The Machine SID Duplication Myth
You can use the Sysinternals PsGetSid tool to view a machine’s SID by running it with no command-line arguments:
Here, the revision number is 1, the authority is 5, and there are four subauthority values. At one point during the design of Windows NT, the machine SID might have been used for network identification, so in order to assure uniqueness, the SID that Setup generates has one fixed subauthority value (21) and three randomly-generated subauthority values (the numbers following “S-1-5-21” in the output).
Even before you create the first user account on a system, Windows defines several built-in users and groups, including the Administrator and Guest accounts. Instead of generating new random SIDs for these accounts, Windows ensures their uniqueness by simply appending a per-account unique number, called a Relative Identifier (RID), to the machine SID. The RIDs for these initial accounts are predefined, so the Administrator user always has a RID of 500:
After installation, Windows assigns new local user and group accounts with RIDs starting at 1000. You can use PsGetSid to view the name of the account for a specified SID, and here you can see that the local SID that has a RID of 1000 is for the Abby account, the name of the administrator account Windows prompted me to name during setup:
In addition to these dynamically created SIDs, Windows defines a number of accounts that always have predefined SIDs, not just RIDs. One example is the Everyone group, which has the SID S-1-1-0 on every Windows system:
Another example, is the Local System account (System), which is the account in which several system processes like Session Manager (Smss.exe), the Service Control Manager (Services.exe) and Winlogon (Winlogon.exe) run:
...
...
===========================
The New Best Practice
It’s a little surprising that the SID duplication issue has gone unquestioned for so long, but everyone has assumed that someone else knew exactly why it was a problem. To my chagrin, NewSID has never really done anything useful and there’s no reason to miss it now that it’s retired. Note that Sysprep resets other machine-specific state that, if duplicated, can cause problems for certain applications like Windows Server Update Services (WSUS), so Microsoft’s support policy will still require cloned systems to be made unique with Sysprep
We knew it was bound to happen. M$ has started to "mess" with the original Systernals files. The following was posted in Exetools today by MarkusO:
http://www.exetools.com/forum/showthread.php?t=10401
"Today I checked if there where any updates for one or several of my Sysinternals tools. To my suprise, all Sysinternals tools have been rebuilt on November 1st, 2006.
I compared what was changed. It seems like most code is just a recompile with different compiler settings. Microsoft has also placed a giantic new EULA in each and every executable. (all *.EXE have about the 2x - 4x the size they had before)
When Microsoft took over Sysinternals, they just packed the old executables together with new licenses. Now it seems they are messing around.
If you still want to get the latest "Sysinternals" version of your beloved tools, you should do it quickly, since nobody knows how long the old links will be working."
MarkusO then pointed out that:
"Just go to the new Sysinternals homepage, grab a link (like http://download.sysinternals.com/Files/.zip) and replace "download" with "www". This way you can still get the old (working... ) versions of the tools."
To make this process somewhat easier for those of you who might not have the patience to complie a list of the available files, here is one I put together from what others posted there and my additions to the list, comparing it to my own download of the Systernals site in August before they went M$ing.
If you put this list in your favorite download manager, you can grab the files while they still remain available.
http://www.exetools.com/forum/showthread.php?t=10401
"Today I checked if there where any updates for one or several of my Sysinternals tools. To my suprise, all Sysinternals tools have been rebuilt on November 1st, 2006.
I compared what was changed. It seems like most code is just a recompile with different compiler settings. Microsoft has also placed a giantic new EULA in each and every executable. (all *.EXE have about the 2x - 4x the size they had before)
When Microsoft took over Sysinternals, they just packed the old executables together with new licenses. Now it seems they are messing around.
If you still want to get the latest "Sysinternals" version of your beloved tools, you should do it quickly, since nobody knows how long the old links will be working."
MarkusO then pointed out that:
"Just go to the new Sysinternals homepage, grab a link (like http://download.sysinternals.com/Files/
To make this process somewhat easier for those of you who might not have the patience to complie a list of the available files, here is one I put together from what others posted there and my additions to the list, comparing it to my own download of the Systernals site in August before they went M$ing.
