feat(msft-windows): add duplicate SID temporary fix script#84
feat(msft-windows): add duplicate SID temporary fix script#84mnelsondtc wants to merge 1 commit into
Conversation
Disables Windows FeatureManagement override 1517186191 to stop the duplicate-SID symptom. Temporary mitigation only; permanent fix is sysprep /generalize reimaging. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
An organization admin can view or raise the cap at claude.ai/admin-settings/claude-code. The cap resets at the start of the next billing period.
Once the cap resets or is raised, push a new commit or reopen this pull request to trigger a review.
Gumbees
left a comment
There was a problem hiding this comment.
Reviewed the script and verified the substance. Override ID 1517186191 and the registry path check out against Microsoft and multiple writeups — this is the documented mitigation for the fall-2025 SID-uniqueness enforcement (KB5065426 family) that blocks NTLM/Kerberos auth between cloned machines. The claim is accurate.
Overall: solid. Cleaner than its siblings, actually — it uses the mandated $env:RMM pattern, whereas msft-windows-sid-detect-duplicates.ps1 still uses the bare $RMM footgun the template warns against. Guarded transcript, non-interactive fallback, read-back verify, real exit codes all look good.
Should fix before merge — reboot messaging
The override requires a reboot to take effect. The script writes the value, reads it back, and prints [SUCCESS] ... override applied / verified. But the read-back only confirms the value persisted — it does not confirm the symptom cleared. A tech who sees "SUCCESS, applied and verified" will reasonably conclude the machine is fixed, when auth will keep failing until reboot.
Fix is messaging only (no auto-reboot on a fleet):
Write-Host "[SUCCESS] Verified '$valueName' = $readBack. FeatureManagement override applied."
Write-Host "[ACTION REQUIRED] A reboot is required for this override to take effect. Auth symptoms persist until restart."
Write-Host "[NOTE] This is a TEMPORARY mitigation. Permanent fix is to reimage affected machines with sysprep /generalize."Minor (non-blocking)
- The
-NonInteractivedetection uses exact match^-NonInteractive$. PowerShell accepts abbreviated parameters (-noni,-NonI), so a relaunch using a short form would slip past it. NinjaOne passes the full flag, so this is fine in practice —-match '^-noni'(prefix) would just be more robust. - The inline comment says the feature "triggers the duplicate-SID behavior." More precise: the duplicate SID already exists from cloning; the fall-2025 update enforces uniqueness and blocks auth, and this override disables the enforcement check. PR body wording is fine; only the code comment is slightly off.
Refs: Windows OS Hub, Born's Tech
Summary
Adds
msft-windows/msft-windows-sid-duplicate-temp-fix.ps1— a temporary mitigation for the duplicate local machine SID issue. Writes FeatureManagement override1517186191 = 0(DWORD) underHKLM\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overridesto disable the feature rollout that triggers the symptom, then verifies the write by read-back.This is a temporary fix only — the permanent fix is reimaging affected machines with
sysprep /generalize. Detection counterparts:msft-windows-sid-report.ps1andmsft-windows-sid-detect-duplicates.ps1.Details
$env:RMMstring-compare input handling, transcript loggingStart-Transcript/Stop-Transcript, stdout output before transcript starts-NonInteractive) and falls back to RMM mode soRead-Hostcan't kill the scriptHKLM\SYSTEMis not WOW6432-redirected, so the 32-bit NinjaOne PowerShell host writes the correct key without a sysnative relaunchRMM Compatibility
NinjaOne preset variables:
RMM,Description,RMMScriptPath(all optional; interactive mode prompts for Description). Runs as SYSTEM.Testing
🤖 Generated with Claude Code