SIDCHG (SIDCHG64 on 64-bit Windows) 3.0j is a command-line utility to modify local computer
SID and computer name, for Windows 2022/11/2019/2016/10/8.1/2012 R2/8/2012/7/2008 R2. It replaces current computer SID with new random SID. In addition,
it changes the WSUS ID for Windows Updates, the MachineGuid, the Machine ID, the Device Identifier for Modern Apps, the MSDTC CID, the Dhcpv6 DUID,
the SQL Server Master database, the encryption state to preserve encrypted files,
Windows Action Center settings, Certificates and other encrypted stored information.
Preservation of credentials stored in Windows Vault is possible with prior preparation of Vault backup. Optionally OneDrive can be reset.
Usage
SIDCHG64 [options]
/COMPNAME=: New computername, ? = random hex character, * = mac address (hex)
/COMPDESCR=: New computer description
/F: Omit confirmation
/R: Reboot after SID change
/S: Shutdown after SID change
/NS: Don't change SID, only set computername
/KEY=: License key
/SK: Store licence key in registry for later. SID will not be changed if /SK is specified
/RMK: Remove license key from registry after SID change
/OD: Reset OneDrive. This avoids OneDrive synchronization issues if both original and clone are active with same user. /OD requires OneDrive-Account to be reentered after SID change.
Without /OD it is sufficient to reenter password of OneDrive-Account after SID change
/RESETALLAPPS: Reset all Modern Apps. This avoids issues with Modern Apps or with Search box after SID change.
/RESETAPPS=: List of Modern Apps to be reset (PackageFamilyName), separated by ;-character. *-character counts as wildcard. - (minus)-character at beginning excludes app from reset.
/RESETAPPSFILE=: File containing List of Modern Apps to be reset (PackageFamilyName), each on separate line. *-character counts as wildcard. - (minus)-character at beginning excludes app from reset.
Following options are advanced (not for normal use):
/OS=: Windows-directory (e.g /OS=D:\Windows) of OS to modify, if not running OS
/D=: Drives to check for SID (e.g /D=CDE). Per default, SID will be changed on all local harddrives
/SID=: New SID value. Per default, SID will be set to random value
/RMKNOW: Remove stored license key from registry without doing SID change
/RMT: Remove traces. Remove SIDCHG key from registry after SID change. Completed SID change cannot be reverted if /RMT is specified
/RMTNOW: Remove traces now. Remove SIDCHG key from registry without doing SID change. SID change cannot be reverted afterwards
/NW: Don't change WSUS ID
/NCID: Don't reset MSDTC CID
/NPP: No Run Once-post processing. Transparent post processing is needed to preserve encrypted files and other user settings.
/NDI: Don't reset Device ID.
/NMG: Don't reset Machine GUID.
/NMID: Don't reset Machine ID
/NDUID: Don't reset Dhcpv6 DUID.
/NSQ: Don't change SQL Server master database. When changed, a backup copy of the original master database is copied to C:\Windows\Temp-directory
/NMA: Don't reset McAfee ID.
/FDID: Full reset of Device ID (can invalidate System Activation)
/REVERT: Reverts SID back to previous value after complete or interrupted SID change
/REPEAT: Repeats previous complete or interrupted SID change with same previous and new SID values. This can be useful if not all has been changed during first run.
/CLEARMSG: Clears SID change message at login after interrupted SID change
/CNMF=: Map file /COMPNAME will be mapped against, with lines map=compname
/FF: Allow SID change with Antivirus real-time protection left on, SID to be changed on removable drive, or for unsupported Windows version, and bypass other restrictions.
Set computername after mac address:
SIDCHG /COMPNAME=* /CNMF=map.txt where map.txt has lines macaddress=compname
Change of computer SID risks data loss and system damage. Do not interrupt SID change in process!
On Windows 11, 10, 8.1, and 8, user will be logged out and SID will be changed in background, after which the computer will shut down (default) rsp. reboot (if /R is specified),
to preserve modern interface user settings.
Do not log in and do not turn off or shutdown the computer while SID change is running in background!
While SID change is running in background, following message appears at Login screen, showing actual progress state of SID change in process:
It is very important to not log into the computer and not shutdown the computer while SID change is running in background ! This is necessary to preserve
the modern user interfaces and apps.
