Share via

Special group policy for cloned computers with identical SID

Morley, Ivan 0 Reputation points
2025-11-06T18:15:54.2866667+00:00

Due to cloning, all computers have the same SID which is causing an issue with RDP and file sharing.

I understand there is a special group policy which may address this issue and allow us time to rebuild each computer in turn.

Windows for business | Windows Client for IT Pros | Devices and deployment | Set up, install, or upgrade
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-11-06T18:16:15.82+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To address the issue of identical SIDs on cloned computers, you can utilize the Group Policy loopback processing feature. This allows you to apply user configuration settings based on the computer that is being used, which can help mitigate issues with RDP and file sharing caused by duplicate SIDs.

    To enable this feature, follow these steps:

    1. Open the Group Policy Microsoft Management Console (MMC).
    2. Navigate to Computer Configuration > Administrative Templates > System > Group Policy.
    3. Enable the option Configure user Group Policy loopback processing mode.

    This policy is particularly useful for special-use computers, such as those in public areas or labs, where user policies need to be modified based on the computer being used. However, it is important to note that loopback processing is supported only in an Active Directory environment, and both the computer and user accounts must be in Active Directory.

    Additionally, it is recommended to use the Sysprep tool before capturing the image of the cloned systems to avoid SID duplication issues in the future. Sysprep removes system-specific data, including the computer SID, which is crucial for maintaining unique identifiers across systems.

    References:

    0 comments
  2. Domic Vo 11,070 Reputation points Independent Advisor
    2025-11-06T19:05:15.11+00:00

    Hello Morley, Ivan,

    Thanks for bringing this up—you're right to be proactive. When cloned machines share the same SID, it can disrupt key Windows features like Remote Desktop, file sharing, and authentication, especially in domain environments. While the long-term fix is to reimage each system using tools like Sysprep to generate unique SIDs, there are temporary Group Policy workarounds to help maintain functionality in the meantime. You can enable loopback processing (Merge mode) to ensure consistent policy application, and temporarily allow insecure guest logons to ease file sharing issues—just remember to reverse this once systems are rebuilt. For RDP, use IP addresses instead of hostnames to avoid conflicts. It’s also helpful to monitor SID duplication using whoami /user or PowerShell, and check Event Viewer for authentication errors.

    Let me know how it goes, and if this answer helps, feel free to hit “Accept Answer” so others can benefit too 😊

    T&B,

    Domic.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.