N/AComputer : SERVER01Description : The computer or domain SERVER01 trusts domain TESTDOMAIN .
( This may be an indirect trust .
) However , SERVER01 and TESTDOMAIN have the same machine security identifier ( SID ) .
NT should be re-installed on either SERVER01 or TESTDOMAIN.For more information , see Help and Support Center at http : //go.microsoft.com/fwlink/events.asp [ microsoft.com ] .</tokentext>
<sentencetext>Here's what happens when a DC and member server are both cloned from the same base image with identical SIDs:Event Type:    ErrorEvent Source:    NETLOGONEvent Category:    NoneEvent ID:    5516Date:        04/11/2009Time:        08:52:35User:        N/AComputer:    SERVER01Description:The computer or domain SERVER01 trusts domain TESTDOMAIN.
(This may be an indirect trust.
)  However, SERVER01 and TESTDOMAIN have the same machine security identifier (SID).
NT should be re-installed on either SERVER01 or TESTDOMAIN.For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp [microsoft.com].</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972694</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29980742</id>
	<title>Re:There is general agreement: NewSID is needed.</title>
	<author>metrix007</author>
	<datestamp>1257012720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>In the U.S., there is a law of Fitness for Merchantability. Does that law protect Microsoft's users, since in some cases we can't use what we bought without NewSID, or some other SID-changing utility?</p> </div><p>Just wanted to single this out, but the rest of your post is good. A law for a Fitness for Merchantability would not apply in this case. Windows is sold as a particular product, with particular uses impled and expected. If you want to use it for things outside of this scope, you should not, and legally can not, expect further support. This is similar, but no where near as extreme, as running a Hackintosh.</p></div>
	</htmltext>
<tokenext>In the U.S. , there is a law of Fitness for Merchantability .
Does that law protect Microsoft 's users , since in some cases we ca n't use what we bought without NewSID , or some other SID-changing utility ?
Just wanted to single this out , but the rest of your post is good .
A law for a Fitness for Merchantability would not apply in this case .
Windows is sold as a particular product , with particular uses impled and expected .
If you want to use it for things outside of this scope , you should not , and legally can not , expect further support .
This is similar , but no where near as extreme , as running a Hackintosh .</tokentext>
<sentencetext>In the U.S., there is a law of Fitness for Merchantability.
Does that law protect Microsoft's users, since in some cases we can't use what we bought without NewSID, or some other SID-changing utility?
Just wanted to single this out, but the rest of your post is good.
A law for a Fitness for Merchantability would not apply in this case.
Windows is sold as a particular product, with particular uses impled and expected.
If you want to use it for things outside of this scope, you should not, and legally can not, expect further support.
This is similar, but no where near as extreme, as running a Hackintosh.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29977210</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972640</id>
	<title>Go Figure</title>
	<author>Anonymous</author>
	<datestamp>1257262140000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>This is coming from the same company that billed my employer to the tune of $250,000 USD in order to create a utility that would move a user profile from the old location to the new one after the user account had been moved to a new NT domain.</p><p>And then we found the moveuser.exe utility on the server resource kit and asked them what the $250,000 was for.  Not that anyone who pays two hundred and fifty thousand dollars for a few lines of vbscript is smart (the phbs wanted something bonafide), but I'm just sayin'...</p></htmltext>
<tokenext>This is coming from the same company that billed my employer to the tune of $ 250,000 USD in order to create a utility that would move a user profile from the old location to the new one after the user account had been moved to a new NT domain.And then we found the moveuser.exe utility on the server resource kit and asked them what the $ 250,000 was for .
Not that anyone who pays two hundred and fifty thousand dollars for a few lines of vbscript is smart ( the phbs wanted something bonafide ) , but I 'm just sayin'.. .</tokentext>
<sentencetext>This is coming from the same company that billed my employer to the tune of $250,000 USD in order to create a utility that would move a user profile from the old location to the new one after the user account had been moved to a new NT domain.And then we found the moveuser.exe utility on the server resource kit and asked them what the $250,000 was for.
Not that anyone who pays two hundred and fifty thousand dollars for a few lines of vbscript is smart (the phbs wanted something bonafide), but I'm just sayin'...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973558</id>
	<title>Really?</title>
	<author>Sycraft-fu</author>
	<datestamp>1257270180000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext><p>This surprises me. I'm not going to say he's wrong, after all the man literally wrote the book on Windows (Windows Internals from Microsoft Press, great book) but it just seems odd. We seem to have problems at work if a system is Ghosted, but not SID walked. It'll join the domain, but exhibit weird problems, like users not able to log in and such. Now maybe GhostWalk does other things too that are what really needs to be done, but it seems to just be a SID change tool.</p><p>Personally I'll keep using GhostWalk until Symantec removes it.</p></htmltext>
<tokenext>This surprises me .
I 'm not going to say he 's wrong , after all the man literally wrote the book on Windows ( Windows Internals from Microsoft Press , great book ) but it just seems odd .
We seem to have problems at work if a system is Ghosted , but not SID walked .
It 'll join the domain , but exhibit weird problems , like users not able to log in and such .
Now maybe GhostWalk does other things too that are what really needs to be done , but it seems to just be a SID change tool.Personally I 'll keep using GhostWalk until Symantec removes it .</tokentext>
<sentencetext>This surprises me.
I'm not going to say he's wrong, after all the man literally wrote the book on Windows (Windows Internals from Microsoft Press, great book) but it just seems odd.
We seem to have problems at work if a system is Ghosted, but not SID walked.
It'll join the domain, but exhibit weird problems, like users not able to log in and such.
Now maybe GhostWalk does other things too that are what really needs to be done, but it seems to just be a SID change tool.Personally I'll keep using GhostWalk until Symantec removes it.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972716</id>
	<title>Oh, right... that.</title>
	<author>tverbeek</author>
	<datestamp>1257262740000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext><p>For what it's worth, using NewSID (or some other technique to accomplish the same thing) was too much trouble to do the first time when push came to deadline and I had to crank out a few hundred WinXP workstations for the college labs.  I didn't have any problems.  Never gave it another thought.</p></htmltext>
<tokenext>For what it 's worth , using NewSID ( or some other technique to accomplish the same thing ) was too much trouble to do the first time when push came to deadline and I had to crank out a few hundred WinXP workstations for the college labs .
I did n't have any problems .
Never gave it another thought .</tokentext>
<sentencetext>For what it's worth, using NewSID (or some other technique to accomplish the same thing) was too much trouble to do the first time when push came to deadline and I had to crank out a few hundred WinXP workstations for the college labs.
I didn't have any problems.
Never gave it another thought.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29985016</id>
	<title>Re:Duplicate UIDs</title>
	<author>Anonymous</author>
