How can I define/edit a user's security ID?

First time poster here. I'm a Mac user and use a virtualized Windows environment, via VMware Fusion, for all of my Windows needs. Many years ago I installed an important application into my then Windows 7 VM and that program used a license file tied to some unique identifier for that VM. Since then I've upgraded that VM to Windows 10 and then to Windows 11 - each time successfully importing the previous VM into the VM with the new version of Windows. I've recently purchased a new MacBook Pro, however (and importantly) this one uses an ARM processor whereas all the earlier machines were Intel-based. I was forced to do a fresh Windows 11 ARM install on the new Mac which involved creating my user account (same name as always) but sadly there is no way to migrate an Intel Windows 11 VM into an ARM Windows 11 VM.

I very carefully copied across all of the files relating to that important program (for which I no longer have the installer) but each time I run it the license manager complains that the unique ID is different and refuses to run the program. I've absolutely confirmed the unique ID is not related to the MAC address or any kind of unique ID given to the VM by VMware. I've come to the conclusion that the ID the license file is tied to is actually my user Security ID (SID). I've brought up my Intel Windows 7, 10 & 11 VMs and they all have different MAC addresses and VM IDs, but they ALL have the same user SID e.g. S-1-5-21-123456789-987654321-1234567890-1000. Only in the ARM version of Windows 11 on my new machine is the user SID different. I believe all I have to do is either edit my account's SID to be the same as on the Intel VMs or create a duplicate account with the same SID and then use that.

While I can easily understand that this is something no OS wants you to do, I tried editing the SID in the Registry Editor but it wouldn't let me (even after trying various permission changes). I also tried exporting the two SID entries (blah & blah_Classes), editing their SIDs and then importing them but it wouldn't let me do that either. Does anybody know how I can get this done?

I should also mention that my account on Windows 11 is a fully local one - not linked to a Microsoft account (and all the hooks that go with it).

I don't believe your app's license is tied to your user SID, a more likely explanation is it's tied to your individual Windows instance's system SID. Because if licensing was tied to your SID, then no one else on the same PC could use the software. That doesn't make any sense.

When you migrated the same VM instance from W10 to 11, the image kept the same Windows SID. But when you created a new VM, like you did moving from Intel to ARM silicon, that image gets a whole different SID.

If you can't get around the licensing problem, then you'll need to keep an Intel host to run the old VM, and use Remote Desktop. No, there's no real way to force an arbitrary system SID in modern W10/11 releases. sysprep /generalize will remove the existing SID, but tools like Sysinternal's NewSID have been deprecated and no longer work. I found a Superuser thread talking about the technical requirements on how it could be done, but that didn't finish with any instructions.

Thanks Garlin. That software was definitely only meant for exactly one seat so it might have still been tied to a specific user. That being said, your hypothesis also makes sense. Is there a way to confirm the Windows SID on all of my other VMs so I can confirm your suspicions?

Forgot to add, licensing can also be tied to your HW signature. A VM instance has one, and following the same principle, if you create a different VM instance changes it.

The system SID is your current SID, minus the last dashed part. The problem is you can't just change your SID, because it's derived from the system's SID (the whole prefix to the left of the last dash). You can't be a stranger on your own system.

If you still have the original VM running on Intel, you can test your theory (license tied to an unique SID), by creating a new local user and seeing if the software runs or not. A new local account will increment the SID's last number by one.

Really appreciate your inputs and opening up potential solutions. On my old Intel Mac I created another user and ran the program within that account. It recognized that something was different and brought up the license manager and quoted the ID that it sees as being different to that in the original user in which it does work. I also checked in the Registry Editor and see that the new user account has the same SID but the last part dashed went from -1000 to -1004.

I think that pins it down to potentially BOTH the user and and the machine, would you agree?

I'm happy to reinstall Windows 11 all over again. Pretty much the only reason I keep that VM around is to run that program. Is there some way to define the SID at installation time?

I guess they're really strict. Don't know your technical expertise, but here's a possible migration path:

1. Shutdown VM on the Intel platform. Boot from a mounted Windows ISO like you're doing an install, escape to CMD using Shift-10.
2. Run a DISM capture of the VM's local disk without sysprepping (you want to keep the original state intact).
3. Start the new VM on the ARM platform. Boot from a mounted Windows ISO again, escape to CMD.
4. Reformat the C:\ volume.
5. DISM /apply-image to extract the captured image to C:\
6. If the "donor" VM was already working, you shouldn't have to make any changes to make it bootable.
7. Reboot into the old instance.

This summary skips quite a few details, but it follows most tutorials on DISM capturing and re-applying a previously installed Windows. Except you skip the generalize parts which reset the SID. And instead of different disks, it's different VM's.

That's certainly complex - I'll need to research things a little more before giving that a try (and I'm going to watch a movie now before hitting the sack). Very much appreciate your perseverance with me. Maybe by the time I tackle this tomorrow somebody else may chime in with a more palatable way out of this pickle. It sure looks like the Windows installer either has a random number generator built in or perhaps the number is derived from the Windows license key.

Back in the old W7 days, when your first VM was installed it was easier to hack the SID (hence the not-random 123456789-987654321-1234567890 sequence). Later Windows locked down those sheningans, and only allowed new random SID instances as originally intended. You can play serious games in an Active Directory environment with inadvertantly duplicated SID's. It's like the mayhem when you see duplicate IP's on the same network.

The only way to keep the old SID is export the entire Windows instance to a new VM, without re-installing from scratch. Take your time, you still have the old machine around to run the app.

Sorry for long delay - I've been busy with a big yard work project. I was going to make a start on the procedure outlined earlier, but hit some snags. Here is what I think I need to do:

On the Intel Mac I mount the Intel Windows 11 iso within macOS. In the VM settings I define the CD/DVD to be the mounted iso on the Mac side and then specify the VM startup disc as the CD/DVD drive. That gets me booting via the Windows 11 installation iso when I start the VM, at which time I do Shift-F10 and I get a CMD window that shows the prompt "X:\sources". I inserted a USB drive at that point and I see that it mounted as F: so that's where I'll put the image.

Based on instructions from:

I think I need to do:
Dism /Capture-Image /ImageFile:F:\Intel.wim /CaptureDir:C:\ /Name:Intel-C /ea
where the \ea is for extended attributes (which seems like a good thing to do).

but I have a couple questions at this point:

- How do I disable sysprepping? Is it disabled by default?
- I tested the above and see that Intel.wim was created in F:\. It completed in an instant and is only 500kB which can't be right. Did I do something wrong?
- I'm not sure what the /Name option does for me or if it's even needed.
- Do I cleanly get out of the CMD window by just restarting the VM (after having reset the startup disk to the VM's hard drive)?

Assuming I get that resolved, I then take the USB drive containing Intel.wim file and attach it to my ARM Mac. I mount the ARM Windows 11 iso on that Mac and boot into it as before and then do Shift-F10 to get the CMD window again. I now think I need to do:
format c: /fs:ntfs
Dism /Apply-Image /ImageFile:F:\Intel.wim /ApplyDir:C:\

Can you please confirm the above before I potentially screw something up. Many thanks!

Another thing occurs to me. Within C: on the Intel VM there is a Windows directory which presumably contains native code for the Windows OS. If I reformat C: on the ARM machine and do the Dism /Apply-Image from the Intel VM, am I inappropriately putting Intel OS code into an ARM world?

Hoping I haven't worn out my welcome. Is anybody please able to comment on my previous two posts?