Using the SAM Database’s Hidden Usercomment Field
The SAM database contains a field that’s inaccessible from NT’s User Manager GUI, making it an ideal place to store data you don’t want users to see. Reader Michael Hammond offers a batch file to populate the field and a script to parse the contents.
April 29, 2001
[Editor's Note: Email your Windows 2000 or Windows NT security tips or solutions (400 words or less) to Reader to Reader at [email protected]. We edit submissions for style, grammar, and length. If we print your contribution, you receive $100.]
The SAM database contains a User Manager field, Usercomment, that's inaccessible from NT's User Manager GUI. Like the GUI-accessible Description and Comment fields, Usercomment holds 48 characters. To populate the field, you use the Net User command with the /usercomment switch. For example, you can use the syntax
net user smithjd /usercomment: "123123"
to populate the Usercomment field of the record for user smithjd with the text 123123.
I needed a place to put employee ID numbers, but because of their sensitive nature, I didn't want them visible from User Manager. So, I used a simple batch file called popusercomment.bat, which Listing 1 shows, to populate the Usercomment field of each user account with an employee ID number. I was unable to find a third-party utility to parse this field, so I used the Net User command.
To make the parsing task easier, I used a Perl script called parseusercomment.pl, which Listing 2 shows, to extract this data from the command line and redirect it to a text file that I can import into a Microsoft SQL Server database. (You can download popusercomment.bat and parseusercomment.pl from the Code Library on the Security Administrator Web site, http://www.secadministrator.com.) In this script, the output filename is usercomment.txt, and the file will reside in the same folder in which you run the script. You can name the file whatever you like, and you can specify an absolute path for the file by using double backslashes in the path, like this:
C:\foldername\filename.txt
You must run the Perl script on a domain controller (DC), and the script needs a command line to use the Net User command. To learn how to install Perl for Win32, see Bob Wells and Toby Everett's Windows 2000 Magazine article Scripting Solutions, "Modify the Registry with Perl" (January 1998).
—Michael Hammond
[email protected]
About the Author
You May Also Like