chgrp Command Modify Windows Groups
Valid in the native Windows environment
capamsc141
Valid in the native Windows environment
Use the chgrp, editgrp, and newgrp commands to work with Windows groups. These commands are identical in structure and only vary in the following way:
- The chgrp commandmodifiesone or more Windows groups.
- The editgrp commandcreates or modifiesone or more Windows groups.
- The newgrp commandcreatesone or more Windows groups.
This command also exists in the AC environment but operates differently.
When defining more than one group or changing the properties of more than one group, enclose the list of group names in parentheses and separate the group names with a space or a comma.
To add or remove members from a group use the join or join- command.
This command has the following format:
{{chgrp|cg}|{editgrp|eg}|{newgrp|ng}} groupName \
[global] \ [comment(string)|comment-] \ [privileges(privList)] \ [privileges(-privList)] \ [rename_group]
- comment(string)Adds an alphanumeric comment string of up to 255 characters to the group record. If you previously added a comment string to the group record, the new string specified here replaces the existing string. If the string contains any blanks, enclose the entire string in single quotation marks.Standard Windows groups have a descriptive comment added on system installation. If you create a new group in both the Windows and AC environments,PAM Server Controlinserts the commentPAM Server ControlGroup.
- globalIndicates a global group. Each group name must be unique and cannot currently exist in the Windows database. Windows does not allow groups and users to share the same name.Use~groupNamewhen you create global groups and use the services ofPAM Server Controlversion 4.1. Version 4.1 and above support this format for backward compatibility.
- groupNameFor the command newgrp, specifies the name of the group record added to the database. Each group name must be unique and must not currently exist in the Windows database. Unlike thePAM Server Controldatabase, Windows does not allow groups and users to share the same name.For the command chgrp, specifies the name of the group whose properties you are changing.When defining more than one group or changing the properties of more than one group, enclose the list of group names in parentheses and separate the group names with a space or a comma.
- privileges(privList|-privList)Adds specific rights to the Windows group record or, when privList is preceded by a minus sign (-), removes the specified rights. Valid values are any of the privileges available in native Windows.You can specify this parameter only with the chgrp or editgrp command, and only when you are changing an existing group record. You cannot use it to assign privileges when you are creating a new group record.
- rename_groupRenames the group account in the Windows database. All the properties of the old group name apply to the renamed group account. Each group name must be unique and must exist in the Windows database. Unlike thePAM Server Controldatabase, Windows does not allow groups and users to share the same name.WhenPAM Server Controlis installed on Windows 2000 with Active Directory, it renames the pre-Windows 2000 group name.