Solved

Can I pull user info from the SAM?

Posted on 2006-10-30
3
138 Views
Last Modified: 2013-12-04
Alright, I'm unfamiliar with Windows Security, so please bear with me. I have an Access application, that pulls information from Active Directory, based on the user's logon. I currently pull their first and last name, logon name, and email address. This is critical as I need it for validation purposes, and the validation for each record works differently depending upon who's logged in, compared to who edited the record previously, so I can't validate using an Access workgroup solely. I need to grab this info, so I can compare it to our staff database, to grab the user's job title which is stored there. Here's the kicker:

We are currently migrating users to XP, from Windows 2000, but this will take many months, and I need this validation completed this week. MANY users are still using Windows 2000. The validation works on XP, but I am told that the way the users accounts are set up, there is no Active Directory for Windows 2000 users. It was suggested that I pull Windows 2000 users info from the SAM file. I know nothing about SAM's, and after reading up on them, I have no clue if it's even possible, or how to go about extracting information for them.

Can anyone tell me if it's possible to extract an email address (or any identifiable personal information) from the SAM, and if so, how to go about it?
0
Comment
Question by:Tyedyeguy
3 Comments
 
LVL 10

Accepted Solution

by:
Chris_Gralike earned 500 total points
ID: 17837838
I think querying the system account manager will be verry tough, if even possible. Maybe there are api`s available in the WMI toolset, but not any im aware of. Next to that it might indicate quite a large security leak if it is indeed possible using such api`s. Next to that AD not being available for windows 2k clients sounds just as odd as querying the SAM database.

If there is an AD that works for windows XP clients you might want to reffer to LDAP based queries against the AD the xp clients use... But then again, im not the access person and am not a programmer... :S

Sorry i cant be of more help, but sure enough... querying the sam database? or read the data from a flat file? that sounds like hacking course 1 :P

Regards,
0
 
LVL 53

Expert Comment

by:McKnife
ID: 17845760
"but I am told that the way the users accounts are set up, there is no Active Directory for Windows 2000 users" - ???
Just try it out, I doubt that anything will be different from xp.
0
 

Author Comment

by:Tyedyeguy
ID: 17862477
Sorry, I guess that I left out some information.  I have tried LDAP based queries, and I have tried pulling from AD for our Windows 2000 users. It gave me no errors, so everything appeared to be working. It wasn't until after a week of testing that I found out it wasn't really pulling the data (but everything looked like it was running fine).

I know next to nothing about Windows security, but I have since been told by many people that we don't use AD for our Windows 2000 user accounts. Beyond that, I haven't received any more clarification. It runs fine on my Windows 2000 machine, if I'm signed in using my XP account logon, so I'm quite certain the problem is more in how the user accounts are set up, then the OS itself. We're also migrating to a new network, so that could factor in as well.

I had to solve the problem by creating a table with specific user logon's in it for the users still using their Win2K accounts, as well as their identifiable personal records (first and last name). I compare that against our staff directory. I don't like it, but as a short-term solution, it'll work.

Thanks for the help guys. I'll give the points to Chris since he informed me that it doesn't sound possible.

0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now