If you put this list in your favorite download manager, you can grab the files while they still remain available.Code:
AccesChk v2.0.zip http://www.sysinternals.com/Files/accesschk.zip AccessEnum v1.32 (SRC).zip http://www.sysinternals.com/Files/AccessEnumSource.zip AccessEnum v1.32.zip http://www.sysinternals.com/Files/AccessEnum.zip Accvio.zip - http://www.sysinternals.com/Files/Accvio.zip AdRestore v1.1 (SRC).zip http://www.sysinternals.com/Files/AdRestoreSource.zip AdRestore v1.1.zip http://www.sysinternals.com/Files/AdRestore.zip Autologon v2.1 (SRC).zip http://www.sysinternals.com/Files/AutologonSource.zip Autologon v2.1.zip http://www.sysinternals.com/Files/Autologon.zip Autoruns v8.53.zip http://www.sysinternals.com/Files/Autoruns.zip BgInfo v4.07.zip http://www.sysinternals.com/Files/BgInfo.zip BlueScreen Screen Saver v3.2.zip http://www.sysinternals.com/Files/BlueScreen.zip CacheSet v1.0 (SRC).zip http://www.sysinternals.com/Files/CacheSetSource.zip CacheSet v1.0.zip http://www.sysinternals.com/Files/CacheSet.zip ClockRes v1.0.zip http://www.sysinternals.com/Files/ClockRes.zip Contig v1.53.zip http://www.sysinternals.com/Files/Contig.zip CPUMon v2.0.zip http://www.sysinternals.com/Files/CpuMon.zip Ctrl2Cap v3.0 (SRC).zip http://www.sysinternals.com/Files/Ctrl2CapSource.zip Ctrl2Cap v3.0.zip http://www.sysinternals.com/Files/Ctrl2Cap.zip DebugView v4.62.zip http://www.sysinternals.com/Files/DebugViewNt.zip DebugView9x http://www.sysinternals.com/Files/DebugView9x.zip DebugViewNt http://www.sysinternals.com/Files/DebugViewNT.zip Defrag.zip http://www.sysinternals.com/Files/Defrag.zip Diskkey.zip http://www.sysinternals.com/Files/Diskkey.zip DiskExt v1.0 (with SRC).zip http://www.sysinternals.com/Files/DiskExt.zip Diskmon v2.01 for Win2KXP.zip http://www.sysinternals.com/Files/DiskMon.zip Diskmon v2.01 for WinNT.zip http://www.sysinternals.com/Files/DiskMonNt.zip DiskView v2.21.zip http://www.sysinternals.com/Files/DiskView.zip Du v1.3.zip http://www.sysinternals.com/Files/Du.zip EFSDump v1.02.zip http://www.sysinternals.com/Files/EfsDump.zip FAT32 for Windows NT 4.0 v1.06.zip http://www.sysinternals.com/Files/Fat32.exe Filemon v7.03 for Win32.zip http://www.sysinternals.com/Files/FilemonNt.zip Filemon v7.03 for Win64.zip http://www.sysinternals.com/Files/Filemonamd64.zip FilemonAmd64 http://www.sysinternals.com/Files/Filemonamd64.zip Fmifs.zip http://www.sysinternals.com/Files/fmifs.zip Frob v1.6a.zip http://www.sysinternals.com/Files/Frob.zip Fundelete v2.02 (SRC).zip http://www.sysinternals.com/Files/FundeleteSource.zip Fundelete v2.02.exe http://www.sysinternals.com/Files/Fundelete.exe gpdisable.zip - http://www.sysinternals.com/Files/gpdisable.zip Handle v3.2.zip http://www.sysinternals.com/Files/Handle.zip Hex2dec v1.0.zip http://www.sysinternals.com/Files/Hex2dec.zip Hostname v1.0.zip http://www.sysinternals.com/Files/Hostname.zip Junction v1.04 (SRC).zip http://www.sysinternals.com/Files/JunctionSource.zip Junction v1.04.zip http://www.sysinternals.com/Files/Junction.zip LDMDump v1.02.zip http://www.sysinternals.com/Files/LdmDump.zip ListDLLs v2.25.zip http://www.sysinternals.com/Files/ListDlls.zip LiveKd v3.0.zip http://www.sysinternals.com/Files/LiveKd.zip LoadOrder v1.0.zip http://www.sysinternals.com/Files/LoadOrder.zip LogonSessions v1.1.zip http://www.sysinternals.com/Files/LogonSessions.zip Native.zip http://www.sysinternals.com/Files/Native.zip Netstatp (SRC).zip http://www.sysinternals.com/Files/NetstatpSource.zip NewSID v4.10.zip http://www.sysinternals.com/Files/NewSid.zip newsidsource.zip - http://www.sysinternals.com/Files/newsidsource.zip notmyfault.zip - http://www.sysinternals.com/Files/notmyfault.zip NTFS for Windows 98 v2.0 (Read-Only).exe http://www.sysinternals.com/Files/NtfsWindows98.exe NTFSCHK v1.0.exe http://www.sysinternals.com/Files/NtfsChk.exe NTFSDOS Professional v4.01 (Read-Only).zip http://www.sysinternals.com/Files/NtfsDosProfessional.exe NTFSDOS v3.02R+.zip http://www.sysinternals.com/Files/NtfsDos.zip NTFSFlp v1.0.zip http://www.sysinternals.com/Files/NtfsFlp.zip NTFSInfo v1.0 (SRC).zip http://www.sysinternals.com/Files/NtfsInfoSource.zip NTFSInfo v1.0.zip