Previous Topic: SHARE ClassNext Topic: Classes in the UNIX Environment


USER Class

The USER class contains all user records defined to the Windows operating system. The key of the USER record is the user's name, which is the name the user entered when logging into the system.

The following definitions describe the properties contained in this class record. Most properties are modifiable and can be manipulated using selang or the administration interfaces. Non-modifiable properties are marked informational.

BAD_PW_COUNT

(Informational). The number of times the user tried to log in to the account using an incorrect password. A value of -1 indicates that the value is unknown.

COMMENT

Additional information you want to include in the record. CA ControlMinder does not use this information for authorization.

Use the comment[-] parameter with the chusr, editusr, and newusr commands to modify this property.

Limit: 255 characters.

COUNTRY

A string that specifies a country descriptor for a user. This string is part of the X.500 naming scheme. CA ControlMinder does not use it for authorization.

Use the country parameter with the chusr, editusr, and newusr commands to modify this property.

DAYTIME

The day and time restrictions that govern when a user can access the resource.

Use the restrictions parameter with the chusr, editusr, and newusr commands to modify this property.

Note: The information in this property is identical to that in the DAYTIME property in the AC environment, except that any minute value entered is truncated.

DIAL_CALLBACK

The type of call-back privileges provided to the user. The following options are defined:

NoCallBack

The user has no call-back privileges.

SetByCaller

The remote user can specify a call-back phone number when dialing in.

Call-back Phone Number

The administrator sets the call-back number.

Use the gen_prop or gen_val parameters with the chusr or editusr command to modify this property.

DIAL_PERMISSION

Permission to dial in to the RAS server. When you specify 0 as value, the user cannot dial in to the RAS server.

Use the gen_prop or gen_val parameter with the chusr or editusr command to modify this property.

EXPIRE_DATE

The date on which a USER record expires and becomes invalid. A value for the EXPIRE_DATE property in a USER record overrides a value in a GROUP record. To reinstate the expired record, use the chusr command with the expire- parameter. You cannot resume an expired user. You can resume a suspended user by specifying a resume date.

Use the expire or expire- parameter with the chusr, editusr, or newusr command to modify this property.

FLAGS

Flags that you can assign to a user's account to specify particular attributes. You can apply more than one flag to each account.

Use the flags parameter with the chusr, editusr, and newusr commands to modify this property.

FULL_NAME

The full name associated with a user. CA ControlMinder uses the full name to identify the user in audit log messages, but not for authorization.

Use the name parameter with the chusr, editusr, or newusr command to modify this property.

GID

A value that contains the relative identifier of the group. The relative identifier is determined by the accounts database when the group is created. It uniquely identifies the group to the account manager within the domain.

GROUPS

The list of groups a user belongs to. The group list contained in this property may be different from the one in the AC environment GROUPS property.

Use the group parameter with the join[-] command to modify this property.

HOME

The home directory is the folder that is accessible to the user and contains files and programs for that user. The home directory can be assigned to individual user or shared among many users.

HOMEDIR

A string specifying the user's home directory. Users log in to their home directories automatically.

Use the homedir parameter with the chusr, editusr, or newusr command to modify this property.

HOME_DRIVE

A string that specifies the drive of the user's home directory. Users log in to their own home drives and home directories automatically.

Use the homedrive parameter with the chusr, editusr, or newusr command to modify this property.

ID

A value that contains the relative ID (RID) of the user. The RID is determined by the Security Account Manager (SAM) when the user is created. It uniquely defines the user account to SAM within the domain.

LAST_ACC_TIME

(Informational). The date and time of the last login.

LAST_LOGOFF

(Informational). The date and time of the last logoff.

LOCATION

A string used to store a user location. CA ControlMinder does not use this information for authorization.

Use the location parameter with the chusr, editusr, and newusr commands to modify this property.

