The problem with the Microsoft-sanctioned method of rolling out NT is that it requires skilled staff to configure and maintain unattended Windows NT setup files. Microsoft provides a 128-page document that details unattended NT setups, and any reasonably skilled technician can wade through it and get results. However, deploying a workstation without applications, and, for that matter, testing the setup file, usually takes from 20 to 45 minutes. Compare this with taking a functioning workstation and conducting a 10-minute drive duplication with easy-to-use software. Multiply the time differential by hundreds of workstations, and it's easy to see why duplication is a compelling option.

To make an informed decision about whether to duplicate Windows NT or use the more cumbersome and complex install methods, you should read Microsoft's position, detailed in Knowledge Base Article Q162001 (support. microsoft.com/support/ kb/articles/q162/0/01.asp). In a nutshell, Microsoft does not support duplicated workstations because each NT workstation should have a unique SID (Security ID).

Obviously, straight duplication of a specific workstation will result in both workstations having the same SID. Fortunately, duplication lets you easily create a unique workstation SID using a SID generator either during or after duplication. After one of these tools is used, a correctly duplicated NT workstation is indistinguishable from an installed NT workstation.

After pilot tests prove to network managers that duplication works if it is done correctly, the decision often is not whether to duplicate, but which duplication technologies and techniques to use. With this in mind, we tested SID generators from KeyLabs, Micro House International, PowerQuest Corp., Symantec Corp. and Systems Internals.

Besides discovering that not all SID generators are created equal, we found that some tools can cut down on postduplication technician error by automatically assigning specific machine names and IP addresses. We were impressed with features like image multicasting, and found that the ability to compress, write directly to tape and span image files can help with long-term image storage. Licensing for many of the more sophisticated packages is per workstation duplicated, so check licensing policies before purchasing. Some packages let you license per technician, which can significantly cut costs.

Although Microsoft's officially sanctioned deployment methods do work, they require that you become familiar with the structure of .INF files. Also, an automated setup can take three times as long as a straight duplication. Bottom line: Duplication always takes less time and is far less complex. Combine an initial duplication rollout with software deployment tools, and you've got a one-two punch that will streamline rollouts and future upgrades.

That Vicious SID Other vendors don't ban duplication of their operating systems; for example, IBM Corp.'s AIX supports the creation of a bootable system backup that can be used as a deployment tool as well. Of course, most other operating systems don't use specific software-generated identifiers. So the question is, what's the big deal about the SID?

Empirical evidence shows that SID duplication is not actually such a big deal; before SID generators were available, we saw large installations of NT 4.0 workstations that worked without problems. These workstations weren't part of an NT domain; instead, they were using Novell's IntranetWare Client32 with Workstation Manager, which allowed them to authenticate via NDS rather than an NT domain. We've also seen clients that work just fine after being disk-duplicated, then joined to an NT domain.

According to Microsoft's Q162001, a standalone NT workstation generates a "statistically unique" SID on its first bootup to GUI mode. It then creates users and groups based on the computer's SID. That is, each computer has a unique number, and each user number is concatenated to the computer number, resulting in a fully qualified user SID. For example, if your computer number is 32768 and your user number on that computer is 1001, your fully qualified SID would be 32768-1001. In real life, the computer IDs are 48-bit quantities, meaning that the chances of duplication are very slim.