|
HP OpenVMS Systems |
|
HP Advanced Server for OpenVMS
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
| Previous | Contents | Index |
Modifies the attributes and memberships of an existing local or global user account.
MODIFY USER user-name [/qualifiers]
Use of this command requires membership in the Administrators or Account Operators local group.
ADD USER
COPY USER
REMOVE USER
SHOW USERS
user-name
Specifies the name of an existing local or global user account that you wish to modify.
/ADD_TO_GROUPS=(group-name[,...])
Adds the user as a member of the specified local or global groups and does not change any existing membership in unspecified groups./DESCRIPTION="string"
/NODESCRIPTION
Specifies a string of up to 256 characters used to provide descriptive information about the user. Enclose the string in quotation marks if it contains lowercase letters, blanks (spaces) or other nonalphanumeric characters. /NODESCRIPTION indicates that the description is to be blank. If the /DESCRIPTION qualifier is not specified, the current description remains unchanged./DOMAIN=domain-name
Specifies the name of the domain in which to modify the user account. The default is the domain currently being administered. Do not specify both /DOMAIN and /SERVER on the same command line./EXPIRATION_DATE=date
/NOEXPIRATION_DATE
Specifies whether the account has an expiration date and, if so, the date the account is to expire. The date is specified in the standard OpenVMS date format (dd-mmm-yyyy). /NOEXPIRATION_DATE specifies that the account will not have an expiration date, and therefore will never expire./FLAGS=(option[,...])
Specifies the logon flags for the user account. Precede the option keyword with NO to clear the specified flag. The option keyword can be one or more of the following:
Option Description [NO]DISPWDEXPIRATION Prevents the password from expiring, overriding the Maximum Password Age setting for the account policy. Select this option for user accounts that will be assigned to services. Selection of this option overrides the PWDEXPIRED option. NODISPWDEXPIRATION is the default if you specify neither DISPWDEXPIRATION nor NODISPWDEXPIRATION. Do not specify the DISPWDEXPIRATION and PWDEXPIRED options in the same command. [NO]DISUSER Disables the account so the user cannot log on. You might disable a new account to create an inactive account that can be copied to create new accounts. Or, you might temporarily disable an account if it does not need to be used until a later date. You cannot disable the built-in Administrator account. NODISUSER is the default if you specify neither DISUSER nor NODISUSER. Option Description [NO]PWDEXPIRED The password is initially expired. This forces the user to change the password at the next logon. PWDEXPIRED is the default if you specify neither PWDEXPIRED nor NOPWDEXPIRED. Do not specify the PWDEXPIRED option in the same command line with either the PWDLOCKED or the DISPWDEXPIRATION option. [NO]PWDLOCKED Prevents the user from changing the password. This option is usually applied only to user accounts used by more than one person, such as the Guest account. NOPWDLOCKED is the default if you specify neither PWDLOCKED nor NOPWDLOCKED. Do not specify the PWDLOCKED and PWDEXPIRED options in the same command. /FULLNAME="full_user_name"
/NOFULLNAME
The full name is the user's complete name, and can be up to 256 characters in length. Enclose the string in quotation marks to preserve case (the default is uppercase). Establish a standard for entering full names, so that they always begin with either the first name (Louise G. Morgan) or the last name (Morgan, Louise G.), because the full name can affect the sorting order for the SHOW USERS command. /NOFULLNAME specifies a blank full name./GLOBAL
Specifies that the account is to be a global account. User accounts can be either global or local. Most accounts are global accounts. A global account is a normal user account in the user's home domain. A local account is an account provided in this domain for a user whose global account is not in a trusted domain. Do not specify both /GLOBAL and /LOCAL on the same command line./HOME=(option[,...])
/NOHOME
Specifies a user's home directory information. A home directory is a directory that is accessible to a user and contains files and programs for the user. This feature applies only when the user logs on from a Windows NT client. The specified home directory becomes the Windows NT user's default directory for the File Open and Save As dialog boxes, for the command prompt, and for all applications that do not have a working directory defined. A home directory can be assigned to a single user or it can be shared by many users.A home directory can be a shared network directory or a local directory on a user's workstation. If you specify a network path for the home directory, you must also specify a drive letter to be assigned to the path when the user logs on. If the specified directory does not exist, an attempt will be made to create it. If the directory cannot be created, a message will be issued instructing you to manually create the directory. If you specify a local path for the home directory, do not include a drive letter. You must manually create the directory if it does not exist. /NOHOME, the default, specifies that the user will not have a home directory.
