USER Class (Windows Environment)
The USER class contains all user records defined to the Windows operating system. The key of the USER record is the name of the user, which is the name that the user entered when logging in to the system.
capamsc141
The USER class contains all user records defined to the Windows operating system. The key of the USER record is the name of the user, which is the name that the user entered when logging in to the system.
The following definitions describe the properties contained in this class record. Most properties are modifiable and can be manipulated using selang or the administration interfaces. Nonmodifiable properties are marked
informational
.- BAD_PW_COUNT(Informational). The number of times the user tried to log in to the account using an incorrect password. A value of -1 indicates that the value is unknown.
- COMMENTAdditional information that you want to include in the record.Privileged Access Managerdoes not use this information for authorization.Use the comment[-] parameter with the chusr, editusr, and newusr commands to modify this property.Limit:255 characters.
- COUNTRYA string that specifies a country descriptor for a user. This string is part of the X.500 naming scheme.Privileged Access Managerdoes not use it for authorization.Use the country parameter with the chusr, editusr, and newusr commands to modify this property.
- DAYTIMEThe day and time restrictions that govern when a user can access the resource.Use the restrictions parameter with the chusr, editusr, and newusr commands to modify this property.Note:The information in this property is identical to the information in the DAYTIME property in the AC environment. However, any minute value that is entered is truncated.
- DIAL_CALLBACKThe type of call-back privileges provided to the user. The following options are defined:
- NoCallBackThe user has no call-back privileges.
- SetByCallerThe remote user can specify a call-back phone number when dialing in.
- Call-back Phone NumberThe administrator sets the call-back number.
- DIAL_PERMISSIONPermission to dial in to the RAS server. When you specify 0 as value, the user cannot dial in to the RAS server.Use the gen_prop or gen_val parameter with the chusr or editusr command to modify this property.
- EXPIRE_DATEThe date on which a USER record expires and becomes invalid. A value for the EXPIRE_DATE property in a USER record overrides a value in a GROUP record. To reinstate the expired record, use the chusr command with the expire- parameter. You cannot resume an expired user. You can resume a suspended user by specifying a resume date.Use the expire or expire- parameter with the chusr, editusr, or newusr command to modify this property.
- FLAGSFlags that you can assign to the account of a user to specify particular attributes. You can apply more than one flag to each account.Use the flags parameter with the chusr, editusr, and newusr commands to modify this property.
- FULL_NAMEThe full name associated with a user.Privileged Access Manageruses the full name to identify the user in audit log messages, but not for authorization.Use the name parameter with the chusr, editusr, or newusr command to modify this property.
- GIDA value that contains the relative identifier of the group. The accounts database determines the relative identifier when the group is created. The relative identifier uniquely identifies the group to the account manager within the domain.
- GROUPSThe list of groups a user belongs to. The group list that is contained in this property can be different from the one in the AC environment GROUPS property.Use the group parameter with the join[-] command to modify this property.
- HOMEThe home directory is the folder that is accessible to the user and contains files and programs for that user. The home directory can be assigned to an individual user or can be shared among many users.
- HOMEDIRA string specifying the home directory of a user. Users log in to their home directories automatically.Use the homedir parameter with the chusr, editusr, or newusr command to modify this property.
- HOME_DRIVEA string that specifies the drive of the home directory of a user. Users log in to their own home drives and home directories automatically.Use the homedrive parameter with the chusr, editusr, or newusr command to modify this property.
- IDA value that contains the relative ID (RID) of the user. The Security Account Manager (SAM) determines the RID when the user is created. The RID uniquely defines the user account to SAM within the domain.
- LAST_ACC_TIME(Informational). The date and time of the last login.
- LAST_LOGOFF(Informational). The date and time of the last logoff.
- LOCATIONA string that is used to store a user location.Privileged Access Managerdoes not use this information for authorization.Use the location parameter with the chusr, editusr, and newusr commands to modify this property.
