146 Updating Security Identifiers (SIDs) and computer names
Using Ghost Walker
It appears that the accessing user is given the rights that the accessed user has by
proxy. For example, the access is performed on behalf of the accessing user by the
accessed user, just because there is a user name/password match. This can best be
seen when specific access rights are granted remotely by the accessing user to a
resource on the accessed computer. The Access Control List shows that the
accessed user is the user who has rights to the resource.
Updating the SID on a workstation does not stop this situation from occurring.
You must change the password of one of the users.
Using Ghost Walker
Ghost Walker lets you alter identification details of Windows 95, Windows 98,
Windows Me, Windows NT, and Windows 2000/XP computers following a clone
operation. Each Windows 95, 98, or Me computer can be assigned a unique
name. Each Windows NT or 2000/XP computer can be assigned a unique
computer name and a Machine Security Identifier (SID).
When you update the SID using Ghost Walker, all existing workstation users and
their passwords, permissions, and registry settings are maintained.
Ghost Walker can be operated from the graphical user interface or from the
command line. Ghost Walker does not run from:
■ A Windows NT or 2000 DOS shell
■ A Windows 95, 98, or Me DOS shell
The Ghost Walker window lists all bootable Windows 95, 98, Me, NT, XP, and
2000 systems on the computer hard drives. Ghost Walker determines that there is
an installed operating system if a full set of registry hive files and the operating
system kernel executable are located in their normal locations.
Ghost Walker lists the following operating system details:
■ Logical ID (system ID generated by Ghost Walker)
■ Drive number
■ Partition number
■ Volume label (partition name)
■ Partition file system type
■ Computer name
■ Operating system type, version, or build