The Security Accounts Manager (SAM) is a protected subsystem that manages user and group account information in Windows NT, Windows 2000, and Windows XP. In Windows NT 4.0, both local and domain security principals are stored by SAM in the SAM database in the registry. In Windows 2000 Professional and Windows XP Professional, local security accounts are stored by SAM in the local computer registry. Windows 2000 stand-alone servers and member servers also use the SAM database in the registry. Security accounts in Windows 2000 domain controllers are stored in Active Directory.
The SAM database stores user and group accounts. No group can have a user's name and vice versa. This is different from the single UNIX specification, in which users and groups are separate. In fact, the SAM database replaces the files /etc/passwd and etc/groups.
On Windows NT servers, you can find, add, modify, and delete users and groups with the User Manager for Domains application, located in the Start menu under Administrative Tools. Windows NT workstations and standalone servers have a similar program called User Manager. You can manage security accounts on Windows 2000 domain controllers with the Active Directory Users and Computers snap-in. To manage security accounts on standalone Windows 2000 Servers and on Windows 2000 Professional and Windows XP Professional workstations, use the Computer Management snap-in.
You can also use the Windows commands net user and net localgroup to manage accounts. These commands work well in shell scripts that add and remove users. Sample shell scripts for managing users are included in the /usr/examples/admin directory.