	<datestamp>1256982060000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Well, Why dont companies like Symantec (Ghost) chime in, I mean SID's had to be reset going back to NT 3.51, before Symantec bought the Company that made the ghost imaging software. So I wonder, what would be the reason, back then, and if those scenarios are still relevant today.</p></htmltext>
<tokenext>Well , Why dont companies like Symantec ( Ghost ) chime in , I mean SID 's had to be reset going back to NT 3.51 , before Symantec bought the Company that made the ghost imaging software .
So I wonder , what would be the reason , back then , and if those scenarios are still relevant today .</tokentext>
<sentencetext>Well, Why dont companies like Symantec (Ghost) chime in, I mean SID's had to be reset going back to NT 3.51, before Symantec bought the Company that made the ghost imaging software.
So I wonder, what would be the reason, back then, and if those scenarios are still relevant today.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972676</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973280</id>
	<title>Re:Well... it WAS a problem...</title>
	<author>pyite</author>
	<datestamp>1257267660000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext><p><i>I know for a fact that WSUS (Windows Server Update Services... basically a centralized patch server) would do "weird, interesting" things when two machines tried to check into WSUS with the same SID.</i></p><p>I don't even work with Windows servers and I happen to know this from engineering some network infrastructure (load balancing) for the folks in our organization who do manage WSUS. Long story short, what they thought was problematic load balancing across WSUS servers was actually the same SID being used from 1,000+ cloned VMs. WSUS thought they were one machine.</p></htmltext>
<tokenext>I know for a fact that WSUS ( Windows Server Update Services... basically a centralized patch server ) would do " weird , interesting " things when two machines tried to check into WSUS with the same SID.I do n't even work with Windows servers and I happen to know this from engineering some network infrastructure ( load balancing ) for the folks in our organization who do manage WSUS .
Long story short , what they thought was problematic load balancing across WSUS servers was actually the same SID being used from 1,000 + cloned VMs .
WSUS thought they were one machine .</tokentext>
<sentencetext>I know for a fact that WSUS (Windows Server Update Services... basically a centralized patch server) would do "weird, interesting" things when two machines tried to check into WSUS with the same SID.I don't even work with Windows servers and I happen to know this from engineering some network infrastructure (load balancing) for the folks in our organization who do manage WSUS.
Long story short, what they thought was problematic load balancing across WSUS servers was actually the same SID being used from 1,000+ cloned VMs.
WSUS thought they were one machine.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972624</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29974000</id>
	<title>Re:Well... it WAS a problem...</title>
	<author>gotpaint32</author>
	<datestamp>1257272640000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext>As fan of lem mentions, the issue you state only happens if the wsus regkey is present. The regkey can only be present if you image a machine that has registered with WSUS. Best practice is to make sure that the machines that you image does not have any group policies applied to it.</htmltext>
<tokenext>As fan of lem mentions , the issue you state only happens if the wsus regkey is present .
The regkey can only be present if you image a machine that has registered with WSUS .
Best practice is to make sure that the machines that you image does not have any group policies applied to it .</tokentext>
<sentencetext>As fan of lem mentions, the issue you state only happens if the wsus regkey is present.
The regkey can only be present if you image a machine that has registered with WSUS.
Best practice is to make sure that the machines that you image does not have any group policies applied to it.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972624</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972952</id>
	<title>Re:With an important caveat!</title>
	<author>gollito</author>
	<datestamp>1257264840000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I know for a fact that this is an issue with Server 2008 and Exchange 2007.  I had a client that cloned all their 2k8 servers from a single image and after they put it into production their Exchange server suddenly stopped authenticating users.  Turns out it was a SID related issue.  Working with Microsoft support they had me try the NewSID app, which didn't work, so I was left with unjoining the server from the domain, sysprep'ing it, and then joining it backup.  This was after 3 days of trying everything else before taking this drastic step.  Had the NewSID app worked properly I would have been done within the first hour of working with MS tech support.</htmltext>
<tokenext>I know for a fact that this is an issue with Server 2008 and Exchange 2007 .
I had a client that cloned all their 2k8 servers from a single image and after they put it into production their Exchange server suddenly stopped authenticating users .
Turns out it was a SID related issue .
Working with Microsoft support they had me try the NewSID app , which did n't work , so I was left with unjoining the server from the domain , sysprep'ing it , and then joining it backup .
This was after 3 days of trying everything else before taking this drastic step .
Had the NewSID app worked properly I would have been done within the first hour of working with MS tech support .</tokentext>
<sentencetext>I know for a fact that this is an issue with Server 2008 and Exchange 2007.
I had a client that cloned all their 2k8 servers from a single image and after they put it into production their Exchange server suddenly stopped authenticating users.
Turns out it was a SID related issue.
Working with Microsoft support they had me try the NewSID app, which didn't work, so I was left with unjoining the server from the domain, sysprep'ing it, and then joining it backup.
This was after 3 days of trying everything else before taking this drastic step.
Had the NewSID app worked properly I would have been done within the first hour of working with MS tech support.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972694</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972676</id>
	<title>Duplicate UIDs</title>
	<author>l2718</author>
	<datestamp>1257262440000</datestamp>
	<modclass>None</modclass>
	<modscore>2</modscore>
	<htmltext>So the "best practice" for MS-Windows was to <i>randomly generate</i> UIDs to avoid user accounts on different machines from having the same UID?  This would have made sense had NFS been common, where indeed duplicate UIDs are an issue.  But windows does not support NFS mounts -- and SMB mounting is based on a local account on the remote machine.  There must be some subtlety here, or else why has this taken years to figure out?</htmltext>
<tokenext>So the " best practice " for MS-Windows was to randomly generate UIDs to avoid user accounts on different machines from having the same UID ?
This would have made sense had NFS been common , where indeed duplicate UIDs are an issue .
But windows does not support NFS mounts -- and SMB mounting is based on a local account on the remote machine .
There must be some subtlety here , or else why has this taken years to figure out ?</tokentext>
<sentencetext>So the "best practice" for MS-Windows was to randomly generate UIDs to avoid user accounts on different machines from having the same UID?
This would have made sense had NFS been common, where indeed duplicate UIDs are an issue.
But windows does not support NFS mounts -- and SMB mounting is based on a local account on the remote machine.
There must be some subtlety here, or else why has this taken years to figure out?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29975344</id>
	<title>NewSID allows for activation reset?</title>
	<author>ard</author>
	<datestamp>1256982780000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>5</modscore>
