TFS, Virtualisation, and Newsid
Came across an interesting problem the other day.
We were setting up a TFS (Team Foundation Server) virtual machine using Microsoft Virtual Server. The way that wee were doing it wa sto use differencing disks. (See this article for a great walkthrough by Andrew Connel of how to use differencing disks). We had created a base disk with Windows 2003 R2 fully patched. We then created a differencing disk from this, applied Newsid to change the SID and the name, and installed IIS. We then created a new differencing disk with the IIS disk as the parent, applied Newsid (to change the name and SID), joined it to the domain, and isntlaled TFS as per the installation guide. When we got to the end, we could not create projects or uplaod new process templates. It was beginning to become very very annoying.
After trying a lot of different things, we traced it down to the use of Newsid when we created the final differencing disk. What was happening was that Newsid certainly changes the SID of the machine, but leaves the ACL's of the IIS service. So wha thtis means, is that the IIS service ACLs in the IIS metabase have anumber of orphans. SO that when you try and create a new Sharepoint site, it does not work (not sure why this is, just that it does not work).
So, we found there are 3 was to do deal with this:
1. Don't use differencing disks. 
2. Do not isntall IIS until after newsid has been run
3. If you do run newsid after installing IIS, uninstall IIS and re-install after running newsid. This fixes the ACL's and TFS installs with no problems.