http://www.sysinternals.com/Files/NtfsInfo.zip NTRecover v1.0 (Read-Only).exe http://www.sysinternals.com/Files/NtRecover.exe PageDefrag v2.32.zip http://www.sysinternals.com/Files/PageDefrag.zip PendMoves and MoveFile v1.1.zip http://www.sysinternals.com/Files/PendMoves.zip physmem.zip http://www.sysinternals.com/Files/physmem.zip pipelist.zip http://www.sysinternals.com/Files/pipelist.zip PMon v1.0.zip http://www.sysinternals.com/Files/PMon.zip Portmon v3.02.zip http://www.sysinternals.com/Files/PortMonNt.zip Process Explorer v10.2 for Win32.zip http://www.sysinternals.com/Files/ProcessExplorerNt.zip ProcFeatures v1.1 (with SRC).zip http://www.sysinternals.com/Files/procfeatures.zip PsExec v1.72.zip http://www.sysinternals.com/Files/PsExec.zip PsFile v1.01.zip http://www.sysinternals.com/Files/PsFile.zip PsGetSid v1.42.zip http://www.sysinternals.com/Files/PsGetSid.zip PsInfo v1.73.zip http://www.sysinternals.com/Files/PsInfo.zip PsKill v1.11.zip http://www.sysinternals.com/Files/PsKill.zip PsList v1.27.zip http://www.sysinternals.com/Files/PsList.zip PsLoggedOn v1.32 (SRC).zip http://www.sysinternals.com/Files/PsLoggedOnSource.zip PsLoggedOn v1.32.zip http://www.sysinternals.com/Files/PsLoggedOn.zip PsLogList v2.63.zip http://www.sysinternals.com/Files/PsLogList.zip PsPasswd v1.21.zip http://www.sysinternals.com/Files/PsPasswd.zip PsService v2.2.zip http://www.sysinternals.com/Files/PsService.zip PsShutdown v2.51.zip http://www.sysinternals.com/Files/PsShutdown.zip PsSuspend v1.05.zip http://www.sysinternals.com/Files/PsSuspend.zip PsTools v2.34.zip http://www.sysinternals.com/Files/PsTools.zip RegDelNull v1.1.zip http://www.sysinternals.com/Files/Regdellnull.zip Reghide.zip http://www.sysinternals.com/Files/reghide.zip Regjump v1.01.zip http://www.sysinternals.com/Files/Regjump.zip Regmon v7.03.zip http://www.sysinternals.com/Files/RegmonNt.zip Remote Recover v2.0 (Read-Only).exe http://www.sysinternals.com/Files/RemoteRecover.exe RootkitRevealer v1.7.zip http://www.sysinternals.com/Files/RootkitRevealer.zip SDelete v1.51 (SRC).zip http://www.sysinternals.com/Files/SDeleteSource.zip SDelete v1.51.zip http://www.sysinternals.com/Files/SDelete.zip Secdemosource.zip http://www.sysinternals.com/Files/secdemosource.zip Secdemo.zip http://www.sysinternals.com/Files/secdemo.zip ShareEnum v1.6 (SRC).zip http://www.sysinternals.com/Files/ShareEnumSource.zip ShareEnum v1.6.zip http://www.sysinternals.com/Files/ShareEnum.zip Sigcheck v1.3.zip http://www.sysinternals.com/Files/Sigcheck.zip Streams v1.53.zip http://www.sysinternals.com/Files/Streams.zip Strings v2.3.zip http://www.sysinternals.com/Files/Strings.zip Sync v2.2.zip http://www.sysinternals.com/Files/Sync.zip TCPView v2.4.zip http://www.sysinternals.com/Files/TcpView.zip TDIMon v1.01.zip http://www.sysinternals.com/Files/TdiMonNt.zip testlimit.zip http://www.sysinternals.com/Files/testlimit.zip Tokenmon v1.01 (SRC).zip http://www.sysinternals.com/Files/TokenmonSource.zip Tokenmon v1.01.zip http://www.sysinternals.com/Files/Tokenmon.zip TVCache.zip http://www.sysinternals.com/Files/TVCache.zip VCMon.zip http://www.sysinternals.com/Files/VCMon.zip VCMonsource.zip http://www.sysinternals.com/Files/VCMonsource.zip VXDMon.zip http://www.sysinternals.com/Files/VXDMon.zip VXDMonsource.zip http://www.sysinternals.com/Files/VxDMonsource.zip VolumeId v2.0.zip http://www.sysinternals.com/Files/VolumeId.zip Whois v1.01.zip http://www.sysinternals.com/Files/Whois.zip Winobj v2.15.zip http://www.sysinternals.com/Files/WinObj.zip ZoomIt v1.15.zip http://www.sysinternals.com/Files/ZoomIt.zip
Some of these files are outdated by updates which apparently work on multiple systems, such a Debugview, Filemon, and Regmon, but they are included for the sake of completion of potential files still available.
By the way, M$ is offering a packed zip file of the "New" versions of these tools. This file contains all the individual (New Compiled, bloated) tools and help files:
http://download.sysinternals.com/Files/SysinternalsSuite.zip
(notice the "download" where the "www" is/should be to get the "original" files) The "download.systernals.com" link is now part of M$ technet.
LibreOffice
Firefox
No comments:
Post a Comment