[SOLVED] 24H2 will not reconnect to mapped drives even with passwords

[HCHTech]

I sure as heck wasn't going to run Sysprep on a clients machine without going through the process in my shop with an expendible computer so I knew what to expect. So I have a laptop kicking around with no real data on it, Win11 24H2 - perfect candidate.

• I ran sysprep /generalize /oobe /reboot - It ran for a bit, then halted with the error "you have [software] installed which is stopping sysprep from completing" It was pointing to my installation of Winget. So I uninstalled that.
• Ran sysprep again, halted with the same error, this time pointing to CoPilot, so I uninstalled that.
• Ran sysprep again, this time it went all the way to a reboot, but then I got the bluescreen stating the OS couldn't be booted and to use recovery tools. Just for fun, rebooted again, same problem.
• So......I reinstalled Windows.

This test was a fail. I had already checked for software to change the SID live. There used to be a software that was part of sysinternals, but it has been deprecated and removed, probably after MS bought sysinternals. The other software out there is SIDCHG, which is a paid software. They have a 30-day trial, but it says "SIDCHG is free to try but not to use", which makes me think it won't actually do the thing until you pay, I could be wrong. The price is high enough that it isn't a casual purchase - something like $240 for a single person, professional use.

 

[britechguy]

They have a 30-day trial, but it says "SIDCHG is free to try but not to use", which makes me think it won't actually do the thing until you pay, I could be wrong.

They state explicitly that the 30-day trial is fully functional and that any changes made with it persist. I think that's the right approach on their part as far as giving a reasonable opportunity to test for anyone who might be considering purchasing.

However, their having 22 different licensing options, 11 for those purchasing the latest version and 11 more for those upgrading from the prior version in the same respective categories, is insane!

The reason I didn't mention it before is I had not realized that the NewSID software from Sysinternals had been deprecated. I saw a last update date of 2021, but for something like this that doesn't seem "ancient." Certain things change less than others.

 

[ell]

I sure as heck wasn't going to run Sysprep on a clients machine without going through the process in my shop with an expendible computer so I knew what to expect. So I have a laptop kicking around with no real data on it, Win11 24H2 - perfect candidate.

• I ran sysprep /generalize /oobe /reboot - It ran for a bit, then halted with the error "you have [software] installed which is stopping sysprep from completing" It was pointing to my installation of Winget. So I uninstalled that.
• Ran sysprep again, halted with the same error, this time pointing to CoPilot, so I uninstalled that.
• Ran sysprep again, this time it went all the way to a reboot, but then I got the bluescreen stating the OS couldn't be booted and to use recovery tools. Just for fun, rebooted again, same problem.
• So......I reinstalled Windows.

This test was a fail. I had already checked for software to change the SID live. There used to be a software that was part of sysinternals, but it has been deprecated and removed, probably after MS bought sysinternals. The other software out there is SIDCHG, which is a paid software. They have a 30-day trial, but it says "SIDCHG is free to try but not to use", which makes me think it won't actually do the thing until you pay, I could be wrong. The price is high enough that it isn't a casual purchase - something like $240 for a single person, professional use.

LOL I tried NewSID from sysinternals and it ran for an hour (gpu busy but no hd use) I ended it rebooted and ofcourse my user account was trashed, system restore got me back, next I'll just create a new user (gets a new sid) and copy my data over. Creating a new user with new shared drives didn't work either, when logged into the new user. I ran Get-WmiObject win32_useraccount | Select-Object Name,SID with powershell and found other identical users and sids. Not sure where to go from here aside from nuke and pave. After watching this guys video on SIDCHG, it appears he didn't pay, I may give it a go. I'll report back. video

 

[ell]

OMG! After spending two days on this IT WORKED! Instant sharing with mapped drives all PUBLIC network profiles with no passwords on either host or clients. I can't believe MSFT hasn't patched this yet. I couldn't get the AMD version to work on mine so I ran the X64 (just living on the edge) Just download SIDCHG and follow the instructions on this video to change all SIDS. In my machine it just shut down cold after it ran behind the blue screen with the time, I powered it up and a black warning popped up to not turn off the machine, a couple minutes later it logged into my account and bam all sids were changed, you can test with this cmd Get-WmiObject win32_useraccount | Select-Object Name,SID your machines after to check

 

[HCHTech]

After spending two days on this IT WORKED!

I will give this a try on my "expendible" machine, before even offering it to the client. Even so, I'm going to couch it as a hail mary and that the real fix is a N&P.

I can't believe MSFT hasn't patched this yet.

I expect this is not seen as a bug by MS. The problem here isn't their change (which seems entirely reasonable and more secure), it's with folks who don't do the imaging process properly. If you follow the process correctly, the end user gets the OOBE during which a unique SID is generated. If you DON'T follow the process correctly, the SID remains the same as the parent.

 

[ell]

I will give this a try on my "expendible" machine, before even offering it to the client. Even so, I'm going to couch it as a hail mary and that the real fix is a N&P.


I expect this is not seen as a bug by MS. The problem here isn't their change (which seems entirely reasonable and more secure), it's with folks who don't do the imaging process properly. If you follow the process correctly, the end user gets the OOBE during which a unique SID is generated. If you DON'T follow the process correctly, the SID remains the same as the parent.

Don't use it on a client! I used it on my own only. I did discover a bug, upon reboot this morning the black screen popped up again saying "don't turn off your pc sid is being changed" then it went away, wouldn't want clients seeing that! However I wonder if it was because I installed the windows x64 version because the AMDx64 version wouldn't work on my AMD.

 

[HCHTech]

Don't use it on a client!

Well, I started this thread because I ran into this issue with a client. I have already told them what the real problem is, and that the solution was to N&P their machines, but that I would look for alternatives. After letting them stew with that over the weekend, we'll reconnect tomorrow to see how they want to move forward.

 

[ell]

Well, I started this thread because I ran into this issue with a client. I have already told them what the real problem is, and that the solution was to N&P their machines, but that I would look for alternatives. After letting them stew with that over the weekend, we'll reconnect tomorrow to see how they want to move forward.

Yeah, it worked perfectly aside from the message on second reboot, I haven't tried it again because I usually just leave the machine on 24/7 as a server. I emailed the site and he told me to simply turnoff all defender again, reboot then run the installer again, and sure enough a popup msg informed it was already installed and removing the message, it worked of course alls good

 

[HCHTech]

I'm happy to report that SIDCHG did, in fact successfully change the SID on all of the client's machines (well, save 1 - they just all need to be different). I was able to do it all remotely, and drive mapping worked just as it should afterwards. Another dragon slain. On to the next problem!

 

[ell]

I'm happy to report that SIDCHG did, in fact successfully change the SID on all of the client's machines (well, save 1 - they just all need to be different). I was able to do it all remotely, and drive mapping worked just as it should afterwards. Another dragon slain. On to the next problem!

If I had a nickel for everytime Windows....