LOGON_SERVER

A string that specifies the server that verifies the login information for the user. When the user logs into the domain workstation, CA ControlMinder transfers the login information to the server, which gives the workstation permission for the user to work.

MAX_LOGINS

(Informational). The number of times the user logged in successfully to this account. A value of ‑1 indicates that the value is unknown.

NAME

The name of the user.

ORGANIZATION

A string that stores information on the organization in which the user works. This string is part of the X.500 naming scheme. CA ControlMinder does not use it for authorization.

Use the organization parameter with the chusr, editusr, and newusr commands to modify this property.

ORG_UNIT

A string that stores information on the organizational unit in which the user works. This string is part of the X.500 naming scheme. CA ControlMinder does not use it for authorization.

Use the org_unit parameter with the chusr, editusr, and newusr commands to modify this property.

PASSWD_EXPIRED

Expiration date for the user account.

PGROUP

A user's primary group ID. A primary group is one of the groups in which a user is defined. A primary group must be a global group. This string cannot include spaces or commas.

Use the pgroup parameter with the chusr, editusr, or newusr command to modify this property.

PHONE

A string that can be used to store a user telephone number. This information is not used for authorization.

Use the phone parameter with the chusr, editusr, and newusr commands to modify this property.

PRIVILEGES

The Windows rights assigned to the user.

Use the privileges parameter with the chusr, editusr, or newusr command to modify this property.

PROFILE

A string that specifies a path to the user's profile. This string can include a local absolute path, or a UNC path.

Use the profile parameter with the chusr, editusr, or newusr command to modify this property.

PW_LAST_CHANGE

(Informational). The date and time on which the password was updated.

RESUME_DATE

The date on which a suspended USER account becomes valid.

See SUSPEND_DATE for an explanation of how RESUME_DATE and SUSPEND_DATE work together.

SCRIPT

A string that specifies the path for the user's logon script file. The script file can be a .CMD, .EXE , or .BAT file.

TERMINALS

A string that specifies a list of terminals from which the user can log in.

Use the terminals parameter with the chusr, editusr, and newusr commands to modify this property.

TS_CONFIG_PGM

A value that indicates whether the client can specify the initial program.

The TS_INITIAL_PGM user property indicates the initial program. If you specify a user's initial program, it becomes the only program that user can run; terminal server logs off the user when the user exits that program.

When this value is set to 1, the client can specify the initial program. When this value is set to 0, the client cannot specify the initial program.

Use the gen_prop and gen_val parameters with the chusr and editusr commands to modify this property.

TS_HOME_DIR

The path of the user's home directory for terminal server logon. This string can specify a local path or a UNC path (\\machine\share\path).

Use the gen_prop and gen_val parameters with the chusr and editusr commands to modify this property.

TS_HOME_DRIVE

A drive specification (a drive letter followed by a colon) to which the UNC path is specified in the TS_HOME_DIR property.

Use the gen_prop and gen_val parameters with the chusr and editusr commands to modify this property.

TS_INITIAL_PGM

The path of the initial program that Terminal Services runs when the user logs on.

If you specify a user's initial program, that is the only program that user can run. Terminal server logs off the user when the user exits that program.

When TS_CONFIG_PGM property is set to 1, the client can specify the initial program.

Use the gen_prop and gen_val parameters with the chusr and editusr commands to modify this property.

TS_PROFILE_PATH

The path of the user's profile for terminal server logon. The directory identified by the path must be created manually and must exist prior to the logon.

Use the gen_prop and gen_val parameters with the chusr and editusr commands to modify this property.

TS_WORKING_DIR

The path of the working directory for the initial program that Terminal Services runs when the user logs on.

Use the gen_prop and gen_val parameters with the chusr and editusr commands to modify this property.

WORKSTATIONS

A list of the workstations from which the user can log in.

Use the workstations parameter with the chusr, editusr, and newusr commands to modify this property.

More information:

Windows Account Flags

Windows Privileges