Using the SAM Database’s Hidden Usercomment Field

[Editor's Note: Email your Windows 2000 or Windows NT security tips or solutions (400 words or less) to Reader to Reader at [email protected]. We edit submissions for style, grammar, and length. If we print your contribution, you receive $100.]

The SAM database contains a User Manager field, Usercomment, that's inaccessible from NT's User Manager GUI. Like the GUI-accessible Description and Comment fields, Usercomment holds 48 characters. To populate the field, you use the Net User command with the /usercomment switch. For example, you can use the syntax

net user smithjd /usercomment: "123123"

to populate the Usercomment field of the record for user smithjd with the text 123123.

I needed a place to put employee ID numbers, but because of their sensitive nature, I didn't want them visible from User Manager. So, I used a simple batch file called popusercomment.bat, which Listing 1 shows, to populate the Usercomment field of each user account with an employee ID number. I was unable to find a third-party utility to parse this field, so I used the Net User command.

To make the parsing task easier, I used a Perl script called parseusercomment.pl, which Listing 2 shows, to extract this data from the command line and redirect it to a text file that I can import into a Microsoft SQL Server database. (You can download popusercomment.bat and parseusercomment.pl from the Code Library on the Security Administrator Web site, http://www.secadministrator.com.) In this script, the output filename is usercomment.txt, and the file will reside in the same folder in which you run the script. You can name the file whatever you like, and you can specify an absolute path for the file by using double backslashes in the path, like this:

C:\foldername\filename.txt

You must run the Perl script on a domain controller (DC), and the script needs a command line to use the Net User command. To learn how to install Perl for Win32, see Bob Wells and Toby Everett's Windows 2000 Magazine article Scripting Solutions, "Modify the Registry with Perl" (January 1998).

—Michael Hammond
[email protected]