	<htmltext><p>From the article:</p><p><div class="quote"><p>This is called generalizing the image, because when you boot an image created using this process, Sysprep specializes the installation by generating a new machine SID, triggering plug-and-play hardware detection, <b>resetting the product activation clock</b>, and setting other configuration data like the new computer name.</p></div><p>Is the product activation clock reset because of Sysprep, or because the SID is changed?</p><p>In other words, could NewSID be used to keep unactivated windows installations running indefinately?</p><p>&lt;conspiracy\_theory&gt; <em>Would that be the real reason for the NewSID retirement? What's the rush of removing the download instead of leaving it unsupported?</em> &lt;/conspiracy\_theory&gt;</p></div>
	</htmltext>
<tokenext>From the article : This is called generalizing the image , because when you boot an image created using this process , Sysprep specializes the installation by generating a new machine SID , triggering plug-and-play hardware detection , resetting the product activation clock , and setting other configuration data like the new computer name.Is the product activation clock reset because of Sysprep , or because the SID is changed ? In other words , could NewSID be used to keep unactivated windows installations running indefinately ?
Would that be the real reason for the NewSID retirement ?
What 's the rush of removing the download instead of leaving it unsupported ?</tokentext>
<sentencetext>From the article:This is called generalizing the image, because when you boot an image created using this process, Sysprep specializes the installation by generating a new machine SID, triggering plug-and-play hardware detection, resetting the product activation clock, and setting other configuration data like the new computer name.Is the product activation clock reset because of Sysprep, or because the SID is changed?In other words, could NewSID be used to keep unactivated windows installations running indefinately?
Would that be the real reason for the NewSID retirement?
What's the rush of removing the download instead of leaving it unsupported? 
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29977240</id>
	<title>Microsoft Marketeering Fellow</title>
	<author>Anonymous</author>
	<datestamp>1257000540000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>How is this shit spewed from a Microsoft Marketeer worth posting to Slashdot?  </p><p>Oh, yeh.  Its not.</p></htmltext>
<tokenext>How is this shit spewed from a Microsoft Marketeer worth posting to Slashdot ?
Oh , yeh .
Its not .</tokentext>
<sentencetext>How is this shit spewed from a Microsoft Marketeer worth posting to Slashdot?
Oh, yeh.
Its not.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972568</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972788</id>
	<title>Re:Well... it WAS a problem...</title>
	<author>Anonymous</author>
	<datestamp>1257263460000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>That was my first thought too. Clients with the same SID is still a problem with the latest WSUS. At a minimum the admin discovery won't recognize multiple machines with the same SID as unique machines so depending on the update time, random machines won't get a patch because the server think it already got it.</p></htmltext>
<tokenext>That was my first thought too .
Clients with the same SID is still a problem with the latest WSUS .
At a minimum the admin discovery wo n't recognize multiple machines with the same SID as unique machines so depending on the update time , random machines wo n't get a patch because the server think it already got it .</tokentext>
<sentencetext>That was my first thought too.
Clients with the same SID is still a problem with the latest WSUS.
At a minimum the admin discovery won't recognize multiple machines with the same SID as unique machines so depending on the update time, random machines won't get a patch because the server think it already got it.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972624</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29994088</id>
	<title>Re:fp</title>
	<author>linu77</author>
	<datestamp>1257432600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>IBM tivoli goes nuts with duplicats Ids</htmltext>
<tokenext>IBM tivoli goes nuts with duplicats Ids</tokentext>
<sentencetext>IBM tivoli goes nuts with duplicats Ids</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972568</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29975988</id>
	<title>Thank you</title>
	<author>hcgpragt</author>
	<datestamp>1256989500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I, for one, wish to speak a word of thanks. This was a step of courage. <br>
If only half of the people working on a non-solution, on which they own their daily bread, where so courageous.<br>
<br>
H</htmltext>
<tokenext>I , for one , wish to speak a word of thanks .
This was a step of courage .
If only half of the people working on a non-solution , on which they own their daily bread , where so courageous .
H</tokentext>
<sentencetext>I, for one, wish to speak a word of thanks.
This was a step of courage.
If only half of the people working on a non-solution, on which they own their daily bread, where so courageous.
H</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29979114</id>
	<title>Re:fp</title>
	<author>commodore64\_love</author>
	<datestamp>1257007680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Personally I prefer the oldSID:  <a href="http://www.lemon64.com/music/" title="lemon64.com">http://www.lemon64.com/music/</a> [lemon64.com]</p><p>Recommended starting point: MUSICIANS/H/Huelsbeck Chris/R-Type<br>Also; MUSICIANS/H/Hubbard Rob</p></htmltext>
<tokenext>Personally I prefer the oldSID : http : //www.lemon64.com/music/ [ lemon64.com ] Recommended starting point : MUSICIANS/H/Huelsbeck Chris/R-TypeAlso ; MUSICIANS/H/Hubbard Rob</tokentext>
<sentencetext>Personally I prefer the oldSID:  http://www.lemon64.com/music/ [lemon64.com]Recommended starting point: MUSICIANS/H/Huelsbeck Chris/R-TypeAlso; MUSICIANS/H/Hubbard Rob</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972568</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972568</id>
	<title>fp</title>
	<author>Anonymous</author>
	<datestamp>1257261720000</datestamp>
	<modclass>Funny</modclass>
	<modscore>4</modscore>
	<htmltext>Maybe slashdot should get rid of the dupe sids, too.</htmltext>
<tokenext>Maybe slashdot should get rid of the dupe sids , too .</tokentext>
<sentencetext>Maybe slashdot should get rid of the dupe sids, too.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29976602</id>
	<title>Re:Well... it WAS a problem...</title>
	<author>Squeakstar</author>
	<datestamp>1256995980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>i was going to post the exact same experience with WSUS actually - though i never saw anything which would cause havoc i would see the entry on the WSUS server for those particular computers with same SID never ever appear except just the one which constantly changed it's name depending on who booted up last... those were the days before i got MCSA'd up<nobr> <wbr></nobr>:)</htmltext>
<tokenext>i was going to post the exact same experience with WSUS actually - though i never saw anything which would cause havoc i would see the entry on the WSUS server for those particular computers with same SID never ever appear except just the one which constantly changed it 's name depending on who booted up last... those were the days before i got MCSA 'd up : )</tokentext>
<sentencetext>i was going to post the exact same experience with WSUS actually - though i never saw anything which would cause havoc i would see the entry on the WSUS server for those particular computers with same SID never ever appear except just the one which constantly changed it's name depending on who booted up last... those were the days before i got MCSA'd up :)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972624</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29991678</id>
	<title>Absolutely STILL a Problem!</title>
	<author>milette</author>
	<datestamp>1257017940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I've built MANY MOSS (SharePoint) farms and the ONLY way to get them to run without generating errors in the logs is to build each machine individually and not from VMware templates or cloned images.

