Now that we’ve explored the pieces of information that Unix systems cobble together to form a user’s identity, let’s take a look at the same topic for NT/2000 users. Much of this info is conceptually similar, so we’ll dwell mostly on the differences between the two operating systems.
NT/2000 stores the persistent
identity information for a user in a database called the
SAM (Security Accounts Manager), or
directory, database. The SAM database is part of
the NT/2000 registry living in
%SYSTEMROOT%/system32/config. The files that
make up the registry are all stored in a binary format, meaning
normal Perl text manipulation idioms cannot be used to read or write
changes to this database. It is theoretically possible to use
Perl’s binary data operators (i.e.,
pack( ) and
unpack( )) with the SAM,
providing you do so when NT/2000 is not running, but this way lies
Luckily, there are better ways to access and manipulate this information via Perl.
One approach is to call an external binary to interact with the OS for you. Every NT/2000 machine has a feature-bloated command called net that can add, delete, and view users. net is quirky and limited, and probably the method of last resort.
For example, here’s the net command in action on a machine with two accounts:
net usersUser accounts for \\HOTDIGGITYDOG ---------------------------------- Administrator Guest The command completed successfully. ...