A. Yes. Consider the following, paraphrased from an email from Jeremy Moskowitz of gpanswers.com:
Imagine you have three Windows NT or later machines. They're all clones, with the same SID. There are local accounts on each with the following computer name-user SID combos:
- CompA: Fred (501), Wilma (502), Barney (503)
- CompB: Jerry (501), Elaine (502), George (503)
- CompC: Harry (501), Sally (502), Mom (503)
If Fred stores something on an external NTFS drive, it's only protected by his SID. That means that Jerry or Harry could read from Fred's drive. The same situation exists for Wilma, Elaine, and Sally and for Barney, George, and Mom. As you can see, SIDs must be changed to ensure that external NTFS (or stolen internal NTFS) drives can't be read by anyone other than the user who's written on the item's ACL.
There's a counter to this argument that says NTFS security on removable drives is worthless anyway, because there are many third party applications and services that can read NTFS and bypass the security.
Related Reading:- Q. Is it true that I don't need to worry about duplicate machine SIDs anymore?
- Q: Can two Active Directory (AD) accounts have identical SIDs? If so, how can I remove the duplicate account?
- What are the problems with workstations having the same SID?
- Determining the SID of a Windows Group
Check out hundreds more useful Q&As like this in John Savill's FAQ for Windows. Also, watch instructional videos made by John at ITTV.net.