Interestingly enough, NewSID did NOT solve the problem, but to be sure, there IS SOMETHING that causes this -- and probably updating/extending NewSID would have been the way to go.</htmltext>
<tokenext>I 've built MANY MOSS ( SharePoint ) farms and the ONLY way to get them to run without generating errors in the logs is to build each machine individually and not from VMware templates or cloned images .
Interestingly enough , NewSID did NOT solve the problem , but to be sure , there IS SOMETHING that causes this -- and probably updating/extending NewSID would have been the way to go .</tokentext>
<sentencetext>I've built MANY MOSS (SharePoint) farms and the ONLY way to get them to run without generating errors in the logs is to build each machine individually and not from VMware templates or cloned images.
Interestingly enough, NewSID did NOT solve the problem, but to be sure, there IS SOMETHING that causes this -- and probably updating/extending NewSID would have been the way to go.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972994</id>
	<title>Good to finally have confirmation!</title>
	<author>KingRobot</author>
	<datestamp>1257265260000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I too, have known this for a while... I've been running three pairs of Domain Controllers that are exact clones of each other (apart from the network name), for the last 6-7 years. While I had read the occasional documentation that claimed it would cause problems, I never experienced any, nor could I found anything that would say what the problems might be or how they would be caused.

Good to know my intuition and testing held out to be true!</htmltext>
<tokenext>I too , have known this for a while... I 've been running three pairs of Domain Controllers that are exact clones of each other ( apart from the network name ) , for the last 6-7 years .
While I had read the occasional documentation that claimed it would cause problems , I never experienced any , nor could I found anything that would say what the problems might be or how they would be caused .
Good to know my intuition and testing held out to be true !</tokentext>
<sentencetext>I too, have known this for a while... I've been running three pairs of Domain Controllers that are exact clones of each other (apart from the network name), for the last 6-7 years.
While I had read the occasional documentation that claimed it would cause problems, I never experienced any, nor could I found anything that would say what the problems might be or how they would be caused.
Good to know my intuition and testing held out to be true!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972602</id>
	<title>Re:fp</title>
	<author>UnknownSoldier</author>
	<datestamp>1257261900000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Ha!</p><p>Mod up funny.  Although the dupes kind of are one of the running jokes around here.</p></htmltext>
<tokenext>Ha ! Mod up funny .
Although the dupes kind of are one of the running jokes around here .</tokentext>
<sentencetext>Ha!Mod up funny.
Although the dupes kind of are one of the running jokes around here.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972568</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973032</id>
	<title>Re:With an important caveat!</title>
	<author>alexschmidt</author>
	<datestamp>1257265560000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext>I run VMWare at a college and we typically have the students run a scenario of Primary and secondary DC's. Unless we used NewSID, we had problems. The weird part was, it was intermittent. Some students would create multiple copies of the same image and had no problems, others would have nothing but grief unless they used NewSID.</htmltext>
<tokenext>I run VMWare at a college and we typically have the students run a scenario of Primary and secondary DC 's .
Unless we used NewSID , we had problems .
The weird part was , it was intermittent .
Some students would create multiple copies of the same image and had no problems , others would have nothing but grief unless they used NewSID .</tokentext>
<sentencetext>I run VMWare at a college and we typically have the students run a scenario of Primary and secondary DC's.
Unless we used NewSID, we had problems.
The weird part was, it was intermittent.
Some students would create multiple copies of the same image and had no problems, others would have nothing but grief unless they used NewSID.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972694</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29984152</id>
	<title>Re:It is no myth</title>
	<author>Anonymous</author>
	<datestamp>1257022440000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I can confirm this, it happened to me. However, I know this only happens if you forget to remove the machine from the domain before cloning; you should never clone a machine already connected to the domain. Just remove the machine from the domain before cloning and you'll be fine, same SIDs and all. You can then add/remove each machine from the domain without affecting the others, as many times as you want, since each one will get a new domain ID when they join.</p><p>[zybex - can't login here]</p></htmltext>
<tokenext>I can confirm this , it happened to me .
However , I know this only happens if you forget to remove the machine from the domain before cloning ; you should never clone a machine already connected to the domain .
Just remove the machine from the domain before cloning and you 'll be fine , same SIDs and all .
You can then add/remove each machine from the domain without affecting the others , as many times as you want , since each one will get a new domain ID when they join .
[ zybex - ca n't login here ]</tokentext>
<sentencetext>I can confirm this, it happened to me.
However, I know this only happens if you forget to remove the machine from the domain before cloning; you should never clone a machine already connected to the domain.
Just remove the machine from the domain before cloning and you'll be fine, same SIDs and all.
You can then add/remove each machine from the domain without affecting the others, as many times as you want, since each one will get a new domain ID when they join.
[zybex - can't login here]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972806</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972684</id>
	<title>It's the usual story</title>
	<author>Anonymous</author>
	<datestamp>1257262440000</datestamp>
	<modclass>Funny</modclass>
	<modscore>5</modscore>
	<htmltext>A ggreat deal of Microsoft security is unfortunately just like the underwear of Brittany Spears.<br>If it's even there at all it's needlessly complex and frilly, looks good without actually covering much and is far too easy to get around or remove completely.<br>The excessive complexity for no good reason of the SID and the way UIDs are implemented on that array of platforms are a good example of this.</htmltext>
<tokenext>A ggreat deal of Microsoft security is unfortunately just like the underwear of Brittany Spears.If it 's even there at all it 's needlessly complex and frilly , looks good without actually covering much and is far too easy to get around or remove completely.The excessive complexity for no good reason of the SID and the way UIDs are implemented on that array of platforms are a good example of this .</tokentext>
<sentencetext>A ggreat deal of Microsoft security is unfortunately just like the underwear of Brittany Spears.If it's even there at all it's needlessly complex and frilly, looks good without actually covering much and is far too easy to get around or remove completely.The excessive complexity for no good reason of the SID and the way UIDs are implemented on that array of platforms are a good example of this.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29975758</id>
	<title>Obvious explanation</title>
	<author>Anonymous</author>
	<datestamp>1256987100000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>MSFT retired NewSID because they want you to buy licenses separately instead of cloning omg i am drunk</p></htmltext>
<tokenext>MSFT retired NewSID because they want you to buy licenses separately instead of cloning omg i am drunk</tokentext>
<sentencetext>MSFT retired NewSID because they want you to buy licenses separately instead of cloning omg i am drunk</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972796</id>
	<title>Not Convinced</title>
	<author>Anonymous</author>
	<datestamp>1257263520000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I have observed problems with duplicate SIDs on a small Windows domain (10-15 computers).<br>The set of workstations with the duplicate SIDs were constantly having issues printing to the shared printer.<br>The problems were intermittent, and the shared printer would work for a long time before the problem happened.<br>This never happened on any of the systems with unique SIDs.</p></htmltext>
<tokenext>I have observed problems with duplicate SIDs on a small Windows domain ( 10-15 computers ) .The set of workstations with the duplicate SIDs were constantly having issues printing to the shared printer.The problems were intermittent , and the shared printer would work for a long time before the problem happened.This never happened on any of the systems with unique SIDs .</tokentext>
<sentencetext>I have observed problems with duplicate SIDs on a small Windows domain (10-15 computers).The set of workstations with the duplicate SIDs were constantly having issues printing to the shared printer.The problems were intermittent, and the shared printer would work for a long time before the problem happened.This never happened on any of the systems with unique SIDs.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29974080</id>
	<title>So who's got a copy of the final release of NewSID</title>
	<author>argent</author>
	<datestamp>1257273180000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Given that it will undoubtedly be necessary to NewSID machines after all, who's got a copy of NewSID?</p><p>And, um, you know... this wouldn't be a way for Microsoft to discredit Ghosting?</p></htmltext>
<tokenext>Given that it will undoubtedly be necessary to NewSID machines after all , who 's got a copy of NewSID ? And , um , you know... this would n't be a way for Microsoft to discredit Ghosting ?</tokentext>
<sentencetext>Given that it will undoubtedly be necessary to NewSID machines after all, who's got a copy of NewSID?And, um, you know... this wouldn't be a way for Microsoft to discredit Ghosting?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29977210</id>
	<title>There is general agreement: NewSID is needed.</title>
	<author>Futurepower(R)</author>
	<datestamp>1257000360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Mark Russinovich seems very knowledgeable to me, but I think he has made a mistake. There is general agreement that NewSID is necessary.