After completing the SID change, the system will automatically shut down or reboot. Do not do that yourself, do not log in, and do not interfere. Best is to not touch the PC at all before the automatic shutdown/reboot !
Pricing
SIDCHG is free to try for evaluation for 30 days maximum, but not free to use.
Monthly trial keys for evaluation purposes are available.
New trial key will be uploaded during 5th-10th day of month. Trial key has same technical functionality as License key you receive after purchase.
SID changed using trial key will stay changed even after trial key expires.
Purchase license
Upon registration, you will be sent license key for SIDCHG 3.0.
License key can be stored in registry, for easy management. Visit Purchase page.
How to show local computer SID from command prompt
There is command program PSGETSID downloadable from www.sysinternals.com. Called without any parameters it displays local computer SID.
Alternatively, there is command WMIC useraccount get name,sid, which shows the SID of all useraccounts. Look at Administrator user account. It's SID without the -500 RID at
the end is equal to the local computer SID. The often used WHOAMI /USER does not provide correct result for Domain Users. It shows the domain SID instead of local computer SID.
Note on Antivirus
SIDCHG (not SIDCHGL) demands real-time Antivirus protection Microsoft Defender Antivirus or other to be turned off before running SID change.
There is too much danger otherwise that Antivirus protection will stop running SID change process in the middle of operation,
leaving the system in a bad state.
Microsoft Defender Antivirus turns real-time protection back on automatically after reboot.
Alternatively, Process Exclusion can be applied (see below).
SIDCHG commandline option /FF allows SID change to run with real-time Antivirus enabled, but it is not recommended.
About SIDCHGL / SIDCHGL64
SIDCHGL is an alternative to SIDCHG, if turning off Antivirus is undesirable.
For SIDCHGL(64) it is only recommended but not demanded that real-time Antivirus protection Microsoft Defender Antivirus or other be turned off before running SID change.
SIDCHGL functions the same way as SIDCHG, with the difference that it skips change of SID within browser settings. If browser settings like homepage or bookmarks are not cloud-synced,
they will be lost and reset to default values after changing the SID with SIDCHGL, because the stored browser settings are bound to the previous SID and no longer valid for the new SID.
Changing the SID within browser settings and therefore making modifications at these locations causes Antivirus Software to stop the SID change process, leaving the system with incomplete SID change.
SIDCHGL skips changing SID within browser settings and will therefore much less likely be stopped by Antivirus Software. Still it is recommended to turn real-time Antivirus Software off even with SIDCHGL.
The SID needs to be changed at many locations within the system and the possibility remains that these changes are seen as dangerous actions by the Antivirus Software and that it interrupts or blocks the running SID change.
SIDCHGL and SIDCHGL64 have same command options and work with same license key. License and key for SIDCHG are valid also for SIDCHGL.
For best results it is recommended to use SIDCHG(64) with real-time Antivirus turned off during SID change, not SIDCHGL.
How to further improve acceptance by Antivirus
For SIDCHG to run in background, it will normally copy itself to C:\Windows\Temp\SIDCHG64_.exe rsp C:\Windows\Temp\SIDCHGL64_.exe for SIDCHGL.
This copy operation is recognized and potentially disliked by Antivirus-Software.
To avoid the copy operation, and have the SID change in background run from the calling .EXE, following conditions need to be met:
1. SIDCHG(L)(64).EXE must be run from one of the following directories or a subdirectory: C:\Windows, C:\Program Files, C:\Program Files (x86).
2. The Security-Attribute that this file came from another computer needs to be be Unblocked within downloaded SIDCHG(64).EXE file Properties.
Using Process Exclusion instead of turning off realtime Antivirus
An alternative from turning off Microsoft Defender Antivirus is to exclude the Process where SID change is run from Antivirus. The process name usally
is C:\Windows\Temp\SIDCHG64_.exe rsp C:\Windows\Temp\SIDCHGL64_.exe for SIDCHGL, but can also be the .EXE from which SIDCHG is called (see section "How to further improve acceptance by Antivirus" above).
New! Note on message: System Update Operations (...) are found to be performed at next reboot.
