[This is preliminary documentation and subject to change.]
Distributed link tracking on Windows NT 5.0 is designed in such a way that it does not provide any new capabilities to a rogue user who wishes to direct a link client to the wrong link source. As part of this protection, LSIDs are generated and assigned automatically by the system, and an ordinary user cannot simply assign an LSID to a file.
The table on the domain controller (DC) which maps birth LSIDs to the current revised LSIDs cannot be updated by an ordinary user or even a machine administrator. This table can only be updated by the System account on the machine which currently "owns" the link-source file. (The link-tracking service runs in the System account.) For example, if a link source resides on machine A, only the System account on machine A may write a new revised LSID to the DC.