Windows NT/2000 User Identity

Now that we’ve explored the pieces of information that Unix systems cobble together to form a user’s identity, let’s take a look at the same topic for NT/2000 users. Much of this info is conceptually similar, so we’ll dwell mostly on the differences between the two operating systems.

NT/2000 User Identity Storage and Access

NT/2000 stores the persistent identity information for a user in a database called the SAM (Security Accounts Manager), or directory, database. The SAM database is part of the NT/2000 registry living in %SYSTEMROOT%/system32/config. The files that make up the registry are all stored in a binary format, meaning normal Perl text manipulation idioms cannot be used to read or write changes to this database. It is theoretically possible to use Perl’s binary data operators (i.e., pack( ) and unpack( )) with the SAM, providing you do so when NT/2000 is not running, but this way lies madness and misery.

Luckily, there are better ways to access and manipulate this information via Perl.

One approach is to call an external binary to interact with the OS for you. Every NT/2000 machine has a feature-bloated command called net that can add, delete, and view users. net is quirky and limited, and probably the method of last resort.

For example, here’s the net command in action on a machine with two accounts:

C:\>net users User accounts for \\HOTDIGGITYDOG ---------------------------------- Administrator Guest The command completed successfully. ...

Get Perl for System Administration now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.