<br> <br>For example, we clone hard drives and leave the cloned drive in the system as a backup. For that, my understanding it that it is necessary to change the SID. Since those computers are cash registers, they are not attached to a domain. If they were attached to a domain, and the domain controller failed, the user might not be able to ring a sale. We could use Sysprep, but in this particular case, NewSID is more efficient. Or, is there some problem of which we are not aware? What other machine identifiers does Sysprep change, besides the SID? The lack of clear, concise documentation of Windows raises the cost of ownership.

<br> <br>Here is <a href="http://support.microsoft.com/default.aspx?scid=kb;EN-US;314828" title="microsoft.com">official Microsoft policy as of 2009-11-04, 05:36 PDT:</a> [microsoft.com] <i>"Because the SID identifies both the computer or domain and the user, unique SIDs are essential to maintain support for current and future programs."</i>

<br> <br>The <a href="http://www.microsoft.com/downloadS/details.aspx?familyid=673A1019-8E3E-4BE0-AC31-70DD21B5AFA7&amp;displaylang=en" title="microsoft.com">Windows XP Service Pack 3 Deployment Tools</a> [microsoft.com] still mention changing the SID using Sysprep. Note that the help file for those tools still references XP service pack 2. That's typical Microsoft uncaring sloppiness, in my experience. The Sysprep Command-Line Options help file, in deploy.chm, still says that there are cases where changing the SID is necessary.

<br> <br>There may be many programs not supplied by Microsoft that depend on differing SIDs. This is not a decision that Microsoft should make unilaterally.

<br> <br>Do older Microsoft Windows operating systems require a unique SID in ways that Mark Russinovich is not considering?

<br> <br>Quote from the article by Mark Russinovich: <i>"I took my conclusion to the Windows security and deployment teams and no one could come up with a scenario where two systems with the same machine SID, whether in a Workgroup or a Domain, would cause an issue. At that point the decision to retire NewSID became obvious."</i>

<br> <br>Translation of that quote: "We didn't do any testing."

<br> <br>I think that at least some disk imaging and backup software, such as Acronis, changes the SID after a clone.

<br> <br>Some web sites are still offering NewSID 4.10 for download. For example, <a href="http://www.linglom.com/2007/12/14/sid-issue-of-duplicated-windows-virtual-disk/" title="linglom.com">NewSID 4.10.</a> [linglom.com] But, is that a good copy? What is the MD5 or SHA1 or SHA256 of the latest version of NewSID.EXE?

<br> <br>Is it legal to download something that Microsoft supplied in the past? In the U.S., there is a law of Fitness for Merchantability. Does that law protect Microsoft's users, since in some cases we can't use what we bought without NewSID, or some other SID-changing utility?

<br> <br>What is the real reason NewSID was removed from availability for download? To me, Mark Russinovich has always seemed completely honest, and far more knowledgeable than any other programmer I know of at Microsoft. On the other hand, Microsoft managers have sometimes seemed to me to have chosen to do something that they think will be more profitable for Microsoft, but very much against the best interests of customers.

<br> <br>Note that the "markrussinovich" who posted comments in the  Microsoft TechNet story does not have a TechNet biography.

<br> <br>Some people have had trouble with SID-changing utilities. Some of those troubles were caused by not letting the SID-changer finish scanning an entire partition or hard drive.

