Previous Topic: Windows File AttributesNext Topic: Windows Permissions


Windows Account Flags

Flags can be assigned to a user's account to specify particular attributes of that account by using the chusr, editusr, and newusr commands. You can apply more than one flag to each account.

Note: CA ControlMinder does not require you to enter the complete name of the flag. You can use the shortcuts provided in the table.

Following are the account flags available in Windows.

Shortcut

Flag

Description

blank

UF_PASSWRD_NOTREQD

Indicates that no password is required for the user's account.

cant_change

UF_PASSWORD_CANT_CHANGE

Indicates that the user cannot change the password for the account.

disable

UF_ACCOUNTDISABLE

Indicates the user's account is disabled.

dont_expire

UF_DONT_EXPIRE_PASSWORD

Indicates that the password for this account never expires.

homedir

UF_HOMEDIR_REQUIRED

Indicates the home directory is required. This value is ignored in Windows.

interdomain

UF_INTERDOMAIN_TRUST_ACCOUNT

Indicates a permit to trust account.

lockout

UF_LOCKOUT

Indicates that the user's account is currently locked out; to unlock a locked account, remove this flag

normal

UF_NORMAL_ACCOUNT

Indicates a default account type that represents a normal user.

notreq

UF_PASSWRD_NOTREQD

Indicates that no password is required for the user's account.

protect

UF_PASSWORD_CANT_CHANGE

Indicates that the user cannot change the password for the account.

script

UF_SCRIPT

Indicates that the login script, which executes disk mapping, is activated when the user starts an application. This flag must be set for LAN Manager 2.0 or Windows.

server

UF_SERVER_TRUST_ACCOUNT

Indicates an account for a Windows NT Backup Domain Controller in this domain.

temp

UF_TEMP_DUPLICATE_ACCOUNT

Indicates a user with an account in another domain; provides access to the domain for this account, but not a trust account.

trust

UF_INTERDOMAIN_TRUST_ACCOUNT

Indicates a permit to trust account.

workstation

UF_WORKSTATION_TRUST_ACCOUNT

Indicates an account for a workstation or server that is a member of this domain.