how to get group policy for duplicate sid

Ron Sigmon 0 Reputation points

duplicate sid on cloned computer. trying to get temporary group policy

  1. LOUIS LOPEZ 25 Reputation points

    echo THIS FIXES THE DUPLICATE SID AND PASSWORD IS CORRECT BUT DOESN'T WORK

    echo Install the Windows 11 24H2, Windows 11 25H2 and Windows Server 2025 KB5065426 250923_06201 Known Issue Rollback.msi

    echo https://download.microsoft.com/download/c6c70455-59ce-4d47-b13c-56b99d0435f1/Windows%2011%2024H2%2c%20Windows%2011%2025H2%20and%20Windows%20Server%202025%20KB5065426%20250923_06201%20Known%20Issue%20Rollback.msi

    echo Run powershell as Administrator

    echo This compliments the duplicate SID failure on the computer accessing the host

    New-Item -Path HKLM:\SYSTEM\CurrentControlSet\Policies\Microsoft

    New-Item -Path HKLM:\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement

    New-Item -Path HKLM:\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides

    Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides" -Name "1517186191" -Type 'DWord' -Value 0 -Confirm:$false

    echo Reboot after this

    Now map the drive and it works

  2. Viet Ho Van 40 Reputation points

    Thank you for sharing. I have resolved the issue.

Sign in to comment

Answer recommended by moderator

GTS-NJ 580 Reputation points β€’ Volunteer Moderator

This is the only fix I have found to actually work for the duplicate SID problem. (Credit to AksWoody.com)

Download and run this on the Guest PC (the one accessing the shares).

Windows 11 24H2, Windows 11 25H2 and Windows Server 2025 KB5065426 250923_06201 Known Issue Rollback.msi

from

https://download.microsoft.com/download/c6c70455-59ce-4d47-b13c-56b99d0435f1/Windows%2011%2024H2%2c%20Windows%2011%2025H2%20and%20Windows%20Server%202025%20KB5065426%20250923_06201%20Known%20Issue%20Rollback.msi

Then in Local Group Policy Editor (gpedit.msc) -

Local Computer Policy / Administrative Templates \ KB5065426_20250923_06201 Known Issue Rollback

Set to Disabled.

Reboot

Alternatively this can be done with a registry change. (I haven't tested this one.)

HKLM\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides

Right-click the key, click New, and create a DWORD32 named 1517186191 with a value of 0.

  1. Stan 6 Reputation points

    Thank you for this post β€” it can definitely save the necks of many admins. After decades, Microsoft suddenly (and without any warning) started requiring non-duplicate SIDs for local computer accounts. This is not how things should be done.

    We deployed a solution from Stratesave, SIDCHG – SID Changer Utility. It is a paid product, but it is a 100% functional solution.

  2. Padraig R 0 Reputation points

    @GTS-NJ Thanks for this . I assume this is the Group Policy Object normally only available through Microsoft Support but it seems that to purchase a single support incident costs €299 which seems excessive for very small businesses. Are there any licensing issues in using your link above rather than going through Microsoft Support

  3. Padraig R 0 Reputation points

    @Stan Have you found any unintended issues arising from using SIDCHG – SID Changer Utility ?

  4. Sam Post 0 Reputation points

    I ran into this very same problem.
    I had issues trying to access a file share from a cloned machine that had a duplicate SID.
    I tried to use SYSPREP but it failed. I didn't have the time to iron out the bug, so I turned to A.I.
    A.I. failed me.
    I tried the SIDCHGX method, Fail.
    I tried WittyDiskClone method, Fail.
    Then I found this article and it SOLVED my problem.

    I signed up for an account just to thank the author.

    Thank-you!

  5. John Stfford 0 Reputation points

    I had pretty much given up. This one worked for me. I have tried so many other ways & still couldn't connect either with file explorer or VNC. Both work fine now.

Sign in to comment

4 additional answers

  1. Susan Bradley 56 Reputation points
    0 comments No comments
    Sign in to comment
  2. HLBui 7,000 Reputation points β€’ Independent Advisor

    Hi Ron Sigmon

    Just checking to see how is everything. Please feel free to let me know if you need any assistance

    0 comments No comments
    Sign in to comment
  3. HLBui 7,000 Reputation points β€’ Independent Advisor

    Dear Ron Sigmon

    In general, Windows does not provide a Group Policy Object specifically for fixing or detecting duplicate SIDs, because duplicate machine SIDs typically don’t cause functional issues in domain-joined systems. However, if you’re working with imaging or deployment scenarios, the recommended approach is to ensure each machine is generalized using Sysprep, which automatically generates a unique SID during the setup phase. You can also review your deployment workflow to confirm that no images are being cloned without running Sysprep beforehand.

    If your concern is related to domain conflicts, you may validate unique domain SIDs by rejoining the affected device to the domain, which forces regeneration of local identifiers. Additionally, tools such as PsGetSid from Sysinternals can help you verify the SID of each machine for auditing purposes. If this issue is appearing during compliance or security checks, updating your imaging process is typically the long-term fix.

    Please feel free to let me know if you’d like guidance on adjusting your deployment process or validating SIDs across multiple systems.

    If this guidance proves helpful, feel free to click β€œAccept Answer” so we know we’re heading in the right direction and let me know if you need any assistance. Thank you

    1. Susan Bradley 56 Reputation points

      Duplicate SIDS now do cause an issue.

    Sign in to comment

  4. AI answer

    To address the issue of duplicate SIDs on cloned computers, you can utilize Group Policy to manage temporary settings. However, it's essential to note that Microsoft does not support images prepared using tools like NewSID for deployment; instead, they recommend using the Sysprep utility to avoid SID duplication.

    To create a temporary Group Policy for handling duplicate SIDs, you can follow these general steps:

    1. Identify Duplicate SIDs: Use tools like Ntdsutil to check for duplicate SIDs in your environment. This will help you understand the scope of the issue.
    2. Create a Temporary Group Policy Object (GPO): In the Group Policy Management Console, create a new GPO that applies specific settings to the affected computers. This can include user permissions, security settings, or other configurations needed to mitigate the impact of duplicate SIDs.
    3. Link the GPO: Link the newly created GPO to the organizational unit (OU) that contains the cloned computers. This ensures that the settings are applied to the correct machines.
    4. Monitor and Adjust: After applying the GPO, monitor the environment for any issues related to access permissions or security. Adjust the GPO settings as necessary to ensure proper functionality until the duplicate SID issue is resolved.

    Remember that resolving the underlying SID duplication issue should be a priority, as temporary fixes may not provide a long-term solution.

    AI-generated content may be incorrect. Read our transparency notes for more information.
Sign in to answer

Your answer