<br> <br>This is a BIG issue for us. Our experience is that Microsoft Windows has an extremely high cost of ownership, due partly to the sloppiness of the design. Mark Russinovich's SysInternals tools for Microsoft Windows have been very helpful for us in lowering that cost a little. Those tools should always have been supplied by Microsoft, in my opinion, and now that SysInternals is owned by Microsoft, they are.</div>
	</htmltext>
<tokenext>Mark Russinovich seems very knowledgeable to me , but I think he has made a mistake .
There is general agreement that NewSID is necessary .
For example , we clone hard drives and leave the cloned drive in the system as a backup .
For that , my understanding it that it is necessary to change the SID .
Since those computers are cash registers , they are not attached to a domain .
If they were attached to a domain , and the domain controller failed , the user might not be able to ring a sale .
We could use Sysprep , but in this particular case , NewSID is more efficient .
Or , is there some problem of which we are not aware ?
What other machine identifiers does Sysprep change , besides the SID ?
The lack of clear , concise documentation of Windows raises the cost of ownership .
Here is official Microsoft policy as of 2009-11-04 , 05 : 36 PDT : [ microsoft.com ] " Because the SID identifies both the computer or domain and the user , unique SIDs are essential to maintain support for current and future programs .
" The Windows XP Service Pack 3 Deployment Tools [ microsoft.com ] still mention changing the SID using Sysprep .
Note that the help file for those tools still references XP service pack 2 .
That 's typical Microsoft uncaring sloppiness , in my experience .
The Sysprep Command-Line Options help file , in deploy.chm , still says that there are cases where changing the SID is necessary .
There may be many programs not supplied by Microsoft that depend on differing SIDs .
This is not a decision that Microsoft should make unilaterally .
Do older Microsoft Windows operating systems require a unique SID in ways that Mark Russinovich is not considering ?
Quote from the article by Mark Russinovich : " I took my conclusion to the Windows security and deployment teams and no one could come up with a scenario where two systems with the same machine SID , whether in a Workgroup or a Domain , would cause an issue .
At that point the decision to retire NewSID became obvious .
" Translation of that quote : " We did n't do any testing .
" I think that at least some disk imaging and backup software , such as Acronis , changes the SID after a clone .
Some web sites are still offering NewSID 4.10 for download .
For example , NewSID 4.10 .
[ linglom.com ] But , is that a good copy ?
What is the MD5 or SHA1 or SHA256 of the latest version of NewSID.EXE ?
Is it legal to download something that Microsoft supplied in the past ?
In the U.S. , there is a law of Fitness for Merchantability .
Does that law protect Microsoft 's users , since in some cases we ca n't use what we bought without NewSID , or some other SID-changing utility ?
What is the real reason NewSID was removed from availability for download ?
To me , Mark Russinovich has always seemed completely honest , and far more knowledgeable than any other programmer I know of at Microsoft .
On the other hand , Microsoft managers have sometimes seemed to me to have chosen to do something that they think will be more profitable for Microsoft , but very much against the best interests of customers .
Note that the " markrussinovich " who posted comments in the Microsoft TechNet story does not have a TechNet biography .
Some people have had trouble with SID-changing utilities .
Some of those troubles were caused by not letting the SID-changer finish scanning an entire partition or hard drive .
This is a BIG issue for us .
Our experience is that Microsoft Windows has an extremely high cost of ownership , due partly to the sloppiness of the design .
Mark Russinovich 's SysInternals tools for Microsoft Windows have been very helpful for us in lowering that cost a little .
Those tools should always have been supplied by Microsoft , in my opinion , and now that SysInternals is owned by Microsoft , they are .</tokentext>
<sentencetext>Mark Russinovich seems very knowledgeable to me, but I think he has made a mistake.
There is general agreement that NewSID is necessary.
For example, we clone hard drives and leave the cloned drive in the system as a backup.
For that, my understanding it that it is necessary to change the SID.
Since those computers are cash registers, they are not attached to a domain.
If they were attached to a domain, and the domain controller failed, the user might not be able to ring a sale.
We could use Sysprep, but in this particular case, NewSID is more efficient.
Or, is there some problem of which we are not aware?
What other machine identifiers does Sysprep change, besides the SID?
The lack of clear, concise documentation of Windows raises the cost of ownership.
Here is official Microsoft policy as of 2009-11-04, 05:36 PDT: [microsoft.com] "Because the SID identifies both the computer or domain and the user, unique SIDs are essential to maintain support for current and future programs.
"

 The Windows XP Service Pack 3 Deployment Tools [microsoft.com] still mention changing the SID using Sysprep.
Note that the help file for those tools still references XP service pack 2.
That's typical Microsoft uncaring sloppiness, in my experience.
The Sysprep Command-Line Options help file, in deploy.chm, still says that there are cases where changing the SID is necessary.
There may be many programs not supplied by Microsoft that depend on differing SIDs.
This is not a decision that Microsoft should make unilaterally.
Do older Microsoft Windows operating systems require a unique SID in ways that Mark Russinovich is not considering?
Quote from the article by Mark Russinovich: "I took my conclusion to the Windows security and deployment teams and no one could come up with a scenario where two systems with the same machine SID, whether in a Workgroup or a Domain, would cause an issue.
At that point the decision to retire NewSID became obvious.
"

 Translation of that quote: "We didn't do any testing.
"

