By standard imaged do you mean by yourselves? Was PGP Desktop included in this image? PGP Desktop uses a MACHINEGUID when enrolling and if more than one machine has the same MACHINEGUID then you can run in the problems similar to what you describe. The following will help prevent this in the future:
Deploying System Images with PGP Desktop
However, this won't help existing machines. You could write a script to push to the machines to change the GUID (mentioned in the link) of the machines with matching GUIDs, assuming you can establish what the similar GUID is. I've had to throw something together myself before, so I might be able to give some pointers for a script if needed (assuming I can find the original script).
You also mentioned duplicate SIDs on the network. This could be the cause if the above doesn't apply, in which case there's a tool called newSID that can generate a new SID for a machine. However, this was retired as Microsoft didn't believe duplicate SIDs on a Domain or Workgroup made a difference, so may not be relevant, so I'd look back at the PGP GUID.