In usual form, Mark Russinovich debunks the machine SID duplication myth. ” The more I thought about it, the more I became convinced that machine SID duplication – having multiple computers with the same machine SID – doesn’t pose any problem, security or otherwise. I took my conclusion to the Windows security and deployment teams and no one could come up with a scenario where two systems with the same machine SID, whether in a Workgroup or a Domain, would cause an issue.”
One problem I can see is that using SID is a great way to identify a machine. There are a few ways to try and identify a machine, but we have found that Machine SID is the easiest and most likely to be a constant.
As far a security goes, it doesn’t pose too many problems that I know off though…
If your machines are being monitored, and you want to make it harder to identify which machine did what, having the same SID would help…
WSUS doesn’t behave well there are duplicate SIDs on the network. We got to a point where we didn’t know what the heck was happening, why some machine hasn’t communicated with WSUS for weeks and why a machine that didn’t exist anymore was communicating every day. All thanks to duplicate SIDs. Some network anti-virus management consoles suffer from this problem, also.
We have the same kind of machines and we clone them to save time, but then this bites us back.
If we you read the hundreds of comments to the article, it is clear that while Mark thinks this issue does not exists, it is there even for Microsoft apps. So the SID duplication is not quite a myth.
Actually, the comments are far more interesting than the article itself IMHO.