chgrp Command Modify Windows Groups

Valid in the native Windows environment
capamsc141
Valid in the native Windows environment
Use the chgrp, editgrp, and newgrp commands to work with Windows groups. These commands are identical in structure and only vary in the following way:
  • The chgrp command
    modifies
    one or more Windows groups.
  • The editgrp command
    creates or modifies
    one or more Windows groups.
  • The newgrp command
    creates
    one or more Windows groups.
This command also exists in the AC environment but operates differently.
When defining more than one group or changing the properties of more than one group, enclose the list of group names in parentheses and separate the group names with a space or a comma.
To add or remove members from a group use the join or join- command.
This command has the following format:
{{chgrp|cg}|{editgrp|eg}|{newgrp|ng}} groupName \
[global] \ [comment(string)|comment-] \ [privileges(privList)] \ [privileges(-privList)] \ [rename_group]
  • comment(
    string
    )
    Adds an alphanumeric comment string of up to 255 characters to the group record. If you previously added a comment string to the group record, the new string specified here replaces the existing string. If the string contains any blanks, enclose the entire string in single quotation marks.
    Standard Windows groups have a descriptive comment added on system installation. If you create a new group in both the Windows and AC environments, 
    Privileged Access Manager
    inserts the comment 
    Privileged Access Manager
    Group.
  • global
    Indicates a global group. Each group name must be unique and cannot currently exist in the Windows database. Windows does not allow groups and users to share the same name.
    Use
    ~groupName
    when you create global groups and use the services of 
    Privileged Access Manager
    version 4.1. Version 4.1 and above support this format for backward compatibility.
  • groupName
    For the command newgrp, specifies the name of the group record added to the database. Each group name must be unique and must not currently exist in the Windows database. Unlike the
    Privileged Access Manager
    database, Windows does not allow groups and users to share the same name.
    For the command chgrp, specifies the name of the group whose properties you are changing.
    When defining more than one group or changing the properties of more than one group, enclose the list of group names in parentheses and separate the group names with a space or a comma.
  • privileges(
    privList
    |-
    privList
    )
    Adds specific rights to the Windows group record or, when privList is preceded by a minus sign (-), removes the specified rights. Valid values are any of the privileges available in native Windows.
    You can specify this parameter only with the chgrp or editgrp command, and only when you are changing an existing group record. You cannot use it to assign privileges when you are creating a new group record.
  • rename_group
    Renames the group account in the Windows database. All the properties of the old group name apply to the renamed group account. Each group name must be unique and must exist in the Windows database. Unlike the
    Privileged Access Manager
    database, Windows does not allow groups and users to share the same name.
    When
    Privileged Access Manager
    is installed on Windows 2000 with Active Directory, it renames the pre-Windows 2000 group name.