Snap Deploy - Imaged computer contains corrupted built-in administrator account

Discussion in 'Other Acronis Products' started by athomas, May 14, 2007.

Thread Status:
Not open for further replies.
  1. athomas

    athomas Registered Member

    May 14, 2007

    I've created an image with Acronis Snap Deploy and have distributed it to a test computer with a combination of Snap Deploy and universal deploy. The image is of a Windows XP Pro machine, using a Windows Volume License media and key. The image is compressed with maximum compression and stored on our file server. The image is deployed by using a Snap Deploy boot cd in the recipient machine, and then using the Snap Deploy server to push the templated image. When deploy the template, I am prompted to use Universal Deploy and I do accept. When the machine is imaging, it shows that Universal Deploy is being used and the SID and HAL are being cleared/modified. Once the recipient PC is imaged, I'm able to login as administrator w/ no problems. I then go into Computer Management, System Tools, Local Users and Groups, Groups, and double-click on the Administrators group. Where normally, you would expect to see the accounts you had set as administrator, with at least seeing the built-in administrator account as member, I only see SIDs. I delete all the SIDs and re-add the built-in administrator to the local administrators group. I then reboot, login as the local administrator, go back to the administrators group and again, the local built-in administrator account is now a SID.

    When looking at the SID, it's named "S-1-5-21-XXXXXXXXXX", where doing some research on the internet reveals that the local admin SID should be S-1-5-32-XXXXXXXXXXXXX". I'm not sure what's going on here, but it's definitely causing problems. Even though I can login as the local administrator, it doesn't seem to stick for very long. For instance, I logged in as local admin, joined the PC to our domain, rebooted. All looked well, let a user use it for a day. The next day, it can't find the domain. So I login again as local admin to take it out of the domain and re-join it, and I can't, because I don't have sufficient rights. So essentially, the local admin account is stripped of it's rights. I check to see if it's part of the local admin group and it's not, but I still see that infamous SID.

    It's almost as if the admin account becomes corrupt during the imaging process. Does anyone have any clue what could be causing this. I'm pulling my hair out!

    Thanks in advance.

Thread Status:
Not open for further replies.