Thursday, June 20, 2024

Determine Local SID via PowerShell

I recently needed to verify that SYSPREP had been run on a few servers. You can download a utility PSGETSID to do this, but I didn't want to introduce an external utility to the servers.

I found the following PowerShell code to get the SID of the local Administrator account.

$u = New-Object System.Security.Principal.NTAccount('administrator')
$SID = $u.Translate([System.Security.Principal.SecurityIdentifier])

This returns a SID with -500 on the end. If you ignore the -500, the SID is the SID of the local machine. If this is unique, you know that SYSPREP was used.

You can also look for the CloneTag value in HKLM:\SYSTEM\Setup. This contains the time when SYSPREP was run. However, I prefer to see the unique SID.

More info about using SYSPREP:

No comments:

Post a Comment