SIDCHG has found that one or more system update operations are scheduled to be performed during next system startup. Executing SID change at the same time poses the risk
of undesired interferences between the Updates and the SID change. The solution is to reboot first, let the other operations complete before running SID change. In some cases, 2 restarts are needed before all
scheduled update operations are complete. Please note that the check for pending System Update Operations is not airtight. Best practice is to check that no Updates are pending or being performed, before starting SID change.
When setting up a new system from clone image, either first have system apply all the Updates before the SID change, or, do the SID change first, before connecting the system to the network.
The check can be overruled with option /FF, which is not recommened.
New! Note on /RESETALLAPPS /RESETAPPS= and /RESETAPPSFILE=
These options reset Modern Apps during SID change. All local stored data and settings of the specified apps will be cleared or reset. This is necessary, because some apps
fail to work correctly or they make Search box to freeze after SID change otherwise. /RESETALLAPPS is recommended option if stored data and settings of Modern Apps are not necessary to be kept.
/RESETAPPS=... allows to specify, which apps are to be reset and for which local data should be kept. Specify App's PackageFamilyName shown from Get-AppxPackage powershell-command, with * as wildcard-character, and ; as separation-character.
Example /RESETAPPS=App1_*;App2_* resets Apps starting with name App1 rsp App2. - (minus)-character excludes App from being reset. For example /RESETAPPS=*;-App1* or /RESETAPPS="*;-App1*" resets all apps except App starting with name App1 during SID change.
/RESETSAPPSFILE=filename reads the to be reset apps from a file. Each line represents one App-entry. Special characters are interpreted the same as with /RESETAPPS=. For example, /RESETAPPSFILE=filename pointing to
a file containing one line with letter * and one line -App1* will reset all Modern Apps except app who's name starts with App1.
New! Note if Search box freezes after SID change
Try logging out and in again. If freeze of Search box persists, probably one or more Modern Apps which integrate with Search-Function prevent Search box from working correctly.
Use SIDCHG option /RESETALLAPPS to reset all Modern Apps or one of options /RESETAPPS= rsp /RESETAPPSFILE= as explained above to reset Modern Apps which possibly prevent Search box function to work correctly after SID change.
Note if SID change takes long time
Before acting, please let it run for at least 15 minutes. Then check if progress message with progress number shown in image above changes.
Press OK button in progress message screen and then click on login screen to have progress message display show up again with new progress.
If progress message and progress number BOTH stay unchanged for 5 minutes,
it can be assumed that the program is no longer running and terminated abnormally. If only progress message stays unchanged but progress number changes,
the SID change is still actively being worked on.
Note if SID change has been interrupted and SID change message remains at login screen
The reasons that SID change was interrupted can be improper handling (not letting the SID change in background run uninterrupted until automatic executed shutdown or reboot),
intervention by real-time Antivirus or crash of SIDCHG Software.
First verify that SID change is no longer running (see section "Note if SID change takes long time" above).
Then WITHOUT LOGGING IN, reboot the computer into Troubleshoot mode Command prompt. One method for this is to reboot the computer, and while Windows icon is shown during startup, restart the computer again,
repeat until Message Preparing Automatic Repair is shown. When this message is shown, wait for Automatic Repair options to show up. Select Advanced Options followed by Troubleshoot and Command Prompt.
Within command prompt, find drive of installed Windows where SID was being changed. Ususally it is drive D:. Find SIDCHG64 program on that drive.
Run SIDCHG64 /OS=D:\Windows
SIDCHG64 will recognize the interrupted SID change and propose to complete it with same options as in previous attempt.
SID change might have been interrupted before it was really started. In that case, SIDCHG64 /OS=D:\Windows will clear the SID change progress message at login screen without proposing to complete the SID change.
It is possible to run the SID change at this point from command prompt with desired options.
As a side note if original interrupted SID change has been made with older version SIDCHG 3.0h, use SIDCHG 3.0i or newer for the troubleshoot recovery and for the later SID change (2nd SIDCHG64-call in the image) specify SIDCHG64 /OS=D:\Windows /REPEAT. /REPEAT-option is important in some cases to recover if original SID change was made with SIDCHG 3.0h.
Please be careful to not interrupt SIDCHG while it is doing SID change in background, before waiting lengthy time and being sure it is not working correctly.
