Was thinking... the UserID is saved in the tokenized file as the human readable name and not the SID of the account. This can be a good thing in the case of local accounts that would have different SIDs but I wonder if there may be a desire to force it to the SID instead? Maybe an optional /SID parm?

I cannot think right now of how someone might abuse this, but just because I'm paranoid, doesn't mean someone is NOT out to get me.
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.