USER Class (Windows Environment)

The USER class contains all user records defined to the Windows operating system. The key of the USER record is the name of the user, which is the name that the user entered when logging in to the system.
capamsc141
The USER class contains all user records defined to the Windows operating system. The key of the USER record is the name of the user, which is the name that the user entered when logging in to the system.
The following definitions describe the properties contained in this class record. Most properties are modifiable and can be manipulated using selang or the administration interfaces. Nonmodifiable properties are marked
informational
.
  • BAD_PW_COUNT
    (Informational). The number of times the user tried to log in to the account using an incorrect password. A value of -1 indicates that the value is unknown.
  • COMMENT
    Additional information that you want to include in the record.
    Privileged Access Manager
    does not use this information for authorization.
    Use the comment[-] parameter with the chusr, editusr, and newusr commands to modify this property.
    Limit:
    255 characters.
  • COUNTRY
    A string that specifies a country descriptor for a user. This string is part of the X.500 naming scheme.
    Privileged Access Manager
    does not use it for authorization.
    Use the country parameter with the chusr, editusr, and newusr commands to modify this property.
  • DAYTIME
    The day and time restrictions that govern when a user can access the resource.
    Use the restrictions parameter with the chusr, editusr, and newusr commands to modify this property.
    Note:
    The information in this property is identical to the information in the DAYTIME property in the AC environment. However, any minute value that is entered is truncated.
  • DIAL_CALLBACK
    The type of call-back privileges provided to the user. The following options are defined:
    • NoCallBack
      The user has no call-back privileges.
    • SetByCaller
      The remote user can specify a call-back phone number when dialing in.
    • Call-back Phone Number
      The administrator sets the call-back number.
    Use the gen_prop or gen_val parameters with the chusr or editusr command to modify this property.
  • DIAL_PERMISSION
    Permission to dial in to the RAS server. When you specify 0 as value, the user cannot dial in to the RAS server.
    Use the gen_prop or gen_val parameter with the chusr or editusr command to modify this property.
  • EXPIRE_DATE
    The date on which a USER record expires and becomes invalid. A value for the EXPIRE_DATE property in a USER record overrides a value in a GROUP record. To reinstate the expired record, use the chusr command with the expire- parameter. You cannot resume an expired user. You can resume a suspended user by specifying a resume date.
    Use the expire or expire- parameter with the chusr, editusr, or newusr command to modify this property.
  • FLAGS
    Flags that you can assign to the account of a user to specify particular attributes. You can apply more than one flag to each account.
    Use the flags parameter with the chusr, editusr, and newusr commands to modify this property.
  • FULL_NAME
    The full name associated with a user.
    Privileged Access Manager
    uses the full name to identify the user in audit log messages, but not for authorization.
    Use the name parameter with the chusr, editusr, or newusr command to modify this property.
  • GID
    A value that contains the relative identifier of the group. The accounts database determines the relative identifier when the group is created. The relative identifier uniquely identifies the group to the account manager within the domain.
  • GROUPS
    The list of groups a user belongs to. The group list that is contained in this property can be different from the one in the AC environment GROUPS property.
    Use the group parameter with the join[-] command to modify this property.
  • HOME
    The home directory is the folder that is accessible to the user and contains files and programs for that user. The home directory can be assigned to an individual user or can be shared among many users.
  • HOMEDIR
    A string specifying the home directory of a user. Users log in to their home directories automatically.
    Use the homedir parameter with the chusr, editusr, or newusr command to modify this property.
  • HOME_DRIVE
    A string that specifies the drive of the home directory of a user. Users log in to their own home drives and home directories automatically.
    Use the homedrive parameter with the chusr, editusr, or newusr command to modify this property.
  • ID
    A value that contains the relative ID (RID) of the user. The Security Account Manager (SAM) determines the RID when the user is created. The RID uniquely defines the user account to SAM within the domain.
  • LAST_ACC_TIME
    (Informational). The date and time of the last login.
  • LAST_LOGOFF
    (Informational). The date and time of the last logoff.
  • LOCATION
    A string that is used to store a user location.
    Privileged Access Manager
    does not use this information for authorization.
    Use the location parameter with the chusr, editusr, and newusr commands to modify this property.
