Reset UID?

Askoik

On early versions of Client Security we used command "fsmautil resetuid" before taking an image of installation. Now I haven't made any new images for couple years, but tomorrow we should create a new image of Win 7 workstation installation and spread it into some new machines.

 

I noticed that the new version of Client Security has two different ways to create UID. Which one I should choose for image installation and how do I reset the F-secure UID before taking image? With the same tool as I did several years ago?

 

Or does it reset automatically when I reset Windows SID with sysprep tool?

 

Asko

 

 

Vad

Hello Asko,

 

Yes, it's the same fsmautil. If you execute it from CMD you'll see the following help:

 

FSMAUTIL - F-Secure Management Agent Utility
Operations:
 FSMAUTIL POLL - Poll the F-Secure Management Server immediately.
 FSMAUTIL SHOWUID - Show the host Unique Identity.
 FSMAUTIL RESETUID {SMBIOSGUID | RANDOMGUID} [APPLYNOW] - Regenerate the host Unique Identity.
 Where:
   SMBIOSGUID - use SMBIOS GUID as host Unique Identity
   RANDOMGUID - use randomly generated GUID as host Unique Identity
   APPLYNOW   - restart F-Secure Management Agent to regenerate the host Unique
Identity and take it into use immediately

 

So, you can decide what's better for you - SMBIOSGUID or RANDOMGUID, and the procedure is pretty same as it was.

You can use APPLYNOW option if you want the new ID to be taken in use immediately. Otherwise it will be taken in use after reboot or restart of fsma service.

 

> Or does it reset automatically when I reset Windows SID with sysprep tool?

 

No, it will not. You need to do it manually with fsmautil. No other options.

 

Best regards,

Vad

Jayson

Hi Asko,

Just to add an information to your post. This might be helpful to other user with the same question.

 

Reset SID doesn't help in this case as the SID is OS-based identifier but SMBIOS GUID (aka UUID) is stored in the BIOS. Both are unique and used for different functions.

The format of both Machine SID and UUID shown below:
Machine SID -> S-1-(1d)-(10d-10d-10d)
UUID -> Pretty print: (8d)-(4d)-(4d)-(4d)-(12d) or Raw byte order: (32digits)

You should have no issue using SMBIOS GUID to clone an installation or deploying image in virtual enviroments. According to industry standards hardware BIOS should not be cloned, same as MAC address, these IDs should be unique.   

 

Hope this helps.

Thanks.


Best Regards,
Jayson

MJ-perComp

Hi,

one of the reason to use the GUID/SMBIOS-ID was to ease cloning.

By design F-Secure Management Agent should detect the new ID and report to the PMS using the new ID.

Depending on your autoimport settings the host will automatically be added to the right subdomain and receive a new policy.

 

ResetUID should not be needed any more (while it is still in the manual).

 

The old RandomUID is only needed in rare cases (broken SMBIOSID, multi-boot machines).

 

Best Regards

Matthias