 I think that at least some disk imaging and backup software, such as Acronis, changes the SID after a clone.
Some web sites are still offering NewSID 4.10 for download.
For example, NewSID 4.10.
[linglom.com] But, is that a good copy?
What is the MD5 or SHA1 or SHA256 of the latest version of NewSID.EXE?
Is it legal to download something that Microsoft supplied in the past?
In the U.S., there is a law of Fitness for Merchantability.
Does that law protect Microsoft's users, since in some cases we can't use what we bought without NewSID, or some other SID-changing utility?
What is the real reason NewSID was removed from availability for download?
To me, Mark Russinovich has always seemed completely honest, and far more knowledgeable than any other programmer I know of at Microsoft.
On the other hand, Microsoft managers have sometimes seemed to me to have chosen to do something that they think will be more profitable for Microsoft, but very much against the best interests of customers.
Note that the "markrussinovich" who posted comments in the  Microsoft TechNet story does not have a TechNet biography.
Some people have had trouble with SID-changing utilities.
Some of those troubles were caused by not letting the SID-changer finish scanning an entire partition or hard drive.
This is a BIG issue for us.
Our experience is that Microsoft Windows has an extremely high cost of ownership, due partly to the sloppiness of the design.
Mark Russinovich's SysInternals tools for Microsoft Windows have been very helpful for us in lowering that cost a little.
Those tools should always have been supplied by Microsoft, in my opinion, and now that SysInternals is owned by Microsoft, they are.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972834</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972650</id>
	<title>42</title>
	<author>Anonymous</author>
	<datestamp>1257262260000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>So if SIDs are mostly irrelevant, why bother with them at all? Why not just always have them the same number (e.g., 42)?</p></htmltext>
<tokenext>So if SIDs are mostly irrelevant , why bother with them at all ?
Why not just always have them the same number ( e.g. , 42 ) ?</tokentext>
<sentencetext>So if SIDs are mostly irrelevant, why bother with them at all?
Why not just always have them the same number (e.g., 42)?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.30102496</id>
	<title>Re:There is general agreement: NewSID is needed.</title>
	<author>Anonymous</author>
	<datestamp>1258206360000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>Mark Russinovich seems very knowledgeable to me, but I think he has made a mistake. There is general agreement that NewSID is necessary.</p></div><p>Not from anyone who actually understands what he's written.</p><p>There's two problems at play here. The first is that people aren't reading the article fully. It clearly says in the title that he is referring to the Machine SID.</p><p>There are multiple types of SID. The three principles varieties you commonly see are:</p><p>1) Machine SID (The ONLY one that Mark's tool updated).<br>2) Domain SID (Only created when joined to a domain).<br>3) User/Group SID</p><p>#1 is allocated when machine is built/installation occurs.<br>#2 is allocated when machine joins domain.<br>#3 is allocated when an account is created (and shares elements with either 1/2 depending on whether it's a local or domain account).</p><p>For a domain controller that was used to initialize the domain, #2 is the same as #1.</p><p>Marks tool only regenerates #1 and ammends local-only SIDs, which are never used anywhere harmful. It does not change the Domain SID nor any domain user SID's used on ACLs.</p><p>For this reason it is redundant, and can be fairly safely ignored.</p><p>Issues will always occur in other items that store unique per-machine state, if that state was on the machine BEFORE the cloning. NewSID would not protect from that scenario anyway. A good example of a well known application that has problems in this way is WSUS (Windows Update Services) - It stores a unique per-machine ID in a registry key, and if you clone when that key is in place every machine constantly tells WSUS "Hey, I've changed my name to ". and WSUS thinks it only has one client.</p><p>NewSID *appears* to have an affect in that people who use it are doing so, generally, as part of a more robust imaging strategy. If people followed the stringent imaging checks and steps, irrespective of the use of NewSID, all would still be just as well as before..</p><p>-Steve Gray</p></div>
	</htmltext>
<tokenext>Mark Russinovich seems very knowledgeable to me , but I think he has made a mistake .
There is general agreement that NewSID is necessary.Not from anyone who actually understands what he 's written.There 's two problems at play here .
The first is that people are n't reading the article fully .
It clearly says in the title that he is referring to the Machine SID.There are multiple types of SID .
The three principles varieties you commonly see are : 1 ) Machine SID ( The ONLY one that Mark 's tool updated ) .2 ) Domain SID ( Only created when joined to a domain ) .3 ) User/Group SID # 1 is allocated when machine is built/installation occurs. # 2 is allocated when machine joins domain. # 3 is allocated when an account is created ( and shares elements with either 1/2 depending on whether it 's a local or domain account ) .For a domain controller that was used to initialize the domain , # 2 is the same as # 1.Marks tool only regenerates # 1 and ammends local-only SIDs , which are never used anywhere harmful .
It does not change the Domain SID nor any domain user SID 's used on ACLs.For this reason it is redundant , and can be fairly safely ignored.Issues will always occur in other items that store unique per-machine state , if that state was on the machine BEFORE the cloning .
NewSID would not protect from that scenario anyway .
A good example of a well known application that has problems in this way is WSUS ( Windows Update Services ) - It stores a unique per-machine ID in a registry key , and if you clone when that key is in place every machine constantly tells WSUS " Hey , I 've changed my name to " .
and WSUS thinks it only has one client.NewSID * appears * to have an affect in that people who use it are doing so , generally , as part of a more robust imaging strategy .
If people followed the stringent imaging checks and steps , irrespective of the use of NewSID , all would still be just as well as before..-Steve Gray</tokentext>
<sentencetext>Mark Russinovich seems very knowledgeable to me, but I think he has made a mistake.
There is general agreement that NewSID is necessary.Not from anyone who actually understands what he's written.There's two problems at play here.
The first is that people aren't reading the article fully.
It clearly says in the title that he is referring to the Machine SID.There are multiple types of SID.
The three principles varieties you commonly see are:1) Machine SID (The ONLY one that Mark's tool updated).2) Domain SID (Only created when joined to a domain).3) User/Group SID#1 is allocated when machine is built/installation occurs.#2 is allocated when machine joins domain.#3 is allocated when an account is created (and shares elements with either 1/2 depending on whether it's a local or domain account).For a domain controller that was used to initialize the domain, #2 is the same as #1.Marks tool only regenerates #1 and ammends local-only SIDs, which are never used anywhere harmful.
It does not change the Domain SID nor any domain user SID's used on ACLs.For this reason it is redundant, and can be fairly safely ignored.Issues will always occur in other items that store unique per-machine state, if that state was on the machine BEFORE the cloning.
NewSID would not protect from that scenario anyway.
A good example of a well known application that has problems in this way is WSUS (Windows Update Services) - It stores a unique per-machine ID in a registry key, and if you clone when that key is in place every machine constantly tells WSUS "Hey, I've changed my name to ".
and WSUS thinks it only has one client.NewSID *appears* to have an affect in that people who use it are doing so, generally, as part of a more robust imaging strategy.
If people followed the stringent imaging checks and steps, irrespective of the use of NewSID, all would still be just as well as before..-Steve Gray
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29977210</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29977908</id>
	<title>Re:It is no myth</title>
	<author>Anonymous</author>
	<datestamp>1257003480000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Actually, With Win 2k3 R2, this is incorrect.  You can happily have as many machines with the same SID and it will not affect the AD memberships.  This however is NOT the case with pre-R2.  I know this because I had to deal with this exact scenario a few months ago.  Won't work on pre-R2, will work post R2.  Something changed there that stopped the problems with the same SID.</p></htmltext>
<tokenext>Actually , With Win 2k3 R2 , this is incorrect .
You can happily have as many machines with the same SID and it will not affect the AD memberships .
This however is NOT the case with pre-R2 .
I know this because I had to deal with this exact scenario a few months ago .
Wo n't work on pre-R2 , will work post R2 .
Something changed there that stopped the problems with the same SID .</tokentext>
<sentencetext>Actually, With Win 2k3 R2, this is incorrect.
You can happily have as many machines with the same SID and it will not affect the AD memberships.
This however is NOT the case with pre-R2.
I know this because I had to deal with this exact scenario a few months ago.
Won't work on pre-R2, will work post R2.
Something changed there that stopped the problems with the same SID.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972806</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29975392</id>
	<title>May this harm SAMBA</title>
	<author>Anonymous</author>
	<datestamp>1256983380000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Does any version of SAMBA (either out there or in progress) presume that all SIDs are unique ?</p><p>I notice that MS only says that none of *their* software does ?</p></htmltext>
<tokenext>Does any version of SAMBA ( either out there or in progress ) presume that all SIDs are unique ? I notice that MS only says that none of * their * software does ?</tokentext>
<sentencetext>Does any version of SAMBA (either out there or in progress) presume that all SIDs are unique ?I notice that MS only says that none of *their* software does ?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972844</id>
	<title>I've had problems</title>
	<author>Deathlizard</author>
	<datestamp>1257263940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I ran into problems in the past.</p><p>When windows 2000 was first released, at my old job we did a complete deployment of Win200 on an NT4 server domain not knowing anything about sysprep or SID's. Every once in awhile we noticed that machines would randomly freeze for no reason. Looking on the net we found other people running into the same issue and found that resetting the SID's would fix the issue. After running sysprep on all of the PC's in the labs, the freezing stopped completely. We then just used sysprep at image completion time to deploy and never had a problem since.</p><p>At some point, SID's may have been used for legacy domains. There is a chance that Active Directory Domain's removed SID importance and that's why it doesn't matter anymore.</p></htmltext>
<tokenext>I ran into problems in the past.When windows 2000 was first released , at my old job we did a complete deployment of Win200 on an NT4 server domain not knowing anything about sysprep or SID 's .
Every once in awhile we noticed that machines would randomly freeze for no reason .
Looking on the net we found other people running into the same issue and found that resetting the SID 's would fix the issue .
After running sysprep on all of the PC 's in the labs , the freezing stopped completely .
We then just used sysprep at image completion time to deploy and never had a problem since.At some point , SID 's may have been used for legacy domains .
There is a chance that Active Directory Domain 's removed SID importance and that 's why it does n't matter anymore .</tokentext>
<sentencetext>I ran into problems in the past.When windows 2000 was first released, at my old job we did a complete deployment of Win200 on an NT4 server domain not knowing anything about sysprep or SID's.
Every once in awhile we noticed that machines would randomly freeze for no reason.
Looking on the net we found other people running into the same issue and found that resetting the SID's would fix the issue.
After running sysprep on all of the PC's in the labs, the freezing stopped completely.
We then just used sysprep at image completion time to deploy and never had a problem since.At some point, SID's may have been used for legacy domains.
There is a chance that Active Directory Domain's removed SID importance and that's why it doesn't matter anymore.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973774</id>
	<title>Re:Hmm... Pretty sure I ran into an issue somewher</title>
	<author>Anpheus</author>
	<datestamp>1257271380000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext><p>You should sysprep the machines to reset their state before joining the machines. Basically, you should create a stock VM that is your disk image right after a "sysprep" and then NEVER EVER do anything with that. Clone it, complete the setup process, and join that cloned machine to the domain.</p><p>So in your case, you should have installed each VM from the ISO/CD and joined the domain, or used a first sysprepped disk image, cloned that twice, and used the two clones to join the domain.</p><p>The reason is that sysprep does the necessary work to separate two machine's identities in a more significant way than just the SID.</p><p>Microsoft's policy is you should never clone a disk image in a domain environment without first running sysprep. NewSID was just a way of doing "sysprep lite."</p></htmltext>
<tokenext>You should sysprep the machines to reset their state before joining the machines .
Basically , you should create a stock VM that is your disk image right after a " sysprep " and then NEVER EVER do anything with that .
Clone it , complete the setup process , and join that cloned machine to the domain.So in your case , you should have installed each VM from the ISO/CD and joined the domain , or used a first sysprepped disk image , cloned that twice , and used the two clones to join the domain.The reason is that sysprep does the necessary work to separate two machine 's identities in a more significant way than just the SID.Microsoft 's policy is you should never clone a disk image in a domain environment without first running sysprep .
NewSID was just a way of doing " sysprep lite .
"</tokentext>
<sentencetext>You should sysprep the machines to reset their state before joining the machines.
Basically, you should create a stock VM that is your disk image right after a "sysprep" and then NEVER EVER do anything with that.