  • LOGON_SERVER
    A string that specifies the server that verifies the login information for the user. When the user logs in to the domain workstation,
    Privileged Access Manager
    transfers the login information to the server. The server gives the workstation permission for the user to work.
  • MAX_LOGINS
    (Informational). The number of times the user logged in successfully to this account. A value of -1 indicates that the value is unknown.
  • NAME
    The name of the user.
  • ORGANIZATION
    A string that stores information on the organization in which the user works. This string is part of the X.500 naming scheme.
    Privileged Access Manager
    does not use it for authorization.
    Use the organization parameter with the chusr, editusr, and newusr commands to modify this property.
  • ORG_UNIT
    A string that stores information about the organizational unit in which the user works. This string is part of the X.500 naming scheme.
    Privileged Access Manager
    does not use it for authorization.
    Use the org_unit parameter with the chusr, editusr, and newusr commands to modify this property.
  • PASSWD_EXPIRED
    Expiration date for the user account.
  • PGROUP
    A user's primary group ID. A primary group is one of the groups in which a user is defined. A primary group must be a global group. This string cannot include spaces or commas.
    Use the pgroup parameter with the chusr, editusr, or newusr command to modify this property.
  • PHONE
    A string that can be used to store a user telephone number. This information is not used for authorization.
    Use the phone parameter with the chusr, editusr, and newusr commands to modify this property.
  • PRIVILEGES
    The Windows rights assigned to the user.
    Use the privileges parameter with the chusr, editusr, or newusr command to modify this property.
  • PROFILE
    A string that specifies a path to the profile of the user. This string can include a local absolute path, or a UNC path.
    Use the profile parameter with the chusr, editusr, or newusr command to modify this property.
  • PW_LAST_CHANGE
    (Informational). The date and time on which the password was updated.
  • RESUME_DATE
    The date on which a suspended USER account becomes valid.
    See SUSPEND_DATE for an explanation of how RESUME_DATE and SUSPEND_DATE work together.
  • SCRIPT
    A string that specifies the path for the logon script file of the user. The script file can be a .CMD, .EXE , or .BAT file.
  • TERMINALS
    A string that specifies a list of terminals from which the user can log in.
    Use the terminals parameter with the chusr, editusr, and newusr commands to modify this property.
  • TS_CONFIG_PGM
    A value that indicates whether the client can specify the initial program.
    The TS_INITIAL_PGM user property indicates the initial program. If you specify the initial program of a user, it becomes the only program that user can run. The terminal server logs off the user when the user exits that program.
    When this value is set to 1, the client can specify the initial program. When this value is set to 0, the client cannot specify the initial program.
    Use the gen_prop and gen_val parameters with the chusr and editusr commands to modify this property.
  • TS_HOME_DIR
    The path of the home directory of the user for terminal server logon. This string can specify a local path or a UNC path (\\machine\share\path).
    Use the gen_prop and gen_val parameters with the chusr and editusr commands to modify this property.
  • TS_HOME_DRIVE
    A drive specification (a drive letter followed by a colon) to which the UNC path is specified in the TS_HOME_DIR property.
    Use the gen_prop and gen_val parameters with the chusr and editusr commands to modify this property.
  • TS_INITIAL_PGM
    The path of the initial program that Terminal Services runs when the user logs on.
    If you specify the initial program of a user, that is the only program that user can run. Terminal server logs off the user when the user exits that program.
    When TS_CONFIG_PGM property is set to 1, the client can specify the initial program.
    Use the gen_prop and gen_val parameters with the chusr and editusr commands to modify this property.
  • TS_PROFILE_PATH
    The path of the profile of the user for terminal server logon. The directory that is identified by the path must be created manually and must exist before the logon.
    Use the gen_prop and gen_val parameters with the chusr and editusr commands to modify this property.
  • TS_WORKING_DIR
    The path of the working directory for the initial program that Terminal Services runs when the user logs on.
    Use the gen_prop and gen_val parameters with the chusr and editusr commands to modify this property.
  • WORKSTATIONS
    A list of the workstations from which the user can log in.
    Use the workstations parameter with the chusr, editusr, and newusr commands to modify this property.