After releasing the Windows 11 version 25H2 update, Microsoft quietly implemented an important security adjustment for devices with duplicate SIDs (Security Identifiers). Accordingly, Windows 11 24H2 and 25H2 devices will no longer allow NTLM and Kerberos authentication if the device has the same SID as another device.
This change is supposed to increase user security and prevent attacks from improper system cloning. However, the new policy is also causing a lot of trouble, especially for businesses that use a large number of computers deployed from the same standard installation.
(Illustration)
This tightening first helps prevent the system from being copied or “cloned” from the original installation while still keeping the SID identifier, which can be exploited by bad guys to gain unauthorized access or spread malware. However, according to feedback from the user community and IT administrators, the consequences of this policy are not small.
Many computers after updating to the new version of Windows 11 have encountered a situation where they are constantly asked to log in or error messages such as “Login attempt failed”, “Login failed/your credentials didn't work” or “There is a partial mismatch in the machine ID”, causing interruptions in accessing network resources. Some devices are also blocked when connecting to shared folders, network drives or Remote Desktop tools.
For businesses deploying systems on a large scale, multiple computers using the same installation file cloned from an ISO file without going through the "generalization" step can cause a series of devices to have duplicate SIDs, leading to simultaneous authentication errors and directly affecting internal operations.
Recommendations from Microsoft
In this situation, Microsoft recommends that individual users and enterprise administrators use the Sysprep (System Preparation Tool) tool to “generalize” the system before cloning or deploying a large number of computers. This tool helps to remove old identification information, ensuring that each device has a unique SID and can operate stably on the internal network.
According to Microsoft, not following the correct system imaging process can lead to many security risks, especially in enterprise environments where hundreds of devices are connected and sharing resources. The company representative also warned that deliberately maintaining outdated operating system versions or ignoring security patches is an “open door” for hackers to exploit.
Consequences and user reactions
On international technology forums, many administrators expressed their frustration when a series of devices in the system encountered errors after updating Windows 11. One user shared: "This forced us to review the entire process of deploying new machines. If not adjusted, hundreds of devices will simultaneously have login errors and disrupt work."
Many individuals who use “hard drive clone” computers for quick installations have encountered similar problems, forcing many to temporarily return to Windows 10 or delay the update. However, Microsoft said this is a necessary step to standardize the security system and ensure that each device has a unique identifier, helping to prevent future attacks.
Microsoft's security push comes as the company pushes users to move to Windows 11, as Windows 10 reaches the end of official support. While Microsoft has stopped providing security updates for the older operating system, it has been steadily adding more security standards to Windows 11 - including a TPM 2.0 chip requirement, system kernel protection (HVCI), and now a unique SID check mechanism for each device.
According to cybersecurity experts, this move is necessary in the long term, helping to reduce the risk of attacks from malware or unauthorized access through clones. However, the deployment without clear warning has left many individuals and businesses passive, especially those units that depend on the rapid deployment model using clones.
Microsoft's implementation of the new SID rules on Windows 11 24H2 and 25H2 represents an effort to strengthen system security, but also poses challenges in managing and deploying synchronized devices. Users and businesses need to review the installation process early, ensuring each computer is properly "generalized" before use.
While this change should improve security in the long run, its silent rollout without any specific warning has left many users in a state of shock and disbelief as their systems suddenly stop working. It’s a stark reminder that, in an increasingly security-conscious tech world , following the correct technical procedures isn’t just a recommendation – it’s a requirement for safe operation.
Source: https://doanhnghiepvn.vn/cong-nghe/microsoft-thay-doi-bao-mat-windows-11-may-trung-sid-co-the-bi-khoa-dang-nhap/20251103110013099
![[Photo] Ho Chi Minh City Youth Take Action for a Cleaner Environment](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/11/04/1762233574890_550816358-1108586934787014-6430522970717297480-n-1-jpg.webp)
![[Photo] Panorama of the Patriotic Emulation Congress of Nhan Dan Newspaper for the period 2025-2030](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/11/04/1762252775462_ndo_br_dhthiduayeuncbaond-6125-jpg.webp)
![[Photo] Ca Mau "struggling" to cope with the highest tide of the year, forecast to exceed alert level 3](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/11/04/1762235371445_ndo_br_trieu-cuong-2-6486-jpg.webp)
![[Photo] The road connecting Dong Nai with Ho Chi Minh City is still unfinished after 5 years of construction.](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/11/04/1762241675985_ndo_br_dji-20251104104418-0635-d-resize-1295-jpg.webp)
Comment (0)