Following the release of the Windows 11 update version 25H2, Microsoft quietly implemented a significant security adjustment for devices with duplicate SIDs (Security Identifiers). Accordingly, Windows 11 24H2 and 25H2 devices will no longer allow NTLM and Kerberos authentication if they share the same SID with another device.
This change is intended to increase user security and prevent attacks from improper system cloning. However, the new policy is also causing many problems, especially for businesses that use a large number of computers deployed from the same standard installation.
(Illustrative image)
This tightening primarily helps prevent the system from being copied or "cloned" from the original installation while retaining the SID identifier, which could be exploited by malicious actors for unauthorized access or malware distribution. However, according to feedback from the user community and IT administrators, the consequences of this policy are significant.
Many computers, after updating to the latest version of Windows 11, have experienced continuous login requests or displayed error messages such as "Login attempt failed," "Login failed/your credentials didn't work," or "There is a partial mismatch in the machine ID," disrupting access to network resources. Some devices have also been blocked from connecting to shared folders, network drives, or Remote Desktop tools.
For businesses deploying systems on a large scale, having multiple computers use a cloned installation file from an ISO file without going through the "generalization" step can lead to duplicate SIDs on numerous devices, resulting in widespread authentication errors and directly impacting internal operations.
Recommendation from Microsoft
Given this situation, Microsoft recommends that individual users and business administrators use Sysprep (System Preparation Tool) to generalize the system before cloning or deploying computers in bulk. This tool helps remove old identifiers, ensuring each device has a unique SID and can operate stably within the local network.
According to Microsoft, failure to follow proper system image creation procedures can lead to numerous security risks, especially in enterprise environments where hundreds of devices are connected and share resources. A company representative also warned that intentionally maintaining outdated operating system versions or ignoring security patches is an "open door" for hackers to exploit.
Consequences and user reactions
On international technology forums, many administrators expressed frustration as numerous devices in their systems simultaneously experienced errors after updating to Windows 11. One user shared: “This forces us to review our entire new machine deployment process. Without adjustments, hundreds of devices will simultaneously experience login errors and disrupt work.”
Many individuals using "clone hard drives" for faster installation also encountered similar problems, causing many to temporarily revert to Windows 10 or postpone the update. However, Microsoft stated that this is a necessary step to standardize the security system and ensure each device has a unique identifier, helping to prevent future attacks.
Microsoft's tightening of security measures comes as the company is pushing users to switch entirely to Windows 11, as Windows 10 is nearing the end of its official support. Alongside discontinuing security updates for the older operating system, Microsoft is continuously adding higher security standards to Windows 11 – including a TPM 2.0 chip requirement, High-Voltage System Protection (HVCI) kernel protection mode, and now a unique SID verification mechanism for each device.
According to cybersecurity experts, this step is necessary in the long term, helping to reduce the risk of malware attacks or unauthorized access through cloned systems. However, the deployment without clear warnings has caught many individuals and businesses off guard, especially those relying on rapid deployment models using clones.
Microsoft's implementation of new SID regulations on Windows 11 24H2 and 25H2 demonstrates an effort to strengthen system security, but also poses challenges in managing and deploying devices synchronously. Users and businesses need to review their installation processes promptly, ensuring each computer is properly "generalized" before use.
While this change enhances security in the long term, its silent rollout without specific warning has left many users frustrated when the system unexpectedly loses access. This serves as a stark reminder that, in an increasingly security-conscious tech world , adherence to proper technical procedures is not just a recommendation—it's mandatory for safe operation.
Source: https://doanhnghiepvn.vn/cong-nghe/microsoft-thay-doi-bao-mat-windows-11-may-trung-sid-co-the-bi-khoa-dang-nhap/20251103110013099
Comment (0)