Request for the Group Policy template to disable SID uniqueness check to avoid Kerberos/NTLM authentication failures

Question

Request for the Group Policy template to disable SID uniqueness check to avoid Kerberos/NTLM authentication failures

KENICHI HAGIHARA 0

Since the Windows Updates released after September 2025, the security behavior regarding SID uniqueness has become stricter. As a result, environments where duplicated machine SIDs exist can no longer access file shares, which is causing operational issues.

We have been temporarily uninstalling the corresponding security updates as a workaround. However, we have learned that Microsoft provides a method to disable SID uniqueness checking through a Group Policy setting.

Because the affected client devices are already deployed in production, regenerating machine SIDs (sysprep /generalize) is not a feasible option. Therefore, we would like to use the temporary workaround by applying the Group Policy that disables the SID uniqueness check.

Could you please provide the Group Policy Administrative Template (ADMX/ADML) that includes the “Disable SID uniqueness check” setting, or advise where we can download the official template from?

1 answer

Your answer

Answer 1

Carl-L 4,155 Microsoft External Staff Moderator

Hello KENICHI HAGIHARA,

Welcome to Microsoft Q&A forum. It's my pleasure to help you today.

I understand that you are trying to obtain a special Group Policy template to temporary disable SID uniqueness check. Microsoft provide this as a temporary solution for IT Administrators, so the template is not publicly provided on public forum like this. To obtain this, you will need to contact Microsoft Business support so they can provide you with the templates. You can follow the instructions and resolution in this article to contact them: Kerberos and NTLM authentication failures due to duplicate SIDs. Thank you for your understanding.

Please keep in mind that this is just a temporary solution, for a permanent fix, you will still need to rebuild the affected PCs with Sysprep /generalize.

Feel free to contact us again if you have any other questions.

KENICHI HAGIHARA 0 Reputation points

2025-12-11T09:27:42.9933333+00:00

Thank you for your response.

Just to confirm, does contacting Microsoft Business Support require purchasing a support plan if I do not already have one?
KENICHI HAGIHARA 0 Reputation points

2025-12-11T09:44:11.7766667+00:00

I have the Partner Cloud Support benefits, but I do not have any on-premises support plans contracted.
Carl-L 4,155 Reputation points Microsoft External Staff Moderator

2025-12-11T11:02:09.7+00:00

Hello KENICHI HAGIHARA,

Thanks for getting back to us.

This is the forum for consumers users, so my knowledge of this might be limited. You might need to check the requirements on the site yourself. However, as I know, you can also try to escalate a case on behalf of your customer through the Partner Center.

Best regards.
Carl-L 4,155 Reputation points Microsoft External Staff Moderator

2025-12-12T13:17:02.29+00:00

Hello KENICHI HAGIHARA,

Just checking in to make sure that you have received my reply. Please let me know if there are any updates.

Share via

Request for the Group Policy template to disable SID uniqueness check to avoid Kerberos/NTLM authentication failures

1 answer

Your answer