Guest Chris Allen Posted August 21, 2007 Posted August 21, 2007 Hello all, Is it possible to change a computer's SID without restarting? More specifically... What I'm trying to do is this. I'm trying to come up with a way to do a bare metal restore on Windows. I've written a program that saves the all of the file metadata (attribs, sacls, dacls, mod time, etc) for all the files in the filesystem to a single file which is backed up to another computer. Basically this is like running SetACL or FileACL recursively and telling it to dump all the information to a file and then copying this file elsewhere. The problem I'm having is on restoration. I'm booting up a BartPE boot disk, copying the files back and then applying the security information in my metadata backup file to the filesystem. I fix the mbr, and then boot the newly created filesystem. But... All of the Administrator entries in the ACLs are screwed. They are set to the SID of the Administrator of the boot CD, not the SID that's saved in the backup file. I've come to realize the reason for this, which is that Windows will not allow you to set a file's Administrator ACL entry explicitly even though you tell it to ( using win32security.SetFileSecurity() ), instead it will use the current OS' Administrator SID which is S-5-21-<COMPUTER SID>-500, where <COMPUTER SID> is the computer's SID. Anybody know why this is? So now what I want to do is change the computer's SID on the boot CD to match the SID of the computer I'm restoring from. I realize NewSID from Sysinternals can do this, but it requires a reboot. Is there some way to set the SID of the boot CD on the fly when it starts or after BartPE comes up? It doesn't have to REALLY change it, just trick Windows enough so that win32security.SetFileSecurity() works correctly. Any ideas? The other easier and more obvious option is to set the file security after the system comes up with the old computer's files, this way it will have the old computer's SID. But I'd rather set it all from the boot CD and avoid extra steps. Thanks.
Recommended Posts