Please also check for a file with name SIDCHGxxx.dmp (xxx any characters) in folder C:\Windows\Temp. If such a file exists after unsuccessful SID change, please send the file to support@stratesave.com ,
Thank you. This will help with analyzing the problem and working on a fix.
Note about Windows Licensing, KMS et al
SIDCHG does not affect Windows licensing. Use slmgr -rearm to reset licensing information of imaged clones, in addition to calling SIDCHG(64).
Note about SID change from Windows PE
SIDCHG supports SID change from Windows PE, with SIDCHG commandline option /OS=D:\Windows, pointing at the System to be changed. The Windows version of the PE should be the same or
greater than the system to be changed. To change the SID of a Windows 10 System from PE, for best results use Windows 10 PE.
Note about SID change of domain computers
After the SID change computers on a domain possibly loose domain membership and need to rejoin. In addition, SID of a domain controller server cannot be changed.
To change the SID of a domain controller, it needs to be demoted first, and promoted again after SID change.
Note about EFS encrypted files
SIDCHG supports preservation of encrypted information, including NTFS encrypted files. Please note that EFS encrypted files cannot always
be preserved. If it is necessary to preserve encrypted files, best to save the EFS certificate in advance, for example with rekeywiz-command.
Note about preservation of credentials stored in Windows Vault
To preserve stored credentials after SID change, create a backup of the Vault before the SID change using Credential Manager's backup functionality.
The backup needs to be stored in user's TEMP-directory with the name SIDCHG.crd. The password of the vault is SIDCHG. User's TEMP-directory can be determined with command echo %TEMP% from command prompt.
Often it is C:\Users\username\AppData\Local\Temp. After the SID change and recovery of the Vault credentials, the SIDCHG.crd file will be deleted. To prevent the deletion, assign READ-only attribute
to the file. For increased security, the file can optionally be stored NTFS-encrypted.
Note about SID change with BitLocker
SIDCHG must not be run with BitLocker Volume encryption enabled. This leads to complete data loss. BitLocker needs to be turned off and drives being decrypted.
If desired, BitLocker can be reenabled after the SID change.
Note about storing key with /SK and /RMK options
The /SK option stores the Registration Key in Windows registry without doing the SID change while the /RMK option removes the Key from registry while also doing the SID change.
The usual usage is to store the key in the base image with SIDCHG /SK. On the clones the SID can then be changed without specifying the key. If you prefer the key to be removed
after the SID change, use /RMK option when changing the SID. SIDCHG64 /RMKNOW removes stored license key without changing the SID.
Note on ANY.RUN "Malicious Activity" report
An online report can be found from ANY.RUN which assigns to SIDCHG the verdict "Malicious Activity" and tags it as adware. SIDCHG's activity is for the purpose of implementing
best possible quality and complete SID change. The malicious activity reported is "Application was dropped or rewritten from another process". SIDCHG copies itself to Windows Temp directory, for
it to run in background, which cannot be done from user's download directory. This copy operation can be avoided if desired following the section How to further improve acceptance by Antivirus above.
SIDCHG also copies itself to local users' Temp directories, to be run by user once at first login after the SID change. This is to migrate encrypted files and other encrypted stored information like
Windows Action Center Settings to the new SID, which needs to be done individually by the logged in user. This copy of itself and run once can be avoided with SIDCHG option /NPP but then encrypted information
will be lost after the SID change. The report also labels as suspicious "Modifies files in Chrome extension folder". SIDCHG changes the SID within browser's (Edge, Chrome) configurations files.
This can be avoided using SIDCHGL instead of SIDCHG, where configured browser settings like Homepage and Bookmarks are lost after the SID change.
The report further mentions suspicious activity "Executable content was dropped or overwritten". SIDCHG does not modify any executable .exe or .dll file's content. But it checks permissions and ownership
of all files and modifies these if necessary to adjust to the new SID. The reason for the Tag "adware" could not be found elaborated in the report. SIDCHG does not show any ads, does not
connect to any ad server and does not make any network connections.
How to be alerted about updates of SIDCHG
To be informed when an update of SIDCHG becomes available, use service webalert.email. After registering and signin in, Add a New Web Alert for Url https://www.stratesave.com with keyword SIDCHG,
or possibly with key word New! which will inform you about any new or updated Stratesave Software.