Clone it, complete the setup process, and join that cloned machine to the domain.So in your case, you should have installed each VM from the ISO/CD and joined the domain, or used a first sysprepped disk image, cloned that twice, and used the two clones to join the domain.The reason is that sysprep does the necessary work to separate two machine's identities in a more significant way than just the SID.Microsoft's policy is you should never clone a disk image in a domain environment without first running sysprep.
NewSID was just a way of doing "sysprep lite.
"</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972690</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29975122</id>
	<title>Re:Duplicate UIDs</title>
	<author>BitZtream</author>
	<datestamp>1256980920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Just for reference, all my NT servers are happy to speak NFS, Windows Services for Unix or whatever the new name for it is after Win2k3.</p></htmltext>
<tokenext>Just for reference , all my NT servers are happy to speak NFS , Windows Services for Unix or whatever the new name for it is after Win2k3 .</tokentext>
<sentencetext>Just for reference, all my NT servers are happy to speak NFS, Windows Services for Unix or whatever the new name for it is after Win2k3.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972676</parent>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_34</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29978726
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29977210
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972834
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972610
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29977908
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972806
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973962
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972806
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_40</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29976628
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972690
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_39</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972620
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972568
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_33</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29981044
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29977210
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972834
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972610
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_29</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29982398
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972684
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_32</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29976460
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973350
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972684
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29974398
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972624
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972602
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972568
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29977240
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972568
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_47</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.30102496
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29977210
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972834
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972610
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29982966
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972806
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29994088
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972568
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_31</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29976326
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972684
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29976378
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972684
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29974630
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972640
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29979114
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972568
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_44</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29977780
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972684
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29983924
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972690
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_37</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973852
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972624
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29981352
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972690
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_36</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973032
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972694
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29975122
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972676
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_38</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29975928
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972676
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972788
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972624
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29981156
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973124
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_42</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973990
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972834
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972610
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29975466
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972694
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_35</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972900
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972568
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972800
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972624
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_27</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973774
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972690
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_30</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29977540
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973654
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_48</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973598
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972610
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29985016
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972676
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_45</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29980742
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29977210
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972834
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972610
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_28</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29991358
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972568
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29986592
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973280
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972624
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29978026
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972684
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29983100
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972834
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972610
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29976602
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972624
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29975408
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973286
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972684
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_46</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972768
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972624
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29974000
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972624
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_41</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29985770
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29974080
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_43</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29977194
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972624
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29984152
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972806
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973256
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973124
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_04_0040203_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972952
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972694
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_04_0040203.13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29975166
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_04_0040203.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972850
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_04_0040203.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972690
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29976628
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29981352
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29983924
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973774
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_04_0040203.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973654
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29977540
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_04_0040203.20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973558
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_04_0040203.14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972568
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972620
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29991358
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29994088
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29977240
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972900
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972602
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29979114
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_04_0040203.21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972676
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29975122
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29985016
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29975928
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_04_0040203.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972624
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29974000
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972800
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972788
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973280
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29986592
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29977194
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29974398
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972768
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973852
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29976602
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_04_0040203.12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972684
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973350
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29976460
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29982398
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29976326
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973286
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29975408
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29976378
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29978026
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29977780
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_04_0040203.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972694
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973032
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29975466
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972952
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_04_0040203.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972806
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973962
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29982966
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29977908
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29984152
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_04_0040203.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973090
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_04_0040203.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29974080
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29985770
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_04_0040203.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972610
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972834
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29983100
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973990
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29977210
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29980742
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29981044
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29978726
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.30102496
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973598
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_04_0040203.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972666
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_04_0040203.19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972640
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29974630
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_04_0040203.17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973358
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_04_0040203.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972628
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_04_0040203.11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972844
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_04_0040203.18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29975938
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_04_0040203.16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29972898
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_04_0040203.15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973124
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29981156
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_04_0040203.29973256
</commentlist>
</conversation>