The option keyword can be one or more of the following:
Option Description DRIVE= driveletter Specifies the drive letter to use for connecting to the home directory if the home directory specified in the PATH option is a shared network directory. The driveletter can be from C to Z. PATH= homepath Specifies an optional home directory that is accessible to the user and contains files and programs for the user. The homepath must be an absolute path of a directory local to the user's workstation, or a UNC (Universal Naming Convention) path of a shared network directory. /HOURS=(logon-time[,...])
/NOHOURS
Specifies the days and hours when the user can connect to a server. /NOHOURS specifies that the user cannot connect at any time of any day. Specify logon-time in the following format:day=([n-m],[n],[*])
where n and m are hours of the day, and day is any one of the following:
SUNDAY, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, WEEKDAYS, WEEKENDS, EVERYDAY, ALL
Specify the hours as integers from 0 to 23, inclusive, using the 24-hour clock. You can specify a single hour (n), ranges of hours (n-m), or all hours of the day (*). Note that hours are inclusive; that is, if you grant access during a given hour, access extends to the end of that hour. If you specify no hours, all hours are allowed for the specified days.
/LOCAL
Specifies that the account is to be a local account. User accounts can be either global or local. Most accounts are global accounts. A global account is a normal user account in the user's home domain. A local account is an account provided in this domain for a user whose global account is not in a trusted domain./NAME=new-user-name
Specifies a new name for the user account. The user name can be from 1 to 20 characters in length, and cannot be identical to any other user or group name in the domain or server being administered./PASSWORD[="password"]
/NOPASSWORD
Specifies the password for the user account. Passwords are case sensitive, and can be up to 14 characters in length. The minimum length is set by using the SET ACCOUNT POLICY/PASSWORD_POLICY=MINLENGTH= command. The default is 0, which permits a blank password. Passwords entered on the command line are converted to uppercase unless enclosed within quotation marks. If the password you specify contains lowercase letters, blanks (spaces), or other nonalphanumeric characters, enclose it in quotation marks, unless you enter the password in response to the password prompt. (If you enclose the password in quotation marks at the password prompt, the quotation marks become part of the password.) If you enter /PASSWORD with no value, or with a value of *, you are prompted for a password and a confirmation, which will not be displayed as they are entered. /NOPASSWORD specifies that the account will have a blank password. If you specify the /NOPASSWORD qualifier with the command line, the default is /FLAGS=NOPWDEXPIRED, so that the user is not prompted for a password. To override this default for /NOPASSWORD, specify the /FLAGS=PWDEXPIRED qualifier./PRIMARY_GROUP=group-name
Sets the user account's primary group. A primary group is used when a user logs on using Windows NT Services for Macintosh, or runs POSIX applications. The group-name must be a global group of which the user is a member./PROFILE=profile-path
/NOPROFILE
Specifies a path for an optional user profile. The path should be a network path that includes a file name. The file name can be that of a personal user profile (.USR file name extension) or a mandatory user profile (.MAN file name extension). For example, you might enter:/PROFILE="\\eng\profiles\johndoe.usr"
/NOPROFILE specifies that the user will not have a profile.
/REMOVE_FROM_GROUPS=(group-name[,...])
Removes the user as a member of the specified local or global groups and does not change any existing membership in unspecified groups. A user account cannot be removed from membership in its primary group./SCRIPT=script-name
/NOSCRIPT
Specifies a name for an optional logon script that runs each time the user logs on. A logon script can be a batch file (.BAT or .CMD file name extension) or an executable program (.EXE file name extension). A single logon script can be assigned to one or more user accounts. When a user logs on, the server authenticating the logon locates the logon script by following the server's logon script path. The script-name specifies a file relative to that path. /NOSCRIPT specifies that the user will have no logon script./SERVER=server-name
Specifies the name of a server that is a member of the domain in which to modify the user. Do not specify both /DOMAIN and /SERVER on the same command line./UNLOCK
Unlocks a user's account. A user's account is locked if the user has made a specified number of failed attempts to log on (for example, using an invalid password). Use the SET ACCOUNT POLICY command to specify the number of failed attempts to allow./WORKSTATIONS=(workstation-name[,...])
Specifies up to eight workstations from which the user can log on to the domain. The workstation-name is a 1 to 15 character name of a workstation. You may use an asterisk (*) for the workstation name to specify all workstations.
