Ben
The only thing to be careful with this approach (which is the similar to
say using GHOST or any of the other image level NT install procedures) is
the Machine's SID.
Quoting from an NT site (WWW.SYSINTERNALS.COM) who have a free tool for
changing the SID after installation
The problem with cloning is that it is only supported by Microsoft in a
very limited sense. Microsoft has stated that cloning systems is only
supported if it is done before the GUI portion of Windows NT Setup has
been reached. When the NT install reaches this point the computer is
assigned a name and a unique computer SID. If a system is cloned after
this step the cloned machines will all have identical computer SIDs.
Note that just changing the computer name or adding the computer to a
different domain does not change the computer SID. Changing the name or
domain only changes the domain SID if the computer was previously
associated with a domain.
To understand the problem that cloning can cause, it is first necessary
to understand how individual local accounts on a computer are assigned
SIDs. The SIDs of local accounts consist of the computer's SID and an
appended RID (Relative Identifier). The RID starts at a fixed value, and
is increased by one for each account created. This means that the second
account on one computer, for example, will be given the same RID as the
second account on a clone. The result is that both accounts have the
same SID.
Duplicate SIDs aren't an issue in a Domain-based NT environment since
domain accounts have SID's based on the Domain SID. But, according to
Microsoft Knowledge Base article Q162001, "Do Not Disk Duplicate
Installed Versions of Windows NT", in a Workgroup environment security
is based on local account SIDs. Thus, if two computers have users with
the same SID, the Workgroup will not be able to distinguish between the
users. All resources, including files and Registry keys, that one user
has access to, the other will as well.
Another instance where duplicate SIDs can cause problems is where there
is removable media formated with NTFS, and local account security
attributes are applied to files and directories. If such a media is
moved to a different computer that has the same SID, then local accounts
that otherwise would not be able to access the files might be able to if
their account IDs happened to match those in the security attributes.
This is not be possible if computers have different SIDs.
An article Mark has written, entitled "NT Rollout Options", will appear
in the June issue of Windows NT Magazine. It discusses the duplicate SID
issue in more detail, and presents Microsoft's official stance on
cloning (please do not ask for preview copies).
Peter
|