Cloning SID and domain membership + security

[gsa 0]

Hi all,

I am considering installing a dual boot W2K/WXP system on my laptop. I have an existing accounts configuration and domain membership that I would like to keep. My only possibility so far would be to clone my system partition with ghost and upgrade the cloned partition. However, I do not consider this option as I have many installed applications. Also, I don't want to create a second machine account on the domain...

Is there anyway to clone or restore after installation the domain membership/accounts ? I know how to restore the system ID using "newsid" from sysinternals (http://www.sysinternals.com/ntw2k/source/newsid.shtml) but that's not enough to clone my domain membership and security accounts settings.

Thanks for your help.

 

GSA

 

[theefool 0]

Doesn't xp have a migration wizard tool? On the actual XP cd itself?

[gsa 0]

Thanks for your reply.

Unfortunately, it is not that simple. The XP migration wizard is only there to transfer "simple" user parameters and preferences. It will not clone your SID nor your domain membership etc..

My question is still open.

 

GS

 

[gsa 0]

up

[Denver_80203 0]

I'm not certain I follow you but, when you back up a system and restore it without using sysprep or any other utilities to wipe the SID fom the system, the restored machine should hold it's SID just fine.

 

I assume you intend to:

1. Ghost backup the system

2. Put 2 partitions on te drive

3. Restore the ghost image to one of the partitions

4. Install the new OS on the second partition

5. Have a switching mechanism at startup

 

Correct?

The image restored in step 3 holds the same SID as the one backed up in 1. Also, all user/group accounts on the machine would NOT be affected by any SID wiping utilities... only the machine account itself.

 

The new OS will get it's own SID and there's nothing you can do to "copy" the SID to it that I'm aware of... especially if it's a different OS since OS determines how the SID is structured.

[Denver_80203 0]

Upon further review...

 

You want 1 machine account... if you:

1 backup the system (2K I assume)

2 add a partition

3 restore the image to the second partition

4 upgrade the first partition from 2K to XP

 

That might do the trick you want... you would have to clean up the restored image well before upgrading it but, you have a backup so there's more room for error.

 

This should maintain the same SID and a single domain account unless the SID changes due to OS differances... I'm pretty certain that a SID in part IDs the OS installed. In an upgrade that may not be true.

[gsa 0]

Upgrading is what I want to avoid for evident reasons, I tried it already this way and it works but I have no way to really clean up corrctly W2K and upgrade it to some clean XP... I already tried but it's all messed up after that, my XP doesn't work so well.

I'd like to track down the necessary SAM information to replicate the SID and accounts IDs from one OS to the other to have the two OSs appearing to be the exact same machine (except from the OS version).

 

GS

 

[zen69x 0]

Why would you want to do this? Just make 2 computer accounts in the domain.

 

Also, the machine account's password is changed periodically so eventually, even if you get this working it will break when the password is changed from one OS and then you boot up in the other OS. You can disable this password changing, but that nullifies some of the security of having the PC in the domain in the first place.