LANDOFOZ\\TINMAN> MODIFY USER SCARECROW/ADD_TO_GROUPS=MUNCHKINS -
_LANDOFOZ\\TINMAN> /HOME=(DRIVE=D,PATH=\\TINMAN\USERS\SCARECROW)
%PWRK-S-USERMOD, user "SCARECROW" modified on domain "LANDOFOZ"
|
This example adds the user SCARECROW as a member of the MUNCHKINS group, and sets the user's home path to be \\TINMAN\USERS\SCARECROW, which will be mapped to drive D on the user's workstation.
The NET command accepts a subset of the LAN Manager Net commands and attempts to perform the equivalent ADMINISTER command. This provides some level of backward compatability with PATHWORKS LAN Manager servers.
NET [/qualifier] command-line
command-line
Specifies the Net command line that you wish to process.
/TRANSLATE
The /TRANSLATE qualifier must precede the command-line parameter. Use it to display the equivalent ADMINISTER command without performing the command action. This enables you to determine the equivalent command without actually performing the command.
| #1 |
|---|
LANDOFOZ\\TINMAN> NET/TRANSLATE ACCOUNT
Translated command is: SHOW ACCOUNT POLICY
|
This example translates the LAN Manager NET ACCOUNT command into the equivalent ADMINISTER command and displays the resulting translation without performing the command action.
| #2 |
|---|
LANDOFOZ\\TINMAN> NET ACCOUNT Account Policy for domain "LANDOFOZ": Minimum password age (days) : 1 Maximum password age (days) : 90 Minimum password length : 0 Length of password history maintained : None Force user logoff after logon hours expire : NO Lock out account after how many bad password attempts : Never Role of server TINMAN : Primary Domain Controller |
This example translates the LAN Manager NET ACCOUNT command into the equivalent ADMINISTER command (SHOW ACCOUNT POLICY) and performs the command action.
Pauses a currently active OpenVMS Advanced Server print queue. Use the SHOW PRINT QUEUES command to display the list of available queues. This command performs the same function as the SET PRINT QUEUE queue-name /PAUSE command.
PAUSE PRINT QUEUE queue-name [/qualifiers]
This command is valid only to HP OpenVMS servers. Use of this command requires membership in the Administrators, Server Operators, or Print Operators local group.
ADD PRINT QUEUE
CONTINUE PRINT QUEUE
REMOVE PRINT QUEUE
SET PRINT QUEUE
SHOW PRINT QUEUES
queue-name
Specifies the name of the print queue for which to pause printing.
/CONFIRM
/NOCONFIRM
Controls whether you are prompted for a confirmation before the operation is performed. The default is /CONFIRM if running in interactive mode. When the prompt is issued, the default response is shown, and you may accept the default by pressing Return or Enter. If you type YES, TRUE, or 1, the operation is performed. If you type NO, FALSE, 0, or enter Ctrl/Z, no action is performed. If you type anything else, the prompt is repeated until you type an acceptable response. No prompt for confirmation is issued if running in batch mode./SERVER=server-name
Specifies the name of the server where the specified print queue resides. The default is the server currently being administered.
LANDOFOZ\\TINMAN> PAUSE PRINT QUEUE LN03/NOCONFIRM
%PWRK-S-QUESET, queue "LN03" paused on server "TINMAN"
|
This example pauses the print queue LN03 on the server currently being administered (TINMAN). A confirmation is not required.
Pauses a currently active service. You can pause only the Server and NetLogon services. Use the SHOW SERVICES command to display the available services.Pausing the Server service prevents users from making new connections to the server's shared resources; however, users who have already connected to shared resources can continue to use the resources. Pausing the Server service does not prevent users who are members of the Administrators group from connecting to the service.
Pausing the NetLogon service prevents the server from synchronizing the domain's security accounts database. The server will not validate logons.
PAUSE SERVICE servicename [/qualifiers]
Use of this command requires membership in the Administrators local group or the Server Operators local group. You cannot pause the Replicator and Messenger services from the Advanced Server.
CONTINUE SERVICE
SHOW SERVICES
START SERVICE
STOP SERVICE
servicename
Specifies the name of the service to pause.
