secons -acee Function Display ACEE Records on Windows

Valid on Windows
capamsc141
Valid on Windows
The secons utility lets you monitor the Accessor Element Entry (ACEE) table that caches accessors in the authorization engine. The ACEE stores information about the following users:
  • Logged in user 
    A user that has logged in to the operating system. Specific ACEE attributes for this type of user are:
    • Login session ID
    • Login session type
  • Management user 
    A user that has logged in to a 
    PAM Server Control
    management application (using an LCA connection). For example, selang.
  • Authorization API user 
    A user that was referenced in SEOSROUTE_* API.
  • SPECIALPGM Logical user 
    A user that is being references at least in one SPECIALPGM record. A specific ACEE attribute for this type of user is:
    • ACEE association with SPECIALPGM records
  • Built in user
    A user that is built in
    PAM Server Control
    . For example,
    _undefined
    .
Only a 
PAM Server Control
administrator can use this command.
This command has the following format:
secons -acee [handle | all | list]
  • all
    Displays all ACEE records.
  • handle
    Defines the ACEE handle you want to display.
  • list
    Displays a summary list of all ACEE records, without the full details.
Examples: Display ACEE Records
  • This example displays a list of handles in the ACEE:
    secons -acee list
    The secons output looks like this:
    ACEE handle '0' represents 'Logged on User': NT AUTHORITY\ANONYMOUS LOGON (OS User) ACEE handle '1' represents 'Logged on User': NT AUTHORITY\NETWORK SERVICE (OS User) ACEE handle '2' represents 'Logged on User': COMP1-SRV-X86\John ACEE handle '3' represents 'Logged on User': NT AUTHORITY\LOCAL SERVICE (OS User) ACEE handle '4' represents 'Logged on User': NT AUTHORITY\SYSTEM (OS User) ACEE handle '5' represents 'Management User': COMP1-SRV-X86\John ACEE handle '6' represents 'SPECIALPGM Logical User': logicaluser
  • This example displays handle 6 in the ACEE:
    secons -acee 6
    The secons output looks like this:
    ACEE handle '6' represents 'SPECIALPGM Logical User': logicaluser ACEE was created at: Wed Feb 20 17:35:52 2008 ACEE was last accessed at: Wed Feb 20 17:35:52 2008 ACEE user role is: Regular ACEE audit mode is: Failure, Login Success, Login Failure; Originated from User definition ACEE user is a member of 0 'CA ControlMinder' groups ACEE user is associated with 1 SPECIALPGM records 1. C:\WINDOWS\system32\calc.exe