- LOGON_SERVERA string that specifies the server that verifies the login information for the user. When the user logs in to the domain workstation,Privileged Access Managertransfers the login information to the server. The server gives the workstation permission for the user to work.
- MAX_LOGINS(Informational). The number of times the user logged in successfully to this account. A value of -1 indicates that the value is unknown.
- NAMEThe name of the user.
- ORGANIZATIONA string that stores information on the organization in which the user works. This string is part of the X.500 naming scheme.Privileged Access Managerdoes not use it for authorization.Use the organization parameter with the chusr, editusr, and newusr commands to modify this property.
- ORG_UNITA string that stores information about the organizational unit in which the user works. This string is part of the X.500 naming scheme.Privileged Access Managerdoes not use it for authorization.Use the org_unit parameter with the chusr, editusr, and newusr commands to modify this property.
- PASSWD_EXPIREDExpiration date for the user account.
- PGROUPA user's primary group ID. A primary group is one of the groups in which a user is defined. A primary group must be a global group. This string cannot include spaces or commas.Use the pgroup parameter with the chusr, editusr, or newusr command to modify this property.
- PHONEA string that can be used to store a user telephone number. This information is not used for authorization.Use the phone parameter with the chusr, editusr, and newusr commands to modify this property.
- PRIVILEGESThe Windows rights assigned to the user.Use the privileges parameter with the chusr, editusr, or newusr command to modify this property.
- PROFILEA string that specifies a path to the profile of the user. This string can include a local absolute path, or a UNC path.Use the profile parameter with the chusr, editusr, or newusr command to modify this property.
- PW_LAST_CHANGE(Informational). The date and time on which the password was updated.
- RESUME_DATEThe date on which a suspended USER account becomes valid.See SUSPEND_DATE for an explanation of how RESUME_DATE and SUSPEND_DATE work together.
- SCRIPTA string that specifies the path for the logon script file of the user. The script file can be a .CMD, .EXE , or .BAT file.
- TERMINALSA string that specifies a list of terminals from which the user can log in.Use the terminals parameter with the chusr, editusr, and newusr commands to modify this property.
- TS_CONFIG_PGMA value that indicates whether the client can specify the initial program.The TS_INITIAL_PGM user property indicates the initial program. If you specify the initial program of a user, it becomes the only program that user can run. The terminal server logs off the user when the user exits that program.When this value is set to 1, the client can specify the initial program. When this value is set to 0, the client cannot specify the initial program.Use the gen_prop and gen_val parameters with the chusr and editusr commands to modify this property.
- TS_HOME_DIRThe path of the home directory of the user for terminal server logon. This string can specify a local path or a UNC path (\\machine\share\path).Use the gen_prop and gen_val parameters with the chusr and editusr commands to modify this property.
- TS_HOME_DRIVEA drive specification (a drive letter followed by a colon) to which the UNC path is specified in the TS_HOME_DIR property.Use the gen_prop and gen_val parameters with the chusr and editusr commands to modify this property.
- TS_INITIAL_PGMThe path of the initial program that Terminal Services runs when the user logs on.If you specify the initial program of a user, that is the only program that user can run. Terminal server logs off the user when the user exits that program.When TS_CONFIG_PGM property is set to 1, the client can specify the initial program.Use the gen_prop and gen_val parameters with the chusr and editusr commands to modify this property.
- TS_PROFILE_PATHThe path of the profile of the user for terminal server logon. The directory that is identified by the path must be created manually and must exist before the logon.Use the gen_prop and gen_val parameters with the chusr and editusr commands to modify this property.
- TS_WORKING_DIRThe path of the working directory for the initial program that Terminal Services runs when the user logs on.Use the gen_prop and gen_val parameters with the chusr and editusr commands to modify this property.
- WORKSTATIONSA list of the workstations from which the user can log in.Use the workstations parameter with the chusr, editusr, and newusr commands to modify this property.