/CONFIRM
/NOCONFIRM
Controls whether you are prompted for a confirmation before the operation is performed. The default is /CONFIRM if running in interactive mode. When the prompt is issued, the default response is shown, and you may accept the default by pressing Return or Enter. If you type YES, TRUE, or 1, the operation is performed. If you type NO, FALSE, 0, or enter Ctrl/Z, no action is performed. If you type anything else, the prompt is repeated until you type an acceptable response. No prompt for confirmation is issued if running in batch mode./SERVER=server-name
Specifies the name of the server on which to pause the service. The default is the server currently being administered.
LANDOFOZ\\TINMAN> PAUSE SERVICE NETLOGON
Do you really want to pause service "NETLOGON" [YES or NO] (YES) : YES
%PWRK-S-SVCPAUSE, service "NETLOGON" paused on server "TINMAN"
|
This example pauses the NetLogon service on the server currently being administered (TINMAN). A confirmation is required.
Removes a computer from a domain. The computer's account is deleted from the domain's security database, and it can no longer participate in domain security.
REMOVE COMPUTER computer-name [/qualifiers]
Do not remove the primary domain controller for a domain. Use of this command requires membership in the Administrators local group.
ADD COMPUTER
SET COMPUTER
SHOW COMPUTERS
computer-name
Specifies the name of the computer to remove from the domain.
/CONFIRM
/NOCONFIRM
Controls whether you are prompted for a confirmation before the operation is performed. The default is /CONFIRM if running in interactive mode. When the prompt is issued, the default response is shown, and you may accept the default by pressing Return or Enter. If you type YES, TRUE, or 1, the operation is performed. If you type NO, FALSE, 0, or enter Ctrl/Z, no action is performed. If you type anything else, the prompt is repeated until you type an acceptable response. No prompt for confirmation is issued if running in batch mode./DOMAIN=domain-name
Specifies the name of the domain from which to remove the computer. The default is the domain currently being administered. Do not specify both /DOMAIN and /SERVER on the same command line./SERVER=server-name
Specifies the name of a server that is a member of the domain from which to remove the computer. Do not specify both /DOMAIN and /SERVER on the same command line.
LANDOFOZ\\TINMAN> REMOVE COMPUTER DOROTHY
Removing computer "DOROTHY" from domain "LANDOFOZ" will render it
incapable of authenticating domain logons until it is added to another
domain.
Do you want to continue with the removal [YES or NO] (YES) : YES
%PWRK-S-COMPREM, computer "DOROTHY" removed from domain "LANDOFOZ"
|
This example removes the computer named DOROTHY from the default domain's (LANDOFOZ) security database. A confirmation is displayed.
Permanently removes a local or global group from a domain's security database.Be sure you want to delete a group before you do so, because a deleted group cannot be recovered. The server knows every group by its security identifier (SID), a unique number that identifies it. If you delete a group and then create another group with the same name, the new group will not have any of the permissions that were previously granted to the old group, because the groups have different SID numbers.
REMOVE GROUP group-name [/qualifiers]
Use of this command requires membership in the Administrators or Account Operators local group.
ADD GROUP
COPY GROUP
MODIFY GROUP
SHOW GROUPS
group-name
Specifies the name of an existing group to be removed.
/CONFIRM
/NOCONFIRM
Controls whether you are prompted for a confirmation before the operation is performed. The default is /CONFIRM if running in interactive mode. When the prompt is issued, the default response is shown, and you may accept the default by pressing Return or Enter. If you type YES, TRUE, or 1, the operation is performed. If you type NO, FALSE, 0, or enter Ctrl/Z, no action is performed. If you type anything else, the prompt is repeated until you type an acceptable response. No prompt for confirmation is issued if running in batch mode./DOMAIN=domain-name
Specifies the name of the domain from which to remove the group. The default is the domain currently being administered. Do not specify both /DOMAIN and /SERVER on the same command line./SERVER=server-name
Specifies the name of a server that is a member of the domain from which to remove the group. Do not specify both /DOMAIN and /SERVER on the same command line.
LANDOFOZ\\TINMAN> REMOVE GROUP MUNCHKINS
Each group is represented by a unique identifier that is independent
of the group name. Once this group is deleted, even creating an
identically named group in the future will not restore access to
resources which currently name this group in the access control list.
Remove group "MUNCHKINS" [YES or NO] (YES) : YES
%PWRK-S-GROUPREM, group "MUNCHKINS" removed from domain "LANDOFOZ"
|
This example removes the group named MUNCHKINS from the default domain (LANDOFOZ). A confirmation is required.
| Previous | Next | Contents | Index |