Careful --- IN A DOMAIN for WINDOWS the statement is accurate. Now, there are non-Microsoft programs that depend on SID.
Also consider this situation: you have two machines, A & B. They are cloned images; such that they have identical SIDs. Both are joined to the domain. However, machine "A" runs the payroll application, and has local users. The payroll application database is owned by a local user on machine "A" that has a RID of *-47. On machine "B" - using pass-through authentication - the local user of machine "B" that has a RID of *-47 ALSO owns that database - and has full access to it. The fact that the domain doesn't care that you have duplicate SIDs has not stopped you from having a huge security hole. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Tuesday, July 06, 2010 2:09 PM To: NT System Admin Issues Subject: Duplicate SID's Seems pretty authoritative that duplicate SID's on machines in a domain are not a problem. Opinions gang? http://blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
