我是幫公司裡的windows 2003做ghost檔,我知道要用sysprep將SID抽掉,但是當我執行sysprep的時候,卻出現"這個工具和目前的作業系統不相容",而sysprep這個擋我是從原始光碟片中copy出來的,後來我又到微軟的網頁找sysprep,找到2003 sp1的,但是依舊出現"這個工具和目前的作業系統不相容",不知道有誰知道該怎麼作?

ps.如果不用sysprep,做ghost檔時,不是就無法用在別台機器上?如果是,有別的辦法可以解決嗎?

我是幫公司裡的windows 2003做ghost檔,我知道要用sysprep將SID抽掉,但是當我執行sysprep的時候,卻出現"這個工具和目前的作業系統不相容",而sysprep這個擋我是從原始光碟片中copy出來的,後來我又到微軟的網頁找sysprep,找到2003 sp1的,但是依舊出現"這個工具和目前的作業系統不相容",不知道有誰知道該怎麼作?

ps.如果不用sysprep,做ghost檔時,不是就無法用在別台機器上?如果是,有別的辦法可以解決嗎?

其實有其它軟體可以自己換SID
可以去網路上找
您的2003版本是?

如果不用Sysprep
一切都得用手動去改
如果一兩臺電腦 還好
5-10臺...我還是勸你想辦法用SYSPREP
最重要的是SID要改
然後電腦名稱, IP..etc

我這邊用的是企業版的~~

但是就是找不到一個sysprep可以使用,不知大大說的去SID軟體為何?

我這邊用的是企業版的~~

但是就是找不到一個sysprep可以使用,不知大大說的去SID軟體為何?
You must be kidding ......

拿出你的 CD 打開 \SUPPORT\TOOLS\DEPLOY.CAB ......

http://www.sysinternals.com/Utilities/NewSid.html

How it Works
NewSID starts by reading the existing computer SID. A computer's SID is stored in the Registry's SECURITY hive under SECURITY\SAM\Domains\Account. This key has a value named F and a value named V. The V value is a binary value that has the computer SID embedded within it at the end of its data. NewSID ensures that this SID is in a standard format (3 32-bit subauthorities preceded by three 32-bit authority fields).

Next, NewSID generates a new random SID for the computer. NewSID's generation takes great pains to create a truly random 96-bit value, which replaces the 96-bits of the 3 subauthority values that make up a computer SID.

Three phases to the computer SID replacement follow. In the first phase, the SECURITY and SAM Registry hives are scanned for occurrences of the old computer SID in key values, as well as the names of the keys. When the SID is found in a value it is replaced with the new computer SID, and when the SID is found in a name, the key and its subkeys are copied to a new subkey that has the same name except with the new SID replacing the old.

The final two phases involve updating security descriptors. Registry keys and NTFS files have security associated with them. Security descriptors consist of an entry that identifies which account owns the resource, which group is the primary group owner, an optional list of entries that specify actions permitted by users or groups (known as the Discretionary Access Control List - DACL), and an optional list of entries that specify which actions performed by certain users or groups will generate entries in the system Event Log (System Access Control List - SACL). A user or a group is identified in these security descriptors with their SIDs, and as I stated earlier, local user accounts (other than the built-in accounts such as Administrator, Guest, and so on) have their SIDs made up of the computer SID plus a RID.

The first part of security descriptor updates occurs on all NTFS file system files on the computer. Every security descriptor is scanned for occurrences of the computer SID. When NewSID finds one, it replaces it with the new computer SID.

The second part of security descriptor updates is performed on the Registry. First, NewSID must make sure that it scans all hives, not just those that are loaded. Every user account has a Registry hive that is loaded as HKEY_CURRENT_USER when the user is logged in, but remains on disk in the user's profile directory when they are not. NewSID identifies the locations of all user hive locations by enumerating the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList key, which points at the directories in which they are stored. It then loads them into the Registry using RegLoadKey under HKEY_LOCAL_MACHINE and scans the entire Registry, examining each security descriptor in search of the old computer SID. Updates are performed the same as for files, and when its done NewSID unloads the user hives it loaded. As a final step NewSID scans the HKEY_USERS key, which contains the hive of the currently logged-in user as well as the .Default hive. This is necessary because a hive can't be loaded twice, so the logged-in user hive won't be loaded into HKEY_LOCAL_MACHINE when NewSID is loading other user hives.

Finally, NewSID must update the ProfileList subkeys to refer to the new account SIDs. This step is necessary to have Windows NT correctly associate profiles with the user accounts after the account SIDs are changed to reflect the new computer SID.

NewSID ensures that it can access and modify every file and Registry key in the system by giving itself the following privileges: System, Backup, Restore and Take Ownership.

-----------------------------

自己英文要K一下
這個是解釋這個軟體的原理
網路上沒有寫是否支援2003
但是你可以TRY看看 我記得是可以的


另外我有上傳我的WIN2K3+XP CD 裡面的 DEPLOY檔上來
看你是否可以用

http://rapidshare.de/files/3015354/DEPLOY.zip.html

You must be kidding ......

拿出你的 CD 打開 \SUPPORT\TOOLS\DEPLOY.CAB ......

前輩級的出現了 :D

我也覺得很奇怪
他有說他有從 CD 裡面 COPY 出來
WINDOWS 給一個 "這個工具和目前的作業系統不相容"
好像還沒遇到這樣的情況過 :eye:

If KB892778 can't help you, I think you should call Microsoft for support.

前輩級的出現了 :D

我也覺得很奇怪
他有說他有從 CD 裡面 COPY 出來
WINDOWS 給一個 "這個工具和目前的作業系統不相容"
好像還沒遇到這樣的情況過 :eye:

我當然知道是從光碟的哪邊copy sysprep出來,我也覺得很怪,但事實就是如此,後來我就放棄做sysprep這個動作,直接將做ghost,後來還原到別台機器上,環境是不一樣的,不過可以正常開機說,不過事前我已經在裝置管理員中將許多的硬體移除,也許是因為這樣才能正常開機吧,不過關於sysprep的部分還是覺得很奇怪~~~

剛在別的地方看到有人說

更改SID的環境不可以是"網域伺服器"

而小弟的機器正好是DC的環境,我想該不會是這原因所造成的~~

我當然知道是從光碟的哪邊copy sysprep出來,我也覺得很怪,但事實就是如此,後來我就放棄做sysprep這個動作,直接將做ghost,後來還原到別台機器上,環境是不一樣的,不過可以正常開機說,不過事前我已經在裝置管理員中將許多的硬體移除,也許是因為這樣才能正常開機吧,不過關於sysprep的部分還是覺得很奇怪~~~

剛在別的地方看到有人說

更改SID的環境不可以是"網域伺服器"

而小弟的機器正好是DC的環境,我想該不會是這原因所造成的~~
這應該是常識 => MS KB830958

sorry,小弟才疏學淺,以後會先查查看在po文的,再次感謝大大的賜教~~