[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 153
  • Last Modified:

Can I pull user info from the SAM?

Alright, I'm unfamiliar with Windows Security, so please bear with me. I have an Access application, that pulls information from Active Directory, based on the user's logon. I currently pull their first and last name, logon name, and email address. This is critical as I need it for validation purposes, and the validation for each record works differently depending upon who's logged in, compared to who edited the record previously, so I can't validate using an Access workgroup solely. I need to grab this info, so I can compare it to our staff database, to grab the user's job title which is stored there. Here's the kicker:

We are currently migrating users to XP, from Windows 2000, but this will take many months, and I need this validation completed this week. MANY users are still using Windows 2000. The validation works on XP, but I am told that the way the users accounts are set up, there is no Active Directory for Windows 2000 users. It was suggested that I pull Windows 2000 users info from the SAM file. I know nothing about SAM's, and after reading up on them, I have no clue if it's even possible, or how to go about extracting information for them.

Can anyone tell me if it's possible to extract an email address (or any identifiable personal information) from the SAM, and if so, how to go about it?
0
Tyedyeguy
Asked:
Tyedyeguy
1 Solution
 
Chris GralikeSpecialistCommented:
I think querying the system account manager will be verry tough, if even possible. Maybe there are api`s available in the WMI toolset, but not any im aware of. Next to that it might indicate quite a large security leak if it is indeed possible using such api`s. Next to that AD not being available for windows 2k clients sounds just as odd as querying the SAM database.

If there is an AD that works for windows XP clients you might want to reffer to LDAP based queries against the AD the xp clients use... But then again, im not the access person and am not a programmer... :S

Sorry i cant be of more help, but sure enough... querying the sam database? or read the data from a flat file? that sounds like hacking course 1 :P

Regards,
0
 
McKnifeCommented:
"but I am told that the way the users accounts are set up, there is no Active Directory for Windows 2000 users" - ???
Just try it out, I doubt that anything will be different from xp.
0
 
TyedyeguyAuthor Commented:
Sorry, I guess that I left out some information.  I have tried LDAP based queries, and I have tried pulling from AD for our Windows 2000 users. It gave me no errors, so everything appeared to be working. It wasn't until after a week of testing that I found out it wasn't really pulling the data (but everything looked like it was running fine).

I know next to nothing about Windows security, but I have since been told by many people that we don't use AD for our Windows 2000 user accounts. Beyond that, I haven't received any more clarification. It runs fine on my Windows 2000 machine, if I'm signed in using my XP account logon, so I'm quite certain the problem is more in how the user accounts are set up, then the OS itself. We're also migrating to a new network, so that could factor in as well.

I had to solve the problem by creating a table with specific user logon's in it for the users still using their Win2K accounts, as well as their identifiable personal records (first and last name). I compare that against our staff directory. I don't like it, but as a short-term solution, it'll work.

Thanks for the help guys. I'll give the points to Chris since he informed me that it doesn't sound possible.

0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now